Commit Graph

46 Commits (a3612f53dd8c83aed111c5bfc13b9f08e4b6d908)

Author SHA1 Message Date
Romeo Dumitrescu 87a7bde618 fix: Synology DSM API path regex
Fix the regex for looking up the API path value from the Synology API query.
2023-09-25 18:43:01 +03:00
Martin Arndt b793dbf977
Fix device ID property name for DSM 6 2023-08-11 17:55:45 +02:00
Martin Arndt d52b38777a
Fix Auth API access for DSM 6 2023-08-09 19:52:37 +02:00
Martin Arndt 0d7b831661
Fix variable initialization 2023-07-04 16:58:14 +02:00
Martin Arndt 0c9e4f67a8
Update synology_dsm.sh
Split "[ && ]" into "[ ] && [ ]" to make ShellCheck happy
2023-07-04 15:55:44 +02:00
Martin Arndt db3f131dfc
Re-add deprecated SYNO_TOTP_SECRET part for legacy compatibility
As requested in acmesh-official/acme.sh/pull/4646 by Neil Pang
2023-07-04 15:47:19 +02:00
Martin Arndt 0548ad2fc6
Fix debug output of session ID 2023-05-28 22:33:15 +02:00
Martin Arndt 623d615cd7
Remove external OTP dependency from synology_dsm.sh
Also adapt to DSM 7's API improvements.
2023-05-28 21:42:53 +02:00
Markus Lippert a7dd86de71
fix(deploy-synology_dsm): support DID with DSM 7 2022-09-29 12:22:45 +02:00
John Elliott 3a99a77104 Update return statement 2022-02-07 21:55:12 -08:00
John Elliott 5ce8050e46 Update missing oathtool check 2022-02-07 11:58:14 -08:00
John Elliott 5ae3a020bd Add err log for missing oathtool in Synology
Alerts the user that the oathtool is missing and the TOTP can't be
generated.
2022-02-07 11:53:24 -08:00
Nasser Alansari 4635dacf7f Add SYNO_TOTP_SECRET for user with two-factor authentication 2021-11-13 13:01:38 +03:00
Miguel Angelo a31ed4a723 Notify user about a possible problem when using synology_dsm.sh with 2fa enabled user account 2021-11-01 01:40:14 -03:00
Brian Hartvigsen dcb51683c5
shellcheck cleanup
shellcheck sees '\\' as trying to escape the trailing quote (see
koalaman/shellcheck#1548 ).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen 74a4a788b1
Make certificate descriptions sed safe
This escapes special characters used in POSIX sed to prevent mismatches.
e.g. `SYNO_Certficiate=*.example.com` would not match a description of
"*.example.com" and would look to match any number of double quotes (the
last character in the sed regex prior to certificate description),
followed by any single character, followed by "example", followed by any
character, followed by "com".

After this change, it will properly match `*.example.com` and not
`""zexamplefcom`.

Additionally we now store the certificate description as base64 encoded
to prevent issues with single quotes.

Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen 5ab9ca1c0d
Better fix for Synology DSM setting wrong default
As noted by @buxm, previous fix didn't work for all versions of DSM 6.
The better fix appears to be simply not outputting the "as_default"
parameter unless we are doing something with the default certificate.
2021-05-19 13:21:34 -06:00
Brian Hartvigsen 1a4a180e8c
FIX: Synology sets "default" on wrong certificate
For some DSM installs, it appears that setting the "default" flag to the
string "false" actually sets it to true.  This causes Synology to set
the last updated certificate to be the default certificate.  Using an
empty string appears to still be accepted as a false-y value for DSMs
where this isn't happening and corrects the behavior in the cases that
it was.

Credit to @Run-King for identifying the fix and @buxm for reporting.
2021-05-02 13:37:59 -06:00
Brian Hartvigsen 2635dfef96
Shellcheck linting
Also removed unused code
2020-12-09 21:01:44 -07:00
Brian Hartvigsen 7d7789ae96
Support DSM 6 and 7
Small changes for DSM 6:

All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params
enable_syno_token=yes must be in both the GET and POST params.
If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work.
Need to use /webapi/auth.cgi instead of /webapi/entry.cgi
Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850
2020-12-09 20:35:50 -07:00
Thijn cc69285420
Fix synology_dsm deployhook for DSM 7 2020-12-09 19:47:31 -07:00
Brian Hartvigsen 99d3a283ef
Use POST for login
This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.)  HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
2020-12-09 19:44:14 -07:00
Brian Hartvigsen 5f5096e1d4
Addressing issues found in DS218+ DSM
DS218+ appears to have a slighly different DSM that sends back headers in lowercase.

Reported by @BartSiwek in #2727
2020-07-25 21:56:18 -06:00
neil 341f000b9c
Merge pull request #2947 from kref/patch-1
fix octal escapes for printf %b format
2020-05-19 13:45:42 +08:00
kref 0deea53931
fix octal escapes for printf %b format
Stop it from misinterpreting a following digit as part of the escape sequence
2020-05-19 13:27:00 +08:00
Brian Hartvigsen 694194be2f
Shellcheck fix
SYNO_Certificate gets set by _getdeployconf, so this may be an empty string but that's fine
2020-05-16 02:25:53 -06:00
Brian Hartvigsen c7f61f8b80
Allow rotating the default certificate which has no description
This means, by default, we will rotate the default certificate that comes with the DSM
2020-05-16 02:02:23 -06:00
Brian Hartvigsen 3a7c7fe4e8
Fix shellcheck issues 2020-05-16 00:19:18 -06:00
Brian Hartvigsen 668967a719
If SYNO_Create is not set here, print the nice message 2020-05-16 00:05:35 -06:00
Brian Hartvigsen d15c14ab93
Fix support for wget
I'm actually not entirely sure why/how this worked with curl but not wget, but it did.  The short answer is that using a GET does not result in the HTTP_HEADER file being written, instead you must pass in the http_headers param ($2) which will return the HTTP headers as a string.  Luckily, the Token is in both the body and the header.  We need it and the id (and smid if 2fa) cookie to proceed.  So now we parrse the response for that instead of the HTTP_HEADER file.

Interesting side note: wget is fine if the URL contains a \r or \n, but curl will barf on it.  So we need to make sure those are stripped from the token as it will be passed in the URL later.
2020-05-15 23:53:00 -06:00
Brian Hartvigsen 52b81608a1
need to _url_encode anything sent in GET requests
Fixes issue raised by @tatablack
2020-05-15 23:48:50 -06:00
Markus Lippert fd64c20807 store device ID 2020-03-08 20:22:31 +01:00
Markus Lippert 80f1034dd6 add OTP support 2020-03-08 19:49:46 +01:00
Brian Hartvigsen 1b475cf9f3
Remove -q from greps 2020-02-10 21:02:27 -07:00
Brian Hartvigsen d07172a528
Replace disabled linter with variable substituion 2020-02-09 12:06:13 -08:00
Brian Hartvigsen 79637097ba
Use _utc_date 2020-02-09 11:50:50 -08:00
Brian Hartvigsen 1259341095
Use deployconf properly 2020-02-09 03:10:11 -08:00
Brian Hartvigsen 5d3bc95ac5
Fix some debug output 2020-02-09 02:50:29 -08:00
Brian Hartvigsen de25232a73
Allow creating new certificates when certificate is not found 2020-02-09 02:26:55 -08:00
Brian Hartvigsen 95769de464
Fix shfmt/shellcheck issues 2020-02-09 02:01:26 -08:00
Brian Hartvigsen 52a168b961
Stop using jq/curl directly
This is a lot more fragile then the previous code due to treating JSON as just a string
2020-02-09 01:49:20 -08:00
Brian Hartvigsen b3b00b6700
Using domainconf instead of account 2020-02-09 01:49:20 -08:00
Brian Hartvigsen 8e8cda132c
Remove boilerplate from what I used for template 2020-02-09 01:49:20 -08:00
Brian Hartvigsen 6459ccb185
Cleanup shfmt warnings 2020-02-09 01:49:20 -08:00
Brian Hartvigsen 548f83c3ad
Cleanup shellcheck errors 2020-02-09 01:49:19 -08:00
Brian Hartvigsen 555e0de9e4
Initial support for Synology DSM
This allows you to update a key on a Synology DSM using the existing API.
Handles restarting the necessary services the certificate is attached to and all other internal stuff (copying the certificate around, etc.)

This is way less error prone than most articles I've found on how to update a Synology DSM certificate.
2020-02-09 01:49:19 -08:00