# Purpose: SUNWsnad package postinstall script # Author: Dan Gordon # Creation date: 09/10/98 # # Details: # # Makes final changes to system after install. Does the following: # # - installs cryptorand # - nstalls in.SafeHelper # - fixes the DEFAULTURL flag in the .default profile # - removes any existing profiles # - adds new servlet properties to properties files # - adds servlet aliases for new servlets # - restarts Java Web Server # # This script uses scripts written by William.Soley@corp of STE for # installing both cryptorand and in.SafeHelper. # # This script is meant to be run as part of the SUNWsnad package # installation. It assumes that the following variables have already # been gathered and made available by previous scripts. # # FQDNAUTHNAME # APPHOST # APPPORT # DEFAULTURL # JWSPATH # # NOTE: authd needs an authentication database to run against. This package # assumes that the database is a SafeWord database installed on this same # system. It is up to the system administrator to properly install, configure, # and populate the SafeWord database. This package assumes that this database # is already in working order. # PATH=/bin:/usr/bin:/sbin:/usr/sbin PKGDIR=${BASEDIR}/SUNWsnad NSSDIR="$BASEDIR/$NSSPATH/https-$AUTH_HOST" JWSDIR="$BASEDIR/$JWSPATH" ALIASES="/login=login /logout=login /sessioninfo=sessioninfo /userinfo=userinfo /console=console" RULESFILE="${NSSDIR}/config/rules.properties" #RULESFILE_SSL="${JWSDIR}/properties/server/javawebserver/secureservice/rules.properties" SERVLETSFILE="${NSSDIR}/config/servlets.properties" #SERVLETSFILE_SSL="${JWSDIR}/properties/server/javawebserver/secureservice/servlets.properties" # # Install in.SafeHelper. Again, if it is already installed then the sript # being called is clever enough not to fudge things up. # # # fix the DEFAULTURL flag in the .default file # echo "Setting default URL . . ." cp -p ${JWSDIR}/profiles/.default ${JWSDIR}/profiles/.default+ sed -e "s^DEFAULTURL^$DEFAULTURL^" ${JWSDIR}/profiles/.default+ > \ ${JWSDIR}/profiles/.default rm -f ${JWSDIR}/profiles/.default+ echo "Setting default URL for root. . ." cp -p ${JWSDIR}/profiles/root ${JWSDIR}/profiles/root+ sed -e "s^DEFAULTURL^$DEFAULTURL^" ${JWSDIR}/profiles/root+ > \ ${JWSDIR}/profiles/root rm -f ${JWSDIR}/profiles/root+ # # Remove any currently existing profiles in the profiles directory since # most likely they should be recreated new. # echo "Deleting old profiles . . ." rm -f ${JWSDIR}/profiles/[A-Z0-9]* >/dev/null 2>&1 # # Add servlet aliases for new servlets if they are not already there # echo "Adding new servlet aliases . . ." for alias in $ALIASES do check="`egrep \"^$alias\" $RULESFILE`" if [ -z "$check" ] then echo $alias >> $RULESFILE fi done #echo "Adding new servlet aliases . . ." #for alias in $ALIASES #do # check="`egrep \"^$alias\" $RULESFILE_SSL`" # if [ -z "$check" ] # then # echo $alias >> $RULESFILE_SSL # fi #done # # add new servlet properties to servlets properties file # echo "Adding new servlet properties . . ." # First, clear out all old entries cp -p $SERVLETSFILE $SERVLETSFILE+ sed -e "/^servlet\.login/d" -e "/^servlet\.sessioninfo/d" \ -e "/^servlet\.userinfo/d" \ -e "/^servlet\.console/d" \ $SERVLETSFILE+ > $SERVLETSFILE rm -r $SERVLETSFILE+ #cp -p $SERVLETSFILE_SSL $SERVLETSFILE_SSL+ #sed -e "/^servlet\.login/d" -e "/^servlet\.sessioninfo/d" \ # -e "/^servlet\.userinfo/d" \ # -e "/^servlet\.console/d" \ # $SERVLETSFILE_SSL+ > $SERVLETSFILE_SSL #rm -r $SERVLETSFILE_SSL+ # Then add the new entries echo "servlet.login.code=com.sun.authd.LoginServlet servlet.login.description=login servlet.login.initArgs=PROFILES=${JWSDIR}/profiles servlet.console.code=com.sun.stnr.admin.ConsoleServlet servlet.sessioninfo.code=com.sun.authd.SessionInfoServlet #servlet.userinfo.code=com.sun.authd.UserInfoServlet servlet.userinfo.initArgs=policyUrl=file:${JWSDIR}/config/UserInfoServlet.policy,policyClass=com.sun.acm.DefaultPolicy" >> $SERVLETSFILE #echo "servlet.login.code=com.sun.authd.LoginServlet #servlet.login.description=login #servlet.console.code=com.sun.stnr.admin.ConsoleServlet #servlet.sessioninfo.code=com.sun.authd.SessionInfoServlet #servlet.userinfo.code=com.sun.authd.UserInfoServlet #servlet.userinfo.initArgs=policyUrl=file:${JWSDIR}/config/UserInfoServlet.policy,policyClass=com.sun.acm.DefaultPolicy" >> $SERVLETSFILE_SSL GATEWAY_IP_ADDRESS=`getent hosts $FQDNGATEWAYNAME | awk '{print $1}'` AUTH_IP_ADDRESS=`getent hosts $FQDNAUTHNAME | awk '{print $1}'` if [ "$GATEWAY_IP_ADDRESS" = "" ]; then echo ERROR could not resolve the Gateway IP Address fi if [ "$AUTH_IP_ADDRESS" = "" ]; then echo ERROR could not resolve the Auth Server IP Address fi SSL_ENABLED=`grep platform.protocol $PLATCONF | sed -e "s/platform.protocol=//"` if [ "$SSL_ENABLED" = "https" ]; then SSL_PORT=`grep platform.ssl.port $PLATCONF | sed -e "s/platform.ssl.port=//"` if [ "$SSL_PORT" = "443" ];then AUTH_IP_ADDRESS_PORT=$AUTH_IP_ADDRESS else AUTH_IP_ADDRESS_PORT=$AUTH_IP_ADDRESS:$SSL_PORT fi else AUTH_IP_ADDRESS_PORT=$AUTH_IP_ADDRESS:$AUTH_PORT fi # # Modify the platform.conf to reflect data gathered during # install # CONFFILES="/etc/opt/SUNWstnr/platform.conf ${JWSDIR}/profiles/root /etc/http/remote_passage.httpd.conf" echo "Modify $CONFFILES" for file in $CONFFILES do if [ ! -f $file ]; then cp $file.orig $file fi cp -p $file $file.tmpl sed -e "s/AUTHHOST/$AUTH_HOST/g" \ -e "s/0.0.0.0/$AUTH_IP_ADDRESS/g" \ -e "s/PROTOCOL/http/g" \ -e "s/SSLPORT/443/g" \ -e "s/AUTHPORT/$AUTH_PORT/g" \ -e "s/FQDNAUTHSERVER/$FQDNAUTHNAME/g" \ -e "s/FQDNGATEWAY/$FQDNGATEWAYNAME/g" \ -e "s/GATEPORT/$GATE_PORT/g" \ -e "s/PREFHOST/$PREF_HOST/g" \ -e "s/PREFPORT/$PREF_PORT/g" \ -e "s/LOGPORT/$LOG_PORT/g" \ -e "s/LOGHOST/$LOG_HOST/g" \ -e "s/APPPORT/$APP_PORT/g" \ -e "s/APPHOST/$APP_HOST/g" \ -e "s/GATEWAYIP/$GATEWAY_IP_ADDRESS/g" \ -e "s/AUTHSERVERIP_PORT/$AUTH_IP_ADDRESS_PORT/g" \ -e "s/AUTHSERVERIPADDR/$AUTH_IP_ADDRESS/g" \ -e "s#PLATDIR#$BASEDIR#g" \ $file.tmpl > $file rm -f $file.tmpl done # universal var for platform.conf PLATFORM_CONF="/etc/opt/SUNWstnr/platform.conf" # clean up the platform.conf file if ssl port is default of 443 cp -p $PLATFORM_CONF $PLATFORM_CONF.tmp2 sed -e "s/trustedProxyFullURL=https:\/\/$GATEWAY_IP_ADDRESS:443/trustedProxyFullURL=https:\/\/$GATEWAY_IP_ADDRESS/" $PLATFORM_CONF.tmp2 > $PLATFORM_CONF rm -f $PLATFORM_CONF.tmp2 # # check to see if SecurID stuff has been installed on this machine. # if not, do not list securid as an authentication type. # # NOTE that it assumes that there's a preceding space: # " com.sun.login.securid.Securid" # SECURID_FILE="/etc/sdace.txt" if [ ! -f $SECURID_FILE ] then sed -e "s/ com\.sun\.login\.securid\.Securid//" $PLATFORM_CONF > /tmp/platform.conf cp /tmp/platform.conf $PLATFORM_CONF rm -f /tmp/platform.conf fi # # make sure the /var/opt/SUNWstnr/skeykeys file is there # if [ ! -f /var/opt/SUNWstnr/skeykeys ] then touch /var/opt/SUNWstnr/skeykeys chmod 666 /var/opt/SUNWstnr/skeykeys fi touch /var/etc/cryptorand chmod 600 /var/etc/cryptorand /etc/init.d/cryptorand stop /etc/init.d/cryptorand start # install in.SafeHelper in inetd.conf # backup services file rm -f /etc/inet/services~ ln /etc/inet/services /etc/inet/services~ # install services file exec >/etc/inet/services+ grep -vi 'safehelp' /etc/inet/services echo 'safehelp 7942/tcp # SafeHelper' exec >&- mv /etc/inet/services+ /etc/inet/services # backup inetd.conf rm -f /etc/inet/inetd.conf~ ln /etc/inet/inetd.conf /etc/inet/inetd.conf~ # install inetd.conf exec >/etc/inet/inetd.conf+ grep -vi 'safehelp' /etc/inet/inetd.conf echo 'safehelp stream tcp nowait root /etc/in.SafeHelper in.SafeHelper' exec >&- mv /etc/inet/inetd.conf+ /etc/inet/inetd.conf # kick inetd #ps -ef | awk '/^ *root .*[ /]inetd /{print "kill -HUP",$2}' | sh -x ps -ef | awk '/^ *root .*[ /]inetd /{print "kill -HUP",$2}' | /bin/sh