| 1 | #!/bin/bash |
|---|
| 2 | |
|---|
| 3 | #/** |
|---|
| 4 | #@file settoken |
|---|
| 5 | #@brief Generate a new security token for the specified service or user. |
|---|
| 6 | #@usage settoken [[-f] [Service]] | User |
|---|
| 7 | #@param -f force server restart without prompting (ask by default) |
|---|
| 8 | #@param Service may be "server", "repo" or "services" (for all services, by default) |
|---|
| 9 | #@param User OpenGnsys-defined username |
|---|
| 10 | #@warning This script uses "php" command. |
|---|
| 11 | #@version 1.1.1 - Initial version. |
|---|
| 12 | #@author Ramón M. Gómez - ETSII Univ. Sevilla |
|---|
| 13 | #@date 2019-09-25 |
|---|
| 14 | #*/ ## |
|---|
| 15 | |
|---|
| 16 | # Global constants. |
|---|
| 17 | OPENGNSYS=${OPENGNSYS:-"/opt/opengnsys"} |
|---|
| 18 | SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg # Configuration files. |
|---|
| 19 | REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg |
|---|
| 20 | |
|---|
| 21 | # Functions. |
|---|
| 22 | source $OPENGNSYS/lib/ogfunctions.sh || exit 1 |
|---|
| 23 | |
|---|
| 24 | function new_token() { |
|---|
| 25 | php -r 'echo md5(uniqid(rand(), true));' |
|---|
| 26 | } |
|---|
| 27 | |
|---|
| 28 | # Error control. |
|---|
| 29 | if [ "$1" == "-f" ]; then |
|---|
| 30 | FORCE=1 |
|---|
| 31 | shift |
|---|
| 32 | fi |
|---|
| 33 | [ $# -gt 1 ] && raiseError usage |
|---|
| 34 | case "${1,,}" in |
|---|
| 35 | help) # Show help. |
|---|
| 36 | help ;; |
|---|
| 37 | version) # Show version number. |
|---|
| 38 | version ;; |
|---|
| 39 | server) # Generate server token. |
|---|
| 40 | SERVER=1 ;; |
|---|
| 41 | repo) # Generate repository token. |
|---|
| 42 | REPO=1 ;; |
|---|
| 43 | ""|services) # Generate server and repo tokens. |
|---|
| 44 | SERVER=1; REPO=1 ;; |
|---|
| 45 | *) # Generate user token. |
|---|
| 46 | OGUSER="${1//\'/\\\'}" ;; |
|---|
| 47 | esac |
|---|
| 48 | [ "$USER" != "root" ] && raiseError access "Need to be root" |
|---|
| 49 | [ -w $SERVERCFG ] || raiseError access "Server configuration file" |
|---|
| 50 | source $SERVERCFG |
|---|
| 51 | |
|---|
| 52 | # Update user token. |
|---|
| 53 | if [ "$OGUSER" ]; then |
|---|
| 54 | APIKEY="$(new_token)" |
|---|
| 55 | DATA=" |
|---|
| 56 | UPDATE usuarios |
|---|
| 57 | SET apikey='$APIKEY', idusuario=LAST_INSERT_ID(idusuario) |
|---|
| 58 | WHERE usuario='$OGUSER'; |
|---|
| 59 | SELECT LAST_INSERT_ID(); |
|---|
| 60 | " |
|---|
| 61 | [ "$(dbexec "$DATA")" == "0" ] && raiseError notfound "User \"$OGUSER\"" |
|---|
| 62 | fi |
|---|
| 63 | |
|---|
| 64 | # Update server token. |
|---|
| 65 | if [ "$SERVER" ]; then |
|---|
| 66 | # Confirm action (server will be restarted). |
|---|
| 67 | if [ ! "$FORCE" ]; then |
|---|
| 68 | read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER |
|---|
| 69 | [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated" |
|---|
| 70 | fi |
|---|
| 71 | APIKEY="$(new_token)" |
|---|
| 72 | sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file" |
|---|
| 73 | fi |
|---|
| 74 | |
|---|
| 75 | # Update repository token. |
|---|
| 76 | if [ "$REPO" ]; then |
|---|
| 77 | [ -w $REPOCFG ] || raiseError access "Repository configuration file" |
|---|
| 78 | APIKEY="$(new_token)" |
|---|
| 79 | sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file" |
|---|
| 80 | # If database is local, update it. |
|---|
| 81 | source $REPOCFG |
|---|
| 82 | if [ "$ServidorAdm" == "$IPlocal" ]; then |
|---|
| 83 | dbexec "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" |
|---|
| 84 | else |
|---|
| 85 | echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)." |
|---|
| 86 | fi |
|---|
| 87 | fi |
|---|
| 88 | |
|---|
| 89 | # Restart server, if needed. |
|---|
| 90 | if [ "$SERVER" ]; then |
|---|
| 91 | restart opengnsys |
|---|
| 92 | fi |
|---|
| 93 | |
|---|
