Continued changes to facilitate the setup of an ATS.

CASA-auth-token/java/server/Svc/linux/CasaAuthPolicyEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing auth.policy files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/CasaAuthTokenSettingsEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing authtoken.settings files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/CasaBasicATSSetup.sh

@@ -0,0 +1,221 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Scrip for setting up iaRealm.xml and auth.policy files for ATS
+# using a single LDAP Realm.
+# 
+# Notice that this scrip is very basic and only supports a single LDAP
+# server.
+#
+########################################################################
+
+DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates
+DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc
+
+function display_usage
+{
+   echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]"
+   echo "  where the position dependent parameters are:"
+   echo "    -h - Display this information"
+   echo "    TemplateFileFolder - Path to the folder containing the template files. If"
+   echo "                         not specified, the parameter defaults to"
+   echo "                         $DEFAULT_TEMPLATE_FILE_FOLDER."
+   echo "    ConfigFileFolder - Path to the output file folder. If not specified, the"
+   echo "                       parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER."
+   echo ""
+   echo "  The following environment variables MUST be exported when"
+   echo "  executing this script:"
+   echo "    REALM - The name of the LDAP Realm, example: Tree name"
+   echo "    LDAP_HOST_NAME - The host name of the LDAP server"
+   echo "    PROXY_USER_NAME - The name of the LDAP Proxy User"
+   echo "    PROXY_USER_PW - The password of the LDAP Proxy User"
+   echo ""
+   echo "  The following environment variables MAY be exported when"
+   echo "  executing this script:"
+   echo "    LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections"
+   echo ""
+   echo "  WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM"
+   echo "           USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'."
+   echo ""
+}
+
+function setup_iaRealms_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Verify that all of the appropriate environment variables have been set
+   if [ "$REALM" != "" ]; then
+      if [ "$LDAP_HOST_NAME" != "" ]; then
+         if [ "$PROXY_USER_NAME" != "" ]; then
+            if [ "$PROXY_USER_PW" != "" ]; then
+               # Create and edit the output file
+               sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
+               sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE
+               sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE
+               sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE
+               if [ "$LDAP_LISTEN_PORT" != '' ]; then
+                  sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE
+               else
+                  sed -i s:LDAP_LISTEN_PORT:389:g $CONFIG_FILE
+               fi
+               return 0
+            else
+               return 1
+            fi
+         else
+            return 1
+         fi
+      else
+         return 1
+      fi
+   else
+      return 1
+   fi
+}
+
+
+function setup_authPolicy_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/auth.policy
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Verify that all of the appropriate environment variables have been set
+   if [ "$REALM" != "" ]; then
+      # Create and edit the output file
+      sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
+      return 0
+   else
+      return 1
+   fi
+}
+
+
+function setup_svcSettings_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/svc.settings
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings
+   IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Create and edit the output file
+   sed s:IAREALMS_FILE_PATH:$IAREALMS_FILE_PATH:g $TEMPLATE_FILE > $CONFIG_FILE
+   return 0
+}
+
+
+#### MAIN ####
+
+# Determine what folders to utilize based on the input
+# parameters and our defaults.
+if [ "$1" != "" ]; then
+   if [ "$1" != "-h" ]; then
+      TEMPLATE_FILE_FOLDER=$1
+   else
+      display_usage
+      exit 0
+   fi
+else
+   TEMPLATE_FILE_FOLDER=DEFAULT_TEMPLATE_FILE_FOLDER
+fi
+
+if [ "$2" != "" ]; then
+   CONFIG_FILE_FOLDER=$2
+else
+   CONFIG_FILE_FOLDER=DEFAULT_CONFIG_FILE_FOLDER
+fi
+
+# Setup the configuration files
+setup_iaRealms_file
+RETVAL=$?
+if [ "$RETVAL" = "0" ]; then
+   setup_authPolicy_file
+   RETVAL=$?
+   if [ "$RETVAL" = "0" ]; then
+      setup_svcSettings_file
+      RETVAL=$?
+   fi
+fi
+
+if [ "$RETVAL" != "0" ]; then
+   if [ "$RETVAL" = "1" ]; then
+      display_usage
+   fi
+   exit 1
+else
+   exit 0
+fi
+
+
+

CASA-auth-token/java/server/Svc/linux/CasaIdenTokenSettingsEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing identoken.settings files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/CasaSvcSettingsEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing svc.settings files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/Makefile.am

@@ -30,7 +30,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \
 		envvars \
 		server_keystore_setup.sh \
 		crypto.properties \
-		svc.settings \
+		CasaBasicATSSetup.sh \
 		CasaAuthPolicyEditor.sh \
 		CasaAuthTokenSettingsEditor.sh \
 		CasaIdenTokenSettingsEditor.sh \

CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh

@@ -23,20 +23,26 @@
 #   
 ########################################################################
 
-#############################################################
-#                                                           #
-# CASA ATS Keystore Setup Script.                           #
-#                                                           #
-# An ATS signs tokens and communicates with clients over    #
-# SSL. This scrip sets up the necessary key-pairs and       #
-# certificates for the ATS to perform these functions.      #
-#                                                           #
-# For token signing purposes, this scrip creates a self signed certificate that it then #
-# exports. At this time it is sufficient to utilize self    #
-# signed certificates because they are meant to be consumed #
-# by entities of the local box.                             # 
-#                                                           # 
-#############################################################
+########################################################################
+#
+# CASA ATS Keystore Setup Script.
+#
+# An ATS signs tokens and communicates with clients over
+# SSL. This scrip sets up the necessary key-pairs and
+# certificates for the ATS to perform these functions.
+#
+# For token signing purposes, this scrip creates a self
+# signed certificate that it then exports. At this time it
+# is sufficient to utilize self signed certificates because
+# they are meant to be consumed by entities of the local
+# box.
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 
 # Do not do anything if the server keystore has already been created
 if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
@@ -46,7 +52,7 @@ if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
 else
 	echo "Setting up the server's keystore"
 
-        KEYTOOL_PATH=/usr/lib/jvm/java-1.5.0-ibm/bin/keytool
+   KEYTOOL_PATH=$JAVA_HOME/bin/keytool
 
 	# Create the server keystore with the key that will be used for signing tokens
 	host=`hostname -f`

CASA-auth-token/java/server/Svc/linux/svc.settings

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<settings>
-	<IAConfigFile>/etc/CASA/authtoken/svc/iaRealms.xml</IAConfigFile>
-</settings>