1 | #!/bin/bash
|
2 | USAGE_SHORT="Usage: $0 --user <user_name> --password <password> --password-file <file_containing_password>"
|
3 | read -r -d '' USAGE_LONG << EOM
|
4 | Usage: $0
|
5 | -h|--help Print this message and exit
|
6 | --user <user_name> User to create, or 'admin' to update admin password
|
7 | --password <password> Password to set for user. Must specify this or --password-file
|
8 | --password-file <file> Full path to file containing password to set for user. Must specify this or --password
|
9 | --password-encrypted Indicates that the password is encrypted *
|
10 |
|
11 | * If using an encrypted password, assumes it was encrypted with encrypteDataToFile.js or generatePassword.js
|
12 | EOM
|
13 |
|
14 | ARGS=`getopt -o h --long help,user:,password:,password-file:,password-encrypted -n $0 -- "$@"`
|
15 | if [ $? -ne 0 ]; then
|
16 | echo $USAGE_SHORT
|
17 | exit 1
|
18 | fi
|
19 |
|
20 | eval set -- "$ARGS"
|
21 |
|
22 |
|
23 | SED=/bin/sed
|
24 | TMSH=/usr/bin/tmsh
|
25 | SHRED=/usr/bin/shred
|
26 |
|
27 |
|
28 | HELP=false
|
29 | PASSWORD_ENCRYPTED=false
|
30 |
|
31 |
|
32 | while true; do
|
33 | case "$1" in
|
34 | -h|--help)
|
35 | HELP=true;
|
36 | shift ;;
|
37 | --user)
|
38 | USERNAME="$2";
|
39 | shift 2 ;;
|
40 | --password)
|
41 | RAW_PASSWORD="$2";
|
42 | shift 2 ;;
|
43 | --password-file)
|
44 | PASSWORD_FILE="$2";
|
45 | shift 2 ;;
|
46 | --password-encrypted)
|
47 | PASSWORD_ENCRYPTED=true;
|
48 | shift ;;
|
49 | --)
|
50 | shift
|
51 | break ;;
|
52 | esac
|
53 | done
|
54 |
|
55 | if [[ $HELP == true ]]; then
|
56 | echo "$USAGE_LONG"
|
57 | exit
|
58 | fi
|
59 |
|
60 | if [[ -z "$USERNAME" ]] || [[ -z "$RAW_PASSWORD" && -z "$PASSWORD_FILE" ]]; then
|
61 | echo "$USAGE_LONG"
|
62 | exit 1
|
63 | fi
|
64 |
|
65 | . $(dirname $0)/util.sh
|
66 |
|
67 | if [[ -n "$PASSWORD_FILE" ]]; then
|
68 | RAW_PASSWORD=$(cat "$PASSWORD_FILE")
|
69 | fi
|
70 |
|
71 | if [[ "$PASSWORD_ENCRYPTED" == true ]]; then
|
72 |
|
73 | BIG_IP_LOCAL_PRIVATE_KEY_FOLDER=CloudLibsLocal
|
74 | BIG_IP_LOCAL_PRIVATE_KEY_NAME=cloudLibsLocalPrivate
|
75 | BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME=cloudLibsLocalPrivate.key
|
76 |
|
77 |
|
78 | create_temp_dir /mnt/cloudTemp 8k
|
79 | PASSPHRASE_FILE=/mnt/cloudTemp/passphrase.out
|
80 |
|
81 |
|
82 | if [[ -n $(/usr/bin/tmsh list sys file ssl-key /${BIG_IP_LOCAL_PRIVATE_KEY_FOLDER}/${BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME}) ]]; then
|
83 | BIG_IP_LOCAL_PRIVATE_KEY_NAME="$BIG_IP_LOCAL_PRIVATE_KEY_SUFFIXED_NAME"
|
84 | fi
|
85 |
|
86 | PASSPHRASE=$(/usr/bin/tmsh list sys file ssl-key /${BIG_IP_LOCAL_PRIVATE_KEY_FOLDER}/${BIG_IP_LOCAL_PRIVATE_KEY_NAME} | /bin/grep passphrase | /bin/awk '{print $2}')
|
87 | $(dirname $0)/decryptConfValue "$PASSPHRASE" > "$PASSPHRASE_FILE"
|
88 |
|
89 |
|
90 | PRIVATE_KEY_FULL_PATH=$(get_private_key_path "$BIG_IP_LOCAL_PRIVATE_KEY_FOLDER" "$BIG_IP_LOCAL_PRIVATE_KEY_NAME")
|
91 |
|
92 |
|
93 | if [[ -n "$PRIVATE_KEY_FULL_PATH" ]]; then
|
94 | ACTUAL_PASSWORD=$(/usr/bin/base64 -d <<< "$RAW_PASSWORD" | /usr/bin/openssl pkeyutl -decrypt -passin file:"$PASSPHRASE_FILE" -inkey "$PRIVATE_KEY_FULL_PATH" -pkeyopt rsa_padding_mode:oaep)
|
95 | else
|
96 | echo No private key found
|
97 | fi
|
98 |
|
99 |
|
100 | wipe_temp_dir /mnt/cloudTemp
|
101 | else
|
102 | ACTUAL_PASSWORD="$RAW_PASSWORD"
|
103 | fi
|
104 |
|
105 | if [[ -n "$ACTUAL_PASSWORD" ]]; then
|
106 | PASSWORD=$(echo "$ACTUAL_PASSWORD" | $SED -e $'s:[!\'"%{};/|#\x20\\\\]:\\\\&:g')
|
107 |
|
108 | if [[ "$USERNAME" == admin ]]; then
|
109 | $TMSH modify /auth user "$USERNAME" password "$PASSWORD"
|
110 | else
|
111 | $TMSH create auth user "$USERNAME" password "$PASSWORD" shell bash partition-access replace-all-with { all-partitions { role admin } }
|
112 | fi
|
113 | else
|
114 | echo Could not retrieve password
|
115 | exit 1
|
116 | fi
|
117 |
|
\ | No newline at end of file |