unattended installation

Pietro's Avatar

Pietro

31 Dec, 2015 03:21 PM

Hello,

where can I find the documentation about the config.auth.user.php file format ?
I need it to be able to automate the installation of PML.

Thanks!

  1. Support Staff 1 Posted by potsky on 02 Jan, 2016 06:47 PM

    potsky's Avatar

    Hello,

    there will be an API I hope in 2016 ! But for the moment, here is the basic format of the auth file (all auth functions are in the class Sentinel in file inc/Sentinel.php :

    <?php if (realpath(__FILE__)===realpath($_SERVER["SCRIPT_FILENAME"])) {header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");die();}?>
    {
      "generated": "1448388815",
      "security": "c63JoOs8_ZWJSKw6Xi7eEwzdEjg0i6cCDP7oTZU66SwKWYFnIupDmZk2js-gwkqK",
      "anonymous": [],
      "users": {
        "potsky": {
          "roles": [
            "admin"
          ],
          "pwd": "917f33800bce25637e632f4f906892424c1fe34b",
          "logs": [],
          "cd": "1448388822",
          "cb": null,
          "at": "Dgd-Qwh5zsJAmcHnr_jZsIeaVsWzqoGu",
          "hp": "Zjf15D-PoWanaJ-2",
          "logincount": 1,
          "lastlogin": {
            "ip": "::1",
            "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7",
            "ts": "1448388830"
          }
        },
        "potskyuser": {
          "roles": [
            "user"
          ],
          "pwd": "880770f022dfbee46cd9225c34809b9a5516d853",
          "logs": {
            "-config-user-d-apache-php-contenterror": {
              "r": true
            },
            "-config-user-d-apache-php-contentaccess": {
              "r": true
            },
            "-config-user-d-apache-php-apierror": {
              "r": true
            },
            "-config-user-d-apache-php-apiaccess": {
              "r": true
            },
            "-config-user-d-squid-php-squidaccess": {
              "r": true
            }
          },
          "cd": 1386752948,
          "cb": "root",
          "at": "fCm1j44r0KYV2c6n8Y_CVYlwqe_3QBUw",
          "hp": "iNnCGPfgA7NJaZ98",
          "logincount": 1,
          "lastlogin": {
            "ip": "172.16.25.1",
            "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7",
            "ts": "1444892251"
          }
        }
      },
      "logs": [
        [
          "signin",
          "potsky",
          "1448388830",
          "::1",
          "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7"
        ]
      ]
    }
    

    And here are the explanations :

    <?php if (realpath(__FILE__)===realpath($_SERVER["SCRIPT_FILENAME"])) {header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");die();}?>
    

    Always copy this line as it to avoid people access directly the json file.

    "generated": "1448388815",
    

    The generated key is the timestamp of the creation date of the auth file.

    "security": "c63JoOs8_ZWJSKw6Xi7eEwzdEjg0i6cCDP7oTZU66SwKWYFnIupDmZk2js-gwkqK",
    

    This is a random key which will be used as salt when hashing password. If you change it when users have already been created, their password will not work anymore.

    "anonymous": [],
    

    The list of logs (file ids) accessible anonymously

    "users": {
    

    The list of users where keys are usernames and values are the user object.

    "potsky": {
    

    The first user is potsky. The username is the key of the user object.

      "roles": [
        "admin"
      ],
    

    A list of roles. Supported roles are now user or admin. No need to set an admin as a user too.

      "pwd": "917f33800bce25637e632f4f906892424c1fe34b",
    

    The user password hash encoded with this formula : sha1( $security . $username . $generated . $password )

      "logs": [],
    

    This array lists all log files accessible by the user. Here is an other example with a user and not an admin :

          "logs": {
            "-config-user-d-apache-php-contenterror": {
              "r": true
            },
            "-config-user-d-apache-php-contentaccess": {
              "r": true
            },
            "-config-user-d-apache-php-apierror": {
              "r": true
            },
            "-config-user-d-apache-php-apiaccess": {
              "r": true
            },
            "-config-user-d-squid-php-squidaccess": {
              "r": true
            }
          },
    

    The only supported value now is r for read.

      "cd": "1448388822",
    

    The creation date timestamp.

      "cb": null,
    

    cb is for created by. This is the username of the user who has created the current user. System is null. You can set all values to null.

      "at": "Dgd-Qwh5zsJAmcHnr_jZsIeaVsWzqoGu",
    

    This is the access token

      "hp": "Zjf15D-PoWanaJ-2",
    

    Presalt for this user, postsalt is the instance security token

      "logincount": 1,
    

    Do not set this value when creating a user.

      "lastlogin": {
        "ip": "::1",
        "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7",
        "ts": "1448388830"
      }
    

    Do not set this value when creating a user.

    "logs": [
    [
      "signin",
      "potsky",
      "1448388830",
      "::1",
      "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7"
    ]
    

    Do not set this value when creating a user.


    If you want to use PHP to create the authentication file and users, it is easier :

    • Include the Sentinel class in your script
    • use the create method to create the authentication file
    • use the setUser($username , $password) method to create a user
    • use the setAdmin($username , $password) method to create an admin

    For example :

    <?php
    include 'inc/Sentinel.php`;
    
    Sentinel::init();
    Sentinel::create();
    Sentinel::setAdmin('admin','pass');
    Sentinel::setUser( 'user' , 'pass' , null , array( 'fileid1' => array( 'r' => true ) , 'fileid2' => array( 'r' => true ) ) );
    Sentinel::save();
    

    Tell me if it works !

  2. 2 Posted by Pietro on 05 Jan, 2016 10:45 PM

    Pietro's Avatar

    Thanks a lot for the very clear explaination.

    it worked as well with some minor changes:

    <?php

    include 'inc/global.inc.php'; include 'inc/classes/Sentinel.php'; Sentinel::init(); Sentinel::create(); Sentinel::setAdmin('admin','pass'); Sentinel::save(); ?>

  3. Support Staff 3 Posted by potsky on 06 Jan, 2016 08:13 AM

    potsky's Avatar

    Nice!

  4. potsky closed this discussion on 06 Jan, 2016 08:13 AM.

  5. Pietro re-opened this discussion on 13 Jan, 2016 01:05 AM

  6. 4 Posted by Pietro on 13 Jan, 2016 01:05 AM

    Pietro's Avatar

    Here: https://github.com/pbertera/dockerfiles/tree/master/SyslogServer
    you can find a Docker container with rsyslog and PML.

    Thanks,

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac