From 29e511062769b24a93493bdcd549edfeaa14be35 Mon Sep 17 00:00:00 2001 From: luccioman Date: Tue, 21 Mar 2017 17:15:01 +0100 Subject: [PATCH] Updated shell scripts to be compatible with HTTP Digest authentication Because curl and wget do not let use a hashed password as parameter, YaCy shell scripts which require authentication are now interactive by default when HTTP Digest is the only available authentication method. Batch mode can still be available trough the use of an environment variable : YACY_ADMIN_PASSWORD. Other improvements : - added backward compatibility for Basic Authentication - fixed curl/wget presence detection - do not return with exit code 0 when an API call failed, and print an error message when the case occurs - documented available authentication options for API calls --- bin/apicall.sh | 48 +++++++++++++++++++++++++++++++++++++++++------- bin/apicat.sh | 49 +++++++++++++++++++++++++++++++++++++++++++------ bin/down.sh | 6 ++++-- bin/passwd.sh | 12 ++++++++++-- bin/search1.sh | 8 ++++---- stopYACY.sh | 7 ++++--- 6 files changed, 106 insertions(+), 24 deletions(-) diff --git a/bin/apicall.sh b/bin/apicall.sh index d549e4282..b1864a7f8 100755 --- a/bin/apicall.sh +++ b/bin/apicall.sh @@ -1,14 +1,48 @@ #!/usr/bin/env sh +# Call an HTTP API on the local YaCy peer, authenticated as administrator +# +# Authentication options : +# - enable unauthenticated local access as administrator : set adminAccountForLocalhost=true in the DATA/SETTINGS/yacy.conf file +# - OR use the legacy Basic HTTP authentication mode (unsecured for remote access): set the "auth-method" to BASIC in the defaults/web.xml file +# - OR use the Digest HTTP authentication mode : set the "auth-method" to DIGEST in the defaults/web.xml file. +# With that last option, the script will run in interactive mode as default, prompting for the administrator password. +# To run in batch mode, you must first export an environment variable filled with the clear-text administrator password before using this script : +# For example with > export YACY_ADMIN_PASSWORD=your_admin_password +# + cd "`dirname $0`" port=$(grep ^port= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) admin=$(grep ^adminAccountUserName= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) -pw=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) +adminAccountForLocalhost=$(grep ^adminAccountForLocalhost= ../DATA/SETTINGS/yacy.conf | cut -d= -f2) -if which curl &>/dev/null; then - curl -s -u $admin:$pw "http://127.0.0.1:$port/$1" -elif which wget &>/dev/null; then - wget -q -t 1 --timeout=120 --http-user $admin --http-password $pw "http://127.0.0.1:$port/$1" -O - -else - exit 1 +if grep "BASIC" ../defaults/web.xml > /dev/null; then + # When authentication method is in basic mode, use directly the password hash from the configuration file + YACY_ADMIN_PASSWORD=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) fi +if which curl > /dev/null; then + if [ "$adminAccountForLocalhost" = "true" ]; then + # localhost access as administrator without authentication is enabled + curl -sSf "http://127.0.0.1:$port/$1" + elif [ -n "$YACY_ADMIN_PASSWORD" ]; then + # admin password is provided as environment variable : let's use it + curl -sSf --anyauth -u "$admin:$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1" + else + # no password environment variable : it will be asked interactively + curl -sSf --anyauth -u "$admin" "http://127.0.0.1:$port/$1" + fi +elif which wget > /dev/null; then + if [ "$adminAccountForLocalhost" = "true" ]; then + # localhost access as administrator without authentication is enabled + wget -nv -t 1 --timeout=120 "http://127.0.0.1:$port/$1" -O - + elif [ -n "$YACY_ADMIN_PASSWORD" ]; then + # admin password is provided as environment variable : let's use it + wget -nv -t 1 --timeout=120 --http-user "$admin" --http-password "$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1" -O - + else + # no password environment variable : it will be asked interactively + wget -nv -t 1 --timeout=120 --http-user "$admin" --ask-password "http://127.0.0.1:$port/$1" -O - + fi +else + echo "Please install curl or wget" > /dev/stderr + exit 1 +fi diff --git a/bin/apicat.sh b/bin/apicat.sh index 309b0eb4f..b0b3fcda9 100755 --- a/bin/apicat.sh +++ b/bin/apicat.sh @@ -1,12 +1,49 @@ #!/usr/bin/env sh +# Call an HTTP API on the local YaCy peer, authenticated as administrator, then print the result on the standard output +# Almost the same as apicall.sh, except that wget doesn't print information messages to the standard output, only the result +# +# Authentication options : +# - enable unauthenticated local access as administrator : set adminAccountForLocalhost=true in the DATA/SETTINGS/yacy.conf file +# - OR use the legacy Basic HTTP authentication mode (unsecured for remote access): set the "auth-method" to BASIC in the defaults/web.xml file +# - OR use the Digest HTTP authentication mode : set the "auth-method" to DIGEST in the defaults/web.xml file. +# With that last option, the script will run in interactive mode as default, prompting for the administrator password. +# To run in batch mode, you must first export an environment variable filled with the clear-text administrator password before using this script : +# For example with > export YACY_ADMIN_PASSWORD=your_admin_password +# + cd "`dirname $0`" port=$(grep ^port= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) -pw=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) +admin=$(grep ^adminAccountUserName= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) +adminAccountForLocalhost=$(grep ^adminAccountForLocalhost= ../DATA/SETTINGS/yacy.conf | cut -d= -f2) + +if grep "BASIC" ../defaults/web.xml > /dev/null; then + # When authentication method is in basic mode, use directly the password hash from the configuration file + YACY_ADMIN_PASSWORD=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) +fi -if which curl &>/dev/null; then - curl -s --header "Authorization: realm=$pw" "http://127.0.0.1:$port/$1" -elif which wget &>/dev/null; then - wget -q -t 1 --timeout=5 --header "Authorization: realm=$pw" "http://127.0.0.1:$port/$1" +if which curl > /dev/null; then + if [ "$adminAccountForLocalhost" = "true" ]; then + # localhost access as administrator without authentication is enabled + curl -sSf "http://127.0.0.1:$port/$1" + elif [ -n "$YACY_ADMIN_PASSWORD" ]; then + # admin password is provided as environment variable : let's use it + curl -sSf --anyauth -u "$admin:$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1" + else + # no password environment variable : it will be asked interactively + curl -sSf --anyauth -u "$admin" "http://127.0.0.1:$port/$1" + fi +elif which wget > /dev/null; then + if [ "$adminAccountForLocalhost" = "true" ]; then + # localhost access as administrator without authentication is enabled + wget -q -t 1 --timeout=120 "http://127.0.0.1:$port/$1" -O - + elif [ -n "$YACY_ADMIN_PASSWORD" ]; then + # admin password is provided as environment variable : let's use it + wget -q -t 1 --timeout=120 --http-user "$admin" --http-password "$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1" -O - + else + # no password environment variable : it will be asked interactively + wget -q -t 1 --timeout=120 --http-user "$admin" --ask-password "http://127.0.0.1:$port/$1" -O - + fi else - exit 1 + echo "Please install curl or wget" > /dev/stderr + exit 1 fi diff --git a/bin/down.sh b/bin/down.sh index a435840c0..8a83f40fc 100755 --- a/bin/down.sh +++ b/bin/down.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh cd "`dirname $0`" port=$(grep ^port= ../DATA/SETTINGS/yacy.conf |cut -d= -f2) -if which curl &>/dev/null; then + +if which curl > /dev/null; then curl -s "http://localhost:$port/Network.xml?page=2&ip=" | awk '/
/{ gsub("
","" );gsub("<\/address>","" ); print $0 }' | awk '{print $1}' -elif which wget &>/dev/null; then +elif which wget > /dev/null; then wget -q -O - "http://localhost:$port/Network.xml?page=2&ip=" | awk '/
/{ gsub("
","" );gsub("<\/address>","" ); print $0 }' | awk '{print $1}' else + echo "Please install curl or wget" > /dev/stderr exit 1 fi diff --git a/bin/passwd.sh b/bin/passwd.sh index 7152dd515..62267fc46 100755 --- a/bin/passwd.sh +++ b/bin/passwd.sh @@ -1,4 +1,12 @@ #!/usr/bin/env sh cd "`dirname $0`" -./apicall.sh "/ConfigAccounts_p.html?setAdmin=&adminuser=admin&adminpw1=$1&adminpw2=$1&access=" > /dev/null -echo "Password for User Name 'admin' set to '$1'" \ No newline at end of file + +if [ -z "$1" ]; then + echo "Usage : ./passwd.sh NEW_PASSWORD" + exit 2 +fi + +(./apicall.sh "ConfigAccounts_p.html?setAdmin=&adminuser=admin&adminpw1=$1&adminpw2=$1&access=" > /dev/null && \ +echo "Password for User Name 'admin' set to '$1'") || \ +(echo "Password setting failed" && \ +exit 1) \ No newline at end of file diff --git a/bin/search1.sh b/bin/search1.sh index 2a9c197ae..77ac223d5 100755 --- a/bin/search1.sh +++ b/bin/search1.sh @@ -1,19 +1,19 @@ #!/usr/bin/env sh cd "`dirname $0`" -if which curl &>/dev/null; then +if which curl > /dev/null; then while getopts "ys" opt; do case $opt in y) shift; - curl -s "http://$1/yacysearch.rss?query=$2" | awk '/^/{ gsub("","" );gsub("<\/link>","" ); print $0 }' + curl -sSf "http://$1/yacysearch.rss?query=$2" | awk '/^/{ gsub("","" );gsub("<\/link>","" ); print $0 }' ;; s) shift; - curl -s "http://$1/solr/select?q=text_t:$2&start=0&rows=100&fl=sku&wt=rss" | awk '/^/{ gsub("","" );gsub("<\/link>","" ); print $0 }' + curl -sSf "http://$1/solr/select?q=text_t:$2&start=0&rows=100&fl=sku&wt=rss" | awk '/^/{ gsub("","" );gsub("<\/link>","" ); print $0 }' ;; esac done -elif which wget &>/dev/null; then +elif which wget > /dev/null; then while getopts "ys" opt; do case $opt in y) diff --git a/stopYACY.sh b/stopYACY.sh index 1a679e68d..1109eaad0 100755 --- a/stopYACY.sh +++ b/stopYACY.sh @@ -1,10 +1,11 @@ #!/usr/bin/env sh cd `dirname $0` -bin/apicall.sh "Steering.html?shutdown=true" > /dev/null +(bin/apicall.sh "Steering.html?shutdown=true" > /dev/null && \ -echo "Please wait until the YaCy daemon process terminates [wget]" -echo "You can monitor this with 'tail -f DATA/LOG/yacy00.log' and 'fuser log/yacy00.log'" +echo "Please wait until the YaCy daemon process terminates [wget]" && \ +echo "You can monitor this with 'tail -f DATA/LOG/yacy00.log' and 'fuser log/yacy00.log'") || \ +exit $? # wait until the yacy.running file disappears which means that YaCy has terminated # If you don't want to wait, just run this concurrently