From 66a02d9175a3c6f9deb10f75a7238e0570a64b5f Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Sun, 17 Jan 2021 01:24:25 +0100
Subject: [PATCH] Updated tools for new version and add agent scipt

---
 Agent/Kickstart_template                      | 106 ++++++++++++++++++
 Server/Tools/latest/add-namespace             |  48 ++++++++
 Server/Tools/latest/add-user                  |  32 ++++++
 Server/Tools/latest/add-user-namespace        |  34 ++++++
 Server/Tools/latest/del-namespace             |  26 +++++
 Server/Tools/latest/del-user                  |  26 +++++
 Server/Tools/latest/del-user-namespace        |  34 ++++++
 Server/Tools/latest/reset-user-password       |  27 +++++
 Server/Tools/{ => stable}/add-user            |   0
 Server/Tools/{ => stable}/del-user            |   0
 Server/Tools/{ => stable}/reset-user-password |   0
 Server/install.sh                             |   9 +-
 12 files changed, 341 insertions(+), 1 deletion(-)
 create mode 100644 Agent/Kickstart_template
 create mode 100755 Server/Tools/latest/add-namespace
 create mode 100755 Server/Tools/latest/add-user
 create mode 100755 Server/Tools/latest/add-user-namespace
 create mode 100755 Server/Tools/latest/del-namespace
 create mode 100755 Server/Tools/latest/del-user
 create mode 100755 Server/Tools/latest/del-user-namespace
 create mode 100755 Server/Tools/latest/reset-user-password
 rename Server/Tools/{ => stable}/add-user (100%)
 rename Server/Tools/{ => stable}/del-user (100%)
 rename Server/Tools/{ => stable}/reset-user-password (100%)

diff --git a/Agent/Kickstart_template b/Agent/Kickstart_template
new file mode 100644
index 0000000..d089274
--- /dev/null
+++ b/Agent/Kickstart_template
@@ -0,0 +1,106 @@
+#!/bin/sh
+
+# This file is a template which gets run through the "/kickstart.sh" route to
+# generate the final script file. PLEASE NEVER RUN THIS FILE DIRECTLY, instead
+# run me with:
+#
+# sh <(curl -Ss "http://<SERVER-ADDRESS>/kickstart.sh?tenant_id=<TENANT-ID>")
+#
+# Where:
+# <SERVER-ADDRESS> is the ShellHub server address
+# <TENANT-ID> is your tenant ID
+#
+# List of URL parameters of /kickstart.sh URL:
+#
+# keepalive_interval = Specifies in seconds the keep alive message interval
+# preferred_hostname = The preferred hostname to use rather than generated
+#                      value from ethernet MAC address
+
+
+while true; do
+    read -p "Do you wana use docker or native agent  (D/N)" dn
+    case $dn in
+        [Nn]* )
+        #Native install Methode
+        mkdir /opt/ShellHub
+        wget {{scheme}}://{{host}}/agent-amd64 -O /opt/ShellHub/agent
+        chmod +x /opt/ShellHub/agent
+
+        echo "" >>/etc/systemd/system/ShellHubAgent.service
+        echo "[Unit]" >>/etc/systemd/system/ShellHubAgent.service
+        echo "Description=ShellHub Api" >>/etc/systemd/system/ShellHubAgent.service
+        echo "Wants=network-online.target" >>/etc/systemd/system/ShellHubAgent.service
+        echo "[Service]" >>/etc/systemd/system/ShellHubAgent.service
+        echo "Type=simple" >>/etc/systemd/system/ShellHubAgent.service
+        echo "Environment=SHELLHUB_PRIVATE_KEY=/opt/ShellHub/shellhubAgent.key" >>/etc/systemd/system/ShellHubAgent.service
+        echo "Environment=SHELLHUB_TENANT_ID={{tenant_id}}" >>/etc/systemd/system/ShellHubAgent.service
+        echo "Environment=SHELLHUB_SERVER_ADDRESS={{scheme}}://{{host}}" >>/etc/systemd/system/ShellHubAgent.service
+
+        
+       {% if keepalive_interval ~= '' and keepalive_interval ~= nil then %}
+       echo "Environment=SHELLHUB_KEEPALIVE_INTERVAL={{keepalive_interval}}" >>/etc/systemd/system/ShellHubAgent.service
+       {% end %}
+       {% if preferred_hostname ~= '' and preferred_hostname ~= nil then %}
+       echo "Environment=SHELLHUB_PREFERRED_HOSTNAME={{preferred_hostname}}" >>/etc/systemd/system/ShellHubAgent.service
+       {% end %}
+
+        echo "ExecStart=/opt/ShellHub/agent" >>/etc/systemd/system/ShellHubAgent.service
+        echo "[Install]" >>/etc/systemd/system/ShellHubAgent.service
+        echo "WantedBy=multi-user.target" >>/etc/systemd/system/ShellHubAgent.service
+
+        if [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then
+            ##Resetting reseting service permissions
+            restorecon -Rv /etc/systemd/system
+        fi
+        systemctl enable --now ShellHubAgent
+        exit;;
+        [Dd]* )
+        break;;
+
+        * ) echo "Please answer D(ocker) or N(ative).";;
+    esac
+done
+
+
+#Docker install Methode
+type docker > /dev/null 2>&1 || { echo "Docker is not instaled"; exit 1; }
+
+if ! docker info > /dev/null 2>&1; then
+    cat <<EOF
+Docker is not running or your current user is not in docker group.
+You need to manually add your current user to docker group or run this installer using sudo.
+EOF
+    while true; do
+	echo -n "Do you want to run the installer using sudo? [y/N] "
+	read yn
+	case $yn in
+            [Yy]|YES|yes) SUDO="sudo"; break;;
+            [Nn]|NO|no|"") echo "It cannot proceed, exiting"; exit;;
+            *) echo "Please answer 'yes' or 'no'.";;
+	esac
+    done
+fi
+
+$SUDO docker run -d \
+       --name=shellhub \
+       --restart=on-failure \
+       --privileged \
+       --net=host \
+       --pid=host \
+       -v /:/host \
+       -v /dev:/dev \
+       -v /var/run/docker.sock:/var/run/docker.sock \
+       -v /etc/passwd:/etc/passwd \
+       -v /etc/group:/etc/group \
+       -v /var/run:/var/run \
+       -v /var/log:/var/log \
+       -e SHELLHUB_SERVER_ADDRESS={{scheme}}://{{host}} \
+       -e SHELLHUB_PRIVATE_KEY=/host/etc/shellhub.key \
+       -e SHELLHUB_TENANT_ID={{tenant_id}} \
+       {% if keepalive_interval ~= '' and keepalive_interval ~= nil then %}
+       -e SHELLHUB_KEEPALIVE_INTERVAL={{keepalive_interval}} \
+       {% end %}
+       {% if preferred_hostname ~= '' and preferred_hostname ~= nil then %}
+       -e SHELLHUB_PREFERRED_HOSTNAME={{preferred_hostname}} \
+       {% end %}
+       shellhubio/agent:{{version}}
\ No newline at end of file
diff --git a/Server/Tools/latest/add-namespace b/Server/Tools/latest/add-namespace
new file mode 100755
index 0000000..0e61576
--- /dev/null
+++ b/Server/Tools/latest/add-namespace
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+[ $# -ne 2 ] && echo "Usage: $0 <namespace> <owner>" && exit 1
+
+if [ ! -f "$(which uuidgen 2> /dev/null)" ]; then
+    echo "$0 requires uuidgen but it's not installed. Aborting!"
+    exit 1
+fi
+
+NAMESPACE=$1
+OWNER=$2
+
+[ -z "$TENANT_ID" ] && TENANT_ID=`uuidgen`
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+if ! echo $NAMESPACE | grep -q -E "^([a-zA-Z0-9]{1}[a-zA-Z0-9_-]{0,62}){1}(\.[a-zA-Z0-9_]{1}[a-zA-Z0-9_-]{0,62})*?$"; then
+    echo "ERROR: namespace is not a valid RFC1123 hostname format"
+    exit 1
+fi
+
+EXISTS=$(mongo main --quiet --eval "db.namespaces.find({ name: '$NAMESPACE' })")
+
+if [ -n "$EXISTS" ]; then
+    echo "ERROR: namespace already exists!"
+    exit 1
+fi
+
+OWNER_ID=`mongo main --quiet --eval "JSON.stringify(db.users.findOne({ name:'$OWNER' }))" | jq -r '._id."$oid" // empty'`
+
+if [ -z "$OWNER_ID" ]; then
+    echo "ERROR: owner not found!"
+    exit 1
+fi
+
+INSERTED=`mongo main --quiet --eval "db.namespaces.insert({ name: '$NAMESPACE', owner: '$OWNER_ID', tenant_id: '$TENANT_ID', members: [ '$OWNER_ID' ], settings: {session_record: true}}).nInserted"`
+
+if [ $INSERTED -eq 1 ]; then
+    echo "Namespace added: $NAMESPACE"
+    echo "Owner: $OWNER"
+    echo "Tenant ID: $TENANT_ID"
+else
+    echo "ERROR: Failed to add namespace"
+fi
diff --git a/Server/Tools/latest/add-user b/Server/Tools/latest/add-user
new file mode 100755
index 0000000..d1c6bff
--- /dev/null
+++ b/Server/Tools/latest/add-user
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+[ $# -ne 3 ] && echo "Usage: $0 <username> <password> <email>" && exit 1
+
+if [ ! -f "$(which uuidgen 2> /dev/null)" ]; then
+    echo "$0 requires uuidgen but it's not installed. Aborting!"
+    exit 1
+fi
+
+USERNAME=$1
+PASSWORD=`printf $2 | sha256sum | awk '{ print $1 }'`
+EMAIL=$3
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
+
+if [ -n "$EXISTS" ]; then
+    echo "ERROR: user already exists!"
+    exit 1
+fi
+
+INSERTED=`mongo main --quiet --eval "db.users.insert({ name: '$USERNAME', username: '$USERNAME', password: '$PASSWORD', email: '$EMAIL' }).nInserted"`
+
+if [ $INSERTED -eq 1 ]; then
+    echo "User added: $USERNAME"
+else
+    echo "ERROR: Failed to add user"
+fi
diff --git a/Server/Tools/latest/add-user-namespace b/Server/Tools/latest/add-user-namespace
new file mode 100755
index 0000000..f34b71c
--- /dev/null
+++ b/Server/Tools/latest/add-user-namespace
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+[ $# -ne 2 ] && echo "Usage: $0 <username> <namespace>" && exit 1
+
+USERNAME=$1
+NAMESPACE=$2
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+ID=`mongo main --quiet --eval "JSON.stringify(db.users.findOne({ name:'$USERNAME' }))" | jq -r '._id."$oid" // empty'`
+
+if [ -z "$ID" ]; then
+    echo "ERROR: user does not exists!"
+    exit 1
+fi
+
+TENANT_ID=`mongo main --quiet --eval "JSON.stringify(db.namespaces.findOne({ name:'$NAMESPACE' }))" | jq -r '.tenant_id // empty'`
+
+if [ -z "$TENANT_ID" ]; then
+    echo "ERROR: namespace does not exists!"
+    exit 1
+fi
+
+MODIFIED=`mongo main --quiet --eval "db.namespaces.updateOne({ tenant_id: '$TENANT_ID' }, { \\$addToSet: { members: '$ID' } }).modifiedCount"`
+
+if [ $MODIFIED -eq 1 ]; then
+    echo "User $USERNAME added to namespace $NAMESPACE"
+else
+    echo "ERROR: Failed to add user to namespace"
+fi
diff --git a/Server/Tools/latest/del-namespace b/Server/Tools/latest/del-namespace
new file mode 100755
index 0000000..0838a39
--- /dev/null
+++ b/Server/Tools/latest/del-namespace
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+[ -z $1 ] && echo "Usage: $0 <namespace>" && exit 1
+
+NAMESPACE=$1
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+EXISTS=$(mongo main --quiet --eval "db.namespaces.find({ name: '$NAMESPACE' })")
+
+if [ -z "$EXISTS" ]; then
+    echo "ERROR: namespace does not exists!"
+    exit 1
+fi
+
+REMOVED=`mongo main --quiet --eval "db.namespaces.remove({name: '$NAMESPACE'}).nRemoved"`
+
+if [ $REMOVED -gt 0 ]; then
+    echo "Namespace deleted"
+else
+    echo "ERROR: Failed to delete namespace"
+fi
diff --git a/Server/Tools/latest/del-user b/Server/Tools/latest/del-user
new file mode 100755
index 0000000..4fd0489
--- /dev/null
+++ b/Server/Tools/latest/del-user
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+[ -z $1 ] && echo "Usage: $0 <username>" && exit 1
+
+USERNAME=$1
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+EXISTS=$(docker-compose exec -T mongo mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
+
+if [ -z "$EXISTS" ]; then
+    echo "ERROR: user does not exists!"
+    exit 1
+fi
+
+REMOVED=`mongo main --quiet --eval "db.users.remove({username: '$USERNAME'}).nRemoved"`
+
+if [ $REMOVED -gt 0 ]; then
+    echo "User deleted"
+else
+    echo "ERROR: Failed to delete user"
+fi
diff --git a/Server/Tools/latest/del-user-namespace b/Server/Tools/latest/del-user-namespace
new file mode 100755
index 0000000..771e591
--- /dev/null
+++ b/Server/Tools/latest/del-user-namespace
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+[ $# -ne 2 ] && echo "Usage: $0 <username> <namespace>" && exit 1
+
+USERNAME=$1
+NAMESPACE=$2
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+ID=`mongo main --quiet --eval "JSON.stringify(db.users.findOne({ name:'$USERNAME' }))" | jq -r '._id."$oid" // empty'`
+
+if [ -z "$ID" ]; then
+    echo "ERROR: user does not exists!"
+    exit 1
+fi
+
+TENANT_ID=`mongo main --quiet --eval "JSON.stringify(db.namespaces.findOne({ name:'$NAMESPACE' }))" | jq -r '.tenant_id // empty'`
+
+if [ -z "$TENANT_ID" ]; then
+    echo "ERROR: namespace does not exists!"
+    exit 1
+fi
+
+MODIFIED=`mongo main --quiet --eval "db.namespaces.updateOne({ tenant_id: '$TENANT_ID' }, { \\$pull: { members: '$ID' } }).modifiedCount"`
+
+if [ $MODIFIED -eq 1 ]; then
+    echo "User $USERNAME removed from namespace $NAMESPACE"
+else
+    echo "ERROR: Failed to remove user from namespace"
+fi
diff --git a/Server/Tools/latest/reset-user-password b/Server/Tools/latest/reset-user-password
new file mode 100755
index 0000000..dbbdb41
--- /dev/null
+++ b/Server/Tools/latest/reset-user-password
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+[ -z $1 ] || [ -z $2 ] && echo "Usage: $0 <username> <password>" && exit 1
+
+USERNAME=$1
+PASSWORD=`printf $2 | sha256sum | awk '{ print $1 }'`
+
+if [ "$(systemctl is-active mongod)" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
+
+if [ -z "$EXISTS" ]; then
+    echo "ERROR: user does not exists!"
+    exit 1
+fi
+
+MODIFIED=`mongo main --quiet --eval "db.users.update({ username: '$USERNAME' }, { \\$set: { password: '$PASSWORD' } }).nModified"`
+
+if [ $MODIFIED -eq 1 ]; then
+    echo "Password changed"
+else
+    echo "User password not changed"
+fi
diff --git a/Server/Tools/add-user b/Server/Tools/stable/add-user
similarity index 100%
rename from Server/Tools/add-user
rename to Server/Tools/stable/add-user
diff --git a/Server/Tools/del-user b/Server/Tools/stable/del-user
similarity index 100%
rename from Server/Tools/del-user
rename to Server/Tools/stable/del-user
diff --git a/Server/Tools/reset-user-password b/Server/Tools/stable/reset-user-password
similarity index 100%
rename from Server/Tools/reset-user-password
rename to Server/Tools/stable/reset-user-password
diff --git a/Server/install.sh b/Server/install.sh
index cc76750..260812b 100644
--- a/Server/install.sh
+++ b/Server/install.sh
@@ -71,11 +71,18 @@ systemctl start openresty mongod
 wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/.env -O /opt/ShellHub/shellhub.env
 wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubSSH-amd64  -O /opt/ShellHub/ShellHubSSH
 wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubAPI-amd64  -O /opt/ShellHub/ShellHubAPI
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinAgent/ShellHubAgent-amd64 -O /opt/ShellHub/ui/agent-amd64
 wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/webui.tar.gz -O /tmp/webui.tar.gz
+mv ../Agent/Kickstart_template /opt/ShellHub/ui/kickstart.sh
 chmod +x /opt/ShellHub/ShellHubAPI
 chmod +x /opt/ShellHub/ShellHubSSH
 tar -zxf /tmp/webui.tar.gz -C /opt/ShellHub/ui
-mv Tools/* /opt/ShellHub/tools/
+if [ "$RelVer" = "stable" ] 
+    mv Tools/stable/* /opt/ShellHub/tools/
+elif [ "$RelVer" = "latest" ] || [ "$RelVer" = "latest_Tested" ]; then
+    $PKGM install -y jq
+    mv Tools/latest/* /opt/ShellHub/tools/
+fi
 
 ##Generating keys
 openssl genrsa -out /opt/ShellHub/keys/api_private_key 2048