Browse Source

feat: improve robustness of the usage of DSM tool `synogroup`

pull/5023/head
Scruel Tao 11 months ago
parent
commit
68e3a12a91
  1. 43
      deploy/synology_dsm.sh

43
deploy/synology_dsm.sh

@ -68,7 +68,7 @@ synology_dsm_deploy() {
# Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set # Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set
_debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
_getdeployconf SYNO_USE_TEMP_ADMIN _getdeployconf SYNO_USE_TEMP_ADMIN
__check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
_check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
_debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
@ -122,7 +122,7 @@ synology_dsm_deploy() {
# Get the certificate description, but don't save it until we verify it's real # Get the certificate description, but don't save it until we verify it's real
_migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64" _migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64"
_getdeployconf SYNO_CERTIFICATE _getdeployconf SYNO_CERTIFICATE
__check2cleardeployconfexp SYNO_CERTIFICATE
_check2cleardeployconfexp SYNO_CERTIFICATE
_debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}" _debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}"
# shellcheck disable=SC1003 # We are not trying to escape a single quote # shellcheck disable=SC1003 # We are not trying to escape a single quote
@ -189,16 +189,24 @@ synology_dsm_deploy() {
fi fi
fi fi
_debug "Creating temp admin user in Synology DSM..." _debug "Creating temp admin user in Synology DSM..."
synouser --del "$SYNO_USERNAME" >/dev/null 2>/dev/null
synouser --add "$SYNO_USERNAME" "$SYNO_PASSWORD" "" 0 "scruelt@hotmail.com" 0 >/dev/null
if synogroup --help | grep -q '\-\-memberadd'; then
if synogroup --help | grep -q '\-\-memberadd '; then
_temp_admin_create $SYNO_USERNAME $SYNO_PASSWORD
synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null
else
elif synogroup --help | grep -q '\-\-member '; then
# For supporting DSM 6.x which only has `--member` parameter. # For supporting DSM 6.x which only has `--member` parameter.
cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}') cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}')
_secure_debug3 admin_users "$cur_admins$SYNO_USERNAME"
# shellcheck disable=SC2086
synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
if [ -n "$cur_admins" ]; then
_temp_admin_create $SYNO_USERNAME $SYNO_PASSWORD
_secure_debug3 admin_users "$cur_admins$SYNO_USERNAME"
# shellcheck disable=SC2086
synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
else
_err "Tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
else
_err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi fi
# havig a workaround to temporary disable enforce 2FA-OTP # havig a workaround to temporary disable enforce 2FA-OTP
otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option) otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
@ -385,13 +393,20 @@ _logout() {
_debug3 response "$response" _debug3 response "$response"
} }
_temp_admin_create() {
_username="$1"
_password="$2"
synouser --del "$_username" >/dev/null 2>/dev/null
synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null
}
_temp_admin_cleanup() { _temp_admin_cleanup() {
flag=$1
username=$2
_flag=$1
_username=$2
if [ -n "${flag}" ]; then
if [ -n "${_flag}" ]; then
_debug "Cleanuping temp admin info..." _debug "Cleanuping temp admin info..."
synouser --del "$username" >/dev/null
synouser --del "$_username" >/dev/null
fi fi
} }
@ -401,7 +416,7 @@ _cleardeployconf() {
} }
# key # key
__check2cleardeployconfexp() {
_check2cleardeployconfexp() {
_key="$1" _key="$1"
_clear_key="CLEAR_$_key" _clear_key="CLEAR_$_key"
# Clear saved settings if explicitly requested # Clear saved settings if explicitly requested

Loading…
Cancel
Save