v0.72 Release Bug Fix

- fix bad hash algorithm implementation in the CLI functions - fix schema migration issues on `dsip_settings` table - fix edge cases where bootstrapping failed # Please enter the commit message for your changes. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # # On branch v0.72 # Your branch is up to date with 'origin/v0.72'. # # Changes to be committed: # modified: dsiprouter/dsip_lib.sh # modified: resources/upgrade/v0.72/scripts/bootstrap.sh # modified: resources/upgrade/v0.72/scripts/migrate.sh #
dOpensource · Apr 3, 2023 · 28309c1 · 28309c1
1 parent e0bbbfa
commit 28309c1
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 325 deletions.
diff --git a/dsiprouter.sh b/dsiprouter.sh
@@ -2841,7 +2841,7 @@ function upgrade() {
 
     # check if the new function definitions need bootstrapped prior to upgrade
     if (( $BOOTSTRAPPING_UPGRADE == 0 )) && curl -sf -I "$BS_SCRIPT_URL" -o /dev/null; then
-        curl -s "$BS_SCRIPT_URL" | bash -s upgrade -rel ${UPGRADE_RELEASE}
+        curl -s "$BS_SCRIPT_URL" | bash
         return $?
     fi
 

diff --git a/dsiprouter/dsip_lib.sh b/dsiprouter/dsip_lib.sh
@@ -28,10 +28,10 @@ DSIP_PROJECT_DIR=${DSIP_PROJECT_DIR:-$(git rev-parse --show-toplevel 2>/dev/null
 export DSIP_PROJECT_DIR=${DSIP_PROJECT_DIR:-$(dirname $(dirname $(readlink -f "$BASH_SOURCE")))}
 
 # reuse credential settings from python files (exported for later usage)
-SALT_LEN=${SALT_LEN:-$(grep -m 1 -oP 'SALT_LEN[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
-DK_LEN_DEFAULT=${DK_LEN_DEFAULT:-$(grep -m 1 -oP 'DK_LEN_DEFAULT[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
-CREDS_MAX_LEN=${CREDS_MAX_LEN:-$(grep -m 1 -oP 'CREDS_MAX_LEN[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
-HASH_ITERATIONS=${HASH_ITERATIONS:-$(grep -m 1 -oP 'HASH_ITERATIONS[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
+export SALT_LEN=${SALT_LEN:-$(grep -m 1 -oP 'SALT_LEN[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
+export DK_LEN_DEFAULT=${DK_LEN_DEFAULT:-$(grep -m 1 -oP 'DK_LEN_DEFAULT[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
+export CREDS_MAX_LEN=${CREDS_MAX_LEN:-$(grep -m 1 -oP 'CREDS_MAX_LEN[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
+export HASH_ITERATIONS=${HASH_ITERATIONS:-$(grep -m 1 -oP 'HASH_ITERATIONS[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
 export HASHED_CREDS_ENCODED_MAX_LEN=${HASHED_CREDS_ENCODED_MAX_LEN:-$(grep -m 1 -oP 'HASHED_CREDS_ENCODED_MAX_LEN[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
 export AESCTR_CREDS_ENCODED_MAX_LEN=${AESCTR_CREDS_ENCODED_MAX_LEN:-$(grep -m 1 -oP 'AESCTR_CREDS_ENCODED_MAX_LEN[ \t]+=[ \t]+\K[0-9]+' ${DSIP_PROJECT_DIR}/gui/util/security.py)}
 
@@ -1116,16 +1116,18 @@ function parseDBConnURI() {
 }
 export -f parseDBConnURI
 
-# $1 == number of characters to get
-# output: string of random printable characters
+# usage:    urandomChars [options] [args]
+# options:  -f <filter> == characters to allow
+# args:     $1 == number of characters to get
+# output:   string of random printable characters
 function urandomChars() {
 	local LEN=32 FILTER="a-zA-Z0-9"
 
     while (( $# > 0 )); do
     	# last arg is length
-        if (( $# == 1 )) && [[ -z "$CREDS" ]]; then
-			LEN="$1"
-			shift
+        if (( $# == 1 )); then
+            LEN="$1"
+            shift
             break
         fi
 
@@ -1230,7 +1232,13 @@ function hashCreds() {
 
 	# python native version
 	# no external dependencies other than vanilla python3
-	${PYTHON} -c "import hashlib,binascii; print(binascii.hexlify(hashlib.pbkdf2_hmac('sha512', '$CREDS'.encode('utf-8'), '$SALT'.encode('utf-8'), iterations=$HASH_ITERATIONS, dklen=$DK_LEN)).decode('utf-8'));"
+	${PYTHON} <<EOPYTHON
+import hashlib,binascii
+creds='$CREDS'.encode('utf-8')
+salt='$SALT'.encode('utf-8')
+hash=hashlib.pbkdf2_hmac('sha512', creds, salt, iterations=$HASH_ITERATIONS, dklen=$DK_LEN) + salt
+print(binascii.hexlify(hash).decode('utf-8'))
+EOPYTHON
 	# bash native version
 	# currently too slow for production usage
 	#${DSIP_PROJECT_DIR}/dsiprouter/pbkdf2.sh 'sha512' "$CREDS" "$SALT" "$HASH_ITERATIONS" 4

diff --git a/resources/upgrade/v0.72/scripts/bootstrap.sh b/resources/upgrade/v0.72/scripts/bootstrap.sh
@@ -1,17 +1,10 @@
 #!/usr/bin/env bash
 
 export BOOTSTRAPPING_UPGRADE=1
-export SALT_LEN='16'
-export DK_LEN_DEFAULT='48'
-export CREDS_MAX_LEN='64'
-export HASH_ITERATIONS='10000'
-export HASHED_CREDS_ENCODED_MAX_LEN='128'
-export AESCTR_CREDS_ENCODED_MAX_LEN='160'
+export DSIP_PROJECT_DIR='/tmp/dsiprouter'
 TAG_NAME='v0.72-rel'
 REPO_URL='https://github.com/dOpensource/dsiprouter.git'
 rm -f /etc/dsiprouter/.requirementsinstalled
-rm -rf /tmp/dsiprouter 2>/dev/null
-git clone --depth 1 -b "$TAG_NAME" "$REPO_URL" /tmp/dsiprouter
-ln -sf /tmp/dsiprouter/resources/upgrade /opt/dsiprouter/resources/upgrade
-. /tmp/dsiprouter/dsiprouter/dsip_lib.sh
-. /tmp/dsiprouter/dsiprouter.sh upgrade -rel v0.72
+rm -rf "$DSIP_PROJECT_DIR" 2>/dev/null
+git clone --depth 1 -b "$TAG_NAME" "$REPO_URL" "$DSIP_PROJECT_DIR"
+${DSIP_PROJECT_DIR}/dsiprouter.sh upgrade -rel v0.72