2024-12-21 15:30:16 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
2024-12-21 15:54:32 +01:00
|
|
|
if [ "$#" -eq 0 ] || [ "$1" == "help" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ]; then
|
2024-12-21 15:30:16 +01:00
|
|
|
cat <<EOF
|
|
|
|
curl-wrapper utilizing CAS-authentification for hsadmin-ng"
|
|
|
|
usage: $0 [--trace] <<command>> [parameters]
|
|
|
|
|
|
|
|
commands:
|
|
|
|
EOF
|
|
|
|
grep '") ''# ' $0
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$1" == "--trace" ]; then
|
|
|
|
function trace() {
|
|
|
|
echo "$*" >&2
|
|
|
|
}
|
|
|
|
function doCurl() {
|
|
|
|
set -x
|
|
|
|
curl "$@"
|
|
|
|
set +x
|
|
|
|
}
|
|
|
|
shift
|
|
|
|
else
|
|
|
|
function trace() {
|
|
|
|
:
|
|
|
|
}
|
|
|
|
function doCurl() {
|
|
|
|
curl "$@"
|
|
|
|
}
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \
|
|
|
|
[ -z "$HSADMINNG_CAS_SERVICE" ]; then
|
|
|
|
cat >&2 <<EOF
|
|
|
|
ERROR: environment incomplete
|
|
|
|
|
|
|
|
please set the following environment variables:
|
|
|
|
export HSADMINNG_CAS_LOGIN=https://login.hostsharing.net/cas/v1/tickets
|
|
|
|
export HSADMINNG_CAS_VALIDATE=https://login.hostsharing.net/cas/proxyValidate
|
2024-12-21 15:51:17 +01:00
|
|
|
export HSADMINNG_CAS_USERNAME=<<optionally, your username, or leave empty after '='>>
|
|
|
|
export HSADMINNG_CAS_PASSWORD=<<optionally, your password, or leave empty after '='>>
|
2024-12-21 15:30:16 +01:00
|
|
|
export HSADMINNG_CAS_SERVICE=https://hsadminng.hostsharing.net:443/
|
|
|
|
EOF
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
function casLogin() {
|
2024-12-21 15:51:17 +01:00
|
|
|
|
|
|
|
if [ -z "$HSADMINNG_CAS_USERNAME" ]; then
|
|
|
|
read -p "Username: " HSADMINNG_CAS_USERNAME
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "$HSADMINNG_CAS_PASSWORD" ]; then
|
|
|
|
read -p "Password: " HSADMINNG_CAS_PASSWORD
|
|
|
|
fi
|
|
|
|
|
2024-12-21 15:30:16 +01:00
|
|
|
HSADMINNG_CAS_TGT=`doCurl -s -i -X POST \
|
|
|
|
-H 'Content-Type: application/x-www-form-urlencoded' \
|
|
|
|
-d "username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD" \
|
|
|
|
$HSADMINNG_CAS_LOGIN -o /dev/null -D - \
|
|
|
|
| grep -i "^Location: " | sed -e 's/^Location: //' -e 's/\\r//'`
|
|
|
|
echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
|
|
|
|
trace "$HSADMINNG_CAS_TGT"
|
|
|
|
}
|
|
|
|
|
|
|
|
function casTicket() {
|
|
|
|
HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
|
|
|
|
if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
|
|
|
|
echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
trace "CAS-TGT: $HSADMINNG_CAS_TGT"
|
|
|
|
|
|
|
|
trace "fetching CAS service ticket"
|
|
|
|
trace "curl -s -d \"service=$HSADMINNG_CAS_SERVICE\" $HSADMINNG_CAS_TGT"
|
|
|
|
HSADMINNG_CAS_TICKET=$(curl -s -d "service=$HSADMINNG_CAS_SERVICE" $HSADMINNG_CAS_TGT)
|
|
|
|
if [[ -z "$HSADMINNG_CAS_TICKET" ]]; then
|
|
|
|
echo "ERROR: cannot get CAS service ticket" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo $HSADMINNG_CAS_TICKET
|
|
|
|
}
|
|
|
|
|
|
|
|
function casValidate() {
|
|
|
|
HSADMINNG_CAS_TICKET=`casTicket`
|
|
|
|
|
|
|
|
trace "validating CAS-TICKET: $HSADMINNG_CAS_TICKET"
|
|
|
|
trace curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE}
|
|
|
|
HSADMINNG_CAS_USER=`curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE} | grep -oPm1 "(?<=<cas:user>)[^<]+"`
|
|
|
|
if [ -z "$HSADMINNG_CAS_USER" ]; then
|
|
|
|
echo "validation failed" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
echo "CAS-User: $HSADMINNG_CAS_USER"
|
|
|
|
}
|
|
|
|
|
|
|
|
if ! find ~/.cas-login-tgt -type f -size +0c -mmin -60 2>/dev/null | grep -q .; then
|
|
|
|
casLogin
|
|
|
|
fi
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
"login") # explicitly login using CAS-server and credentials in HSADMINNG_CAS_..., fetches ticket granting ticket
|
|
|
|
casLogin
|
|
|
|
;;
|
|
|
|
"logout") # logout, deleting ticket granting ticket
|
|
|
|
rm ~/.cas-login-tgt
|
|
|
|
;;
|
|
|
|
"validate") # validate user login and print currently logged in user
|
|
|
|
casValidate
|
|
|
|
;;
|
|
|
|
"get") # HTTP GET, add URL as parameter
|
|
|
|
shift
|
|
|
|
HSADMINNG_CAS_TICKET=`casTicket`
|
|
|
|
#trace "curl -f -s --header \"Authorization: $HSADMINNG_CAS_TICKET\" " "$@"
|
|
|
|
doCurl -f -H "Authorization: $HSADMINNG_CAS_TICKET" "$*"
|
|
|
|
;;
|
|
|
|
"post") # HTTP POST, add curl options to specify the request body and the URL as last parameter
|
|
|
|
shift
|
|
|
|
HSADMINNG_CAS_TICKET=`casTicket`
|
|
|
|
trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" --header \"Content-Type: application/json\" -X POST " "$@"
|
|
|
|
curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" --header "Content-Type: application/json" -X POST "$@"
|
|
|
|
;;
|
|
|
|
"patch") # HTTP PATCH, add curl options to specify the request body and the URL as last parameter
|
|
|
|
shift
|
|
|
|
HSADMINNG_CAS_TICKET=`casTicket`
|
|
|
|
trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" --header \"Content-Type: application/json\" -X PATCH " "$@"
|
|
|
|
curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" --header "Content-Type: application/json" -X POST "$*"
|
|
|
|
;;
|
|
|
|
"delete") # HTTP DELETE, add curl options to specify the request body and the URL as last parameter
|
|
|
|
shift
|
|
|
|
HSADMINNG_CAS_TICKET=`casTicket`
|
|
|
|
trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" -X DELETE " "$@"
|
|
|
|
curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" -X POST "$@"
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
cat >&2 <<EOF
|
|
|
|
unknown command: '$1'
|
2024-12-21 15:54:32 +01:00
|
|
|
valid commands: help, login, logout, validate, get, post, patch, delete
|
2024-12-21 15:30:16 +01:00
|
|
|
EOF
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|