From 68e3a12a918e349da1f0bd97aa7ce0906dd97484 Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Mon, 26 Feb 2024 23:38:44 +0800 Subject: [PATCH] feat: improve robustness of the usage of DSM tool `synogroup` --- deploy/synology_dsm.sh | 43 ++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 24a6f024..1e4be8e9 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -68,7 +68,7 @@ synology_dsm_deploy() { # Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" _getdeployconf SYNO_USE_TEMP_ADMIN - __check2cleardeployconfexp SYNO_USE_TEMP_ADMIN + _check2cleardeployconfexp SYNO_USE_TEMP_ADMIN _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then @@ -122,7 +122,7 @@ synology_dsm_deploy() { # Get the certificate description, but don't save it until we verify it's real _migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64" _getdeployconf SYNO_CERTIFICATE - __check2cleardeployconfexp SYNO_CERTIFICATE + _check2cleardeployconfexp SYNO_CERTIFICATE _debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}" # shellcheck disable=SC1003 # We are not trying to escape a single quote @@ -189,16 +189,24 @@ synology_dsm_deploy() { fi fi _debug "Creating temp admin user in Synology DSM..." - synouser --del "$SYNO_USERNAME" >/dev/null 2>/dev/null - synouser --add "$SYNO_USERNAME" "$SYNO_PASSWORD" "" 0 "scruelt@hotmail.com" 0 >/dev/null - if synogroup --help | grep -q '\-\-memberadd'; then + if synogroup --help | grep -q '\-\-memberadd '; then + _temp_admin_create $SYNO_USERNAME $SYNO_PASSWORD synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null - else + elif synogroup --help | grep -q '\-\-member '; then # For supporting DSM 6.x which only has `--member` parameter. cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}') - _secure_debug3 admin_users "$cur_admins$SYNO_USERNAME" - # shellcheck disable=SC2086 - synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null + if [ -n "$cur_admins" ]; then + _temp_admin_create $SYNO_USERNAME $SYNO_PASSWORD + _secure_debug3 admin_users "$cur_admins$SYNO_USERNAME" + # shellcheck disable=SC2086 + synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null + else + _err "Tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead." + return 1 + fi + else + _err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead." + return 1 fi # havig a workaround to temporary disable enforce 2FA-OTP otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option) @@ -385,13 +393,20 @@ _logout() { _debug3 response "$response" } +_temp_admin_create() { + _username="$1" + _password="$2" + synouser --del "$_username" >/dev/null 2>/dev/null + synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null +} + _temp_admin_cleanup() { - flag=$1 - username=$2 + _flag=$1 + _username=$2 - if [ -n "${flag}" ]; then + if [ -n "${_flag}" ]; then _debug "Cleanuping temp admin info..." - synouser --del "$username" >/dev/null + synouser --del "$_username" >/dev/null fi } @@ -401,7 +416,7 @@ _cleardeployconf() { } # key -__check2cleardeployconfexp() { +_check2cleardeployconfexp() { _key="$1" _clear_key="CLEAR_$_key" # Clear saved settings if explicitly requested