Created the ATS daemon and made necessary RPM install changes to allow

for its deployment.
2006-10-18 23:26:16 +00:00
parent 5436a84b0a
commit 86515d118a
36 changed files with 2446 additions and 89 deletions
--- a/CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD
+++ b/CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD
@@ -0,0 +1,174 @@
+#!/bin/sh
+#
+# Startup script for the Casa Authtoken Service Daemon (casa_atsd)
+#
+# /etc/init.d/casa_atsd
+#
+# description: casa_atsd is the CASA Authentication Token Service
+# (ATS). CASA Client utilize this service to obtain CASA authentication
+# tokens to authenticate to other services. The ATS executes as a
+# tomcat webapp. casa_atsd is the tomcat process which contains
+# the ATS.
+#
+# Note that some of the content from this file was copied from
+# /etc/init.d/tomcat5 whose author was Petr Mladek.
+# /etc/init.d/tomcat5 has the following copyrights:
+#
+# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
+# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
+#
+# processname: casa_atsd
+# pidfile: None
+# config utility: None
+
+
+### BEGIN INIT INFO
+# Provides: casa_atsd
+# Required-Start: $local_fs $remote_fs
+# X-UnitedLinux-Should-Start: $named $syslog $time
+# Required-Stop: $local_fs $remote_fs $network
+# X-UnitedLinux-Should-Stop: $named $syslog $time
+# Default-Start: 1 2 3 5
+# Default-Stop:
+# Short-Description: Casa Authtoken Service Daemon
+# Description: Start Casa Authtoken Service Daemon
+### END INIT INFO
+
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+#      rc_check         check and set local and overall rc status
+#      rc_status        check and set local and overall rc status
+#      rc_status -v     ditto but be verbose in local rc status
+#      rc_status -v -r  ditto and clear the local rc status
+#      rc_failed        set local and overall rc status to failed
+#      rc_reset         clear local rc status (overall remains)
+#      rc_exit          exit appropriate to overall rc status
+
+# First reset status of this service
+rc_reset
+
+DAEMON_USER=casaatsd
+DAEMON_GROUP=casaauth
+
+atsIsRunning()
+{
+  ats_ps_log=`mktemp /var/tmp/ats-ps.log.XXXXXX`
+  ps aux --cols 1024 >"$ats_ps_log"
+  ats_is_running="false"
+  if grep " -Dcatalina.base=$CATALINA_BASE.*-Dcatalina.home=$CATALINA_HOME.*org.apache.catalina.startup.Bootstrap" "$ats_ps_log" >/dev/null 2>/dev/null ; then
+    ats_is_running="true"
+  fi
+  rm -f "$ats_ps_log"
+  test "$ats_is_running" = "true"
+}
+
+StartDAEMON()
+{
+  # Start the daemon
+  echo -n "Starting casa_atsd"
+  ## Start daemon with startproc(8). If this fails
+  ## the echo return value is set appropriate.
+    
+  # NOTE: startproc return 0, even if service is 
+  # already running to match LSB spec.
+  if atsIsRunning ; then
+    rc_failed 0
+  else
+    # try to fix permissions
+    chown --dereference $DAEMON_USER:$DAEMON_GROUP "$CATALINA_BASE"
+    for dir in "$CATALINA_BASE/conf" \
+               "$CATALINA_BASE/logs" \
+               "$CATALINA_BASE/temp" \
+               "$CATALINA_BASE/webapps" \
+               "$CATALINA_BASE/work" ; do
+      # the command true is used because of for example conf directory may be mounted read-only
+      test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
+    done
+    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
+    sleep 1
+    if atsIsRunning ; then
+      rc_failed 0
+    else
+      rc_failed 7
+    fi    
+  fi
+  rc_status -v
+}
+
+
+StopDAEMON()
+{
+  # Stop the daemon
+  echo -n "Shutting casa_atsd"
+  ## Stop daemon with killproc(8) and if this fails
+  ## set echo the echo return value.
+  if atsIsRunning ; then
+    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/shutdown.sh" >"$CATALINA_BASE/logs/stop.log" 2>&1
+    # wait 60 sec for stop at maximum
+    wait_sec=60
+    while [ "$wait_sec" != "0" ] ; do
+      sleep 1
+      if ! atsIsRunning ; then
+        # the server is stoped, end the loop
+        wait_sec=0
+        break
+      fi
+      wait_sec=$((wait_sec -1))
+    done
+    # check the final status
+    if atsIsRunning ; then
+      rc_failed 1
+    else
+      rc_failed 0
+    fi
+  else
+    rc_failed 0
+  fi  
+  # Remember status and be verbose
+  rc_status -v
+}
+
+
+# Source the environments file for our daemon
+. /etc/CASA/authtoken/svc/envvars
+  
+
+case "$1" in
+start)
+  StartDAEMON
+  ;;
+stop)
+  StopDAEMON
+  ;;
+restart|reload|force-reload)
+  StopDAEMON
+  sleep 1
+  StartDAEMON
+  ;;
+status)
+  echo -n "Checking for casa_atsd"
+  ## Check status with checkproc(8), if process is running
+  ## checkproc will return with exit status 0.
+
+  # Status has a slightly different for the status command:
+  # 0 - service running
+  # 1 - service dead, but /var/run/  pid  file exists
+  # 2 - service dead, but /var/lock/ lock file exists
+  # 3 - service not running
+
+  # NOTE: checkproc returns LSB compliant status values.
+  if atsIsRunning ; then
+    rc_failed 0
+  else
+    rc_failed 3
+  fi
+  rc_status -v
+  ;;
+*)
+  echo -n "Usage: $0 {start|stop|restart|reload|force-reload}"
+  exit 1
+  ;;
+esac
+rc_exit
+
--- a/CASA-auth-token/java/server/Svc/linux/Makefile.am
+++ b/CASA-auth-token/java/server/Svc/linux/Makefile.am
@@ -0,0 +1,40 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS =
+
+CFILES =
+
+EXTRA_DIST = CasaAuthtokenSvcD \
+		envvars \
+		server_keystore_setup.sh \
+		crypto.properties
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
--- a/CASA-auth-token/java/server/Svc/linux/crypto.properties
+++ b/CASA-auth-token/java/server/Svc/linux/crypto.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=secret
+org.apache.ws.security.crypto.merlin.keystore.alias=signingKey
+org.apache.ws.security.crypto.merlin.alias.password=secret
+org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/server/jks-store
--- a/CASA-auth-token/java/server/Svc/linux/envvars
+++ b/CASA-auth-token/java/server/Svc/linux/envvars
@@ -0,0 +1,14 @@
+############################################################
+#                                                          #
+# Environment variable file for casa_atsd.                 #
+#                                                          #
+# Note: This file is sourced by the casa_atsd rc script    #
+# when starting the service.                               #
+#                                                          #
+############################################################
+CATALINA_BASE="/srv/www/casaats"
+CATALINA_HOME="/usr/share/tomcat5"
+JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
+JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
+export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
+
--- a/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh
+++ b/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+#############################################################
+#                                                           #
+# CASA ATS Keystore Setup Script.                           #
+#                                                           #
+# This script sets up a keystore for the ATS with a key     #
+# pair which the ATS will use for signing authentication    #
+# and session tokens.                                       #
+#                                                           #
+# Ths script creates a self signed certificate that it then #
+# exports. At this time it is sufficient to utilize self    #
+# signed certificates because they are meant to be consumed #
+# by entities of the local box.                             # 
+#                                                           # 
+#############################################################
+
+# Do not do anything if the server keystore has already been created
+if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
+	echo "The server keystore is already setup"
+        # Make sure that the keystore file is owned by our service
+        chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
+else
+	echo "Setting up the server's keystore"
+	# Create the server keystore with the key that will be used for signing tokens
+	host=`hostname -f`
+	/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
+
+	# Export self-signed certificate for the signing key
+	/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+
+	# List the contents of the server's keystore
+	#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret
+
+	# Print the exported cert
+	#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+
+	# Make sure that the keystore is only accessible by the service
+	chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
+	chmod 600 /etc/CASA/authtoken/keys/server/jks-store
+fi
+