Permalink
Browse files

Updated shell scripts to be compatible with HTTP Digest authentication

Because curl and wget do not let use a hashed password as parameter,
YaCy shell scripts which require authentication are now interactive by
default when HTTP Digest is the only available authentication method.
Batch mode can still be available trough the use of an environment
variable : YACY_ADMIN_PASSWORD.  

Other improvements :
 - added backward compatibility for Basic Authentication
 - fixed curl/wget presence detection 
 - do not return with exit code 0 when an API call failed, and print an
error message when the case occurs
 - documented available authentication options for API calls
  • Loading branch information...
luccioman committed Mar 21, 2017
1 parent bdadbda commit 29e511062769b24a93493bdcd549edfeaa14be35
Showing with 106 additions and 24 deletions.
  1. +41 −7 bin/apicall.sh
  2. +43 −6 bin/apicat.sh
  3. +4 −2 bin/down.sh
  4. +10 −2 bin/passwd.sh
  5. +4 −4 bin/search1.sh
  6. +4 −3 stopYACY.sh
@@ -1,14 +1,48 @@
#!/usr/bin/env sh
# Call an HTTP API on the local YaCy peer, authenticated as administrator
#
# Authentication options :
# - enable unauthenticated local access as administrator : set adminAccountForLocalhost=true in the DATA/SETTINGS/yacy.conf file
# - OR use the legacy Basic HTTP authentication mode (unsecured for remote access): set the "auth-method" to BASIC in the defaults/web.xml file
# - OR use the Digest HTTP authentication mode : set the "auth-method" to DIGEST in the defaults/web.xml file.
# With that last option, the script will run in interactive mode as default, prompting for the administrator password.
# To run in batch mode, you must first export an environment variable filled with the clear-text administrator password before using this script :
# For example with > export YACY_ADMIN_PASSWORD=your_admin_password
#
cd "`dirname $0`"
port=$(grep ^port= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
admin=$(grep ^adminAccountUserName= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
pw=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
adminAccountForLocalhost=$(grep ^adminAccountForLocalhost= ../DATA/SETTINGS/yacy.conf | cut -d= -f2)
if which curl &>/dev/null; then
curl -s -u $admin:$pw "http://127.0.0.1:$port/$1"
elif which wget &>/dev/null; then
wget -q -t 1 --timeout=120 --http-user $admin --http-password $pw "http://127.0.0.1:$port/$1" -O -
else
exit 1
if grep "<auth-method>BASIC</auth-method>" ../defaults/web.xml > /dev/null; then
# When authentication method is in basic mode, use directly the password hash from the configuration file
YACY_ADMIN_PASSWORD=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
fi
if which curl > /dev/null; then
if [ "$adminAccountForLocalhost" = "true" ]; then
# localhost access as administrator without authentication is enabled
curl -sSf "http://127.0.0.1:$port/$1"
elif [ -n "$YACY_ADMIN_PASSWORD" ]; then
# admin password is provided as environment variable : let's use it
curl -sSf --anyauth -u "$admin:$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1"
else
# no password environment variable : it will be asked interactively
curl -sSf --anyauth -u "$admin" "http://127.0.0.1:$port/$1"
fi
elif which wget > /dev/null; then
if [ "$adminAccountForLocalhost" = "true" ]; then
# localhost access as administrator without authentication is enabled
wget -nv -t 1 --timeout=120 "http://127.0.0.1:$port/$1" -O -
elif [ -n "$YACY_ADMIN_PASSWORD" ]; then
# admin password is provided as environment variable : let's use it
wget -nv -t 1 --timeout=120 --http-user "$admin" --http-password "$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1" -O -
else
# no password environment variable : it will be asked interactively
wget -nv -t 1 --timeout=120 --http-user "$admin" --ask-password "http://127.0.0.1:$port/$1" -O -
fi
else
echo "Please install curl or wget" > /dev/stderr
exit 1
fi
@@ -1,12 +1,49 @@
#!/usr/bin/env sh
# Call an HTTP API on the local YaCy peer, authenticated as administrator, then print the result on the standard output
# Almost the same as apicall.sh, except that wget doesn't print information messages to the standard output, only the result
#
# Authentication options :
# - enable unauthenticated local access as administrator : set adminAccountForLocalhost=true in the DATA/SETTINGS/yacy.conf file
# - OR use the legacy Basic HTTP authentication mode (unsecured for remote access): set the "auth-method" to BASIC in the defaults/web.xml file
# - OR use the Digest HTTP authentication mode : set the "auth-method" to DIGEST in the defaults/web.xml file.
# With that last option, the script will run in interactive mode as default, prompting for the administrator password.
# To run in batch mode, you must first export an environment variable filled with the clear-text administrator password before using this script :
# For example with > export YACY_ADMIN_PASSWORD=your_admin_password
#
cd "`dirname $0`"
port=$(grep ^port= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
pw=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
admin=$(grep ^adminAccountUserName= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
adminAccountForLocalhost=$(grep ^adminAccountForLocalhost= ../DATA/SETTINGS/yacy.conf | cut -d= -f2)
if grep "<auth-method>BASIC</auth-method>" ../defaults/web.xml > /dev/null; then
# When authentication method is in basic mode, use directly the password hash from the configuration file
YACY_ADMIN_PASSWORD=$(grep ^adminAccountBase64MD5= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
fi
if which curl &>/dev/null; then
curl -s --header "Authorization: realm=$pw" "http://127.0.0.1:$port/$1"
elif which wget &>/dev/null; then
wget -q -t 1 --timeout=5 --header "Authorization: realm=$pw" "http://127.0.0.1:$port/$1"
if which curl > /dev/null; then
if [ "$adminAccountForLocalhost" = "true" ]; then
# localhost access as administrator without authentication is enabled
curl -sSf "http://127.0.0.1:$port/$1"
elif [ -n "$YACY_ADMIN_PASSWORD" ]; then
# admin password is provided as environment variable : let's use it
curl -sSf --anyauth -u "$admin:$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1"
else
# no password environment variable : it will be asked interactively
curl -sSf --anyauth -u "$admin" "http://127.0.0.1:$port/$1"
fi
elif which wget > /dev/null; then
if [ "$adminAccountForLocalhost" = "true" ]; then
# localhost access as administrator without authentication is enabled
wget -q -t 1 --timeout=120 "http://127.0.0.1:$port/$1" -O -
elif [ -n "$YACY_ADMIN_PASSWORD" ]; then
# admin password is provided as environment variable : let's use it
wget -q -t 1 --timeout=120 --http-user "$admin" --http-password "$YACY_ADMIN_PASSWORD" "http://127.0.0.1:$port/$1" -O -
else
# no password environment variable : it will be asked interactively
wget -q -t 1 --timeout=120 --http-user "$admin" --ask-password "http://127.0.0.1:$port/$1" -O -
fi
else
exit 1
echo "Please install curl or wget" > /dev/stderr
exit 1
fi
@@ -1,11 +1,13 @@
#!/usr/bin/env sh
cd "`dirname $0`"
port=$(grep ^port= ../DATA/SETTINGS/yacy.conf |cut -d= -f2)
if which curl &>/dev/null; then
if which curl > /dev/null; then
curl -s "http://localhost:$port/Network.xml?page=2&ip=" | awk '/<address>/{ gsub("<address>","" );gsub("<\/address>","" ); print $0 }' | awk '{print $1}'
elif which wget &>/dev/null; then
elif which wget > /dev/null; then
wget -q -O - "http://localhost:$port/Network.xml?page=2&ip=" | awk '/<address>/{ gsub("<address>","" );gsub("<\/address>","" ); print $0 }' | awk '{print $1}'
else
echo "Please install curl or wget" > /dev/stderr
exit 1
fi
@@ -1,4 +1,12 @@
#!/usr/bin/env sh
cd "`dirname $0`"
./apicall.sh "/ConfigAccounts_p.html?setAdmin=&adminuser=admin&adminpw1=$1&adminpw2=$1&access=" > /dev/null
echo "Password for User Name 'admin' set to '$1'"
if [ -z "$1" ]; then
echo "Usage : ./passwd.sh NEW_PASSWORD"
exit 2
fi
(./apicall.sh "ConfigAccounts_p.html?setAdmin=&adminuser=admin&adminpw1=$1&adminpw2=$1&access=" > /dev/null && \
echo "Password for User Name 'admin' set to '$1'") || \
(echo "Password setting failed" && \
exit 1)
@@ -1,19 +1,19 @@
#!/usr/bin/env sh
cd "`dirname $0`"
if which curl &>/dev/null; then
if which curl > /dev/null; then
while getopts "ys" opt; do
case $opt in
y)
shift;
curl -s "http://$1/yacysearch.rss?query=$2" | awk '/^<link>/{ gsub("<link>","" );gsub("<\/link>","" ); print $0 }'
curl -sSf "http://$1/yacysearch.rss?query=$2" | awk '/^<link>/{ gsub("<link>","" );gsub("<\/link>","" ); print $0 }'
;;
s)
shift;
curl -s "http://$1/solr/select?q=text_t:$2&start=0&rows=100&fl=sku&wt=rss" | awk '/^<link>/{ gsub("<link>","" );gsub("<\/link>","" ); print $0 }'
curl -sSf "http://$1/solr/select?q=text_t:$2&start=0&rows=100&fl=sku&wt=rss" | awk '/^<link>/{ gsub("<link>","" );gsub("<\/link>","" ); print $0 }'
;;
esac
done
elif which wget &>/dev/null; then
elif which wget > /dev/null; then
while getopts "ys" opt; do
case $opt in
y)
@@ -1,10 +1,11 @@
#!/usr/bin/env sh
cd `dirname $0`
bin/apicall.sh "Steering.html?shutdown=true" > /dev/null
(bin/apicall.sh "Steering.html?shutdown=true" > /dev/null && \
echo "Please wait until the YaCy daemon process terminates [wget]"
echo "You can monitor this with 'tail -f DATA/LOG/yacy00.log' and 'fuser log/yacy00.log'"
echo "Please wait until the YaCy daemon process terminates [wget]" && \
echo "You can monitor this with 'tail -f DATA/LOG/yacy00.log' and 'fuser log/yacy00.log'") || \
exit $?
# wait until the yacy.running file disappears which means that YaCy has terminated
# If you don't want to wait, just run this concurrently

0 comments on commit 29e5110

Please sign in to comment.