This is a port of DRACOON Commander - initially a Python3 project to use DRACOON via CLI.
The project serves as a demo client implementation using dco3 - an API wrapper in Rust for DRACOON.
This project makes use of several awesome crates and uses async Rust throughout the project. Crates used:
Full dependency list: Cargo.toml
For all DRACOON operations dco3 is used.
You can download precompiled binaries on the Github releases page: Releases
If you have the Rust toolchain installed, you can install this using cargo like so:
cargo install dccmd-rsIf you like it even rougher or would like to contribute, feel free to compile from source:
Clone the repository and either use cargo run or build your own executable with cargo build:
git clone https://github.com/unbekanntes-pferd/dccmd-rs.git
cd dccmd-rs
cargo buildCurrently, the following commands are working:
config- config management of DRACOON Commander (see subcommands below)download- downloads a file or folder / room from DRACOON to a desired location on disk (encrypted, unencrypted)ls- lists all nodes for a given path in DRACOONmkdir- creates a folder in given path in DRACOONmkroom- creates a room (inherits permissions) in given path in DRACOONrm- removes a node by given path in DRACOONupload- uploads a file or folder to a parent in DRACOON (encrypted, unencrypted)users- user management in DRACOON (see subcommands below)
For the sake of clarity, the usage of the binary is called dccmd-rs, regardless of the use via cargo or a compiled executable.
To download a file, use the download command:
dccmd-rs download your.dracoon.domain/some/room/some-file.pdf ./your/path/your-name.pdfTo download a container (room or folder), use the download command with recursive flag:
dccmd-rs download -r your.dracoon.domain/some/room ./your/pathNote: This will create a directory with same name as your container. Sub rooms are not included.
To download a list search result, use the download command with a search string:
dccmd-rs download your.dracoon.domain/some/*.pdf ./your/pathTo download a file with no authorization to a public download share (share):
dccmd-rs download your.dracoon.domain/public/download-shares/someLongAccessKey /your/pathNote: This essentially means you need to copy the created share link
To upload a file, use the upload command:
dccmd-rs upload ./your/path/your-name.pdf your.dracoon.domain/some/roomNote: Currently, providing a custom name is not implemented.
You can share the file directly and create a share link (default settings) by passing the --share flag:
dccmd-rs upload ./your/path/your-name.pdf your.dracoon.domain/some/room --shareTo upload a folder, use the --recursive flag:
dccmd-rs upload /your/path your.dracoon.domain/some/roomNote: Currently only absolute paths are supported for recursive uploads.
To upload a file with no authorization to a public upload share (file request):
dccmd-rs upload /your/path your.dracoon.domain/public/upload-shares/someLongAccessKeyNote: This essentially means you need to copy the created share link
When uploading, the default resolution strategy is autorename - this means that if a file foo.pdf uploaded and already present, it is automatically renamed by DRACOON (e.g. to foo (1).pdf).
In order to change this behavior, you can the pass the following flags / options:
- --overwrite - a file with the same name will be overwritten (essentially creating versions of the same file)
- --keep-share-links - if --overwrite is used, you can additionally keep existing (download) share links for file(s)
To transfer a file from DRACOON instance another instance, use the transfer command:
dccmd-rs transfer instance1.domain.com/some/file.pdf instance2.domain.com/some/target/pathThese options are analogue to the upload options (see above).
When uploading, the default resolution strategy is autorename - this means that if a file foo.pdf uploaded and already present, it is automatically renamed by DRACOON (e.g. to foo (1).pdf).
In order to change this behavior, you can the pass the following flags / options:
- --overwrite - a file with the same name will be overwritten (essentially creating versions of the same file)
- --keep-share-links - if --overwrite is used, you can additionally keep existing (download) share links for file(s)
To list nodes, use the ls command:
dccmd-rs ls your.dracoon.domain/some/path
// for root node use a trailing slash
dccmd-rs ls your.dracoon.domain/
// for searches within the room
dccmd-rs ls your.dracoon.domain/*.pdf
// only files
dccmd-rs ls your.dracoon.domain/some/room --filter type:eq:fileOptions:
-l,--long- prints all details (size, updated by, node id...)-r,--human-readable- prints size in human readable format--managed- shows room as room admin / room manager (rooms w/o permissions)--all- fetches all items (default: first 500 items)--filter- filter for specific values (see API docs for filter info)
To delete nodes, use the rm command:
dccmd-rs rm your.dracoon.domain/some/path/some_file.pdf
dccmd-rs rm -r your.dracoon.domain/some/path/some/room
dccmd-rs rm -r your.dracoon.domain/*testNote: If you intend to delete a container (room or folder), use the recursive flag.
Note: Room deletion always requires additional confirmation.
Note: You can delete the content in a room by using search strings (* deletes all). This does not include rooms.
To create folders, use the mkdir command:
dccmd-rs mkdir your.dracoon.domain/some/path/newfolderTo create rooms, use the mkroom command:
dccmd-rs mkroom your.dracoon.domain/some/path/newroom
# pass optional usernames for admins (example adds admins with usernames foo1, foo2 and foo3)
dccmd-rs mkroom your.dracoon.domain/some/path/newroom -a foo1 -a foo2 -a foo3
# you can additionally inherit permissions using the --inherit-permissions flag
dccmd-rs mkroom your.dracoon.domain/some/path/newroom -a foo1 --inherit-permissions
# you can also set the default classification (example sets to confidential)
dccmd-rs mkroom your.dracoon.domain/some/path/newroom --classification 3To import users, you can use the users import some.dracoon.domain.com command:
# csv header must be 'first_name,last_name,email,login,oidc_id,mfa_enforced'
# the order of these fields does not matter
# login, oidc_id and mfa_enforced are optional but must be present as field
dccmd-rs users import your.dracoon.domain/ /path/to/users.csv
dccmd-rs users import your.dracoon.domain/ /path/to/users.csv --oidc-id 2 # import as OIDC usersTo list users, you can use the users ls some.dracoon.domain.com command:
# optional flags: --all (lists all users, default: 500, paging) --csv (csv format)
# optional flags: --filter (see API docs for filter info)
dccmd-rs users ls your.dracoon.domain/
dccmd-rs users ls your.dracoon.domain/ --csv --all > userlist.csv
dccmd-rs users ls your.dracoon.domain/ --filter userName:cn:fooTo create users, you can use the users create some.dracoon.domain.com command:
# params: --first-name, --last-name, --email, --login, --oidc-id
dccmd-rs users create your.dracoon.domain/ -f foo -l bar -e [email protected] # local user
dccmd-rs users create your.dracoon.domain/ -f foo -l bar -e [email protected] --oidc-id 2 # OIDC userTo delete users, you can use the users some.dracoon.domain.com rm command:
# supported: user id, user login / username
dccmd-rs users rm your.dracoon.domain/ --user-id 2
dccmd-rs users rm your.dracoon.domain/ --user-name foo # short: -uTo fetch specific user info, you can use the users info some.dracoon.domain.com command:
# supported: user id, user login / username
dccmd-rs users info your.dracoon.domain/ --user-id 2
dccmd-rs users info your.dracoon.domain/ --user-name foo # short: -uYou can switch the auth method for a specific subset (or all users) belonging to a current auth method. In order to use it, you need to pass the following parameters:
- current-method - current auth method in DRACOON - valid options: basic (or local), openid (or oidc), active-directory (or ad)
- new-method - new auth method in DRACOON - valid options see above
- current-oidc-id - optional current OIDC config id - must be provided if current method is openid
- new-oidc-id - optional new OIDC config id - must be provided if new method is openid
- current-ad-id - optional current AD config id - must be provided if current method is active-directory
- new-ad-id - optional new AD config id - must be provided if new method is active-directory
- filter - optional user filter - see API docs for details (e.g. email:cn:somedomain.com)
- login - optional login transformation (e.g. email, username, firstname.lastname) default: email
# in order to identify AD or openid ids, use the config system-info command (see below)
# switch from basic auth (local) to openid if local user email contains somedomain.com
dccmd-rs users switch-auth --current-method basic --new-method openid --new-oidc-id 99 --filter email:cn:somedomain.com your.dracoon.domain/
# switch from openid with id 88 to openid with id 99 while setting the login as firstname.lastname (replaced by user values)
dccmd-rs users switch-auth --current-method openid --new-method openid --current-oidc-id 88 --new-oidc-id 99 --filter email:cn:somedomain.com your.dracoon.domain/ --login "firstname.lastname"To list groups, you can use the groups ls some.dracoon.domain.com command:
# optional flags: --all (lists all groups, default: 500, paging) --csv (csv format)
# optional flags: --filter (see API docs for filter info)
dccmd-rs groups ls your.dracoon.domain/
dccmd-rs groups ls your.dracoon.domain/ --csv --all > grouplist.csv
dccmd-rs groups ls your.dracoon.domain/ --filter name:eq:fooTo create groups, you can use the groups create some.dracoon.domain.com command:
# params: --name
dccmd-rs groups create your.dracoon.domain/ --name fooTo delete groups, you can use the groups some.dracoon.domain.com rm command:
# supported: group id, group name
dccmd-rs groups rm your.dracoon.domain/ --group-id 2
dccmd-rs groups rm your.dracoon.domain/ --group-name fooTo list group users, you can use the groups users ls some.dracoon.domain.com command:
# get all group users for every group
dccmd-rs groups users ls your.dracoon.domain/
# list group users in csv format
dccmd-rs groups users ls your.dracoon.domain/ --csv
dccmd-rs groups users ls your.dracoon.domain/ --csv --all > groupusers.csv
# get specific group users (for a group)
dccmd-rs groups users ls your.dracoon.domain/YourGroupName --csv --allYou can verify if the refresh stoken is (securely) stored via the config auth ls command.
In order to remove a stored token, use the config auth rm command.
# displays user info for stored refresh token
dccmd-rs config auth ls your.dracoon.domain/
# removes stored refresh token for given domain
dccmd-rs config auth rm your.dracoon.domain/ You can verify if the crypto secret is (securely) stored via the config crypto ls command.
In order to remove a stored token, use the config crypto rm command.
# displays user info for stored crypto secret
dccmd-rs config crypto ls your.dracoon.domain/
# removes stored crypto secret for given domain
dccmd-rs config crypto rm your.dracoon.domain/ You can fetch the system info (OpenID config, AD config, used users and storage) via the config system-info command.
# displays system information
# requires config manager role
dccmd-rs config system-info your.dracoon.domain/Currently dccmd-rs will fail to store credentials if you are running a headless Linux or are trying to run in Windows with WSL. In such cases you can pass the username and password as arguments like so:
dccmd-rs --username your_username --password your_secure_password ls your.dracoon.domain/some/pathUse this at your own risk and be aware that the password is stored in plain in your shell history. Note: This only works for the password flow - this means you must use a local user.
This also works for the encryption password like so:
dccmd-rs --username your_username --password your_secure_password --encryption-password your_secure_encryption_password ls your.dracoon.domain/some/path
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent