#!/bin/bash # creates trash email for registration for online-services # email is hashed from domain of service + login-username from linux-system # or only unhashed service-domain # this created email-address is added to LDAP target email als dcMailAlias # also added to pass passwordmanager of user [ -e ${MSC_BASE}/defaults.conf ] && . ${MSC_BASE}/defaults.conf LDAP_HOST=${LDAP_HOST_DEFAULT} BIND_DN=${LDAP_ADMIN_BIND_DN} PASS_ID=${PASS_ID_LDAP_ADMIN} OWN_DOMAIN=${TRASHMAIL_OWN_DOMAIN_DEFAULT} TARGET_MAIL=${TRASHMAIL_TARGET_MAIL_DEFAULT} HASHED_DEFAULT=${TRASHMAIL_HASHED_DEFAULT} HASHLENGTH_DEFAULT=8 PWOPTS_DEFAULT="-c -n -s" PWLENGTH_DEFAULT=50 show_help () { cat << EOF usage: ${0} [] URL: https://target.domain.tld:8080/path/to/site | target.domain.tld PWLENGTH: Integer, count characters in generated password OPTIONS: --delete delete trashmail from LDAP -d include domain from in username: 8ee948ae.target.domain.tld@mydomain.tld -f|--force force overwrite existing entry in pass -h|--hashed create hash from domain and linux-login-user (${USER}) --help show this help/usage -l|--length |full cut hashed part of username to characters from start (default: ${HASHLENGHT_DEFAULT}) -n|--not-hashed do not hash username from targetdomain and linux-login-user -t|--target-mail Emailadress for which trashmail is created -w|--full-hash do not cut hash (same as »-l full«) -y|--symbols same option as in pwgen. Include at least one special character in the password. EOF } # TODO: how exit main-shell from error in subshell??? getopt -u -o dfhl:nt:wy --long delete,force,hashed,help,not-hashed,hashlength:,whole-hash,symblols,target-mail: -- "$@" || exit $? set -- $(getopt -u -o dfhl:nt:wy --long delete,force,hashed,help,not-hashed,hashlength:,whole-hash,symblols,target-mail: -- "$@"|| exit $?) echo @: $@ while : ; do case $1 in --delete) ACTION=delete shift ;; -d) INCLUDE_DOMAIN=true shift ;; -f|--force) FORCE=true shift ;; -h|--hashed) HASHED=true shift ;; --help) show_help exit 0 ;; -l|--hashlength) HASHLENGTH=$2 shift; shift; ;; -n|--not-hashed) HASHED=false shift ;; -t|--target-mail) TARGET_MAIL=$2 shift; shift; ;; -w|--full-hash) HASHLENGTH=full shift; ;; -y) PWOPTS="${PWOPTS} -y" shift ;; --) shift break ;; *) echo wrong argument $1 >&2 show_help exit 1 ;; esac done # Urlparsing inspired by: https://gist.github.com/joshisa/297b0bc1ec0dcdda0d1625029711fa24 # Referenced and tweaked from http://stackoverflow.com/questions/6174220/parse-url-in-shell-script#6174447 URL=$1 protocol=$(echo "$1" | grep "://" | sed -e's,^$.*://$.*,\1,g') # Remove the protocol url_no_protocol=$(echo "${1/$protocol/}") # Use tr: Make the protocol lower-case for easy string compare protocol=$(echo "$protocol" | tr '[:upper:]' '[:lower:]') # Extract the user and password (if any) # cut 1: Remove the path part to prevent @ in the querystring from breaking the next cut # rev: Reverse string so cut -f1 takes the (reversed) rightmost field, and -f2- is what we want # cut 2: Remove the host:port # rev: Undo the first rev above userpass=$(echo "$url_no_protocol" | grep "@" | cut -d"/" -f1 | rev | cut -d"@" -f2- | rev) pass=$(echo "$userpass" | grep ":" | cut -d":" -f2) if [ -n "$pass" ]; then user=$(echo "$userpass" | grep ":" | cut -d":" -f1) else user="$userpass" fi # Extract the host hostport=$(echo "${url_no_protocol/$userpass@/}" | cut -d"/" -f1) host=$(echo "$hostport" | cut -d":" -f1) port=$(echo "$hostport" | grep ":" | cut -d":" -f2) path=$(echo "$url_no_protocol" | grep "/" | cut -d"/" -f2-) echo "Create a trashmail-address for ${host}" >&2 if ${HASHED:-$HASHED_DEFAULT}; then case $HASHLENGTH in full) TRASHUSER="$(echo ${host}${USER}|md5sum -|awk '{print $1}')" ;; [0-9]|[0-9][0-9]) TRASHUSER="$(echo ${host}${USER}|md5sum -|awk '{print $1}'|cut -c-${HASHLENGTH})" ;; *) TRASHUSER="$(echo ${host}${USER}|md5sum -|awk '{print $1}'|cut -c-${HASHLENGTH_DEFAULT})" ;; esac if ${INCLUDE_DOMAIN:-false} ;then $INCLUDE_DOMAIN && TRASHUSER=${TRASHUSER}.${host} fi else TRASHUSER=${host} fi TRASHMAIL=${TRASHUSER}@${OWN_DOMAIN} echo $TRASHMAIL PASS_ENTRY="${PASS_PREFIX%/}${PASS_PREFIX:+/}${host}/${TRASHMAIL}" case ${ACTION:-create} in create) #set -x echo "Add new trashmail to LDAP" cat << EOF |ldapmodify -Z -H ldap://${LDAP_HOST} -D ${BIND_DN} -x -w $(pass ${PASS_ID}|head -n 1) dn: dcSubMailAddress=${TARGET_MAIL},ou=mailaccounts,dc=schuerz,dc=at changetype: modify add: dcMailAlternateAddress dcMailAlternateAddress: ${TRASHMAIL} EOF if [ $? -gt 0 ]; then echo pass find ${PASS_ENTRY} pass find ${TRASHMAIL}|grep -v "Search Terms" case $? in 1) # returncode 1 from grep means, no line selected. so no entry exists, create new one echo "Entry not found --> create new pass-entry" CREATE=true ;; 0) if ${FORCE-false} ; then echo "Entry found but enforced to overwrite" CREATE=true else echo echo "Current password for ${PASS_ENTRY} is $(pass ${PASS_ENTRY} |head -n1)." read -p "Overwrite? [Y|n]: " echo "" case $REPLY in y|Y) CREATE=true ;; *) CREATE=false ;; esac fi ;; *) echo "Something went wrong" exit 2 ;; esac else CREATE=true fi if ${CREATE-false}; then cat << EOF |pass insert -m ${PASS_ENTRY} $(pwgen ${PWOPTS_DEFAULT} ${PWOPTS} ${2:-$PWLENGTH_DEFAULT} 1) email: ${TRASHMAIL} login: ${TRASHUSER} url: ${URL} comment: trashemail autogenerated md5-hash from »${host}${USER}« cut to ${HASHLENGTH}. Delete email, when account deleted!!! targetmail for this trashmail is ${TARGET_MAIL} EOF fi #set +x #pass git commit "${PASS_ENTRY}" pass -c ${PASS_ENTRY} ;; delete) cat << EOF |ldapmodify -Z -H ldap://${LDAP_HOST} -D ${BIND_DN} -x -w $(pass ${PASS_ID}|head -n 1) dn: dcSubMailAddress=${TARGET_MAIL},ou=mailaccounts,dc=schuerz,dc=at changetype: modify delete: dcMailAlternateAddress dcMailAlternateAddress: ${TRASHMAIL} EOF ;; *) echo action $ACTION not known exit 1 ;; esac