diff options
| author | Ramón M. Gómez <ramongomez@us.es> | 2019-09-26 11:37:49 +0200 |
|---|---|---|
| committer | Ramón M. Gómez <ramongomez@us.es> | 2019-09-26 11:37:49 +0200 |
| commit | 84954097c4bce5b4eb700546c7b5c98c6a86a747 (patch) | |
| tree | 25db2b1aa97f818ff36028ff4a3d7bcda976071a | |
| parent | 8645a4a3854dda6384ee64d9992240bb51345c3f (diff) | |
#925: settoken: new server script to generate service access tokens.
| -rwxr-xr-x | server/bin/settoken | 83 | ||||
| -rwxr-xr-x | server/lib/ogfunctions.sh | 31 |
2 files changed, 114 insertions, 0 deletions
diff --git a/server/bin/settoken b/server/bin/settoken new file mode 100755 index 00000000..dd98f06a --- /dev/null +++ b/server/bin/settoken @@ -0,0 +1,83 @@ +#!/bin/bash + +#/** +#@file settoken +#@brief Generate a new security token for the specified service. +#@usage settoken [-f] [Service] +#@param -f: force server restart without prompting (ask by default) +#@param Service: may be "server", "repo" or "both" (by default) +#@warning This script uses "php" command. +#@version 1.1.2 - Initial version. +#@author Ramón M. Gómez - ETSII Univ. Sevilla +#@date 2019-09-25 +#*/ ## + +# Global constants definition. +PROG=$(basename "$(realpath "$0")") # Program name. +OPENGNSYS=/opt/opengnsys # OpenGnsys main directory. +SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg # Configuration files. +REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg + +# Functions. +source $OPENGNSYS/lib/ogfunctions.sh + +# Error control. +[ "$USER" != "root" ] && raiseError access "Need to by root" +if [ "$1" == "-f" ]; then + FORCE=1 + shift +fi +[ $# -gt 1 ] && raiseError usage +case "${1,,}" in + help) + help ;; + server) + SERVER=1 ;; + repo) + REPO=1 ;; + ""|both) + SERVER=1; REPO=1 ;; + *) + raiseError notfound "Unknown service" +esac +[ -w $SERVERCFG ] || raiseError access "Server configuration file" + +# Update server token. +if [ "$SERVER" ]; then + # Confirm action (server will be restarted). + if [ ! "$FORCE" ]; then + read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER + [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated" + fi + APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') + sed -i "s/^APITOKEN=.*/APITOKEN=$APIKEY/" $SERVERCFG || raiseError access "Cannot update server file" +fi + +# Update repository token. +if [ "$REPO" ]; then + [ -w $REPOCFG ] || raiseError access "Repository configuration file" + APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') + sed -i "s/^ApiToken=.*/ApiToken=$APIKEY/" $REPOCFG || raiseError access "Cannot update repository file" + # If database is local, update it. + source $SERVERCFG + source $REPOCFG + if [ "$ServidorAdm" == "$IPlocal" ]; then + MYCNF=$(mktemp) + trap "rm -f $MYCNF" 0 1 2 3 6 9 15 + chmod 600 $MYCNF + cat << EOT > $MYCNF +[client] +user=$USUARIO +password=$PASSWORD +host=$datasource +EOT + mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \ + "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access "Database error" + fi +fi + +# Restart server, if needed. +if [ "$SERVER" ]; then + restart opengnsys +fi + diff --git a/server/lib/ogfunctions.sh b/server/lib/ogfunctions.sh index 51de6b77..34b2ab7b 100755 --- a/server/lib/ogfunctions.sh +++ b/server/lib/ogfunctions.sh @@ -23,6 +23,9 @@ function raiseError() { download) echo "$PROG: Download error: $2" >&2 exit 4 ;; + cancel) + echo "$PROG: Operation cancelled: $2" >&2 + exit 5 ;; *) echo "$PROG: Unknown error" >&2 exit 1 ;; @@ -54,6 +57,20 @@ function help() { exit 0 } +# Functions to manage a service. +function restart() { + _service restart "$1" +} +function start() { + _service start "$1" +} +function stop() { + _service stop "$1" +} + + +### Meta-functions and private functions. + # Metafunction to check if JSON result exists. JQ=$(which jq 2>/dev/null) || raiseError notfound "Need to install \"jq\"." function jq() { @@ -63,3 +80,17 @@ function jq() { echo "$OUTPUT" } +# Private function to acts on a service (do not use directly). +function _service() { + local ACTION="$1" + local SERVICE="$2" + if which systemctl 2>/dev/null; then + systemctl "$ACTION" "$SERVICE" + elif which service 2>/dev/null; then + service "$SERVICE" "$ACTION" + elif [ -x /etc/init.d/"$SERVICE" ]; then + /etc/init.d/"$SERVICE" "$ACTION" + else + raiseError notfound "Service $SERVICE" + fi +} |