#!/bin/sh ######################################################################## # # Copyright (C) 2006 Novell, Inc. All Rights Reserved. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; version 2.1 # of the License. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Library Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, Novell, Inc. # # To contact Novell about this file by physical or electronic mail, # you may find current contact information at www.novell.com. # # Author: Juan Carlos Luciani # ######################################################################## ######################################################################## # # Scrip for setting up iaRealm.xml and auth.policy files for ATS # using a single LDAP Realm. # # Notice that this scrip is very basic and only supports a single LDAP # server. # ######################################################################## DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc function display_usage { echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]" echo " where the position dependent parameters are:" echo " -h - Display this information" echo " TemplateFileFolder - Path to the folder containing the template files. If" echo " not specified, the parameter defaults to" echo " $DEFAULT_TEMPLATE_FILE_FOLDER." echo " ConfigFileFolder - Path to the output file folder. If not specified, the" echo " parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER." echo "" echo " The following environment variables MUST be exported when" echo " executing this script:" echo " REALM - The name of the LDAP Realm, example: Tree name" echo " LDAP_HOST_NAME - The host name of the LDAP server" echo " PROXY_USER_NAME - The name of the LDAP Proxy User" echo " PROXY_USER_PW - The password of the LDAP Proxy User" echo "" echo " The following environment variables MAY be exported when" echo " executing this script:" echo " LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections" echo "" echo " WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM" echo " USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'." echo "" } function java_1_5_oes_workaround { # # Notice, this function is here temporarily to support # OES before it starts dealing with IBM's 1.5 JVM. # # Determine the file and folder names CERT_FOLDER=/etc/opt/novell/certs ALT_CERT_FOLDER=/etc/opt/novell CERT_FILE_NAME=SSCert.der JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts # Determine the path to the eDir cert file if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then echo "eDir CA Cert not found!" echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server." return 2 else CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME fi else CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME fi # Now import the cert into java's keystore $JAVA_HOME/bin/keytool -import -noprompt\ -trustcacerts\ -alias edir_root_ca\ -keystore $JAVA_KEY_STORE_PATH\ -storepass changeit\ -file $CERT_FILE_PATH return 0 } function setup_jaas_file { # Determine the file names TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf # Verify that the template file exists if [ ! -f $TEMPLATE_FILE ]; then echo "Template file $TEMPLATE_FILE does not exist" return 2 fi # Verify that the output folder exists if [ ! -d $CONFIG_FILE_FOLDER ]; then echo "Output folder $CONFIG_FILE_FOLDER does not exist" return 2 fi # Clean-up the output folder rm -f $CONFIG_FILE # Create and edit the output file host=`hostname -f` sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE return 0 } function setup_iaRealms_file { # Determine the file names TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml # Verify that the template file exists if [ ! -f $TEMPLATE_FILE ]; then echo "Template file $TEMPLATE_FILE does not exist" return 2 fi # Verify that the output folder exists if [ ! -d $CONFIG_FILE_FOLDER ]; then echo "Output folder $CONFIG_FILE_FOLDER does not exist" return 2 fi # Clean-up the output folder rm -f $CONFIG_FILE # Verify that all of the appropriate environment variables have been set if [ "$REALM" != "" ]; then if [ "$LDAP_HOST_NAME" != "" ]; then if [ "$PROXY_USER_NAME" != "" ]; then if [ "$PROXY_USER_PW" != "" ]; then # Create and edit the output file sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE if [ "$LDAP_LISTEN_PORT" != '' ]; then sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE else sed -i s:LDAP_LISTEN_PORT:636:g $CONFIG_FILE fi return 0 else return 1 fi else return 1 fi else return 1 fi else return 1 fi } function setup_authPolicy_file { EDITOR=/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh # Determine the file name CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy # Verify that the output folder exists if [ ! -d $CONFIG_FILE_FOLDER ]; then echo "Output folder $CONFIG_FILE_FOLDER does not exist" return 2 fi # Clean-up the output folder rm -f $CONFIG_FILE # Verify that all of the appropriate environment variables have been set if [ "$REALM" != "" ]; then # Create and setup the auth.policy file $EDITOR -create -file $CONFIG_FILE $EDITOR -append -entry $REALM:Krb5Authenticate -file $CONFIG_FILE $EDITOR -append -entry $REALM:PwdAuthenticate -file $CONFIG_FILE return 0 else return 1 fi } function setup_svcSettings_file { EDITOR=/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh # Determine the file name CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml # Verify that the output folder exists if [ ! -d $CONFIG_FILE_FOLDER ]; then echo "Output folder $CONFIG_FILE_FOLDER does not exist" return 2 fi # Clean-up the output folder rm -f $CONFIG_FILE # Create and setup the svc.settings file $EDITOR -create -file $CONFIG_FILE $EDITOR -set IAConfigFile $IAREALMS_FILE_PATH -file $CONFIG_FILE return 0 } #### MAIN #### # Determine what folders to utilize based on the input # parameters and our defaults. if [ "$1" != "" ]; then if [ "$1" != "-h" ]; then TEMPLATE_FILE_FOLDER=$1 else display_usage exit 0 fi else TEMPLATE_FILE_FOLDER=$DEFAULT_TEMPLATE_FILE_FOLDER fi if [ "$2" != "" ]; then CONFIG_FILE_FOLDER=$2 else CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER fi # Source our environment variables file . /etc/CASA/authtoken/svc/envvars # Setup the configuration files java_1_5_oes_workaround setup_jaas_file setup_iaRealms_file RETVAL=$? if [ "$RETVAL" = "0" ]; then setup_authPolicy_file RETVAL=$? if [ "$RETVAL" = "0" ]; then setup_svcSettings_file RETVAL=$? fi fi if [ "$RETVAL" != "0" ]; then if [ "$RETVAL" = "1" ]; then display_usage fi exit 1 else exit 0 fi