#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Scrip for setting up iaRealm.xml and auth.policy files for ATS
# using a single LDAP Realm.
#
# Notice that this scrip is very basic and only supports a single LDAP
# server.
#
########################################################################
DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates
DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc
function display_usage
{
echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]"
echo " where the position dependent parameters are:"
echo " -h - Display this information"
echo " TemplateFileFolder - Path to the folder containing the template files. If"
echo " not specified, the parameter defaults to"
echo " $DEFAULT_TEMPLATE_FILE_FOLDER."
echo " ConfigFileFolder - Path to the output file folder. If not specified, the"
echo " parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER."
echo ""
echo " The following environment variables MUST be exported when"
echo " executing this script:"
echo " REALM - The name of the LDAP Realm, example: Tree name"
echo " LDAP_HOST_NAME - The host name of the LDAP server"
echo " PROXY_USER_NAME - The name of the LDAP Proxy User"
echo " PROXY_USER_PW - The password of the LDAP Proxy User"
echo ""
echo " The following environment variables MAY be exported when"
echo " executing this script:"
echo " LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections"
echo ""
echo " WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM"
echo " USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'."
echo ""
}
function java_1_5_oes_workaround
{
#
# Notice, this function is here temporarily to support
# OES before it starts dealing with IBM's 1.5 JVM.
#
# Determine the file and folder names
CERT_FOLDER=/etc/opt/novell/certs
ALT_CERT_FOLDER=/etc/opt/novell
CERT_FILE_NAME=SSCert.der
JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts
# Determine the path to the eDir cert file
if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then
if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then
echo "eDir CA Cert not found!"
echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server."
return 2
else
CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME
fi
else
CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME
fi
# Now import the cert into java's keystore
$JAVA_HOME/bin/keytool -import -noprompt\
-trustcacerts\
-alias edir_root_ca\
-keystore $JAVA_KEY_STORE_PATH\
-storepass changeit\
-file $CERT_FILE_PATH
return 0
}
function setup_jaas_file
{
# Determine the file names
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf
CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf
# Verify that the template file exists
if [ ! -f $TEMPLATE_FILE ]; then
echo "Template file $TEMPLATE_FILE does not exist"
return 2
fi
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Create and edit the output file
host=`hostname -f`
sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE
return 0
}
function setup_iaRealms_file
{
# Determine the file names
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml
CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml
# Verify that the template file exists
if [ ! -f $TEMPLATE_FILE ]; then
echo "Template file $TEMPLATE_FILE does not exist"
return 2
fi
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Verify that all of the appropriate environment variables have been set
if [ "$REALM" != "" ]; then
if [ "$LDAP_HOST_NAME" != "" ]; then
if [ "$PROXY_USER_NAME" != "" ]; then
if [ "$PROXY_USER_PW" != "" ]; then
# Create and edit the output file
sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE
sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE
sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE
if [ "$LDAP_LISTEN_PORT" != '' ]; then
sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE
else
sed -i s:LDAP_LISTEN_PORT:636:g $CONFIG_FILE
fi
return 0
else
return 1
fi
else
return 1
fi
else
return 1
fi
else
return 1
fi
}
function setup_authPolicy_file
{
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
# Determine the file name
CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Verify that all of the appropriate environment variables have been set
if [ "$REALM" != "" ]; then
# Create and setup the auth.policy file
$EDITOR -create -file $CONFIG_FILE
$EDITOR -append -entry $REALM:Krb5Authenticate -file $CONFIG_FILE
$EDITOR -append -entry $REALM:PwdAuthenticate -file $CONFIG_FILE
return 0
else
return 1
fi
}
function setup_svcSettings_file
{
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
# Determine the file name
CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings
IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Create and setup the svc.settings file
$EDITOR -create -file $CONFIG_FILE
$EDITOR -set IAConfigFile $IAREALMS_FILE_PATH -file $CONFIG_FILE
return 0
}
#### MAIN ####
# Determine what folders to utilize based on the input
# parameters and our defaults.
if [ "$1" != "" ]; then
if [ "$1" != "-h" ]; then
TEMPLATE_FILE_FOLDER=$1
else
display_usage
exit 0
fi
else
TEMPLATE_FILE_FOLDER=$DEFAULT_TEMPLATE_FILE_FOLDER
fi
if [ "$2" != "" ]; then
CONFIG_FILE_FOLDER=$2
else
CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
fi
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Setup the configuration files
java_1_5_oes_workaround
setup_jaas_file
setup_iaRealms_file
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
setup_authPolicy_file
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
setup_svcSettings_file
RETVAL=$?
fi
fi
if [ "$RETVAL" != "0" ]; then
if [ "$RETVAL" = "1" ]; then
display_usage
fi
exit 1
else
exit 0
fi