From 3b9f48cfd6abf68c783aaff8ee91f77919d94e53 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 21 Dec 2024 15:30:16 +0100 Subject: [PATCH] add hsadmin-ng culr wrapper with CAS --- bin/hsadmin-ng | 140 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100755 bin/hsadmin-ng diff --git a/bin/hsadmin-ng b/bin/hsadmin-ng new file mode 100755 index 00000000..40a0dc4e --- /dev/null +++ b/bin/hsadmin-ng @@ -0,0 +1,140 @@ +#!/bin/bash + +if [ "$#" -eq 0 ]; then + cat <> [parameters] + + commands: +EOF + grep '") ''# ' $0 + exit +fi + +if [ "$1" == "--trace" ]; then + function trace() { + echo "$*" >&2 + } + function doCurl() { + set -x + curl "$@" + set +x + } + shift +else + function trace() { + : + } + function doCurl() { + curl "$@" + } +fi + +if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \ + [ -z "$HSADMINNG_CAS_USERNAME" ] || [ -z "$HSADMINNG_CAS_PASSWORD" ] || \ + [ -z "$HSADMINNG_CAS_SERVICE" ]; then + cat >&2 <> + export HSADMINNG_CAS_PASSWORD=<> + export HSADMINNG_CAS_SERVICE=https://hsadminng.hostsharing.net:443/ +EOF + exit 1 +fi + +function casLogin() { + HSADMINNG_CAS_TGT=`doCurl -s -i -X POST \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + -d "username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD" \ + $HSADMINNG_CAS_LOGIN -o /dev/null -D - \ + | grep -i "^Location: " | sed -e 's/^Location: //' -e 's/\\r//'` + echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt + trace "$HSADMINNG_CAS_TGT" +} + +function casTicket() { + HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt) + if [[ -z "$HSADMINNG_CAS_TGT" ]]; then + echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2 + exit 1 + fi + trace "CAS-TGT: $HSADMINNG_CAS_TGT" + + trace "fetching CAS service ticket" + trace "curl -s -d \"service=$HSADMINNG_CAS_SERVICE\" $HSADMINNG_CAS_TGT" + HSADMINNG_CAS_TICKET=$(curl -s -d "service=$HSADMINNG_CAS_SERVICE" $HSADMINNG_CAS_TGT) + if [[ -z "$HSADMINNG_CAS_TICKET" ]]; then + echo "ERROR: cannot get CAS service ticket" >&2 + exit 1 + fi + + echo $HSADMINNG_CAS_TICKET +} + +function casValidate() { + HSADMINNG_CAS_TICKET=`casTicket` + + trace "validating CAS-TICKET: $HSADMINNG_CAS_TICKET" + trace curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE} + HSADMINNG_CAS_USER=`curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE} | grep -oPm1 "(?<=)[^<]+"` + if [ -z "$HSADMINNG_CAS_USER" ]; then + echo "validation failed" >&2 + exit 1 + fi + echo "CAS-User: $HSADMINNG_CAS_USER" +} + +if ! find ~/.cas-login-tgt -type f -size +0c -mmin -60 2>/dev/null | grep -q .; then + casLogin +fi + +case "$1" in + "login") # explicitly login using CAS-server and credentials in HSADMINNG_CAS_..., fetches ticket granting ticket + casLogin + ;; + "logout") # logout, deleting ticket granting ticket + rm ~/.cas-login-tgt + ;; + "validate") # validate user login and print currently logged in user + casValidate + ;; + "get") # HTTP GET, add URL as parameter + shift + HSADMINNG_CAS_TICKET=`casTicket` + #trace "curl -f -s --header \"Authorization: $HSADMINNG_CAS_TICKET\" " "$@" + doCurl -f -H "Authorization: $HSADMINNG_CAS_TICKET" "$*" + ;; + "post") # HTTP POST, add curl options to specify the request body and the URL as last parameter + shift + HSADMINNG_CAS_TICKET=`casTicket` + trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" --header \"Content-Type: application/json\" -X POST " "$@" + curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" --header "Content-Type: application/json" -X POST "$@" + ;; + "patch") # HTTP PATCH, add curl options to specify the request body and the URL as last parameter + shift + HSADMINNG_CAS_TICKET=`casTicket` + trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" --header \"Content-Type: application/json\" -X PATCH " "$@" + curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" --header "Content-Type: application/json" -X POST "$*" + ;; + "delete") # HTTP DELETE, add curl options to specify the request body and the URL as last parameter + shift + HSADMINNG_CAS_TICKET=`casTicket` + trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" -X DELETE " "$@" + curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" -X POST "$@" + ;; + *) + cat >&2 <