From a9994902454d4f1cdebef2e538c488402df8a96a Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Wed, 8 Nov 2006 20:19:01 +0000 Subject: [PATCH] Continued changes to facilitate the setup of an ATS. --- CASA-auth-token/java/configure.in | 1 + .../package/linux/CASA_auth_token_svc.spec.in | 14 +- CASA-auth-token/java/server/Svc/Makefile.am | 2 +- CASA-auth-token/java/server/Svc/README | 6 +- CASA-auth-token/java/server/Svc/TODO | 1 + .../java/server/Svc/authtoken.settings | 4 - .../java/server/Svc/identoken.settings | 6 - .../server/Svc/linux/CasaAuthPolicyEditor.sh | 34 +++ .../Svc/linux/CasaAuthTokenSettingsEditor.sh | 34 +++ .../server/Svc/linux/CasaBasicATSSetup.sh | 221 ++++++++++++++++++ .../Svc/linux/CasaIdenTokenSettingsEditor.sh | 34 +++ .../server/Svc/linux/CasaSvcSettingsEditor.sh | 34 +++ .../java/server/Svc/linux/Makefile.am | 2 +- .../server/Svc/linux/server_keystore_setup.sh | 36 +-- .../java/server/Svc/linux/svc.settings | 4 - .../casa/authtoksvc/AuthPolicyEditor.java | 2 +- .../authtoksvc/AuthTokenSettingsEditor.java | 2 +- .../authtoksvc/IdenTokenSettingsEditor.java | 2 +- .../casa/authtoksvc/SvcSettingsEditor.java | 2 +- .../java/server/Svc/templates/Makefile.am | 41 ++++ .../java/server/Svc/templates/auth.policy | 11 + .../server/Svc/templates/authtoken.settings | 3 + .../java/server/Svc/templates/iaRealms.xml | 22 ++ .../server/Svc/templates/identoken.settings | 5 + .../java/server/Svc/templates/svc.settings | 4 + 25 files changed, 485 insertions(+), 42 deletions(-) delete mode 100644 CASA-auth-token/java/server/Svc/authtoken.settings delete mode 100644 CASA-auth-token/java/server/Svc/identoken.settings create mode 100755 CASA-auth-token/java/server/Svc/linux/CasaBasicATSSetup.sh delete mode 100644 CASA-auth-token/java/server/Svc/linux/svc.settings create mode 100644 CASA-auth-token/java/server/Svc/templates/Makefile.am create mode 100644 CASA-auth-token/java/server/Svc/templates/auth.policy create mode 100644 CASA-auth-token/java/server/Svc/templates/authtoken.settings create mode 100644 CASA-auth-token/java/server/Svc/templates/iaRealms.xml create mode 100644 CASA-auth-token/java/server/Svc/templates/identoken.settings create mode 100644 CASA-auth-token/java/server/Svc/templates/svc.settings diff --git a/CASA-auth-token/java/configure.in b/CASA-auth-token/java/configure.in index cc99ae63..9c1a63f4 100644 --- a/CASA-auth-token/java/configure.in +++ b/CASA-auth-token/java/configure.in @@ -279,6 +279,7 @@ server/Svc/tomcat5/conf/Catalina/Makefile server/Svc/tomcat5/conf/Catalina/localhost/Makefile server/Svc/tomcat5/conf/linux/Makefile server/Svc/linux/Makefile +server/Svc/templates/Makefile server/Svc/manifest/Makefile server/Jaas/Makefile server/Jaas/src/Makefile diff --git a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in index a6dfb831..f2213b7c 100644 --- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in +++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in @@ -150,14 +150,17 @@ ln -sf CasaSvcSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/ ln -sf CasaAuthPolicyEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar # Settings and configuration files -install -m 600 server/Svc/linux/svc.settings %{buildroot}/etc/CASA/authtoken/svc/svc.settings -install -m 600 server/Svc/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings -install -m 600 server/Svc/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings +install -m 600 server/Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings +install -m 600 server/Svc/templates/auth.policy %{buildroot}/etc/CASA/authtoken/svc/templates/auth.policy +install -m 600 server/Svc/templates/iaRealms.xml %{buildroot}/etc/CASA/authtoken/svc/templates/iaRealms.xml +install -m 600 server/Svc/templates/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings +install -m 600 server/Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings install -m 600 server/Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings install -m 600 server/Svc/src/com/novell/casa/authtoksvc/Pwd_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings # Others install -m 700 server/Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh +install -m 700 server/Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh install -m 700 server/Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh install -m 700 server/Svc/linux/CasaAuthTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh install -m 700 server/Svc/linux/CasaIdenTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh @@ -261,6 +264,7 @@ userdel casaatsd %{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war %{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war %{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh +%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh @@ -302,7 +306,9 @@ userdel casaatsd %config /srv/www/casaats/conf/tomcat-users.xml %config /srv/www/casaats/conf/web.xml %config /etc/CASA/authtoken/svc/envvars -%config /etc/CASA/authtoken/svc/svc.settings +/etc/CASA/authtoken/svc/templates/svc.settings +/etc/CASA/authtoken/svc/templates/auth.policy +/etc/CASA/authtoken/svc/templates/iaRealms.xml %config /etc/CASA/authtoken/svc/authtoken.settings %config /etc/CASA/authtoken/svc/identoken.settings %config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings diff --git a/CASA-auth-token/java/server/Svc/Makefile.am b/CASA-auth-token/java/server/Svc/Makefile.am index 8355be02..b672f4da 100644 --- a/CASA-auth-token/java/server/Svc/Makefile.am +++ b/CASA-auth-token/java/server/Svc/Makefile.am @@ -20,7 +20,7 @@ ####################################################################### SUBDIRS = src -DIST_SUBDIRS = src external tomcat5 linux manifest +DIST_SUBDIRS = src external tomcat5 linux manifest templates EXTRA_DIST = authtoken.settings \ identoken.settings \ diff --git a/CASA-auth-token/java/server/Svc/README b/CASA-auth-token/java/server/Svc/README index af03ee14..9d2a74fb 100644 --- a/CASA-auth-token/java/server/Svc/README +++ b/CASA-auth-token/java/server/Svc/README @@ -207,8 +207,8 @@ Note the following about the sample auth.policy file: - The authentication mechanism entries are: mechanism and mechanism_info. The mechanism entry specifies the name of the authentication mechanism. The mechanism_info specifies - some mechanism specific information. Both authentication mechanism entries must be - specified for an auth_source entry. + some mechanism specific information, the need for this entry is dependent on the + configuration requirements of the specified mechanism. - The name of the Krb5 Authentication mechanism is "Krb5Authenticate". This mechanism defaults the service principal name to host/hostname@KERBEROS_REALM. You can use a @@ -238,7 +238,7 @@ Note the following about the sample authtoken.settings file: - The TokenLifetime setting specifies the number of seconds for which a token is good for after being issued. The default value for this setting is 3600 seconds. Note that a larger value reduces overhead, but it also gives more time for an intruder to - utilize the token if it becomes compromized. + utilize the token if it becomes compromised. - The LifetimeShorter setting specifies the number of seconds that should be substracted from the TokenLifetime when calculating the number of seconds that clients are told diff --git a/CASA-auth-token/java/server/Svc/TODO b/CASA-auth-token/java/server/Svc/TODO index 54e2b1c0..7b79a6c6 100644 --- a/CASA-auth-token/java/server/Svc/TODO +++ b/CASA-auth-token/java/server/Svc/TODO @@ -15,4 +15,5 @@ OUTSTANDING ITEMS - Add logging. - Create plug-in API for Identity Token Providers. - Change printfs used for debugging into a suitable mechanism. +- Create tool to connect Tomcat instance to Apache Server and disabling port 2645 listener. diff --git a/CASA-auth-token/java/server/Svc/authtoken.settings b/CASA-auth-token/java/server/Svc/authtoken.settings deleted file mode 100644 index 75f4b75c..00000000 --- a/CASA-auth-token/java/server/Svc/authtoken.settings +++ /dev/null @@ -1,4 +0,0 @@ - - - 3600 - diff --git a/CASA-auth-token/java/server/Svc/identoken.settings b/CASA-auth-token/java/server/Svc/identoken.settings deleted file mode 100644 index ac54afb5..00000000 --- a/CASA-auth-token/java/server/Svc/identoken.settings +++ /dev/null @@ -1,6 +0,0 @@ - - - false - sn - - diff --git a/CASA-auth-token/java/server/Svc/linux/CasaAuthPolicyEditor.sh b/CASA-auth-token/java/server/Svc/linux/CasaAuthPolicyEditor.sh index d98cda40..bd859201 100755 --- a/CASA-auth-token/java/server/Svc/linux/CasaAuthPolicyEditor.sh +++ b/CASA-auth-token/java/server/Svc/linux/CasaAuthPolicyEditor.sh @@ -1,3 +1,37 @@ #!/bin/sh +######################################################################## +# +# Copyright (C) 2006 Novell, Inc. All Rights Reserved. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; version 2.1 +# of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, +# you may find current contact information at www.novell.com. +# +# Author: Juan Carlos Luciani +# +######################################################################## + +######################################################################## +# +# Script for editing auth.policy files +# +######################################################################## + +# Source our environment variables file +. /etc/CASA/authtoken/svc/envvars + +# Perform the operation requested $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar $* diff --git a/CASA-auth-token/java/server/Svc/linux/CasaAuthTokenSettingsEditor.sh b/CASA-auth-token/java/server/Svc/linux/CasaAuthTokenSettingsEditor.sh index b2d0fd66..8a8261c4 100755 --- a/CASA-auth-token/java/server/Svc/linux/CasaAuthTokenSettingsEditor.sh +++ b/CASA-auth-token/java/server/Svc/linux/CasaAuthTokenSettingsEditor.sh @@ -1,3 +1,37 @@ #!/bin/sh +######################################################################## +# +# Copyright (C) 2006 Novell, Inc. All Rights Reserved. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; version 2.1 +# of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, +# you may find current contact information at www.novell.com. +# +# Author: Juan Carlos Luciani +# +######################################################################## + +######################################################################## +# +# Script for editing authtoken.settings files +# +######################################################################## + +# Source our environment variables file +. /etc/CASA/authtoken/svc/envvars + +# Perform the operation requested $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar $* diff --git a/CASA-auth-token/java/server/Svc/linux/CasaBasicATSSetup.sh b/CASA-auth-token/java/server/Svc/linux/CasaBasicATSSetup.sh new file mode 100755 index 00000000..1164d531 --- /dev/null +++ b/CASA-auth-token/java/server/Svc/linux/CasaBasicATSSetup.sh @@ -0,0 +1,221 @@ +#!/bin/sh +######################################################################## +# +# Copyright (C) 2006 Novell, Inc. All Rights Reserved. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; version 2.1 +# of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, +# you may find current contact information at www.novell.com. +# +# Author: Juan Carlos Luciani +# +######################################################################## + +######################################################################## +# +# Scrip for setting up iaRealm.xml and auth.policy files for ATS +# using a single LDAP Realm. +# +# Notice that this scrip is very basic and only supports a single LDAP +# server. +# +######################################################################## + +DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates +DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc + +function display_usage +{ + echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]" + echo " where the position dependent parameters are:" + echo " -h - Display this information" + echo " TemplateFileFolder - Path to the folder containing the template files. If" + echo " not specified, the parameter defaults to" + echo " $DEFAULT_TEMPLATE_FILE_FOLDER." + echo " ConfigFileFolder - Path to the output file folder. If not specified, the" + echo " parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER." + echo "" + echo " The following environment variables MUST be exported when" + echo " executing this script:" + echo " REALM - The name of the LDAP Realm, example: Tree name" + echo " LDAP_HOST_NAME - The host name of the LDAP server" + echo " PROXY_USER_NAME - The name of the LDAP Proxy User" + echo " PROXY_USER_PW - The password of the LDAP Proxy User" + echo "" + echo " The following environment variables MAY be exported when" + echo " executing this script:" + echo " LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections" + echo "" + echo " WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM" + echo " USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'." + echo "" +} + +function setup_iaRealms_file +{ + # Determine the file names + TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml + CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml + + # Verify that the template file exists + if [ ! -f $TEMPLATE_FILE ]; then + echo "Template file $TEMPLATE_FILE does not exist" + return 2 + fi + + # Verify that the output folder exists + if [ ! -d $CONFIG_FILE_FOLDER ]; then + echo "Output folder $CONFIG_FILE_FOLDER does not exist" + return 2 + fi + + # Clean-up the output folder + rm -f $CONFIG_FILE + + # Verify that all of the appropriate environment variables have been set + if [ "$REALM" != "" ]; then + if [ "$LDAP_HOST_NAME" != "" ]; then + if [ "$PROXY_USER_NAME" != "" ]; then + if [ "$PROXY_USER_PW" != "" ]; then + # Create and edit the output file + sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE + sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE + sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE + sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE + if [ "$LDAP_LISTEN_PORT" != '' ]; then + sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE + else + sed -i s:LDAP_LISTEN_PORT:389:g $CONFIG_FILE + fi + return 0 + else + return 1 + fi + else + return 1 + fi + else + return 1 + fi + else + return 1 + fi +} + + +function setup_authPolicy_file +{ + # Determine the file names + TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/auth.policy + CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy + + # Verify that the template file exists + if [ ! -f $TEMPLATE_FILE ]; then + echo "Template file $TEMPLATE_FILE does not exist" + return 2 + fi + + # Verify that the output folder exists + if [ ! -d $CONFIG_FILE_FOLDER ]; then + echo "Output folder $CONFIG_FILE_FOLDER does not exist" + return 2 + fi + + # Clean-up the output folder + rm -f $CONFIG_FILE + + # Verify that all of the appropriate environment variables have been set + if [ "$REALM" != "" ]; then + # Create and edit the output file + sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE + return 0 + else + return 1 + fi +} + + +function setup_svcSettings_file +{ + # Determine the file names + TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/svc.settings + CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings + IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml + + # Verify that the template file exists + if [ ! -f $TEMPLATE_FILE ]; then + echo "Template file $TEMPLATE_FILE does not exist" + return 2 + fi + + # Verify that the output folder exists + if [ ! -d $CONFIG_FILE_FOLDER ]; then + echo "Output folder $CONFIG_FILE_FOLDER does not exist" + return 2 + fi + + # Clean-up the output folder + rm -f $CONFIG_FILE + + # Create and edit the output file + sed s:IAREALMS_FILE_PATH:$IAREALMS_FILE_PATH:g $TEMPLATE_FILE > $CONFIG_FILE + return 0 +} + + +#### MAIN #### + +# Determine what folders to utilize based on the input +# parameters and our defaults. +if [ "$1" != "" ]; then + if [ "$1" != "-h" ]; then + TEMPLATE_FILE_FOLDER=$1 + else + display_usage + exit 0 + fi +else + TEMPLATE_FILE_FOLDER=DEFAULT_TEMPLATE_FILE_FOLDER +fi + +if [ "$2" != "" ]; then + CONFIG_FILE_FOLDER=$2 +else + CONFIG_FILE_FOLDER=DEFAULT_CONFIG_FILE_FOLDER +fi + +# Setup the configuration files +setup_iaRealms_file +RETVAL=$? +if [ "$RETVAL" = "0" ]; then + setup_authPolicy_file + RETVAL=$? + if [ "$RETVAL" = "0" ]; then + setup_svcSettings_file + RETVAL=$? + fi +fi + +if [ "$RETVAL" != "0" ]; then + if [ "$RETVAL" = "1" ]; then + display_usage + fi + exit 1 +else + exit 0 +fi + + + diff --git a/CASA-auth-token/java/server/Svc/linux/CasaIdenTokenSettingsEditor.sh b/CASA-auth-token/java/server/Svc/linux/CasaIdenTokenSettingsEditor.sh index 8abeaaa2..14c4e7c2 100755 --- a/CASA-auth-token/java/server/Svc/linux/CasaIdenTokenSettingsEditor.sh +++ b/CASA-auth-token/java/server/Svc/linux/CasaIdenTokenSettingsEditor.sh @@ -1,3 +1,37 @@ #!/bin/sh +######################################################################## +# +# Copyright (C) 2006 Novell, Inc. All Rights Reserved. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; version 2.1 +# of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, +# you may find current contact information at www.novell.com. +# +# Author: Juan Carlos Luciani +# +######################################################################## + +######################################################################## +# +# Script for editing identoken.settings files +# +######################################################################## + +# Source our environment variables file +. /etc/CASA/authtoken/svc/envvars + +# Perform the operation requested $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar $* diff --git a/CASA-auth-token/java/server/Svc/linux/CasaSvcSettingsEditor.sh b/CASA-auth-token/java/server/Svc/linux/CasaSvcSettingsEditor.sh index 1471136e..adce8082 100755 --- a/CASA-auth-token/java/server/Svc/linux/CasaSvcSettingsEditor.sh +++ b/CASA-auth-token/java/server/Svc/linux/CasaSvcSettingsEditor.sh @@ -1,3 +1,37 @@ #!/bin/sh +######################################################################## +# +# Copyright (C) 2006 Novell, Inc. All Rights Reserved. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; version 2.1 +# of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, +# you may find current contact information at www.novell.com. +# +# Author: Juan Carlos Luciani +# +######################################################################## + +######################################################################## +# +# Script for editing svc.settings files +# +######################################################################## + +# Source our environment variables file +. /etc/CASA/authtoken/svc/envvars + +# Perform the operation requested $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar $* diff --git a/CASA-auth-token/java/server/Svc/linux/Makefile.am b/CASA-auth-token/java/server/Svc/linux/Makefile.am index 1ec53ccb..90bbf431 100644 --- a/CASA-auth-token/java/server/Svc/linux/Makefile.am +++ b/CASA-auth-token/java/server/Svc/linux/Makefile.am @@ -30,7 +30,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \ envvars \ server_keystore_setup.sh \ crypto.properties \ - svc.settings \ + CasaBasicATSSetup.sh \ CasaAuthPolicyEditor.sh \ CasaAuthTokenSettingsEditor.sh \ CasaIdenTokenSettingsEditor.sh \ diff --git a/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh b/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh index 41aca13b..9c32988c 100755 --- a/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh +++ b/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh @@ -23,20 +23,26 @@ # ######################################################################## -############################################################# -# # -# CASA ATS Keystore Setup Script. # -# # -# An ATS signs tokens and communicates with clients over # -# SSL. This scrip sets up the necessary key-pairs and # -# certificates for the ATS to perform these functions. # -# # -# For token signing purposes, this scrip creates a self signed certificate that it then # -# exports. At this time it is sufficient to utilize self # -# signed certificates because they are meant to be consumed # -# by entities of the local box. # -# # -############################################################# +######################################################################## +# +# CASA ATS Keystore Setup Script. +# +# An ATS signs tokens and communicates with clients over +# SSL. This scrip sets up the necessary key-pairs and +# certificates for the ATS to perform these functions. +# +# For token signing purposes, this scrip creates a self +# signed certificate that it then exports. At this time it +# is sufficient to utilize self signed certificates because +# they are meant to be consumed by entities of the local +# box. +# +######################################################################## + +# Source our environment variables file +. /etc/CASA/authtoken/svc/envvars + +# Perform the operation requested # Do not do anything if the server keystore has already been created if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then @@ -46,7 +52,7 @@ if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then else echo "Setting up the server's keystore" - KEYTOOL_PATH=/usr/lib/jvm/java-1.5.0-ibm/bin/keytool + KEYTOOL_PATH=$JAVA_HOME/bin/keytool # Create the server keystore with the key that will be used for signing tokens host=`hostname -f` diff --git a/CASA-auth-token/java/server/Svc/linux/svc.settings b/CASA-auth-token/java/server/Svc/linux/svc.settings deleted file mode 100644 index 0cee0ee2..00000000 --- a/CASA-auth-token/java/server/Svc/linux/svc.settings +++ /dev/null @@ -1,4 +0,0 @@ - - - /etc/CASA/authtoken/svc/iaRealms.xml - diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java index 5c0e2858..de3a471f 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java @@ -44,7 +44,7 @@ import java.util.Formatter; public class AuthPolicyEditor { private static final String usage = - "java auth_policy_editor -op [-entry realm:mechanismName[:mechanismInfo]] [-refentry realm:mechanismName] -file policyFilePath\n\n" + + "usage: AuthPolicyEditor -op [-entry realm:mechanismName[:mechanismInfo]] [-refentry realm:mechanismName] -file policyFilePath\n\n" + " where:\n" + " -op - Corresponds to one of the following operations:\n" + " -create - Create new auth policy file\n" + diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java index 55e638ab..e682b958 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java @@ -32,7 +32,7 @@ package com.novell.casa.authtoksvc; public class AuthTokenSettingsEditor implements IVerifySetting { private static final String usage = - "java authtoken_settings_editor -op [settingName [settingValue]] -file settingsFilePath\n\n" + + "usage: AuthTokenSettingsEditor -op [settingName [settingValue]] -file settingsFilePath\n\n" + " where:\n" + " -op - Corresponds to one of the following operations:\n" + " -create - Create new authtoken settings file\n" + diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java index 2f25f426..17e8631f 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java @@ -32,7 +32,7 @@ package com.novell.casa.authtoksvc; public class IdenTokenSettingsEditor implements IVerifySetting { private static final String usage = - "java identoken_settings_editor -op [settingName [settingValue]] -file settingsFilePath\n\n" + + "usage: IdenTokenSettingsEditor -op [settingName [settingValue]] -file settingsFilePath\n\n" + " where:\n" + " -op - Corresponds to one of the following operations:\n" + " -create - Create new identoken settings file\n" + diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java index 5a4a1c6c..9b9cf175 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java @@ -34,7 +34,7 @@ import java.io.File; public class SvcSettingsEditor implements IVerifySetting { private static final String usage = - "java svc_settings_editor -op [settingName [settingValue]] -file settingsFilePath\n\n" + + "usage: SvcSettingsEditor -op [settingName [settingValue]] -file settingsFilePath\n\n" + " where:\n" + " -op - Corresponds to one of the following operations:\n" + " -create - Create new svc settings file\n" + diff --git a/CASA-auth-token/java/server/Svc/templates/Makefile.am b/CASA-auth-token/java/server/Svc/templates/Makefile.am new file mode 100644 index 00000000..128fa83b --- /dev/null +++ b/CASA-auth-token/java/server/Svc/templates/Makefile.am @@ -0,0 +1,41 @@ +####################################################################### +# +# Copyright (C) 2006 Novell, Inc. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# Author: Juan Carlos Luciani +# +####################################################################### + +SUBDIRS = + +DIST_SUBDIRS = + +CFILES = + +EXTRA_DIST = auth.policy \ + authtoken.settings \ + iaRealms.xml \ + identoken.settings \ + svc.settings + +.PHONY: package package-clean package-install package-uninstall +package package-clean package-install package-uninstall: + $(MAKE) -C $(TARGET_OS) $@ + +maintainer-clean-local: + rm -f Makefile.in + diff --git a/CASA-auth-token/java/server/Svc/templates/auth.policy b/CASA-auth-token/java/server/Svc/templates/auth.policy new file mode 100644 index 00000000..d9cf2413 --- /dev/null +++ b/CASA-auth-token/java/server/Svc/templates/auth.policy @@ -0,0 +1,11 @@ + + + +REALM +Krb5Authenticate + + +REALM +PwdAuthenticate + + diff --git a/CASA-auth-token/java/server/Svc/templates/authtoken.settings b/CASA-auth-token/java/server/Svc/templates/authtoken.settings new file mode 100644 index 00000000..b703427e --- /dev/null +++ b/CASA-auth-token/java/server/Svc/templates/authtoken.settings @@ -0,0 +1,3 @@ + + + diff --git a/CASA-auth-token/java/server/Svc/templates/iaRealms.xml b/CASA-auth-token/java/server/Svc/templates/iaRealms.xml new file mode 100644 index 00000000..928c379b --- /dev/null +++ b/CASA-auth-token/java/server/Svc/templates/iaRealms.xml @@ -0,0 +1,22 @@ + + + + + + + + ldap://LDAP_HOST_NAME:LDAP_LISTEN_PORT + + + + + REALM + + + diff --git a/CASA-auth-token/java/server/Svc/templates/identoken.settings b/CASA-auth-token/java/server/Svc/templates/identoken.settings new file mode 100644 index 00000000..cbbf8cf8 --- /dev/null +++ b/CASA-auth-token/java/server/Svc/templates/identoken.settings @@ -0,0 +1,5 @@ + + + sn + + diff --git a/CASA-auth-token/java/server/Svc/templates/svc.settings b/CASA-auth-token/java/server/Svc/templates/svc.settings new file mode 100644 index 00000000..64501cd7 --- /dev/null +++ b/CASA-auth-token/java/server/Svc/templates/svc.settings @@ -0,0 +1,4 @@ + + + IAREALMS_FILE_PATH +