File: raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp/scripts/multiotp-service.sh

Recommend this page to a friend!

raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp/scripts/multiotp-service.sh

File:	`raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp/scripts/multiotp-service.sh`
Role:	Auxiliary data
Content type:	`text/plain`
Description:	Auxiliary data
Class:	multiOTP PHP class Authenticate and manage OTP strong user tokens
Author:	By Andr� Liechti
Last change:	New release 5.9.7.1 FIX: Command line number of parameters detection corrected ENH: It's now possible to define the number of digits for new created PIN (multiotp -config default-pin-digits=n) ENH: It's now possible to generate the HTML provisioning file by command line (multiotp -htmlinfo username /full/path/to/username.html or multiotp -htmlinfo /full/path/to/folder/ to generate files for all users) ENH: Embedded Windows nginx edition updated to version 1.25.3 ENH: Embedded Windows internal tools updated (wget 1.21.4 and fart 1.99d) ENH: Embedded Windows freeradius is now launched using NSSM (instead of SRVANY) New release 5.9.7.0 FIX: Better Windows nginx configuration support (path backslashes replaced by slashes) ENH: Embedded Windows nginx edition updated to version 1.24.0 ENH: Embedded Windows PHP edition updated to version 8.2.13 ENH: Better hardware/model detection ENH: Documentation enhanced with instructions for RDWeb on Windows ENH: Upgrade of some internal tools ENH: Better internal configuration organization New release 5.9.6.7 ENH: Documentation updated for "Configuring multiOTP with FreeRADIUS 3.x under Linux" ENH: Without2FA tokens cannot be used for multi_account connection ENH: Added documentation for SSH login with multiOTP New release 5.9.6.5 FIX: Better Raspberry Pi support FIX: ShowLog() method (used by -showlog option) was buggy New release 5.9.6.1 FIX: Automated concurrent access for the same user with "Without2FA" token could corrupt the user file FIX: Any files backend operation is now secured with explicit lock mechanism ENH: Template updated to print bigger QRcode for "MOTP-XML" tokens New release 5.9.5.7 FIX: Weekly anonymized stats date was not always updated FIX: Adding -tokenslist command in CLI mode (mas missing) FIX: Remove a debug line displaying sometimes "COMMDN:$command\n"; FIX: Some minor PHP notice corrections ENH: Adding on-premises smsgateway (https://github.com/multiOTP/SMSGateway) as a new SMS provider ENH: Better warning messages when CheckUserLdapPassword failed ENH: Embedded documentation enhanced ENH: Template updated to display correct information for WITHOUT2FA tokens
Date:	1 month ago
Size:	`9,434 bytes`

Download

#!/bin/bash
########################################
#
# @file   multiotp-service.sh
# @brief  Bash helper for multiOTP service
#
# multiOTP package - Strong two-factor authentication open source package
# https://www.multiotp.net/
#
# The multiOTP package is the lightest package available that provides so many
# strong authentication functionalities and goodies, and best of all, for anyone
# that is interested about security issues, it's a fully open source solution!
#
# This package is the result of a *LOT* of work. If you are happy using this
# package, [Donation] are always welcome to support this project.
# Please check https://www.multiotp.net/ and you will find the magic button ;-)
#
# @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
# @version   5.9.7.1
# @date      2023-12-03
# @since     2013-11-29
# @copyright (c) 2013-2021 by SysCo systemes de communication sa
# @copyright GNU Lesser General Public License
#
##########################################################################################

is_running_in_container() {
  awk -F: '$3 ~ /^\/$/{ c=1 } END { exit c }' /proc/self/cgroup
}

# Hardware detection (2023-11-20)
FAMILY=""
UNAME=$(uname -a)
MODEL=$(cat /proc/cpuinfo | grep "Model" | awk -F': ' '{print $2}')
if [[ "${UNAME}" == *docker* ]]; then
    # Docker
    FAMILY="VAP"
    TYPE="DOCKER"
elif grep -q docker /proc/1/cgroup; then 
    FAMILY="VAP"
    TYPE="DOCKER"
elif grep -q docker /proc/self/cgroup; then 
    FAMILY="VAP"
    TYPE="DOCKER"
elif [ -f /.dockerenv ]; then
    FAMILY="VAP"
    TYPE="DOCKER"
elif [[ "${MODEL}" == *"Raspberry Pi 5"* ]]; then
    # Raspberry Pi 5
    FAMILY="RPI"
    TYPE="RP5"
elif [[ "${MODEL}" == *"Raspberry Pi 4"* ]]; then
    # Raspberry Pi 4
    FAMILY="RPI"
    TYPE="RP4"
elif [[ "${MODEL}" == *"Raspberry Pi 3 Model B Plus"* ]]; then
    # Raspberry Pi 3 B+
    FAMILY="RPI"
    TYPE="RP3+"
elif [[ "${MODEL}" == *"Raspberry Pi 3"* ]]; then
    # Raspberry Pi 3
    FAMILY="RPI"
    TYPE="RP3"
elif [[ "${MODEL}" == *"Raspberry Pi 2"* ]]; then
    # Raspberry Pi 2
    FAMILY="RPI"
    TYPE="RP2"
elif [[ "${MODEL}" == *"Raspberry Pi"* ]]; then
    # Raspberry Pi generic
    FAMILY="RPI"
    TYPE="RP"
elif [[ "${UNAME}" == *armv8* ]] || [[ "${UNAME}" == *aarch64* ]]; then
    HARDWARE=$(cat /proc/cpuinfo | grep "Hardware" | awk -F': ' '{print $2}')
    if [[ "${HARDWARE}" == *BCM27* ]] || [[ "${HARDWARE}" == *BCM28* ]]; then
        LSCPU=$(/usr/bin/lscpu | grep "CPU max MHz" | awk -F': ' '{print $2}')
        if [[ "${LSCPU}" == *1500* ]]; then
            # Raspberry Pi 4
            FAMILY="RPI"
            TYPE="RP4"
        elif [[ "${LSCPU}" == *1400* ]]; then
            # Raspberry Pi 3 B+
            FAMILY="RPI"
            TYPE="RP3+"
        else
            # Raspberry Pi 3
            FAMILY="RPI"
            TYPE="RP3"
        fi
    else
        FAMILY="ARM"
        TYPE="ARM"
    fi
elif [[ "${UNAME}" == *armv7l* ]]; then
    HARDWARE=$(cat /proc/cpuinfo | grep "Hardware" | awk -F': ' '{print $2}')
    if [[ "${HARDWARE}" == *BCM27* ]] || [[ "${HARDWARE}" == *BCM28* ]]; then
        LSCPU=$(/usr/bin/lscpu | grep "CPU max MHz" | awk -F': ' '{print $2}')
        if [[ "${LSCPU}" == *1500* ]]; then
            # Raspberry Pi 4
            FAMILY="RPI"
            TYPE="RP4"
        elif [[ "${LSCPU}" == *1400* ]]; then
            # Raspberry Pi 3 B+
            FAMILY="RPI"
            TYPE="RP3+"
        elif [[ "${LSCPU}" == *1200* ]]; then
            # Raspberry Pi 3
            FAMILY="RPI"
            TYPE="RP3"
        else
            # Raspberry Pi 2
            FAMILY="RPI"
            TYPE="RP2"
        fi
    else
        # Beaglebone Black or similar
        FAMILY="ARM"
        if [ -e /sys/class/leds/beaglebone:green:usr0/trigger ] ; then
            TYPE="BBB"
        else
            TYPE="ARM"
        fi
    fi
elif [[ "${UNAME}" == *armv6l* ]]; then
    # Raspberry Pi B/B+
    FAMILY="RPI"
    TYPE="RPI"
else
    # others (Virtual Appliance)
    FAMILY="VAP"
    TYPE="VA"
    DMIDECODE=$(dmidecode -s system-product-name)
    if [[ "${DMIDECODE}" == *VMware* ]]; then
        VMTOOLS=$(which vmtoolsd)
        if [[ "${VMTOOLS}" == *vmtoolsd* ]]; then
            TYPE="VM"
        else
            TYPE="VA"
        fi
    elif [[ "${DMIDECODE}" == *Virtual\ Machine* ]]; then
        TYPE="HV"
    elif [[ "${DMIDECODE}" == *VirtualBox* ]]; then
        TYPE="VB"
    fi
fi
# End of hardware detection (2023-11-20)


if [ $# -ge 1 ]; then
    COMMAND="$1"
else
    COMMAND="help"
fi

if [ $# -ge 2 ]; then
    PARAM1="$2"
else
    PARAM1=""
fi

if [ $# -ge 3 ]; then
    PARAM2="$3"
else
    PARAM2=""
fi

if [ $# -ge 4 ]; then
    PARAM3="$4"
else
    PARAM3=""
fi

if [ $# -ge 5 ]; then
    PARAM4="$5"
else
    PARAM4=""
fi

if [ $# -ge 6 ]; then
    PARAM5="$6"
else
    PARAM5=""
fi


if [[ "${COMMAND}" == "reset-config" ]]; then
    # Reset the network interface
    echo auto lo > /etc/network/interfaces
    echo iface lo inet loopback >> /etc/network/interfaces
    echo >> /etc/network/interfaces
    echo auto eth0 >> /etc/network/interfaces
    echo iface eth0 inet static >> /etc/network/interfaces
    echo     address 192.168.1.44 >> /etc/network/interfaces
    echo     netmask 255.255.255.0 >> /etc/network/interfaces
    echo     network 192.168.1.0 >> /etc/network/interfaces
    echo     gateway 192.168.1.1 >> /etc/network/interfaces

    # Reset the DNS resolver
    echo domain multiotp.local > /etc/resolv.conf
    echo search multiotp.local >> /etc/resolv.conf
    echo nameserver 8.8.8.8 >> /etc/resolv.conf
    echo nameserver 8.8.4.4 >> /etc/resolv.conf
elif [[ "${COMMAND}" == "start-multiotp" ]]; then
    # Clean all PHP sessions
    if [ -e /var/lib/php5/sess_* ] ; then
        rm -f /var/lib/php5/sess_*
    fi
    if [ -e /var/lib/php/sessions/* ] ; then
        rm -f /var/lib/php/sessions/*
    fi

    # If any, clean DHCP option for NTP
    # http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.12
    if [ -e /var/lib/ntp/ntp.conf.dhcp ] ; then
        rm -f /var/lib/ntp/ntp.conf.dhcp
    fi

    # Create specific SSL certificate if needed
    if [ -e /etc/multiotp/certificates/multiotp.generic ] || [ ! -e /etc/multiotp/certificates/multiotp.key ] ; then
        /etc/init.d/nginx stop
        openssl genrsa -out /etc/multiotp/certificates/multiotp.key 2048
        openssl req -new -key /etc/multiotp/certificates/multiotp.key -out /etc/multiotp/certificates/multiotp.csr -subj "/C=CH/ST=GPL/L=Open Source Edition/O=multiOTP/OU=strong authentication server/CN=multiOTP"
        openssl x509 -req -days 7305 -in /etc/multiotp/certificates/multiotp.csr -signkey /etc/multiotp/certificates/multiotp.key -out /etc/multiotp/certificates/multiotp.crt
        if [ -e /etc/multiotp/certificates/multiotp.generic ] ; then
            rm -f /etc/multiotp/certificates/multiotp.generic
        fi
        if [ -e /etc/init.d/nginx ] ; then
            /etc/init.d/nginx restart
        else
            service nginx restart
        fi
    fi
    
    # Create specific SSH key if needed
    if [ -e /etc/ssh/ssh.generic ] || [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then
        echo -e "\n\n\n" | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
        echo -e "\n\n\n" | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
        rm -f /etc/ssh/ssh.generic
    fi

    i2cdetect -y 1 81 81 | grep -E "51|UU" > /dev/null
    if [ $? == 0 ]; then
        # Declare the Afterthought Software RasClock device (and other PCF212x compatible RTC clock) on a Rev. 2 board
        echo pcf2127a 0x51 > /sys/class/i2c-adapter/i2c-1/new_device
        # Set the system time from the hardware clock
        ( sleep 2; hwclock -s ) &
    else
        # Declare the CJE Micro�s RTC clock device (and other DSxxxx compatible RTC clock) on a Rev. 2 Board
        i2cdetect -y 1 104 104 | grep -E "68|UU" > /dev/null    
        if [ $? == 0 ]; then
            echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device
            # Set the system time from the hardware clock
            ( sleep 2; hwclock -s ) &
        else
            i2cdetect -y 0 81 81 | grep -E "51|UU" > /dev/null
            if [ $? == 0 ]; then
            # Declare the Afterthought Software RasClock device (and other PCF212x compatible RTC clock) on a Rev. 1 board
                echo pcf2127a 0x51 > /sys/class/i2c-adapter/i2c-0/new_device
                # Set the system time from the hardware clock
                ( sleep 2; hwclock -s ) &
            else
                i2cdetect -y 0 104 104 | grep -E "68|UU" > /dev/null    
                if [ $? == 0 ]; then
                    # Declare the CJE Micro�s RTC clock device (and other DSxxxx compatible RTC clock) on a Rev. 1 Board
                    echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-0/new_device
                    # Set the system time from the hardware clock
                    ( sleep 2; hwclock -s ) &
                fi
            fi
        fi
    fi
    
    # Write the last start time in a file
    date -R > /root/starttime.txt
    exit 0

elif [[ "${COMMAND}" == "stop-multiotp" ]]; then
    # Set the hardware clock from the current system time if hardware device
    if [[ "${FAMILY}" != "VAP" ]]; then
        hwclock -w
    fi

    # Write the last stop time in a file
    date -R > /root/stoptime.txt
    exit 0
fi

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.

File: raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp/scripts/multiotp-service.sh

Contents