CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Retry so-user commands if another process is currently using so-user

Browse Source
This commit is contained in:
Jason Ertel
2022-10-27 15:25:08 -04:00
parent 6347532dd8
commit 35fab05bdd
1 changed files with 63 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
salt/soc/files/bin/salt-relay.sh
View File

@@ -56,57 +56,69 @@ function manage_user() {
request=$1 request=$1
op=$(echo "$request" | jq -r .operation) op=$(echo "$request" | jq -r .operation)
case "$op" in max_tries=10
add) tries=0
email=$(echo "$request" | jq -r .email) while [[ $tries -lt $max_tries ]]; do
password=$(echo "$request" | jq -r .password) case "$op" in
role=$(echo "$request" | jq -r .role) add)
firstName=$(echo "$request" | jq -r .firstName) email=$(echo "$request" | jq -r .email)
lastName=$(echo "$request" | jq -r .lastName) password=$(echo "$request" | jq -r .password)
note=$(echo "$request" | jq -r .note) role=$(echo "$request" | jq -r .role)
log "Performing user '$op' for user '$email' with firstname '$firstName', lastname '$lastName', note '$note' and role '$role'" firstName=$(echo "$request" | jq -r .firstName)
response=$(echo "$password" | so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note" --role "$role" --skip-sync) lastName=$(echo "$request" | jq -r .lastName)
exit_code=$? note=$(echo "$request" | jq -r .note)
;; log "Performing user '$op' for user '$email' with firstname '$firstName', lastname '$lastName', note '$note' and role '$role'"
add|enable|disable|delete) response=$(echo "$password" | so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note" --role "$role" --skip-sync)
email=$(echo "$request" | jq -r .email) exit_code=$?
log "Performing user '$op' for user '$email'" ;;
response=$(so-user "$op" --email "$email" --skip-sync) add|enable|disable|delete)
exit_code=$? email=$(echo "$request" | jq -r .email)
;; log "Performing user '$op' for user '$email'"
addrole|delrole) response=$(so-user "$op" --email "$email" --skip-sync)
email=$(echo "$request" | jq -r .email) exit_code=$?
role=$(echo "$request" | jq -r .role) ;;
log "Performing '$op' for user '$email' with role '$role'" addrole|delrole)
response=$(so-user "$op" --email "$email" --role "$role" --skip-sync) email=$(echo "$request" | jq -r .email)
exit_code=$? role=$(echo "$request" | jq -r .role)
;; log "Performing '$op' for user '$email' with role '$role'"
password) response=$(so-user "$op" --email "$email" --role "$role" --skip-sync)
email=$(echo "$request" | jq -r .email) exit_code=$?
password=$(echo "$request" | jq -r .password) ;;
log "Performing '$op' operation for user '$email'" password)
response=$(echo "$password" | so-user "$op" --email "$email" --skip-sync) email=$(echo "$request" | jq -r .email)
exit_code=$? password=$(echo "$request" | jq -r .password)
;; log "Performing '$op' operation for user '$email'"
profile) response=$(echo "$password" | so-user "$op" --email "$email" --skip-sync)
email=$(echo "$request" | jq -r .email) exit_code=$?
firstName=$(echo "$request" | jq -r .firstName) ;;
lastName=$(echo "$request" | jq -r .lastName) profile)
note=$(echo "$request" | jq -r .note) email=$(echo "$request" | jq -r .email)
log "Performing '$op' update for user '$email' with firstname '$firstName', lastname '$lastName', and note '$note'" firstName=$(echo "$request" | jq -r .firstName)
response=$(so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note") lastName=$(echo "$request" | jq -r .lastName)
exit_code=$? note=$(echo "$request" | jq -r .note)
;; log "Performing '$op' update for user '$email' with firstname '$firstName', lastname '$lastName', and note '$note'"
sync) response=$(so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note")
log "Performing '$op'" exit_code=$?
response=$(so-user "$op") ;;
exit_code=$? sync)
;; log "Performing '$op'"
*) response=$(so-user "$op")
response="Unsupported user operation: $op" exit_code=$?
exit_code=1 ;;
;; *)
esac response="Unsupported user operation: $op"
exit_code=1
;;
esac
tries=$((tries+1))
if [[ "$response" == "Another process is using so-user"* ]]; then
log "Retrying after brief delay to let so-user unlock ($tries/$max_tries)"
sleep 5
else
break
fi
done
if [[ exit_code -eq 0 ]]; then if [[ exit_code -eq 0 ]]; then
log "Successful command execution: $response" log "Successful command execution: $response"