geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

The "java" folder has been renamed "server-java" to reflect that it only

Browse Source 
contains server components. In the process, I also flatened its
directory structure.
This commit is contained in:
Juan Carlos Luciani
2006-11-16 09:20:06 +00:00
parent b00ec15375
commit 9b2e33bfa8
144 changed files with 16047 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
CASA-auth-token/server-java/Svc/linux/CasaAuthPolicyEditor.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Script for editing auth.policy files
#
########################################################################
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Perform the operation requested
$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar $*

37
CASA-auth-token/server-java/Svc/linux/CasaAuthTokenSettingsEditor.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Script for editing authtoken.settings files
#
########################################################################
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Perform the operation requested
$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar $*

182
CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD Normal file
View File

@@ -0,0 +1,182 @@
#!/bin/sh
#
# Startup script for the Casa Authtoken Service Daemon (casa_atsd)
#
# /etc/init.d/casa_atsd
#
# description: casa_atsd is the CASA Authentication Token Service
# (ATS). CASA Client utilize this service to obtain CASA authentication
# tokens to authenticate to other services. The ATS executes as a
# tomcat webapp. casa_atsd is the tomcat process which contains
# the ATS.
#
# Note that some of the content from this file was copied from
# /etc/init.d/tomcat5 whose author was Petr Mladek.
# /etc/init.d/tomcat5 has the following copyrights:
#
# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
#
# processname: casa_atsd
# pidfile: None
# config utility: None
### BEGIN INIT INFO
# Provides: casa_atsd
# Required-Start: $local_fs $remote_fs
# X-UnitedLinux-Should-Start: $named $syslog $time
# Required-Stop: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Stop: $named $syslog $time
# Default-Start: 1 2 3 5
# Default-Stop:
# Short-Description: Casa Authtoken Service Daemon
# Description: Start Casa Authtoken Service Daemon
### END INIT INFO
. /etc/rc.status
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
# First reset status of this service
rc_reset
DAEMON_USER=casaatsd
DAEMON_GROUP=casaauth
atsIsRunning()
{
ats_ps_log=`mktemp /var/tmp/ats-ps.log.XXXXXX`
ps aux --cols 1024 >"$ats_ps_log"
ats_is_running="false"
if grep " -Dcatalina.base=$CATALINA_BASE.*-Dcatalina.home=$CATALINA_HOME.*org.apache.catalina.startup.Bootstrap" "$ats_ps_log" >/dev/null 2>/dev/null ; then
ats_is_running="true"
fi
rm -f "$ats_ps_log"
test "$ats_is_running" = "true"
}
StartDAEMON()
{
# Start the daemon
echo -n "Starting casa_atsd"
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
# NOTE: startproc return 0, even if service is
# already running to match LSB spec.
if atsIsRunning ; then
rc_failed 0
else
# Try to fix permissions
chown --dereference $DAEMON_USER:$DAEMON_GROUP "$CATALINA_BASE"
for dir in "$CATALINA_BASE/conf" \
"$CATALINA_BASE/logs" \
"$CATALINA_BASE/temp" \
"$CATALINA_BASE/webapps" \
"$CATALINA_BASE/work" ; do
# the command true is used because of for example conf directory may be mounted read-only
test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
done
# Make sure that the server.xml link has been made
if [ ! -f /srv/www/casaats/conf/server.xml ]; then
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
fi
# Start it up
su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
sleep 1
if atsIsRunning ; then
rc_failed 0
else
rc_failed 7
fi
fi
rc_status -v
}
StopDAEMON()
{
# Stop the daemon
echo -n "Shutting casa_atsd"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
if atsIsRunning ; then
su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/shutdown.sh" >"$CATALINA_BASE/logs/stop.log" 2>&1
# wait 60 sec for stop at maximum
wait_sec=60
while [ "$wait_sec" != "0" ] ; do
sleep 1
if ! atsIsRunning ; then
# the server is stoped, end the loop
wait_sec=0
break
fi
wait_sec=$((wait_sec -1))
done
# check the final status
if atsIsRunning ; then
rc_failed 1
else
rc_failed 0
fi
else
rc_failed 0
fi
# Remember status and be verbose
rc_status -v
}
# Source the environments file for our daemon
. /etc/CASA/authtoken/svc/envvars
case "$1" in
start)
StartDAEMON
;;
stop)
StopDAEMON
;;
restart|reload|force-reload)
StopDAEMON
sleep 1
StartDAEMON
;;
status)
echo -n "Checking for casa_atsd"
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
if atsIsRunning ; then
rc_failed 0
else
rc_failed 3
fi
rc_status -v
;;
*)
echo -n "Usage: $0 {start|stop|restart|reload|force-reload}"
exit 1
;;
esac
rc_exit

214
CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh Executable file
View File

@@ -0,0 +1,214 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Scrip for setting up iaRealm.xml and auth.policy files for ATS
# using a single LDAP Realm.
#
# Notice that this scrip is very basic and only supports a single LDAP
# server.
#
########################################################################
DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates
DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc
function display_usage
{
echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]"
echo " where the position dependent parameters are:"
echo " -h - Display this information"
echo " TemplateFileFolder - Path to the folder containing the template files. If"
echo " not specified, the parameter defaults to"
echo " $DEFAULT_TEMPLATE_FILE_FOLDER."
echo " ConfigFileFolder - Path to the output file folder. If not specified, the"
echo " parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER."
echo ""
echo " The following environment variables MUST be exported when"
echo " executing this script:"
echo " REALM - The name of the LDAP Realm, example: Tree name"
echo " LDAP_HOST_NAME - The host name of the LDAP server"
echo " PROXY_USER_NAME - The name of the LDAP Proxy User"
echo " PROXY_USER_PW - The password of the LDAP Proxy User"
echo ""
echo " The following environment variables MAY be exported when"
echo " executing this script:"
echo " LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections"
echo ""
echo " WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM"
echo " USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'."
echo ""
}
function setup_iaRealms_file
{
# Determine the file names
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml
CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml
# Verify that the template file exists
if [ ! -f $TEMPLATE_FILE ]; then
echo "Template file $TEMPLATE_FILE does not exist"
return 2
fi
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Verify that all of the appropriate environment variables have been set
if [ "$REALM" != "" ]; then
if [ "$LDAP_HOST_NAME" != "" ]; then
if [ "$PROXY_USER_NAME" != "" ]; then
if [ "$PROXY_USER_PW" != "" ]; then
# Create and edit the output file
sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE
sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE
sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE
if [ "$LDAP_LISTEN_PORT" != '' ]; then
sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE
else
sed -i s:LDAP_LISTEN_PORT:389:g $CONFIG_FILE
fi
return 0
else
return 1
fi
else
return 1
fi
else
return 1
fi
else
return 1
fi
}
function setup_authPolicy_file
{
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
# Determine the file name
CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Verify that all of the appropriate environment variables have been set
if [ "$REALM" != "" ]; then
# Create and setup the auth.policy file
$EDITOR -create -file $CONFIG_FILE
$EDITOR -append -entry $REALM:Krb5Authenticate -file $CONFIG_FILE
$EDITOR -append -entry $REALM:PwdAuthenticate -file $CONFIG_FILE
return 0
else
return 1
fi
}
function setup_svcSettings_file
{
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
# Determine the file name
CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings
IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Create and setup the svc.settings file
$EDITOR -create -file $CONFIG_FILE
$EDITOR -set IAConfigFile $IAREALMS_FILE_PATH -file $CONFIG_FILE
return 0
}
#### MAIN ####
# Determine what folders to utilize based on the input
# parameters and our defaults.
if [ "$1" != "" ]; then
if [ "$1" != "-h" ]; then
TEMPLATE_FILE_FOLDER=$1
else
display_usage
exit 0
fi
else
TEMPLATE_FILE_FOLDER=$DEFAULT_TEMPLATE_FILE_FOLDER
fi
if [ "$2" != "" ]; then
CONFIG_FILE_FOLDER=$2
else
CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
fi
# Setup the configuration files
setup_iaRealms_file
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
setup_authPolicy_file
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
setup_svcSettings_file
RETVAL=$?
fi
fi
if [ "$RETVAL" != "0" ]; then
if [ "$RETVAL" = "1" ]; then
display_usage
fi
exit 1
else
exit 0
fi

37
CASA-auth-token/server-java/Svc/linux/CasaIdenTokenSettingsEditor.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Script for editing identoken.settings files
#
########################################################################
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Perform the operation requested
$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar $*

37
CASA-auth-token/server-java/Svc/linux/CasaSvcSettingsEditor.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Script for editing svc.settings files
#
########################################################################
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Perform the operation requested
$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar $*

45
CASA-auth-token/server-java/Svc/linux/Makefile.am Normal file
View File

@@ -0,0 +1,45 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS =
CFILES =
EXTRA_DIST = CasaAuthtokenSvcD \
envvars \
server_keystore_setup.sh \
crypto.properties \
CasaBasicATSSetup.sh \
CasaAuthPolicyEditor.sh \
CasaAuthTokenSettingsEditor.sh \
CasaIdenTokenSettingsEditor.sh \
CasaSvcSettingsEditor.sh
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

6
CASA-auth-token/server-java/Svc/linux/crypto.properties Normal file
View File

@@ -0,0 +1,6 @@
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=secret
org.apache.ws.security.crypto.merlin.keystore.alias=signingKey
org.apache.ws.security.crypto.merlin.alias.password=secret
org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/server/jks-store

14
CASA-auth-token/server-java/Svc/linux/envvars Normal file
View File

@@ -0,0 +1,14 @@
############################################################
# #
# Environment variable file for casa_atsd. #
# #
# Note: This file is sourced by the casa_atsd rc script #
# when starting the service. #
# #
############################################################
CATALINA_BASE="/srv/www/casaats"
CATALINA_HOME="/usr/share/tomcat5"
JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS

77
CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh Executable file
View File

@@ -0,0 +1,77 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# CASA ATS Keystore Setup Script.
#
# An ATS signs tokens and communicates with clients over
# SSL. This scrip sets up the necessary key-pairs and
# certificates for the ATS to perform these functions.
#
# For token signing purposes, this scrip creates a self
# signed certificate that it then exports. At this time it
# is sufficient to utilize self signed certificates because
# they are meant to be consumed by entities of the local
# box.
#
########################################################################
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Perform the operation requested
# Do not do anything if the server keystore has already been created
if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
echo "The server keystore is already setup"
# Make sure that the keystore file is owned by our service
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
else
echo "Setting up the server's keystore"
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
# Create the server keystore with the key that will be used for signing tokens
host=`hostname -f`
$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
# Export self-signed certificate for the signing key
$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
# Print the exported cert
#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
# Create a key for Tomcat to do SSL communications
$KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
# List the contents of the server's keystore
#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
# Make sure that the keystore is only accessible by the service
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
chmod 600 /etc/CASA/authtoken/keys/server/jks-store
fi