geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
0f58c82603
CASA/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
Juan Carlos Luciani 88db52f6c2 Added option to command for importing eDir cert in the 
CasaBasicATSSetup script so that it does not prompt
the user. This allows the script to work correctly
when invoked from our Yast module.
2006-12-06 05:38:04 +00:00

287 lines
8.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# Scrip for setting up iaRealm.xml and auth.policy files for ATS
# using a single LDAP Realm.
#
# Notice that this scrip is very basic and only supports a single LDAP
# server.
#
########################################################################
DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates
DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc
function display_usage
{
echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]"
echo " where the position dependent parameters are:"
echo " -h - Display this information"
echo " TemplateFileFolder - Path to the folder containing the template files. If"
echo " not specified, the parameter defaults to"
echo " $DEFAULT_TEMPLATE_FILE_FOLDER."
echo " ConfigFileFolder - Path to the output file folder. If not specified, the"
echo " parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER."
echo ""
echo " The following environment variables MUST be exported when"
echo " executing this script:"
echo " REALM - The name of the LDAP Realm, example: Tree name"
echo " LDAP_HOST_NAME - The host name of the LDAP server"
echo " PROXY_USER_NAME - The name of the LDAP Proxy User"
echo " PROXY_USER_PW - The password of the LDAP Proxy User"
echo ""
echo " The following environment variables MAY be exported when"
echo " executing this script:"
echo " LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections"
echo ""
echo " WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM"
echo " USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'."
echo ""
}
function java_1_5_oes_workaround
{
#
# Notice, this function is here temporarily to support
# OES before it starts dealing with IBM's 1.5 JVM.
#
# Determine the file and folder names
CERT_FOLDER=/etc/opt/novell/certs
ALT_CERT_FOLDER=/etc/opt/novell
CERT_FILE_NAME=SSCert.der
JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts
# Determine the path to the eDir cert file
if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then
if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then
echo "eDir CA Cert not found!"
echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server."
return 2
else
CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME
fi
else
CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME
fi
# Now import the cert into java's keystore
$JAVA_HOME/bin/keytool -import -noprompt\
-trustcacerts\
-alias edir_root_ca\
-keystore $JAVA_KEY_STORE_PATH\
-storepass changeit\
-file $CERT_FILE_PATH
return 0
}
function setup_jaas_file
{
# Determine the file names
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf
CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf
# Verify that the template file exists
if [ ! -f $TEMPLATE_FILE ]; then
echo "Template file $TEMPLATE_FILE does not exist"
return 2
fi
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Create and edit the output file
host=`hostname -f`
sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE
return 0
}
function setup_iaRealms_file
{
# Determine the file names
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml
CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml
# Verify that the template file exists
if [ ! -f $TEMPLATE_FILE ]; then
echo "Template file $TEMPLATE_FILE does not exist"
return 2
fi
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Verify that all of the appropriate environment variables have been set
if [ "$REALM" != "" ]; then
if [ "$LDAP_HOST_NAME" != "" ]; then
if [ "$PROXY_USER_NAME" != "" ]; then
if [ "$PROXY_USER_PW" != "" ]; then
# Create and edit the output file
sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE
sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE
sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE
if [ "$LDAP_LISTEN_PORT" != '' ]; then
sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE
else
sed -i s:LDAP_LISTEN_PORT:636:g $CONFIG_FILE
fi
return 0
else
return 1
fi
else
return 1
fi
else
return 1
fi
else
return 1
fi
}
function setup_authPolicy_file
{
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
# Determine the file name
CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Verify that all of the appropriate environment variables have been set
if [ "$REALM" != "" ]; then
# Create and setup the auth.policy file
$EDITOR -create -file $CONFIG_FILE
$EDITOR -append -entry $REALM:Krb5Authenticate -file $CONFIG_FILE
$EDITOR -append -entry $REALM:PwdAuthenticate -file $CONFIG_FILE
return 0
else
return 1
fi
}
function setup_svcSettings_file
{
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
# Determine the file name
CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings
IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml
# Verify that the output folder exists
if [ ! -d $CONFIG_FILE_FOLDER ]; then
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
return 2
fi
# Clean-up the output folder
rm -f $CONFIG_FILE
# Create and setup the svc.settings file
$EDITOR -create -file $CONFIG_FILE
$EDITOR -set IAConfigFile $IAREALMS_FILE_PATH -file $CONFIG_FILE
return 0
}
#### MAIN ####
# Determine what folders to utilize based on the input
# parameters and our defaults.
if [ "$1" != "" ]; then
if [ "$1" != "-h" ]; then
TEMPLATE_FILE_FOLDER=$1
else
display_usage
exit 0
fi
else
TEMPLATE_FILE_FOLDER=$DEFAULT_TEMPLATE_FILE_FOLDER
fi
if [ "$2" != "" ]; then
CONFIG_FILE_FOLDER=$2
else
CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
fi
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
# Setup the configuration files
java_1_5_oes_workaround
setup_jaas_file
setup_iaRealms_file
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
setup_authPolicy_file
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
setup_svcSettings_file
RETVAL=$?
fi
fi
if [ "$RETVAL" != "0" ]; then
if [ "$RETVAL" = "1" ]; then
display_usage
fi
exit 1
else
exit 0
fi
Reference in New Issue View Git Blame Copy Permalink