mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-30 16:09:32 +00:00
196 lines
4.5 KiB
Bash
Executable file
196 lines
4.5 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
###!/usr/bin/env BASH
|
|
|
|
REDIS_HOSTNAME="127.0.0.1"
|
|
REDIS_PORT="6379"
|
|
REDIS_DB="0"
|
|
REDIS_PREFIX="ntopng.user." #keep this in synch with ntop_defines.h
|
|
|
|
NTOPNG_ALLOWED_NETWORKS="0.0.0.0/0,::/0"
|
|
NTOPNG_ALLOWED_IFNAME=""
|
|
NTOPNG_USER_ROLE="standard"
|
|
NTOPNG_USERNAME=""
|
|
NTOPNG_FULLNAME=""
|
|
NTOPNG_PASSWORD=""
|
|
NTOPNG_PASSWORD_MD5=""
|
|
|
|
function send_redis_cmd {
|
|
redis-cli -h $REDIS_HOSTNAME -p $REDIS_PORT -n $REDIS_DB $@
|
|
}
|
|
|
|
function is_ipv4 {
|
|
local ip=$1
|
|
local ret=1
|
|
|
|
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
|
|
OIFS=$IFS
|
|
IFS='.'
|
|
ip=($ip)
|
|
IFS=$OIFS
|
|
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
|
|
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
|
|
ret=$?
|
|
fi
|
|
|
|
return $ret
|
|
}
|
|
|
|
function is_ipv6 {
|
|
local ip=$1
|
|
local ret=1
|
|
|
|
if [[ $ip =~ ^.*:.*$ ]]; then
|
|
ret=0 #TODO: make ipv6 check less naive
|
|
fi
|
|
|
|
return $ret
|
|
}
|
|
function validate_allowed_networks {
|
|
local ret=0
|
|
# validate network masks for the allowed networks
|
|
local allowed_nets=${NTOPNG_ALLOWED_NETWORKS//,/$'\n'}
|
|
for network in $allowed_nets
|
|
do
|
|
local netmask=${network##*/}
|
|
local ipaddr=${network%/*}
|
|
if is_ipv4 $ipaddr && [ $netmask -le "32" ]
|
|
then
|
|
continue
|
|
elif is_ipv6 $ipaddr && [ $netmask -le "128" ]
|
|
then
|
|
continue
|
|
else
|
|
echo "unable to validate allowed network $network"
|
|
ret=1
|
|
break
|
|
fi
|
|
done
|
|
return $ret
|
|
}
|
|
|
|
function validate_user_role {
|
|
local role="$NTOPNG_USER_ROLE"
|
|
if [[ $role == "standard" || $role == "administrator" ]]
|
|
then
|
|
return 0
|
|
fi
|
|
echo "unknown role specified: use either standard or administrator"
|
|
return 1
|
|
}
|
|
|
|
function validate_allowed_ifname {
|
|
if [[ $NTOPNG_ALLOWED_IFNAME == "" ]]
|
|
then
|
|
# ok, don't want to specify an interface
|
|
return 0
|
|
fi
|
|
local ifname_exists=$(send_redis_cmd hget ntopng.prefs.iface_id $NTOPNG_ALLOWED_IFNAME)
|
|
if [[ $ifname_exists == "" ]]
|
|
then
|
|
echo "allowed interface specified does not exists"
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
function validate_username {
|
|
if [[ $NTOPNG_USERNAME == "" ]]
|
|
then
|
|
# don't allow empty usernames
|
|
return 1
|
|
fi
|
|
local username_exists=$(send_redis_cmd "get ${REDIS_PREFIX}${NTOPNG_USERNAME}.group")
|
|
if [[ $username_exists != "" ]]
|
|
then
|
|
echo "specified username already exists"
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
function password_md5 {
|
|
#make sure the md5 utility works as expected
|
|
local admin_md5=`echo -n admin | md5sum | cut -c 1-32`
|
|
if [[ $admin_md5 != "21232f297a57a5a743894a0e4a801fc3" ]]
|
|
then
|
|
echo "md5sum not working as expected"
|
|
return 1
|
|
fi
|
|
NTOPNG_PASSWORD_MD5=`echo -n $NTOPNG_PASSWORD | md5sum | cut -c 1-32`
|
|
return 0
|
|
}
|
|
|
|
function print_usage {
|
|
echo -e "\nCommand line utility to add ntopng users\n"
|
|
echo -e "Usage: $0 [-h redis_hostname] [-p redis_port] [-n redis_db] [-t allowed_networks] [-i allowed_ifname] [-r role] username password fullname"
|
|
}
|
|
|
|
while getopts "h:p:n:t:i:r:" opt; do
|
|
case "$opt" in
|
|
h)
|
|
REDIS_HOSTNAME="$OPTARG"
|
|
;;
|
|
p)
|
|
REDIS_PORT="$OPTARG"
|
|
;;
|
|
n)
|
|
REDIS_DB="$OPTARG"
|
|
;;
|
|
t)
|
|
NTOPNG_ALLOWED_NETWORKS="$OPTARG"
|
|
;;
|
|
i)
|
|
NTOPNG_ALLOWED_IFNAME="$OPTARG"
|
|
;;
|
|
r)
|
|
NTOPNG_USER_ROLE="$OPTARG"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
shift $((OPTIND-1))
|
|
|
|
[ "$1" = "--" ] && shift
|
|
|
|
if [ $# != 3 ] # username password fullname
|
|
then
|
|
# TODO: handle fullname with spaces
|
|
print_usage
|
|
exit 1
|
|
fi
|
|
NTOPNG_USERNAME="$1"
|
|
shift
|
|
NTOPNG_PASSWORD="$1"
|
|
shift
|
|
NTOPNG_FULLNAME="$1"
|
|
shift
|
|
|
|
echo "Using Redis: $REDIS_HOSTNAME:$REDIS_PORT@$REDIS_DB"
|
|
echo "username: $NTOPNG_USERNAME password: $NTOPNG_PASSWORD full name: $NTOPNG_FULLNAME"
|
|
echo "role: $NTOPNG_USER_ROLE"
|
|
echo "allowed networks: $NTOPNG_ALLOWED_NETWORKS"
|
|
echo "allowed ifname: $NTOPNG_ALLOWED_IFNAME"
|
|
|
|
|
|
if validate_allowed_networks && validate_allowed_ifname \
|
|
&& validate_user_role && validate_username && password_md5
|
|
then
|
|
send_redis_cmd "SET ${REDIS_PREFIX}${NTOPNG_USERNAME}.allowed_nets $NTOPNG_ALLOWED_NETWORKS" > /dev/null
|
|
if [[ $NTOPNG_ALLOWED_IFNAME != "" ]]
|
|
then
|
|
send_redis_cmd "SET ${REDIS_PREFIX}${NTOPNG_USERNAME}.allowed_ifname $NTOPNG_ALLOWED_IFNAME" > /dev/null
|
|
# forcefully set the user as non-privileged
|
|
NTOPNG_USER_ROLE="standard"
|
|
fi
|
|
send_redis_cmd "SET ${REDIS_PREFIX}${NTOPNG_USERNAME}.group $NTOPNG_USER_ROLE" > /dev/null
|
|
send_redis_cmd "SET ${REDIS_PREFIX}${NTOPNG_USERNAME}.full_name $NTOPNG_FULLNAME" > /dev/null
|
|
send_redis_cmd "SET ${REDIS_PREFIX}${NTOPNG_USERNAME}.password $NTOPNG_PASSWORD_MD5" > /dev/null
|
|
echo "User created successfully"
|
|
exit 0
|
|
else
|
|
exit 1
|
|
fi
|
|
|
|
|
|
|