CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolve so-user errors from recent auth changes

Browse Source
This commit is contained in:
Jason Ertel
2021-09-02 17:59:33 -04:00
parent c4d402d8b4
commit ce70380f0f
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
salt/common/tools/sbin/so-user
View File

@@ -20,7 +20,7 @@ source $(dirname $0)/so-common
DEFAULT_ROLE=analyst DEFAULT_ROLE=analyst
if [[ $# -lt 1 || $# -gt 2 ]]; then if [[ $# -lt 1 || $# -gt 3 ]]; then
echo "Usage: $0 <operation> [email] [role]" echo "Usage: $0 <operation> [email] [role]"
echo "" echo ""
echo " where <operation> is one of the following:" echo " where <operation> is one of the following:"
@@ -255,7 +255,7 @@ function listUsers() {
users=$(echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort) users=$(echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort)
for user in $users; do for user in $users; do
roles=$(grep "$user" users_roles | cut -d: -f1 | tr '\n' ' ') roles=$(grep "$user" "$elasticRolesFile" | cut -d: -f1 | tr '\n' ' ')
echo "$user: $roles" echo "$user: $roles"
done done
} }
@@ -264,14 +264,14 @@ function addUserRole() {
email=$1 email=$1
role=$2 role=$2
return adjustUserRole "$email" "$role" "add" adjustUserRole "$email" "$role" "add"
} }
function deleteUserRole() { function deleteUserRole() {
email=$1 email=$1
role=$2 role=$2
return adjustUserRole "$email" "$role" "del" adjustUserRole "$email" "$role" "del"
} }
function adjustUserRole() { function adjustUserRole() {
@@ -285,9 +285,10 @@ function adjustUserRole() {
ensureRoleFileExists ensureRoleFileExists
filename="$elasticRolesFile" filename="$elasticRolesFile"
grep "$role:" "$elasticRolesFile" | grep "$email" && hasRole=1 hasRole=0
grep "$role:" "$elasticRolesFile" | grep -q "$email" && hasRole=1
if [[ "$op" == "add" ]]; then if [[ "$op" == "add" ]]; then
if [[ "$hasRole" -eq 1 ]]; then if [[ "$hasRole" == "1" ]]; then
fail "User '$email' already has the role: $role" fail "User '$email' already has the role: $role"
else else
echo "$role:$email" >> "$filename" echo "$role:$email" >> "$filename"
@@ -299,15 +300,13 @@ function adjustUserRole() {
sed -i "/^$role:$email\$/d" "$filename" sed -i "/^$role:$email\$/d" "$filename"
fi fi
else else
echo "Unsupported role adjustment operation: $op" fail "Unsupported role adjustment operation: $op"
exit 1
fi fi
return 0
} }
function createUser() { function createUser() {
email=$1 email=$1
role=$1 role=$2
now=$(date -u +%FT%TZ) now=$(date -u +%FT%TZ)
addUserJson=$(cat <<EOF addUserJson=$(cat <<EOF
@@ -328,7 +327,7 @@ EOF
reason=$(echo "${response}" | jq ".error.message") reason=$(echo "${response}" | jq ".error.message")
[[ $? == 0 ]] && fail "Unable to add user: ${reason}" [[ $? == 0 ]] && fail "Unable to add user: ${reason}"
else
addUserRole "$email" "$role" addUserRole "$email" "$role"
fi fi