974f4829b3
until OES is updated to do the same for Java 1.5.
287 lines
8.2 KiB
Bash
Executable File
287 lines
8.2 KiB
Bash
Executable File
#!/bin/sh
|
|
########################################################################
|
|
#
|
|
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; version 2.1
|
|
# of the License.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Library Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, Novell, Inc.
|
|
#
|
|
# To contact Novell about this file by physical or electronic mail,
|
|
# you may find current contact information at www.novell.com.
|
|
#
|
|
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
|
#
|
|
########################################################################
|
|
|
|
########################################################################
|
|
#
|
|
# Scrip for setting up iaRealm.xml and auth.policy files for ATS
|
|
# using a single LDAP Realm.
|
|
#
|
|
# Notice that this scrip is very basic and only supports a single LDAP
|
|
# server.
|
|
#
|
|
########################################################################
|
|
|
|
DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates
|
|
DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc
|
|
|
|
function display_usage
|
|
{
|
|
echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]"
|
|
echo " where the position dependent parameters are:"
|
|
echo " -h - Display this information"
|
|
echo " TemplateFileFolder - Path to the folder containing the template files. If"
|
|
echo " not specified, the parameter defaults to"
|
|
echo " $DEFAULT_TEMPLATE_FILE_FOLDER."
|
|
echo " ConfigFileFolder - Path to the output file folder. If not specified, the"
|
|
echo " parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER."
|
|
echo ""
|
|
echo " The following environment variables MUST be exported when"
|
|
echo " executing this script:"
|
|
echo " REALM - The name of the LDAP Realm, example: Tree name"
|
|
echo " LDAP_HOST_NAME - The host name of the LDAP server"
|
|
echo " PROXY_USER_NAME - The name of the LDAP Proxy User"
|
|
echo " PROXY_USER_PW - The password of the LDAP Proxy User"
|
|
echo ""
|
|
echo " The following environment variables MAY be exported when"
|
|
echo " executing this script:"
|
|
echo " LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections"
|
|
echo ""
|
|
echo " WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM"
|
|
echo " USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'."
|
|
echo ""
|
|
}
|
|
|
|
|
|
function java_1_5_oes_workaround
|
|
{
|
|
#
|
|
# Notice, this function is here temporarily to support
|
|
# OES before it starts dealing with IBM's 1.5 JVM.
|
|
#
|
|
|
|
# Determine the file and folder names
|
|
CERT_FOLDER=/etc/opt/novell/certs
|
|
ALT_CERT_FOLDER=/etc/opt/novell
|
|
CERT_FILE_NAME=SSCert.der
|
|
JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts
|
|
|
|
# Determine the path to the eDir cert file
|
|
if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then
|
|
if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then
|
|
echo "eDir CA Cert not found!"
|
|
echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server."
|
|
return 2
|
|
else
|
|
CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME
|
|
fi
|
|
else
|
|
CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME
|
|
fi
|
|
|
|
# Now import the cert into java's keystore
|
|
$JAVA_HOME/bin/keytool -import\
|
|
-trustcacerts\
|
|
-alias edit_root_ca\
|
|
-keystore $JAVA_KEY_STORE_PATH\
|
|
-storepass changeit\
|
|
-file $CERT_FILE_PATH
|
|
|
|
return 0
|
|
}
|
|
|
|
|
|
function setup_jaas_file
|
|
{
|
|
# Determine the file names
|
|
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf
|
|
CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf
|
|
|
|
# Verify that the template file exists
|
|
if [ ! -f $TEMPLATE_FILE ]; then
|
|
echo "Template file $TEMPLATE_FILE does not exist"
|
|
return 2
|
|
fi
|
|
|
|
# Verify that the output folder exists
|
|
if [ ! -d $CONFIG_FILE_FOLDER ]; then
|
|
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
|
|
return 2
|
|
fi
|
|
|
|
# Clean-up the output folder
|
|
rm -f $CONFIG_FILE
|
|
|
|
# Create and edit the output file
|
|
host=`hostname -f`
|
|
sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE
|
|
return 0
|
|
}
|
|
|
|
|
|
function setup_iaRealms_file
|
|
{
|
|
# Determine the file names
|
|
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml
|
|
CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml
|
|
|
|
# Verify that the template file exists
|
|
if [ ! -f $TEMPLATE_FILE ]; then
|
|
echo "Template file $TEMPLATE_FILE does not exist"
|
|
return 2
|
|
fi
|
|
|
|
# Verify that the output folder exists
|
|
if [ ! -d $CONFIG_FILE_FOLDER ]; then
|
|
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
|
|
return 2
|
|
fi
|
|
|
|
# Clean-up the output folder
|
|
rm -f $CONFIG_FILE
|
|
|
|
# Verify that all of the appropriate environment variables have been set
|
|
if [ "$REALM" != "" ]; then
|
|
if [ "$LDAP_HOST_NAME" != "" ]; then
|
|
if [ "$PROXY_USER_NAME" != "" ]; then
|
|
if [ "$PROXY_USER_PW" != "" ]; then
|
|
# Create and edit the output file
|
|
sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
|
|
sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE
|
|
sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE
|
|
sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE
|
|
if [ "$LDAP_LISTEN_PORT" != '' ]; then
|
|
sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE
|
|
else
|
|
sed -i s:LDAP_LISTEN_PORT:636:g $CONFIG_FILE
|
|
fi
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
else
|
|
return 1
|
|
fi
|
|
else
|
|
return 1
|
|
fi
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
|
|
function setup_authPolicy_file
|
|
{
|
|
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
|
|
|
# Determine the file name
|
|
CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy
|
|
|
|
# Verify that the output folder exists
|
|
if [ ! -d $CONFIG_FILE_FOLDER ]; then
|
|
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
|
|
return 2
|
|
fi
|
|
|
|
# Clean-up the output folder
|
|
rm -f $CONFIG_FILE
|
|
|
|
# Verify that all of the appropriate environment variables have been set
|
|
if [ "$REALM" != "" ]; then
|
|
# Create and setup the auth.policy file
|
|
$EDITOR -create -file $CONFIG_FILE
|
|
$EDITOR -append -entry $REALM:Krb5Authenticate -file $CONFIG_FILE
|
|
$EDITOR -append -entry $REALM:PwdAuthenticate -file $CONFIG_FILE
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
|
|
function setup_svcSettings_file
|
|
{
|
|
EDITOR=/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
|
|
|
|
# Determine the file name
|
|
CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings
|
|
IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml
|
|
|
|
# Verify that the output folder exists
|
|
if [ ! -d $CONFIG_FILE_FOLDER ]; then
|
|
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
|
|
return 2
|
|
fi
|
|
|
|
# Clean-up the output folder
|
|
rm -f $CONFIG_FILE
|
|
|
|
# Create and setup the svc.settings file
|
|
$EDITOR -create -file $CONFIG_FILE
|
|
$EDITOR -set IAConfigFile $IAREALMS_FILE_PATH -file $CONFIG_FILE
|
|
return 0
|
|
}
|
|
|
|
|
|
#### MAIN ####
|
|
|
|
# Determine what folders to utilize based on the input
|
|
# parameters and our defaults.
|
|
if [ "$1" != "" ]; then
|
|
if [ "$1" != "-h" ]; then
|
|
TEMPLATE_FILE_FOLDER=$1
|
|
else
|
|
display_usage
|
|
exit 0
|
|
fi
|
|
else
|
|
TEMPLATE_FILE_FOLDER=$DEFAULT_TEMPLATE_FILE_FOLDER
|
|
fi
|
|
|
|
if [ "$2" != "" ]; then
|
|
CONFIG_FILE_FOLDER=$2
|
|
else
|
|
CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
|
|
fi
|
|
|
|
# Source our environment variables file
|
|
. /etc/CASA/authtoken/svc/envvars
|
|
|
|
# Setup the configuration files
|
|
java_1_5_oes_workaround
|
|
setup_jaas_file
|
|
setup_iaRealms_file
|
|
RETVAL=$?
|
|
if [ "$RETVAL" = "0" ]; then
|
|
setup_authPolicy_file
|
|
RETVAL=$?
|
|
if [ "$RETVAL" = "0" ]; then
|
|
setup_svcSettings_file
|
|
RETVAL=$?
|
|
fi
|
|
fi
|
|
|
|
if [ "$RETVAL" != "0" ]; then
|
|
if [ "$RETVAL" = "1" ]; then
|
|
display_usage
|
|
fi
|
|
exit 1
|
|
else
|
|
exit 0
|
|
fi
|
|
|
|
|
|
|