From aeba62c7501f9f2f471dc9640f9bda0a2cd2ad14 Mon Sep 17 00:00:00 2001
From: Bill Erickson <berickxx@gmail.com>
Date: Mon, 1 May 2023 11:01:51 -0400
Subject: [PATCH] Generate redis passwords; install accounts file

Signed-off-by: Bill Erickson <berickxx@gmail.com>
---
 .gitignore                                               |  1 +
 README                                                   |  1 -
 configure.ac                                             | 16 ++++++++++++++++
 ...{redis-accounts.example.txt => redis-accounts.txt.in} |  8 ++++----
 src/Makefile.am                                          |  2 +-
 5 files changed, 22 insertions(+), 6 deletions(-)
 rename examples/{redis-accounts.example.txt => redis-accounts.txt.in} (88%)

diff --git a/.gitignore b/.gitignore
index 181b1d1..216cb57 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ config.sub
 configure
 depcomp
 doc/dokuwiki-doc-stubber.pl
+examples/redis-accounts.txt
 examples/math_bench.pl
 examples/math_client.py
 examples/multisession-test.pl
diff --git a/README b/README
index f3e7d9e..584ec95 100644
--- a/README
+++ b/README
@@ -268,7 +268,6 @@ Updating the OpenSRF configuration files
 cd SYSCONFDIR
 cp opensrf_core.xml.example opensrf_core.xml
 cp opensrf.xml.example opensrf.xml
-cp redis-accounts.example.txt redis-accounts.txt
 ---------------------------------------------------------------------------
 +
   2. Edit the `SYSCONFDIR/opensrf_core.xml` file to update the four username
diff --git a/configure.ac b/configure.ac
index 9bd31b4..b957aff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -53,6 +53,21 @@ AC_SUBST([PID_DIR])
 AC_SUBST(prefix)
 AC_SUBST(bindir)
 
+OPENSRF_BUS_PASS=$(cat /proc/sys/kernel/random/uuid)
+GATEWAY_BUS_PASS=$(cat /proc/sys/kernel/random/uuid)
+ROUTER_BUS_PASS=$(cat /proc/sys/kernel/random/uuid)
+ADMIN_BUS_PASS=$(cat /proc/sys/kernel/random/uuid)
+
+AC_DEFINE_UNQUOTED([OPENSRF_BUS_PASS], ["$OPENSRF_BUS_PASS"], [opensrf bus password])
+AC_DEFINE_UNQUOTED([GATEWAY_BUS_PASS], ["$GATEWAY_BUS_PASS"], [gateway bus password])
+AC_DEFINE_UNQUOTED([ROUTER_BUS_PASS], ["$ROUTER_BUS_PASS"], [router bus password])
+AC_DEFINE_UNQUOTED([ADMIN_BUS_PASS], ["$ADMIN_BUS_PASS"], [admin bus password])
+
+AC_SUBST([OPENSRF_BUS_PASS])
+AC_SUBST([GATEWAY_BUS_PASS])
+AC_SUBST([ROUTER_BUS_PASS])
+AC_SUBST([ADMIN_BUS_PASS])
+
 #-------------------------------
 # Installation options
 #-------------------------------
@@ -321,6 +336,7 @@ if test "x$OSRF_INSTALL_CORE" = "xtrue"; then
 	#------------------------------------
 
 	AC_CONFIG_FILES([doc/dokuwiki-doc-stubber.pl
+			 examples/redis-accounts.txt
 			 examples/math_bench.pl
 			 examples/multisession-test.pl
 			 src/c-apps/Makefile
diff --git a/examples/redis-accounts.example.txt b/examples/redis-accounts.txt.in
similarity index 88%
rename from examples/redis-accounts.example.txt
rename to examples/redis-accounts.txt.in
index e2ceeaa..becb5e4 100644
--- a/examples/redis-accounts.example.txt
+++ b/examples/redis-accounts.txt.in
@@ -6,7 +6,7 @@ SET COMMENT "opensrf accounts lpop requests from their opensrf:servivce: queue."
 SET COMMENT "TODO: separate Listener vs Drone accounts to prevent Drones / standalone clients from accessing opensrf:service:*"
 
 ACL SETUSER opensrf reset
-ACL SETUSER opensrf on >password
+ACL SETUSER opensrf on >@OPENSRF_BUS_PASS@
 ACL SETUSER opensrf -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:service:* ~opensrf:client:*
 
 SET comment "routers lpop requests from their own opensrf:router:* queues"
@@ -14,20 +14,20 @@ SET comment "routers send requests to opensrf:service:* queues"
 SET comment "routers send replies to opensrf:client:* queues"
 
 ACL SETUSER router reset
-ACL SETUSER router on >password
+ACL SETUSER router on >@ROUTER_BUS_PASS@
 ACL SETUSER router -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:service:* ~opensrf:client:*
 
 SET comment "gateway accounts send request to opensrf:router:* queues"
 SET comment "gateway accounts send subsequent, stateful requests to opensrf:client:* queues"
 
 ACL SETUSER gateway reset
-ACL SETUSER gateway on >password
+ACL SETUSER gateway on >@GATEWAY_BUS_PASS@
 ACL SETUSER gateway -@all +lpop +blpop +rpush +del ~opensrf:router:* ~opensrf:client:*
 
 SET comment "admin can do anything"
 
 ACL SETUSER admin reset
-ACL SETUSER admin on >password
+ACL SETUSER admin on >@ADMIN_BUS_PASS@
 ACL SETUSER admin +@all ~*
 
 DEL comment
diff --git a/src/Makefile.am b/src/Makefile.am
index 8b9eb6b..4ca5dea 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -34,7 +34,7 @@ if BUILDCORE
 MAYBE_CORE = libopensrf c-apps srfsh gateway perl websocket-stdio
 dist_bin_SCRIPTS = @top_srcdir@/bin/opensrf-perl.pl
 bin_SCRIPTS = @top_srcdir@/bin/osrf_config
-dist_sysconf_DATA = @top_srcdir@/examples/opensrf.xml.example @top_srcdir@/examples/opensrf_core.xml.example @top_srcdir@/examples/srfsh.xml.example @top_srcdir@/examples/redis-accounts.example.txt
+dist_sysconf_DATA = @top_srcdir@/examples/opensrf.xml.example @top_srcdir@/examples/opensrf_core.xml.example @top_srcdir@/examples/srfsh.xml.example @top_srcdir@/examples/redis-accounts.txt
 endif
 
 SUBDIRS = $(MAYBE_CORE) $(MAYBE_PY) $(MAYBE_JA)
-- 
2.11.0