Browse Source
Merge pull request #3343 from markchalloner/master
Merge pull request #3343 from markchalloner/master
Add Peplink deploy hookpull/3375/head
neil
4 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 123 additions and 0 deletions
@ -0,0 +1,123 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script to deploy cert to Peplink Routers |
|||
# |
|||
# The following environment variables must be set: |
|||
# |
|||
# PEPLINK_Hostname - Peplink hostname |
|||
# PEPLINK_Username - Peplink username to login |
|||
# PEPLINK_Password - Peplink password to login |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# PEPLINK_Certtype - Certificate type to target for replacement |
|||
# defaults to "webadmin", can be one of: |
|||
# * "chub" (ContentHub) |
|||
# * "openvpn" (OpenVPN CA) |
|||
# * "portal" (Captive Portal SSL) |
|||
# * "webadmin" (Web Admin SSL) |
|||
# * "webproxy" (Proxy Root CA) |
|||
# * "wwan_ca" (Wi-Fi WAN CA) |
|||
# * "wwan_client" (Wi-Fi WAN Client) |
|||
# PEPLINK_Scheme - defaults to "https" |
|||
# PEPLINK_Port - defaults to "443" |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
_peplink_get_cookie_data() { |
|||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
|||
} |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
peplink_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _cfullchain "$_cfullchain" |
|||
_debug _ckey "$_ckey" |
|||
|
|||
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
|||
_getdeployconf PEPLINK_Hostname |
|||
_getdeployconf PEPLINK_Username |
|||
_getdeployconf PEPLINK_Password |
|||
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
|||
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
|||
return 1 |
|||
fi |
|||
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_debug2 PEPLINK_Username "$PEPLINK_Username" |
|||
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
# Optional certificate type, scheme, and port for Peplink |
|||
_getdeployconf PEPLINK_Certtype |
|||
_getdeployconf PEPLINK_Scheme |
|||
_getdeployconf PEPLINK_Port |
|||
|
|||
# Don't save the certificate type until we verify it exists and is supported |
|||
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
# Default vaules for certificate type, scheme, and port |
|||
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
|||
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
|||
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
|||
|
|||
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_debug2 PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
|||
_debug _base_url "$_base_url" |
|||
|
|||
# Login, get the auth token from the cookie |
|||
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
|||
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
|||
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
|||
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
|||
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
|||
_debug3 response "$response" |
|||
_debug auth_token "$auth_token" |
|||
|
|||
if [ -z "$auth_token" ]; then |
|||
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
|||
_err "Check your username and password." |
|||
return 1 |
|||
fi |
|||
|
|||
_H1="Cookie: $auth_token" |
|||
export _H1 |
|||
_debug2 H1 "${_H1}" |
|||
|
|||
# Now that we know the hostnameusername and password are good, save them |
|||
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
|||
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
_info "Generate form POST request" |
|||
|
|||
encoded_key="$(_url_encode <"$_ckey")" |
|||
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
|||
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
|||
_debug3 body "$body" |
|||
|
|||
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
|||
|
|||
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
|||
_debug3 response "$response" |
|||
|
|||
if echo "$response" | grep 'Success' >/dev/null; then |
|||
# We've verified this certificate type is valid, so save it |
|||
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_info "Certificate was updated" |
|||
return 0 |
|||
else |
|||
_err "Unable to update certificate, error code $response" |
|||
return 1 |
|||
fi |
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue