private static void MigrateDatabase(int attempt = 1) { try { Helpers.WriteLine(_context, "Migrating database."); var vaultConnectionString = Helpers.GetValueFromEnvFile("global", "globalSettings__sqlServer__connectionString"); var migrator = new DbMigrator(vaultConnectionString, null); var success = migrator.MigrateMsSqlDatabase(false); if (success) { Helpers.WriteLine(_context, "Migration successful."); } else { Helpers.WriteLine(_context, "Migration failed."); } } catch (SqlException e) { if (e.Message.Contains("Server is in script upgrade mode") && attempt < 10) { var nextAttempt = attempt + 1; Helpers.WriteLine(_context, "Database is in script upgrade mode. " + "Trying again (attempt #{0})...", nextAttempt); System.Threading.Thread.Sleep(20000); MigrateDatabase(nextAttempt); return; } throw e; } }
private static void MigrateDatabase(int attempt = 1) { try { Console.WriteLine("Migrating database."); var dbPass = Helpers.GetValueFromEnvFile("mssql", "SA_PASSWORD"); var masterConnectionString = Helpers.MakeSqlConnectionString( "mssql", "master", "sa", dbPass ?? string.Empty); var vaultConnectionString = Helpers.MakeSqlConnectionString( "mssql", "vault", "sa", dbPass ?? string.Empty); using (var connection = new SqlConnection(masterConnectionString)) { var command = new SqlCommand( "IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = 'vault') = 0) " + "CREATE DATABASE [vault];", connection); command.Connection.Open(); command.ExecuteNonQuery(); command.CommandText = "IF ((SELECT DATABASEPROPERTYEX([name], 'IsAutoClose') " + "FROM sys.databases WHERE [name] = 'vault') = 1) " + "ALTER DATABASE [vault] SET AUTO_CLOSE OFF;"; command.ExecuteNonQuery(); } var upgrader = DeployChanges.To .SqlDatabase(vaultConnectionString) .JournalToSqlTable("dbo", "Migration") .WithScriptsAndCodeEmbeddedInAssembly(Assembly.GetExecutingAssembly(), s => s.Contains($".DbScripts.") && !s.Contains(".Archive.")) .WithTransaction() .WithExecutionTimeout(new TimeSpan(0, 5, 0)) .LogToConsole() .Build(); var result = upgrader.PerformUpgrade(); if (result.Successful) { Console.WriteLine("Migration successful."); } else { Console.WriteLine("Migration failed."); } } catch (SqlException e) { if (e.Message.Contains("Server is in script upgrade mode") && attempt < 10) { var nextAttempt = attempt + 1; Console.WriteLine("Database is in script upgrade mode. " + "Trying again (attempt #{0})...", nextAttempt); System.Threading.Thread.Sleep(20000); MigrateDatabase(nextAttempt); return; } throw e; } }
private static void Update() { // This portion of code checks for multiple certs in the Identity.pfx PKCS12 bag. If found, it generates // a new cert and bag to replace the old Identity.pfx. This fixes an issue that came up as a result of // moving the project to .NET 5. _context.Install.IdentityCertPassword = Helpers.GetValueFromEnvFile("global", "globalSettings__identityServer__certificatePassword"); var certCountString = Helpers.Exec("openssl pkcs12 -nokeys -info -in /bitwarden/identity/identity.pfx " + $"-passin pass:{_context.Install.IdentityCertPassword} 2> /dev/null | grep -c \"\\-----BEGIN CERTIFICATE----\"", true); if (int.TryParse(certCountString, out var certCount) && certCount > 1) { // Extract key from identity.pfx Helpers.Exec("openssl pkcs12 -in /bitwarden/identity/identity.pfx -nocerts -nodes -out identity.key " + $"-passin pass:{_context.Install.IdentityCertPassword} > /dev/null 2>&1"); // Extract certificate from identity.pfx Helpers.Exec("openssl pkcs12 -in /bitwarden/identity/identity.pfx -clcerts -nokeys -out identity.crt " + $"-passin pass:{_context.Install.IdentityCertPassword} > /dev/null 2>&1"); // Create new PKCS12 bag with certificate and key Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " + $"-in identity.crt -passout pass:{_context.Install.IdentityCertPassword} > /dev/null 2>&1"); } if (_context.Parameters.ContainsKey("db")) { MigrateDatabase(); } else { RebuildConfigs(); } }
public void BuildForUpdater() { if (_context.Config.EnableKeyConnector && !File.Exists("/bitwarden/key-connector/bwkc.pfx")) { Directory.CreateDirectory("/bitwarden/key-connector/"); var keyConnectorCertPassword = Helpers.GetValueFromEnvFile("key-connector", "keyConnectorSettings__certificate__filesystemPassword"); Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout bwkc.key " + "-out bwkc.crt -subj \"/CN=Bitwarden Key Connector\" -days 36500"); Helpers.Exec("openssl pkcs12 -export -out /bitwarden/key-connector/bwkc.pfx -inkey bwkc.key " + $"-in bwkc.crt -passout pass:{keyConnectorCertPassword}"); } }
public void LoadConfiguration() { if (!File.Exists(ConfigPath)) { Helpers.WriteLine(this, "No existing `config.yml` detected. Let's generate one."); // Looks like updating from older version. Try to create config file. var url = Helpers.GetValueFromEnvFile("global", "globalSettings__baseServiceUri__vault"); if (!Uri.TryCreate(url, UriKind.Absolute, out var uri)) { Helpers.WriteLine(this, "Unable to determine existing installation url."); return; } Config.Url = url; var push = Helpers.GetValueFromEnvFile("global", "globalSettings__pushRelayBaseUri"); Config.PushNotifications = push != "REPLACE"; var composeFile = "/bitwarden/docker/docker-compose.yml"; if (File.Exists(composeFile)) { var fileLines = File.ReadAllLines(composeFile); foreach (var line in fileLines) { if (!line.StartsWith("# Parameter:")) { continue; } var paramParts = line.Split("="); if (paramParts.Length < 2) { continue; } if (paramParts[0] == "# Parameter:MssqlDataDockerVolume" && bool.TryParse(paramParts[1], out var mssqlDataDockerVolume)) { Config.DatabaseDockerVolume = mssqlDataDockerVolume; continue; } if (paramParts[0] == "# Parameter:HttpPort" && int.TryParse(paramParts[1], out var httpPort)) { Config.HttpPort = httpPort == 0 ? null : httpPort.ToString(); continue; } if (paramParts[0] == "# Parameter:HttpsPort" && int.TryParse(paramParts[1], out var httpsPort)) { Config.HttpsPort = httpsPort == 0 ? null : httpsPort.ToString(); continue; } } } var nginxFile = "/bitwarden/nginx/default.conf"; if (File.Exists(nginxFile)) { var confContent = File.ReadAllText(nginxFile); var selfSigned = confContent.Contains("/etc/ssl/self/"); Config.Ssl = confContent.Contains("ssl http2;"); Config.SslManagedLetsEncrypt = !selfSigned && confContent.Contains("/etc/letsencrypt/live/"); var diffieHellman = confContent.Contains("/dhparam.pem;"); var trusted = confContent.Contains("ssl_trusted_certificate "); if (Config.SslManagedLetsEncrypt) { Config.Ssl = true; } else if (Config.Ssl) { var sslPath = selfSigned ? $"/etc/ssl/self/{Config.Domain}" : $"/etc/ssl/{Config.Domain}"; Config.SslCertificatePath = string.Concat(sslPath, "/", "certificate.crt"); Config.SslKeyPath = string.Concat(sslPath, "/", "private.key"); if (trusted) { Config.SslCaPath = string.Concat(sslPath, "/", "ca.crt"); } if (diffieHellman) { Config.SslDiffieHellmanPath = string.Concat(sslPath, "/", "dhparam.pem"); } } } SaveConfiguration(); } var configText = File.ReadAllText(ConfigPath); var deserializer = new DeserializerBuilder() .WithNamingConvention(UnderscoredNamingConvention.Instance) .Build(); Config = deserializer.Deserialize <Configuration>(configText); }