| 1 | #!/bin/bash |
|---|
| 2 | |
|---|
| 3 | #/** |
|---|
| 4 | #@file settoken |
|---|
| 5 | #@brief Generate a new security token for the specified service. |
|---|
| 6 | #@usage settoken [-f] [Service] |
|---|
| 7 | #@param -f: force server restart without prompting (ask by default) |
|---|
| 8 | #@param Service: may be "server", "repo" or "both" (by default) |
|---|
| 9 | #@warning This script uses "php" command. |
|---|
| 10 | #@version 1.1.1 - Initial version. |
|---|
| 11 | #@author Ramón M. Gómez - ETSII Univ. Sevilla |
|---|
| 12 | #@date 2019-09-25 |
|---|
| 13 | #*/ ## |
|---|
| 14 | |
|---|
| 15 | # Global constants definition. |
|---|
| 16 | PROG=$(basename "$(realpath "$0")") # Program name. |
|---|
| 17 | OPENGNSYS=/opt/opengnsys # OpenGnsys main directory. |
|---|
| 18 | SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg # Configuration files. |
|---|
| 19 | REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg |
|---|
| 20 | |
|---|
| 21 | # Functions. |
|---|
| 22 | source $OPENGNSYS/lib/ogfunctions.sh |
|---|
| 23 | |
|---|
| 24 | # Error control. |
|---|
| 25 | [ "$USER" != "root" ] && raiseError access "Need to be root" |
|---|
| 26 | if [ "$1" == "-f" ]; then |
|---|
| 27 | FORCE=1 |
|---|
| 28 | shift |
|---|
| 29 | fi |
|---|
| 30 | [ $# -gt 1 ] && raiseError usage |
|---|
| 31 | case "${1,,}" in |
|---|
| 32 | help) |
|---|
| 33 | help ;; |
|---|
| 34 | server) |
|---|
| 35 | SERVER=1 ;; |
|---|
| 36 | repo) |
|---|
| 37 | REPO=1 ;; |
|---|
| 38 | ""|both) |
|---|
| 39 | SERVER=1; REPO=1 ;; |
|---|
| 40 | *) |
|---|
| 41 | raiseError notfound "Unknown service" |
|---|
| 42 | esac |
|---|
| 43 | [ -w $SERVERCFG ] || raiseError access "Server configuration file" |
|---|
| 44 | |
|---|
| 45 | # Update server token. |
|---|
| 46 | if [ "$SERVER" ]; then |
|---|
| 47 | # Confirm action (server will be restarted). |
|---|
| 48 | if [ ! "$FORCE" ]; then |
|---|
| 49 | read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER |
|---|
| 50 | [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated" |
|---|
| 51 | fi |
|---|
| 52 | APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') |
|---|
| 53 | sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file" |
|---|
| 54 | fi |
|---|
| 55 | |
|---|
| 56 | # Update repository token. |
|---|
| 57 | if [ "$REPO" ]; then |
|---|
| 58 | [ -w $REPOCFG ] || raiseError access "Repository configuration file" |
|---|
| 59 | APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') |
|---|
| 60 | sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file" |
|---|
| 61 | # If database is local, update it. |
|---|
| 62 | source $SERVERCFG |
|---|
| 63 | source $REPOCFG |
|---|
| 64 | if [ "$ServidorAdm" == "$IPlocal" ]; then |
|---|
| 65 | MYCNF=$(mktemp) |
|---|
| 66 | trap "rm -f $MYCNF" 0 1 2 3 6 9 15 |
|---|
| 67 | chmod 600 $MYCNF |
|---|
| 68 | cat << EOT > $MYCNF |
|---|
| 69 | [client] |
|---|
| 70 | user=$USUARIO |
|---|
| 71 | password=$PASSWORD |
|---|
| 72 | host=$datasource |
|---|
| 73 | EOT |
|---|
| 74 | mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \ |
|---|
| 75 | "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access "Database error" |
|---|
| 76 | else |
|---|
| 77 | echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)." |
|---|
| 78 | fi |
|---|
| 79 | fi |
|---|
| 80 | |
|---|
| 81 | # Restart server, if needed. |
|---|
| 82 | if [ "$SERVER" ]; then |
|---|
| 83 | restart opengnsys |
|---|
| 84 | fi |
|---|
| 85 | |
|---|
