#!/bin/bash #/** #@file settoken #@brief Generate a new security token for the specified service or user. #@usage settoken [[-f] [Service]] | User #@param -f force server restart without prompting (ask by default) #@param Service may be "server", "repo" or "services" (for all services, by default) #@param User OpenGnsys-defined username #@warning This script uses "php" command. #@version 1.1.1 - Initial version. #@author Ramón M. Gómez - ETSII Univ. Sevilla #@date 2019-09-25 #*/ ## # Global constants. OPENGNSYS=${OPENGNSYS:-"/opt/opengnsys"} SERVERCFG=$OPENGNSYS/etc/ogserver.cfg # Configuration files. REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg # Functions. source $OPENGNSYS/lib/ogfunctions.sh || exit 1 function new_token() { php -r 'echo md5(uniqid(rand(), true));' } # Error control. if [ "$1" == "-f" ]; then FORCE=1 shift fi [ $# -gt 1 ] && raiseError usage case "${1,,}" in help) # Show help. help ;; version) # Show version number. version ;; server) # Generate server token. SERVER=1 ;; repo) # Generate repository token. REPO=1 ;; ""|services) # Generate server and repo tokens. SERVER=1; REPO=1 ;; *) # Generate user token. OGUSER="${1//\'/\\\'}" ;; esac [ "$USER" != "root" ] && raiseError access "Need to be root" [ -w $SERVERCFG ] || raiseError access "Server configuration file" source $SERVERCFG # Update user token. if [ "$OGUSER" ]; then APIKEY="$(new_token)" DATA=" UPDATE usuarios SET apikey='$APIKEY', idusuario=LAST_INSERT_ID(idusuario) WHERE usuario='$OGUSER'; SELECT LAST_INSERT_ID(); " [ "$(dbexec "$DATA")" == "0" ] && raiseError notfound "User \"$OGUSER\"" fi # Update server token. if [ "$SERVER" ]; then # Confirm action (server will be restarted). if [ ! "$FORCE" ]; then read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated" fi APIKEY="$(new_token)" sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file" fi # Update repository token. if [ "$REPO" ]; then [ -w $REPOCFG ] || raiseError access "Repository configuration file" APIKEY="$(new_token)" sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file" # If database is local, update it. source $REPOCFG if [ "$ServidorAdm" == "$IPlocal" ]; then dbexec "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" else echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)." fi fi # Restart server, if needed. if [ "$SERVER" ]; then restart opengnsys fi