ftp.rsa.com

home *** CD-ROM | disk | FTP | other *** search

/ ftp.rsa.com / 2014.05.ftp.rsa.com.tar / ftp.rsa.com / pub / agents / WebAgent_70_Apache_RHEL5_64_379_08201024.tar / CD / install next >

Wrap

Text File | 2010-08-23 | 37KB | 1,321 lines

#!/bin/sh # # Installation script for the RSA Authentication Agent for Web Servers Plugin. # # #******************************************************************************** #* COPYRIGHT (C) 2009 by RSA Security Inc. #* ---ALL RIGHTS RESERVED--- #******************************************************************************** # ############################################################ # Set default values and commands for the shell script. ############################################################ clear UNAME=`uname` UNAMER=`uname -r` HOSTNAME=`hostname` WEBSERVER="apache" WEBSERVERNAME="Apache" if [ $WEBSERVER = "iplanet" ] ; then WEBSERVERNAME="Sun Java System" fi PROCESS_LIST="httpd" PLATFORM_OK=FALSE myNewVersion= myOldVersion= BACKUP_OLD= TEMP_WEB_AGENT= HERE=`dirname $0` THEPWD=`/bin/pwd` if [ "$HERE" = "." ]; then HERE="$THEPWD" else #if $HERE isn't absolute path add `pwd` to it cd $HERE HERE=`/bin/pwd` cd $THEPWD fi #suji needs to change ######################## ######################## APACHE_DOCS="" APACHE_CONFIG="" APACHE_EXEC="" APACHE_LIB="" CONF_FILE="" OBJCONF_FILE="" WEB_AGENT="/tmp/toto" WEB_AGENT_DIR="rsawebagent" WEB_AGENT_TAR="$WEB_AGENT_DIR.tar" WEB_AGENT_DOC="doc" WEB_AGENT_README="readme" WEB_AGENT_TAR_GZ="$WEB_AGENT_TAR.gz" LICENSE="$HERE/license.txt" LICENSE2="$HERE/license2.txt" PATH_ROOT="" DF="df -P -k" MPM_WORKER_CONFIG=FALSE # Disk space require for the installation SPACE=3500 PLUG_IS_INSTLD=FALSE ADMIN_IS_INSTLD=FALSE BACKUP_CRTD=FALSE PREV_INSTL=FALSE echo_no_nl_mode="unknown" ############################################################################## # Trap # this will trap any escape characters, and allow the program to abort normally # by calling abort_installation ############################################################################## trap 'trap "" 1 2 15; abort_installation' 1 2 15 ############################################################################## # echo_no_nl() # Echo a string with no carriage return (if possible). Must set # $echo_no_nl to "unknown" before using for the first time. ############################################################################## echo_no_nl() { if [ "$echo_no_nl_mode" = "unknown" ] ; then echo_test=`echo \\\c` if [ "$echo_test" = "\c" ] ; then echo_no_nl_mode="-n" else echo_no_nl_mode="\c" fi fi if [ "$echo_no_nl_mode" = "\c" ] ; then echo $* \\c else echo -n $* fi } ############################################################################## # getfilename() # Gets a filename # $1 The string to print to prompt the user # $2 The default value if user hits <Enter> (y/n) # $3 Type : DIRECTORY, EXISTINGFILE, NEWFILE, NEWDIRECTORY # The variable $YESORNO is set in accordance to what the user entered. ############################################################################## getfilename() { ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### theprompt=$1 thedefault=$2 thetype=$3 theans="" until [ -n "$theans" ] ; do echo "" echo_no_nl "$theprompt [$thedefault] " read theans if [ "$theans" = "" ] ; then theans=$thedefault fi case $thetype in DIRECTORY) if [ ! -d "$theans" ]; then echo Directory $theans doesn\'t exist theans="" fi;; READFILE) if [ ! -f "$theans" ]; then echo File $theans doesn\'t exist theans="" elif [ ! -r "$theans" ]; then echo File "$theans" isn\'t readable theans="" fi;; WRITEFILE) if [ ! -f "$theans" ]; then echo File $theans doesn\'t exist theans="" elif [ ! -w "$theans" ]; then echo File "$theans" isn\'t writable theans="" fi;; EXECFILE) if [ ! -f "$theans" ]; then echo File $theans doesn\'t exist theans="" elif [ ! -x "$theans" ]; then echo File "$theans" isn\'t writable theans="" fi;; NEWFILE) if [ -f "$theans" ]; then echo File $theans already exist theans="" elif [ ! -d `dirname $theans` ]; then echo Directory `dirname $theans` doesn\'t exist theans="" elif [ ! -w `dirname $theans` ]; then echo Directory `dirname $theans` isn\'t writable theans="" fi;; *);; esac done } ########################################################################## # # getservername() # The variable WEBSERVER is set to the name of the server being used ########################################################################## #getservername() #{ ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### # theprompt=$1 # thedefault=$2 #### asf # theans=2 # echo "" # while [ "$theans" != "1" ] && [ "$theans" != "2" ] # do # echo # echo " 1. Apache" # echo " 2. Sun ONE" # echo # echo_no_nl "$theprompt [$thedefault] " # read theans # if [ "$theans" = "" ] ; then # theans=1 # fi # done # if [ "$theans" = "1" ] ; then # WEBSERVER="apache" # PROCESS_LIST=" httpd| aceapi_rpc_" # else # WEBSERVER="iplanet" # PROCESS_LIST="ns-httpd| aceapi_rpc_" # fi ##### This is modified during kit generation by the makefile # WEBSERVER="" ##### #} ############################################################################## # getAcceptDecline() # Gets either a "Accept" or a "Decline" in the traditional (a/d) pattern # $1 The default value if user hits <Enter> (TRUE/FALSE) # $2 The string to print to prompt the user # The variable $AORD is set in accordance to what the user entered. ############################################################################## getAcceptDecline() { ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### AorDdef=$1 AorDprompt=$2 AORD="" until [ -n "$AORD" ] ; do echo "" echo_no_nl $AorDprompt read AORD AORD=`echo $AORD | tr '[a-z]' '[A-Z]'` case "$AORD" in A|ACCEPT ) AORD=TRUE;; D|DECLINE ) AORD=FALSE;; '' ) AORD=$AorDdef;; * ) echo "" echo "Please enter 'A', 'D' or '<return>' " AORD="";; esac done } ############################################################################## # getyesorno() # Gets either a "yes" or a "no" in the traditional (y/n) pattern # $1 The default value if user hits <Enter> (TRUE/FALSE) # $2 The string to print to prompt the user # The variable $YESORNO is set in accordance to what the user entered. ############################################################################## getyesorno() { ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### yesornodef=$1 yesornoprompt=$2 YESORNO="" until [ -n "$YESORNO" ] ; do echo "" echo_no_nl $yesornoprompt read YESORNO case "$YESORNO" in y|Y ) YESORNO=TRUE;; n|N ) YESORNO=FALSE;; '' ) YESORNO=$yesornodef;; * ) echo "" echo "Please enter 'y', 'n' or '<return>' " YESORNO="";; esac done } ############################################################################## # abort_installation() # This subroutine removes files that were recently installed and restores # the previous installation files, if they existed. ############################################################################## abort_installation() { echo "" echo "Aborting Installation..." if [ "$BACKUP_CRTD" = TRUE ] ; then echo "Restoring Config Files..." cp -pf $CONF_SAVE $CONF_FILE rm -f $CONF_SAVE if [ $WEBSERVER = "iplanet" ] ; then cp -pf $OBJCONF_SAVE $OBJCONF_FILE rm -f $OBJCONF_SAVE fi fi if [ "$PLUG_IS_INSTLD" = TRUE ] ; then echo "Removing installed Files...." rm -rf "$WEB_AGENT" fi if [ "$PREV_INSTL" = TRUE ] ; then echo "Restoring Old Agent..." cp -Rpf $TEMP_WEB_AGENT $WEB_AGENT rm -rf $TEMP_WEB_AGENT fi exit 1 } ############################################################ # Display the License and Copyright files. ############################################################ startup_screen() { # Changed so that we could have both license files shown getyesorno TRUE "ARE YOU A CUSTOMER ORDERING THIS RSA PRODUCT FROM RSA SECURITY INC., FROM EITHER NORTH AMERICA, SOUTH AMERICA OR THE PEOPLE'S REPUBLIC OF CHINA (EXCLUDING HONG KONG): (y/n) [y]" if [ "$YESORNO" = TRUE ] ; then if [ -f $LICENSE ] ; then more $LICENSE else echo "The License Agreement text file could not be found in the current directory." echo "Installation is aborting..." abort_installation fi else if [ -f $LICENSE2 ] ; then more $LICENSE2 else echo "The License Agreement text file could not be found in the current directory." echo "Installation is aborting..." abort_installation fi fi getAcceptDecline FALSE "Do you accept the License Terms and Conditions stated above? (Accept/Decline) [D]" if [ "$AORD" = FALSE ] ; then abort_installation; fi } ############################################################ # Check to see if the environment variable VAR_ACE is # defined and sdconf.rec exists ############################################################ check_sdconf() { noerror=0 if [ ! -n "$VAR_ACE" ]; then VAR_ACE="/var/ace" fi theans="" while [ "$theans" = "" ] do getfilename "Enter Directory where sdconf.rec is located" $VAR_ACE DIRECTORY if [ ! -f "$theans/sdconf.rec" ]; then echo file "$theans/sdconf.rec" not found theans="" elif [ ! -r "$theans/sdconf.rec" ]; then echo file "$theans/sdconf.rec" not readable: change protection if needed VAR_ACE="$theans" theans="" else if [ "$theans" != "" ]; then VAR_ACE="$theans" fi break fi done } ############################################################ # Check to see if this is a supported platform. ############################################################ check_platform() { case $UNAME in SunOS) ARCH=`uname -p` if [ "$ARCH" = "i386" ] ; then if [ `/usr/bin/isainfo -kv | cut -f 1 -d '-'` = "32" ] ; then OS_DIR=sol-10-x86-32 else OS_DIR=sol-10-x86-64 fi else if [ `/usr/bin/isainfo -kv | cut -f 1 -d '-'` = "64" ] ; then OS_DIR=sol-10-sparc-64 else OS_DIR=sol-9-sparc-32 fi fi DF="/usr/xpg4/bin/df -P -k";; Linux) case $UNAMER in 2.4.* ) OS_DIR=lnxas3;; 2.6.* ) if [ `uname -r | cut -f 1 -d '-'` = "2.6.18" ] ; then if [ `getconf LONG_BIT` = "32" ] ; then OS_DIR=rhel-5.1-x86-32 else OS_DIR=rhel-5.1-x86-64 fi else OS_DIR=rhel-4-x86-32 fi;; * ) OS_DIR=lnx;; esac;; HP*) OS_DIR=hp11;; esac case $WEBSERVER in apache ) case $UNAME in Linux|SunOS);; *) echo "" echo "Sorry, $UNAME is not currently supported for $WEBSERVERNAME." echo "" abort_installation;; esac ;; iplanet ) case $UNAME in HP*|SunOS);; *) echo "" echo "Sorry, $UNAME is not currently supported for $WEBSERVERNAME ." echo "" abort_installation;; esac ;; * ) echo "" echo "Sorry, $WEBSERVERNAME Web Server is not currently supported." echo "" abort_installation ;; esac } ############################################################ # Check to see if webserver is running. ############################################################ check_if_webserver_running() { a=`ps -ecf | grep -v grep | egrep "$PROCESS_LIST" | egrep -v "https-adms" | wc -l` if [ $a != 0 ] ; then echo echo "We recommend you stop the Web server before installing the Agent." getyesorno FALSE "Do you want to continue (y/n) [n]:" if [ "$YESORNO" = FALSE ] ; then abort_installation fi fi } ############################################################ # Check to see if this is a supported webserver platform. ############################################################ check_webserver() { case $WEBSERVER in 'apache' ) apachevers=`$APACHE_EXEC -v | grep Apache | sed "s/.*Apache\///" | awk ' {print $1} '` case $apachevers in 2.2.*) ;; *) echo "" echo "Sorry, $WEBSERVERNAME version $apachevers is not currently supported." echo "The install script will abort the installation" echo "process. Please update the $WEBSERVERNAME web server" echo "to version $WEBSERVERNAME/2.2 or patch of this version and reinstall the web agent." echo "" abort_installation ;; esac ######################## # Check whether Apache has been installed to allow shared modules ######################## if [ ! -n "`$APACHE_EXEC -l | grep -v grep | grep mod_so.c`" ] ; then echo "" echo "RSA Authentication Agent v7.0 for Web for $WEBSERVERNAME can not be installed on your system" echo "The current installation of $WEBSERVERNAME Web Server does not" echo "allow for shared modules." echo "Please re-install $WEBSERVERNAME to enable shared modules" echo "and try again" abort_installation fi ######################## # Check to see if Apache is installed in worker MPM configuration. # If so, we must install the threaded libaceauth.so instead of # using the rpc server. ######################## ## if [ -n "`$APACHE_EXEC -l | grep -v grep | grep worker.c`" ] ; then if [ -n "`$APACHE_EXEC -l | grep -v grep | grep worker.c`" ] ; then MPM_WORKER_CONFIG=TRUE fi ;; 'iplanet' ) ipvers=`$WEB_SERVER_ROOT/start -version | grep iPlanet | cut -d/ -f2 | awk ' {print $1} '` if [ ! -n "$ipvers" ] ; then ipvers=`$WEB_SERVER_ROOT/start -version | grep "Sun ONE Web Server" | cut -d" " -f5 | awk ' {print $1} '` fi case $ipvers in 6.0* | 6.1* ) ;; * ) echo "" echo "Sorry, $WEBSERVERNAME version $ipvers is not currently supported." echo "The install script will abort the installation" echo "process. Please update the $WEBSERVERNAME web server" echo "to version Sun Java System Web Server 6.x and reinstall the web agent." echo "" abort_installation ;; esac ;; esac } ############################################################ # Ask the user for the Web Server Root and setup # other installation information ############################################################ setup_paths() { WEB_SERVER_ROOT="" ############################################################# ############### A P A C H E ############################### ############################################################# case $WEBSERVER in 'apache' ) ########################################### # Get the Apache Server Root directory path ########################################### DEFAULT_ROOT="/etc/httpd" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/local/apache2" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/apache2" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/local/apache" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/apache" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/apache2" fi fi fi fi fi ##################################### # Easiest fix for DOC Apache, Readme # versus DOC everything else, readme. ##################################### WEB_AGENT_README="Readme" until [ -n "$WEB_SERVER_ROOT" ] ; do echo "" getfilename "Please enter the path for the $WEBSERVERNAME installation directory" $DEFAULT_ROOT DIRECTORY WEB_SERVER_ROOT=$theans # The following logic has been disabled because it causes # problems across differing valid environments. Later # prompts resolve all necessary input for the Agent install, # even if the Apache install directory does not follow the # form implied in the below checking. # # if [ ! -f $WEB_SERVER_ROOT/conf/httpd.conf ] ; then # if [ ! -f $WEB_SERVER_ROOT/bin/httpd ] ; then # echo "" # echo "The path, $WEB_SERVER_ROOT, is not a valid path to your $WEBSERVERNAME root dir." # WEB_SERVER_ROOT="" # fi # fi if [ "$WEB_SERVER_ROOT" != "" ]; then dir="`$DF $WEB_SERVER_ROOT | sed -e "1,1d" | awk '{print($4)}'`" if [ $dir -lt $SPACE ] ; then echo "" echo "The path, $WEB_SERVER_ROOT, does not have enough disk space to install the web agent." WEB_SERVER_ROOT="" fi fi done ############################## # Now find the httpd.conf file ############################## CONFIG_TMP="/usr/local/apache/conf/httpd.conf" if [ -f $WEB_SERVER_ROOT/conf/httpd.conf ]; then CONFIG_TMP=$WEB_SERVER_ROOT/conf/httpd.conf fi ############# # Now Confirm ############# echo "" getfilename "Please enter the path for the $WEBSERVERNAME Configuration File " $CONFIG_TMP WRITEFILE CONF_FILE=$theans INSTALL_USER=`ps -f | awk '{ print $1 " " $2 }' | grep $$ | awk '{ print $1 }'` SERVER_USER=`grep "^User " $CONF_FILE | awk '{print $2}' | sed "s/#//" ` SERVER_GROUP=`grep "^Group " $CONF_FILE | awk '{print $2}' | sed "s/#//" ` if [ "$INSTALL_USER" = "root" ]; then if [ "$SERVER_USER" = "" ] || [ "$SERVER_USER" = "-1" ] ; then echo "Error: could not find a valid User in $CONF_FILE" echo echo "You need to set a valid User directive in the $CONF_FILE file" abort_installation fi if [ "$SERVER_GROUP" = "" ] || [ "$SERVER_GROUP" = "-1" ] ; then echo "Error: could not find a valid Group in $CONF_FILE" echo echo "We recommend you set a valid Group directive in the $CONF_FILE file" getyesorno FALSE "Do you want to continue (y/n) [n]:" if [ "$YESORNO" = FALSE ] ; then abort_installation fi fi fi CONF_TMP="$CONF_FILE.tmp" CONF_SAVE="$CONF_FILE."`date +%D%T | sed "s/\//-/g" ` ############################## # Now find the httpd executable ############################## EXEC_TMP="" EXEC_TMP=$WEB_SERVER_ROOT/bin/httpd if [ ! -x $EXEC_TMP ]; then EXEC_TMP=$WEB_SERVER_ROOT/src/httpd if [ ! -x $EXEC_TMP ]; then EXEC_TMP=`whereis httpd | awk '{print $2}'` if [ "$EXEC_TMP" = "" ]; then EXEC_TMP="/usr/bin/httpd" fi fi fi echo "" getfilename "Please enter the path for the $WEBSERVERNAME httpd binary file" $EXEC_TMP EXECFILE APACHE_EXEC=$theans APACHE_LIB="" if [ "$UNAME" = "SunOS" ]; then ############################## # Now find the apache lib directory ############################## LIB_TMP="" LIB_TMP=$WEB_SERVER_ROOT/lib if [ ! -d $LIB_TMP ]; then LIB_TMP=`dirname $APACHE_EXEC` LIB_TMP=$LIB_TMP/../lib if [ ! -d $LIB_TMP ]; then LIB_TMP=$WEB_SERVER_ROOT/lib fi fi echo "" getfilename "Please enter the path for the $WEBSERVERNAME library directory" $LIB_TMP DIRECTORY APACHE_LIB=$theans fi ;; ############################################################# ############### I P L A N E T ############################# ############################################################# iplanet ) ################################ # Get the Web Server root directory path ################################ DEFAULT_ROOT="/etc/iplanet/servers" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/iplanet/servers" if [ ! -d "$DEFAULT_ROOT" ] ; then DEFAULT_ROOT="/usr/local/iplanet/servers" fi fi DEFAULT_ROOT=`ls -1d $DEFAULT_ROOT/https-* 2>/dev/null| grep -v admserv 2>/dev/null| head -1 2>/dev/null` WEB_SERVER_ROOT="" while [ "$WEB_SERVER_ROOT" = "" ] ; do echo "" getfilename "Please enter the path for the $WEBSERVERNAME servername directory" $DEFAULT_ROOT DIRECTORY WEB_SERVER_ROOT=$theans if [ ! -f $WEB_SERVER_ROOT/config/magnus.conf ] ; then echo "" echo "The path, $WEB_SERVER_ROOT, is not a valid path to your $WEBSERVERNAME root dir." WEB_SERVER_ROOT="" else dir="`$DF $theans | sed -e "1,1d" | awk '{print($4)}'`" if [ $dir -lt $SPACE ] ; then echo "" echo "The path, $WEB_SERVER_ROOT, does not have enough disk space to install the web agent." WEB_SERVER_ROOT="" fi fi done CONF_FILE=$WEB_SERVER_ROOT/config/magnus.conf OBJCONF_FILE=$WEB_SERVER_ROOT/config/obj.conf ############# # Now Confirm ############# INSTALL_USER=`ps -f | awk '{ print $1 " " $2 }' | grep $$ | awk '{ print $1 }'` SERVER_USER=`grep "^User " $CONF_FILE | awk '{print $2}'` SERVER_GROUP=`ls -l $CONF_FILE | awk '{print $4}'` if [ "$SERVER_USER" = "" ] ; then echo "Error could find User in $CONF_FILE" abort_installation; fi CONF_TMP="$CONF_FILE.tmp" CONF_SAVE="$CONF_FILE."`date +%D%T | sed "s/\//-/g" ` OBJCONF_TMP="$OBJCONF_FILE.tmp" OBJCONF_SAVE="$OBJCONF_FILE."`date +%D%T | sed "s/\//-/g" ` ;; esac WEB_AGENT="$WEB_SERVER_ROOT/$WEB_AGENT_DIR" OLD_WEB_AGENT="$WEB_AGENT.old" TEMP_WEB_AGENT="$WEB_AGENT.temp" echo "" echo "The Web Agent will be installed in the $WEB_AGENT directory." } construct_apache_conf_str() { RSA_CONF_STR="###### BEGIN_RSA_BLOCK ###### WARNING: DO NOT EDIT THIS BLOCK. ANYTHING ADDED WILL BE REMOVED BY ###### THE NEXT INSTALLATION OF RSA WEB AGENT include $WEB_AGENT/rsawebagent.conf ###### END_RSA_BLOCK" RSAWEBAGENT_CONF_STR="# # RSA Authentication Agent for Web configuration information # This file is included by the current httpd.conf file # # Load and add the web agent module in the configuration LoadModule rsawebagent_module $WEB_AGENT/mod_rsawa_apache.so # # RSA Authentication Agent for Web installation directory # <IfModule mod_rsawebagent.c> RSAWebAgentInstallPath $WEB_AGENT VAR_ACEPath $VAR_ACE </IfModule> " } construct_iplanet_conf_str() { RSAWEBAGENT_CONF_STR="\\ Init fn=\"load-modules\" shlib=\"$WEB_AGENT/mod_rsawa_iplanet.so\" funcs=\"mod_rsawa_init,mod_rsawa_url_translator,mod_rsawa_service_auth\"\\ Init fn=\"mod_rsawa_init\" RSAWebAgentInstallPath=\"$WEB_AGENT\" VAR_ACEPath=\"$VAR_ACE\" " NAME_TRANS_STR="NameTrans fn=\"mod_rsawa_url_translator\"" SERVICE_AUTH_STR="Service method=\"(GET|POST)\" type=\"magnus-internal/auth\" fn=\"mod_rsawa_service_auth\"" } delete_lines() { FILE_TO_EDIT="$1" LINE_TO_REMOVE="$2" egrep -v "$LINE_TO_REMOVE" "$FILE_TO_EDIT" > $CONF_TMP if cp -f $CONF_TMP $FILE_TO_EDIT then : else rm $CONF_TMP echo "Error modifying $FILE_TO_EDIT" abort_installation; fi rm $CONF_TMP } delete_rsa_lines() { ################### # Now delete our lines if there are any ################### ############ # First find our lines and delete them ############ cat $FILE_TO_EDIT | awk 'BEGIN { printon = 1 } { if ( $0 ~ /BEGIN_RSA_BLOCK/ ) printon = 0 if ( printon == 1 ) print if ( $0 ~ /END_RSA_BLOCK/ ) printon = 1 }' > $CONF_TMP if cp -f $CONF_TMP $FILE_TO_EDIT then : else rm $CONF_TMP echo "Error modifying $FILE_TO_EDIT" abort_installation; fi rm $CONF_TMP } save_conf_file() { if cp -p $ORIG_FILE $SAVE_FILE ; then echo "Backup of $ORIG_FILE copied to $SAVE_FILE" else echo "Error backing up $ORIG_FILE" abort_installation; fi BACKUP_CRTD=TRUE } ############################################################ # Edit httpd.conf file to complete the install process ############################################################ edit_conf() { ################# # Construct the new configuration entries ################# case $WEBSERVER in 'apache' ) construct_apache_conf_str ################# # create rsawebagent.conf ################# echo "$RSAWEBAGENT_CONF_STR" > $WEB_AGENT/rsawebagent.conf ##################### # Save a copy of the original httpd.conf file ##################### ORIG_FILE=$CONF_FILE SAVE_FILE=$CONF_SAVE save_conf_file echo "" echo "Editing httpd.conf file...." ################### # Now perform the necessary httpd.conf edits ################### if [ -n "`egrep 'mod_rsawa_apache.so|rsawebagent.conf' $CONF_FILE`" ] ; then PREV_INSTL=TRUE FILE_TO_EDIT=$CONF_FILE delete_rsa_lines fi ################ # Always add our lines at the end ################ if echo "$RSA_CONF_STR" >> $CONF_FILE then : else echo "Error modifying $CONF_FILE" abort_installation; fi echo "Done editing httpd.conf file" ;; 'iplanet' ) construct_iplanet_conf_str ##################### # Save a copy of the original magnus/obj.conf file ##################### ORIG_FILE=$CONF_FILE SAVE_FILE=$CONF_SAVE save_conf_file ORIG_FILE=$OBJCONF_FILE SAVE_FILE=$OBJCONF_SAVE save_conf_file echo "" echo "Editing magnus.conf file...." ################### # Now perform the necessary magnus.conf edits ################### if [ -n "`egrep 'mod_rsawa_iplanet.so|rsawebagent.conf' $CONF_FILE`" ] ; then PREV_INSTL=TRUE delete_lines $CONF_FILE "mod_rsawa_iplanet.so|rsawebagent.conf" fi ################ # Now add our lines ################ insert_lines "$CONF_FILE" "Init fn" "$RSAWEBAGENT_CONF_STR" echo "Done editing magnus.conf file" ;; esac } insert_lines() { FILE_TO_EDIT=$1 LINE_TO_FIND=$2 LINE_TO_ADD=$3 LINE_NO=`egrep -n "$LINE_TO_FIND" $FILE_TO_EDIT | head -1 | awk -F: '{print $1}'` LINE_NO=`expr $LINE_NO - 1` ########### # Now try to append our line ########### cat $FILE_TO_EDIT | sed "${LINE_NO}a\\ $LINE_TO_ADD" > $CONF_TMP if cp -f $CONF_TMP $FILE_TO_EDIT then : else rm $CONF_TMP echo "Error modifying $FILE_TO_EDIT" abort_installation; fi rm $CONF_TMP } ########################################################### # Edit the INI file to add the protected URLs ########################################################### edit_ini() { echo "Configuring RSA Authentication Agent v7.0 for Web for $WEBSERVERNAME ...." ####################################### # Call config script ####################################### if [ $WEBSERVER = "iplanet" ] ; then CONF_LINK=magnus.conf elif [ $WEBSERVER = "apache" ] ; then CONF_LINK=httpd.conf fi rm -f $WEB_AGENT/$CONF_LINK ln -s $CONF_FILE $WEB_AGENT/$CONF_LINK $WEB_AGENT/config GlobalServerData if [ "$?" != "0" ]; then abort_installation; fi echo "Done configuring RSA Authentication Agent v7.0 for Web for $WEBSERVERNAME" } ############################################################ # Install the RSA Authentication Agent for Web library and configuration. ############################################################ install_webagent() { ############## #untar the RPM file ############## if [ -d $WEB_AGENT ]; then echo "It appears that a Web Agent has already been installed." myOldVersion=`strings $WEB_AGENT/librsawa_apache.so | grep "RSA Authentication Agent " | awk '{print $4$7}'` myOldVersion=`echo $myOldVersion | awk '{print $1}'` if [ "$myOldVersion" = "" ]; then OldVersion=`strings $WEB_AGENT/librsawa_apache.so | grep "@(#)RSA" | awk '{print $4$7}'` OldVersion=`echo $OldVersion | awk '{print $1}'` myOldVersion=$OldVersion fi if [ -f $HERE/$OS_DIR/$WEB_AGENT_TAR ]; then cd $HERE/$OS_DIR tar xvf $WEB_AGENT_TAR > /dev/null myNewVersion=`strings $HERE/$OS_DIR/$WEB_AGENT_DIR/librsawa_apache.so | grep "RSA Authentication Agent " | awk '{print $4$7}'` myNewVersion=`echo $myNewVersion | awk '{print $1}'` rm -rf "$WEB_AGENT_DIR" cd - > /dev/null if [ "$myOldVersion" = "$myNewVersion" ]; then echo "" echo "RSA Authentication Agent $myOldVersion has already installed." abort_installation fi #echo "Refer Migrating Web Agent Configuration Information section in Apache I&C guide" #abort_installation fi getyesorno FALSE "Should the installation upgrade the Web Agent ? (y/n) [n]:" if [ "$YESORNO" = FALSE ] ; then abort_installation fi getyesorno TRUE "The upgradation will overwrite the old files. Do you want to backup the current rsawebagent to rsawebagent.old ? (y/n) [y]:" if [ "$YESORNO" = TRUE ] ; then if [ -d $OLD_WEB_AGENT ]; then echo "" echo "Another Web Agent has already been backed up into $OLD_WEB_AGENT." echo "Please remove or rename existing $OLD_WEB_AGENT directory." abort_installation fi BACKUP_OLD=TRUE else BACKUP_OLD=FALSE fi cp -r $WEB_AGENT $TEMP_WEB_AGENT PREV_INSTL=TRUE fi echo "" echo "Now installing the Web Agent for $WEBSERVERNAME Server Files." echo "" PLUG_IS_INSTLD=TRUE cd $WEB_SERVER_ROOT/ if [ -f $HERE/$OS_DIR/$WEB_AGENT_TAR ]; then tar xvf $HERE/$OS_DIR/$WEB_AGENT_TAR elif [ -f $HERE/$OS_DIR/$WEB_AGENT_TAR_GZ ]; then tar xzvf $HERE/$OS_DIR/$WEB_AGENT_TAR_GZ elif [ -f $HERE/$WEB_AGENT_TAR ]; then tar xvf $HERE/$WEB_AGENT_TAR elif [ -f $HERE/$WEB_AGENT_TAR_GZ ]; then tar xzvf $HERE/$WEB_AGENT_TAR_GZ elif [ -d $HERE/$WEB_AGENT_DIR ]; then cp -r $HERE/$WEB_AGENT_DIR . else echo Error $HERE/$WEB_AGENT_TAR, $HERE/$WEB_AGENT_TAR_GZ or $HERE/$WEB_AGENT_DIR does not exist fi if [ -d $HERE/$WEB_AGENT_DOC ]; then cp -r $HERE/$WEB_AGENT_DOC $WEB_AGENT_DIR fi if [ -d $HERE/$WEB_AGENT_README ]; then cp -r $HERE/$WEB_AGENT_README $WEB_AGENT_DIR fi if [ -f $WEB_AGENT_DIR/librwtool.so.2 ]; then chmod +x $WEB_AGENT_DIR/librwtool.so.2 if [ "$APACHE_LIB" != "" ]; then if [ -d $APACHE_LIB ]; then cp $WEB_AGENT_DIR/librwtool.so.2 $APACHE_LIB fi if [ ! -f $APACHE_LIB/librwtool.so.2 ]; then echo Error: Could not copy $WEB_AGENT_DIR/librwtool.so.2 into $APACHE_LIB fi fi fi if [ "$MPM_WORKER_CONFIG" = TRUE ] ; then cd $WEB_SERVER_ROOT/$WEB_AGENT_DIR mv aceapi_rpc_server aceapi_rpc_server.org cd $WEB_SERVER_ROOT/$WEB_AGENT_DIR/Plugins mv libaceauth.so libaceauth_pre_fork_mpm.so.org tar xvf libaceauth_mpm_worker.tar echo "The Web Agent is setup for Apache worker MPM cofiguration." else echo "The Web Agent is setup for Apache pre-fork MPM cofiguration." fi chmod -R 700 $WEB_AGENT } ############################################################ # All done now create uninstall script. ############################################################ create_uninstall() { ############################################################ thedate=`date` UNINSTALL_SCRIPT=$WEB_AGENT/uninstall echo "Creating uninstall script $UNINSTALL_SCRIPT...." if [ -f $UNINSTALL_SCRIPT ] ; then mv $UNINSTALL_SCRIPT $UNINSTALL_SCRIPT.old fi cat > $UNINSTALL_SCRIPT <<DEBUT #!/bin/sh # Created by RSA Authentication Agent for Web install script on $thedate # to be used to uninstall Web Agent # DEBUT if [ "$PREV_INSTL" = TRUE ] ; then cat >> $UNINSTALL_SCRIPT <<DEBUT # RSA Authentication Agent Upgraded from version $myOldVersion to $myNewVersion # DEBUT fi cat >> $UNINSTALL_SCRIPT <<DEBUT ############ # First check if httpd is running ############ a=\`ps -ecf | grep -v grep | egrep "$PROCESS_LIST" | egrep -v "https-adms" | wc -l\` if [ \$a != 0 ] ; then ans="" until [ "\$ans" = "y" ] || [ "\$ans" = "n" ] do echo echo "We recommend you stop the Web server before un-installing the Agent." echo "Do you want to continue (y/n)" read ans ans=\`echo \$ans | tr '[A-Z]' '[a-z]'\` done if [ "\$ans" = "n" ] ; then exit 1 fi isrunning="1" fi ############ # Second verify need to uninstall ############ ans="" until [ "\$ans" = "y" ] || [ "\$ans" = "n" ] do echo "Uninstalling Web Agent." echo "Are you sure you want to continue (y/n)" read ans ans=\`echo \$ans | tr '[A-Z]' '[a-z]'\` done if [ "\$ans" != "y" ] ; then exit 1 fi ########### # Stop the RSALogoffCookieService if it is running. ########### a=\`ps -ecf | grep -v grep | egrep "RSALogo" | wc -l\` if [ \$a != 0 ] ; then a=\`ps -e | grep "RSALogo" | sort -u | sed -e 's:?::' -e 's:[a-z]*[A-Z]*\/[0-9]*[a-z]*[A-Z]*::' -e 's:[0-9]*\:[0-9]*\:*[0-9]*::' -e 's:RSALogoffCookie::' -e 's:RSALog[a-z]*[A-Z]*::'\` kill -9 \$a fi ###### # The logic for putting back the "old", (saved). # Web Agent seems incomplete for the "old" # Agent files and configuration are not propertly # restored. ...So, for now, we will not enable # the "putting back". ###### #if [ -d $OLD_WEB_AGENT ] ; then ############ # There is an old agent let's put back in place ############ # mv $OLD_WEB_AGENT $WEB_AGENT #else ################################## ############ # Third find RSA lines in httpd.conf and delete them ############ DEBUT if [ "$WEBSERVER" = "iplanet" ] ; then cat >> $UNINSTALL_SCRIPT <<DEBUT egrep -v "mod_rsawa_iplanet.so|RSAWebAgentInstallPath" $CONF_FILE > $CONF_TMP cp -f $CONF_TMP $CONF_FILE for i in \`ls $WEB_SERVER_ROOT/config/*obj.conf \` do egrep -v "mod_rsawa_url_translator|mod_rsawa_service_auth" "\$i" > $OBJCONF_TMP cp -f $OBJCONF_TMP "\$i" done rm $OBJCONF_TMP DEBUT else cat >> $UNINSTALL_SCRIPT <<DEBUT cat $CONF_FILE | awk 'BEGIN { printon = 1 } { if ( \$0 ~ /BEGIN_RSA_BLOCK/ ) printon = 0 if ( printon == 1 ) print if ( \$0 ~ /END_RSA_BLOCK/ ) printon = 1 }' > $CONF_TMP cp -f $CONF_TMP $CONF_FILE DEBUT fi cat >> $UNINSTALL_SCRIPT <<DEBUT if [ "\$isrunning" = "1" ] ; then $WEB_AGENT/reloadWebAgent fi rm $CONF_TMP ############ # Fourth remove rsawebagent directory ############ cd "${WEB_AGENT}/.." rm -rf $WEB_AGENT ###### # "fi" belongs to the blocked out functionality to # restore the "old" Web Agent. See prior comments # on "old" Web Agent. ###### ####fi echo "" echo "************************************************************************" echo "* Successfully uninstalled RSA Authentication Agent v7.0 for Web for $WEBSERVERNAME" echo "************************************************************************" DEBUT chmod 500 $UNINSTALL_SCRIPT echo "Done creating uninstall script $UNINSTALL_SCRIPT" } umask 077 #getservername "Please enter the Web Server " 1 #echo "Installing WebAgent for $WEBSERVERNAME" check_if_webserver_running startup_screen check_sdconf check_platform setup_paths check_webserver install_webagent create_uninstall edit_conf edit_ini if [ "$INSTALL_USER" = "root" ]; then if [ "$INSTALL_USER" != "$SERVER_USER" ]; then chown -R $SERVER_USER $WEB_AGENT fi if [ "$SERVER_GROUP" != "" ]; then chgrp -R $SERVER_GROUP $WEB_AGENT fi fi chmod -R 4700 $WEB_AGENT/ace* $WEB_AGENT/registerWA if [ "$BACKUP_OLD" = FALSE ] ; then if [ -d $TEMP_WEB_AGENT ] ; then rm -rf $TEMP_WEB_AGENT fi elif [ "$BACKUP_OLD" = TRUE ] ; then if [ -d $TEMP_WEB_AGENT ] ; then mv $TEMP_WEB_AGENT $OLD_WEB_AGENT echo "Your previous installation has been backed up to $OLD_WEB_AGENT directory." fi fi if [ "$PREV_INSTL" = TRUE ] ; then echo "" echo "************************************************************************" echo "* Successfully upgraded RSA Authentication Agent v7.0 for Web for $WEBSERVERNAME" echo "************************************************************************" else echo "" echo "************************************************************************" echo "* Successfully installed RSA Authentication Agent v7.0 for Web for $WEBSERVERNAME" echo "************************************************************************" fi echo "* By default every URL is protected " echo "* If you want to unprotect specific URL, run the command :" echo "*" echo "* $WEB_AGENT/protectURL" echo "*" echo "************************************************************************"