You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 lines
3.3 KiB
115 lines
3.3 KiB
#!/bin/bash
|
|
# info: check access key
|
|
# options: ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]
|
|
#
|
|
# example: v-check-access-key key_id secret v-purge-nginx-cache 127.0.0.1 json
|
|
#
|
|
# * Checks if the key exists;
|
|
# * Checks if the secret belongs to the key;
|
|
# * Checks if the key user is suspended;
|
|
# * Checks if the key has permission to run the command.
|
|
|
|
#----------------------------------------------------------#
|
|
# Variables & Functions #
|
|
#----------------------------------------------------------#
|
|
|
|
access_key_id="$(basename "$1")"
|
|
secret_access_key=$2
|
|
hst_command=$3
|
|
ip46=${4-127.0.0.1}
|
|
format=${5-shell}
|
|
|
|
# Includes
|
|
# shellcheck source=/etc/hestiacp/hestia.conf
|
|
source /etc/hestiacp/hestia.conf
|
|
# shellcheck source=/usr/local/hestia/func/main.sh
|
|
source $HESTIA/func/main.sh
|
|
# load config file
|
|
source_conf "$HESTIA/conf/hestia.conf"
|
|
|
|
# Perform verification if read-only mode is enabled
|
|
check_hestia_demo_mode
|
|
|
|
time_n_date=$(date +'%T %F')
|
|
time=$(echo "$time_n_date" | cut -f 1 -d \ )
|
|
date=$(echo "$time_n_date" | cut -f 2 -d \ )
|
|
|
|
# JSON list function
|
|
json_list() {
|
|
echo -n '{"USER": "'$user'"'
|
|
|
|
if [[ -n "$user_arg_pos" ]]; then
|
|
echo -n ', "USER_ARG_POSITION": '$user_arg_pos''
|
|
fi
|
|
|
|
echo '}'
|
|
}
|
|
|
|
# SHELL list function
|
|
shell_list() {
|
|
echo "USER: $user"
|
|
if [[ -n "$user_arg_pos" ]]; then
|
|
echo "USER_ARG_POSITION: $user_arg_pos"
|
|
fi
|
|
}
|
|
|
|
# Callback to intercept invalid result validation
|
|
abort_missmatch() {
|
|
echo "Error: $2"
|
|
echo "$date $time ${access_key_id:-api} $ip46 failed to login" >> $HESTIA/log/auth.log
|
|
|
|
# Add a log for user
|
|
if [[ "$1" == "$E_PASSWORD" && -n "$user" ]]; then
|
|
log_history "[$ip46] $access_key_id $2" "Error" "$user" "API"
|
|
fi
|
|
|
|
if [[ "$1" == "$E_FORBIDEN" ]]; then
|
|
exit "$1"
|
|
fi
|
|
|
|
exit "$E_PASSWORD"
|
|
}
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
# Add a callback to intercept invalid "check_result" results
|
|
CHECK_RESULT_CALLBACK="abort_missmatch"
|
|
|
|
check_args '3' "$#" 'ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]'
|
|
is_format_valid 'access_key_id' 'ip46' 'command'
|
|
is_object_valid 'key' 'KEY' "$access_key_id"
|
|
is_format_valid 'secret_access_key'
|
|
check_access_key_secret "$access_key_id" "$secret_access_key" user
|
|
check_access_key_cmd "$access_key_id" "$hst_command" user_arg_pos
|
|
|
|
# Check if key owner is active
|
|
is_format_valid 'user'
|
|
is_object_valid 'user' 'USER' "$user"
|
|
export USER_DATA=$HESTIA/data/users/$user
|
|
is_object_unsuspended 'user' 'USER' "$user"
|
|
|
|
# Remove the check_result callback
|
|
CHECK_RESULT_CALLBACK=""
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
# Listing data
|
|
case $format in
|
|
json) json_list ;;
|
|
shell) shell_list ;;
|
|
esac
|
|
|
|
#----------------------------------------------------------#
|
|
# Hestia #
|
|
#----------------------------------------------------------#
|
|
|
|
# Logging
|
|
log_history "[$ip46] Access key $access_key_id successfully launched with command $hst_command" "Info" "$user" "API"
|
|
echo "$date $time $access_key_id $ip46 $hst_command successfully launched" >> $HESTIA/log/auth.log
|
|
|
|
exit
|