close Warning: Failed to sync with repository "ogBrowser-Git": (1366, "Incorrect string value: '\\xF0\\x9F\\x93\\xA6 I...' for column 'message' at row 1"); repository information may be out of date. Look in the Trac log for more information including mitigation strategies.

source: server/bin/settoken @ 54d7ca27

918-git-images-111dconfigure-oglivegit-imageslgromero-new-oglivemainmaint-cronmount-efivarfsmultivmmultivm-ogboot-installerogClonningEngineogboot-installer-jenkinsoglive-ipv6test-python-scriptsticket-301ticket-50ticket-50-oldticket-577ticket-585ticket-611ticket-612ticket-693ticket-700ubu24tplunification2use-local-agent-oglivevarios-instalacion
Last change on this file since 54d7ca27 was c25e2ce, checked in by Ramón M. Gómez <ramongomez@…>, 6 years ago

#957 #958: Script settoken: use version function and avoid SQL injection.
  • Property mode set to 100755
File size: 2.9 KB
Line 
1#!/bin/bash
2
3#/**
4#@file    settoken
5#@brief   Generate a new security token for the specified service or user.
6#@usage   settoken [[-f] [Service]] | User
7#@param   -f         force server restart without prompting (ask by default)
8#@param   Service    may be "server", "repo" or "services" (for all services, by default)
9#@param   User       OpenGnsys-defined username
10#@warning This script uses "php" command.
11#@version 1.1.1 - Initial version.
12#@author  Ramón M. Gómez - ETSII Univ. Sevilla
13#@date    2019-09-25
14#*/ ##
15
16# Global constants.
17OPENGNSYS=${OPENGNSYS:-"/opt/opengnsys"}
18SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg                # Configuration files.
19REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg
20
21# Functions.
22source $OPENGNSYS/lib/ogfunctions.sh || exit 1
23
24function new_token() {
25    php -r 'echo md5(uniqid(rand(), true));'
26}
27
28# Error control.
29if [ "$1" == "-f" ]; then
30    FORCE=1
31    shift
32fi
33[ $# -gt 1 ] && raiseError usage
34case "${1,,}" in
35    help)           # Show help.
36        help ;;
37    version)        # Show version number.
38        version ;;
39    server)         # Generate server token.
40        SERVER=1 ;;
41    repo)           # Generate repository token.
42        REPO=1 ;;
43    ""|services)    # Generate server and repo tokens.
44        SERVER=1; REPO=1 ;;
45    *)              # Generate user token.
46        OGUSER="${1//\'/\\\'}" ;;
47esac
48[ "$USER" != "root" ] && raiseError access "Need to be root"
49[ -w $SERVERCFG ] || raiseError access "Server configuration file"
50source $SERVERCFG
51
52# Update user token.
53if [ "$OGUSER" ]; then
54    APIKEY="$(new_token)"
55    DATA="
56UPDATE usuarios
57   SET apikey='$APIKEY', idusuario=LAST_INSERT_ID(idusuario)
58 WHERE usuario='$OGUSER';
59SELECT LAST_INSERT_ID();
60"
61    [ "$(dbexec "$DATA")" == "0" ] && raiseError notfound "User \"$OGUSER\""
62fi
63
64# Update server token.
65if [ "$SERVER" ]; then
66    # Confirm action (server will be restarted).
67    if [ ! "$FORCE" ]; then
68        read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER
69        [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated"
70    fi
71    APIKEY="$(new_token)"
72    sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file"
73fi
74
75# Update repository token.
76if [ "$REPO" ]; then
77    [ -w $REPOCFG ] || raiseError access "Repository configuration file"
78    APIKEY="$(new_token)"
79    sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file"
80    # If database is local, update it.
81    source $REPOCFG
82    if [ "$ServidorAdm" == "$IPlocal" ]; then
83        dbexec "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';"
84    else
85        echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)."
86    fi
87fi
88
89# Restart server, if needed.
90if [ "$SERVER" ]; then
91    restart opengnsys
92fi
93
Note: See TracBrowser for help on using the repository browser.