Merge pull request #3807 from dacrystal/topic/synology_dsm-otp_code
Add SYNO_TOTP_SECRET for user with two-factor authentication enabled
This commit is contained in:
commit
c959d64099
@ -2,8 +2,7 @@
|
|||||||
|
|
||||||
# Here is a script to deploy cert to Synology DSM
|
# Here is a script to deploy cert to Synology DSM
|
||||||
#
|
#
|
||||||
# it requires the jq and curl are in the $PATH and the following
|
# It requires following environment variables:
|
||||||
# environment variables must be set:
|
|
||||||
#
|
#
|
||||||
# SYNO_Username - Synology Username to login (must be an administrator)
|
# SYNO_Username - Synology Username to login (must be an administrator)
|
||||||
# SYNO_Password - Synology Password to login
|
# SYNO_Password - Synology Password to login
|
||||||
@ -16,6 +15,12 @@
|
|||||||
# SYNO_Hostname - defaults to localhost
|
# SYNO_Hostname - defaults to localhost
|
||||||
# SYNO_Port - defaults to 5000
|
# SYNO_Port - defaults to 5000
|
||||||
# SYNO_DID - device ID to skip OTP - defaults to empty
|
# SYNO_DID - device ID to skip OTP - defaults to empty
|
||||||
|
# SYNO_TOTP_SECRET - TOTP secret to generate OTP - defaults to empty
|
||||||
|
#
|
||||||
|
# Dependencies:
|
||||||
|
# -------------
|
||||||
|
# - jq and curl
|
||||||
|
# - oathtool (When using 2 Factor Authentication and SYNO_TOTP_SECRET is set)
|
||||||
#
|
#
|
||||||
#returns 0 means success, otherwise error.
|
#returns 0 means success, otherwise error.
|
||||||
|
|
||||||
@ -36,6 +41,7 @@ synology_dsm_deploy() {
|
|||||||
_getdeployconf SYNO_Password
|
_getdeployconf SYNO_Password
|
||||||
_getdeployconf SYNO_Create
|
_getdeployconf SYNO_Create
|
||||||
_getdeployconf SYNO_DID
|
_getdeployconf SYNO_DID
|
||||||
|
_getdeployconf SYNO_TOTP_SECRET
|
||||||
if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
|
if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
|
||||||
_err "SYNO_Username & SYNO_Password must be set"
|
_err "SYNO_Username & SYNO_Password must be set"
|
||||||
return 1
|
return 1
|
||||||
@ -86,13 +92,18 @@ synology_dsm_deploy() {
|
|||||||
encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
|
encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
|
||||||
encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
|
encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
|
||||||
|
|
||||||
|
otp_code=""
|
||||||
|
if [ -n "$SYNO_TOTP_SECRET" ]; then
|
||||||
|
otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "$SYNO_DID" ]; then
|
if [ -n "$SYNO_DID" ]; then
|
||||||
_H1="Cookie: did=$SYNO_DID"
|
_H1="Cookie: did=$SYNO_DID"
|
||||||
export _H1
|
export _H1
|
||||||
_debug3 H1 "${_H1}"
|
_debug3 H1 "${_H1}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
|
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
|
||||||
token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
|
token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
|
||||||
_debug3 response "$response"
|
_debug3 response "$response"
|
||||||
_debug token "$token"
|
_debug token "$token"
|
||||||
@ -100,7 +111,7 @@ synology_dsm_deploy() {
|
|||||||
if [ -z "$token" ]; then
|
if [ -z "$token" ]; then
|
||||||
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
|
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
|
||||||
_err "Check your username and password."
|
_err "Check your username and password."
|
||||||
_err "If two-factor authentication is enabled for the user, you have to choose another user."
|
_err "If two-factor authentication is enabled for the user, set SYNO_TOTP_SECRET."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
|
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
|
||||||
@ -113,6 +124,7 @@ synology_dsm_deploy() {
|
|||||||
_savedeployconf SYNO_Username "$SYNO_Username"
|
_savedeployconf SYNO_Username "$SYNO_Username"
|
||||||
_savedeployconf SYNO_Password "$SYNO_Password"
|
_savedeployconf SYNO_Password "$SYNO_Password"
|
||||||
_savedeployconf SYNO_DID "$SYNO_DID"
|
_savedeployconf SYNO_DID "$SYNO_DID"
|
||||||
|
_savedeployconf SYNO_TOTP_SECRET "$SYNO_TOTP_SECRET"
|
||||||
|
|
||||||
_info "Getting certificates in Synology DSM"
|
_info "Getting certificates in Synology DSM"
|
||||||
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
|
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
|
||||||
|
Loading…
Reference in New Issue
Block a user