ftp.rsa.com

home *** CD-ROM | disk | FTP | other *** search

/ ftp.rsa.com / 2014.05.ftp.rsa.com.tar / ftp.rsa.com / pub / agents / old_AuthenticationAgent_534_PAM.tar / install_pam.sh next >

Wrap

Linux/UNIX/POSIX Shell Script | 2005-06-29 | 14KB | 487 lines

#!/bin/sh # # Installation script for the RSA Authentication Agent 5.3 for PAM. # # #******************************************************************************** #* COPYRIGHT (C) 2003 by RSA Security Inc. #* ---ALL RIGHTS RESERVED--- #******************************************************************************** # ############################################################ # Set default values and commands for the shell script. ############################################################ UNAME=`uname` UNAMER=`uname -r` HOSTNAME=`hostname` USER_NAME="" HERE=`dirname $0` THEPWD=`/bin/pwd` if [ "$HERE" = "." ]; then HERE="$THEPWD" else #if $HERE isn't absolute path add `pwd` to it cd $HERE HERE=`/bin/pwd` cd $THEPWD fi #suji needs to change ######################## ######################## CONFIG_FILE="" PAM_AGENT="/tmp/toto" PAM_AGENT_TAR="sd_pam_agent.tar" PAM_AGENT_MODULE="pam_securid" PAM_AGENT_DOC="doc" PAM_AGENT_README="readme.html" PAM_AGENT_TAR_GZ="$PAM_AGENT_TAR.gz" LICENSE="$HERE/license.txt" LICENSE2="$HERE/license2.txt" MODULE_DIR="/usr/lib/security" PATH_ROOT="" echo_no_nl_mode="unknown" ############################################################################## # Trap # this will trap any escape characters, and allow the program to abort normally # by calling abort_installation ############################################################################## trap 'trap "" 1 2 15; abort_installation' 1 2 15 ############################################################################## # echo_no_nl() # Echo a string with no carriage return (if possible). Must set # $echo_no_nl to "unknown" before using for the first time. ############################################################################## echo_no_nl() { if [ "$echo_no_nl_mode" = "unknown" ] ; then echo_test=`echo \\\c` if [ "$echo_test" = "\c" ] ; then echo_no_nl_mode="-n" else echo_no_nl_mode="\c" fi fi if [ "$echo_no_nl_mode" = "\c" ] ; then echo $* \\c else echo -n $* fi } ############################################################################## # getfilename() # Gets a filename # $1 The string to print to prompt the user # $2 The default value if user hits <Enter> (y/n) # $3 Type : DIRECTORY, EXISTINGFILE, NEWFILE, NEWDIRECTORY # The variable $YESORNO is set in accordance to what the user entered. ############################################################################## getfilename() { ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### theprompt=$1 thedefault=$2 thetype=$3 theans="" until [ -n "$theans" ] ; do echo "" echo_no_nl "$theprompt [$thedefault] " read theans if [ "$theans" = "" ] ; then theans=$thedefault fi case $thetype in DIRECTORY) if [ ! -d "$theans" ]; then echo Directory $theans doesn\'t exist theans="" fi;; READFILE) if [ ! -f "$theans" ]; then echo File $theans doesn\'t exist theans="" elif [ ! -r "$theans" ]; then echo File "$theans" isn\'t readable theans="" fi;; WRITEFILE) if [ ! -f "$theans" ]; then echo File $theans doesn\'t exist theans="" elif [ ! -w "$theans" ]; then echo File "$theans" isn\'t writable theans="" fi;; EXECFILE) if [ ! -f "$theans" ]; then echo File $theans doesn\'t exist theans="" elif [ ! -x "$theans" ]; then echo File "$theans" isn\'t writable theans="" fi;; NEWFILE) if [ -f "$theans" ]; then echo File $theans already exist theans="" elif [ ! -d `dirname $theans` ]; then echo Directory `dirname $theans` doesn\'t exist theans="" elif [ ! -w `dirname $theans` ]; then echo Directory `dirname $theans` isn\'t writable theans="" fi;; *);; esac done } ############################################################################## # getAcceptDecline() # Gets either a "Accept" or a "Decline" in the traditional (a/d) pattern # $1 The default value if user hits <Enter> (TRUE/FALSE) # $2 The string to print to prompt the user # The variable $AORD is set in accordance to what the user entered. ############################################################################## getAcceptDecline() { ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### AorDdef=$1 AorDprompt=$2 AORD="" until [ -n "$AORD" ] ; do echo "" echo_no_nl $AorDprompt read AORD AORD=`echo $AORD | tr '[a-z]' '[A-Z]'` case "$AORD" in A|ACCEPT ) AORD=TRUE;; D|DECLINE ) AORD=FALSE;; '' ) AORD=$AorDdef;; * ) echo "" echo "Please enter 'A', 'D' or '<return>' " AORD="";; esac done } ############################################################################## # getyesorno() # Gets either a "yes" or a "no" in the traditional (y/n) pattern # $1 The default value if user hits <Enter> (TRUE/FALSE) # $2 The string to print to prompt the user # The variable $YESORNO is set in accordance to what the user entered. ############################################################################## getyesorno() { ##################################################### # Set up line parameters as $1 and $2 are overwritten ##################################################### yesornodef=$1 yesornoprompt=$2 YESORNO="" until [ -n "$YESORNO" ] ; do echo "" echo_no_nl $yesornoprompt read YESORNO case "$YESORNO" in y|Y ) YESORNO=TRUE;; n|N ) YESORNO=FALSE;; '' ) YESORNO=$yesornodef;; * ) echo "" echo "Please enter 'y', 'n' or '<return>' " YESORNO="";; esac done } ############################################################################## # abort_installation() # This subroutine removes files that were recently installed and restores # the previous installation files, if they existed. ############################################################################## abort_installation() { #CP__need to fix this when done. Make sure to set values for each file placed somewhere echo "" echo "Aborting Installation..." exit 1 } ############################################################ # Display the License and Copyright files. ############################################################ startup_screen() { # Changed so that we could have both license files shown getyesorno TRUE "ARE YOU A CUSTOMER ORDERING THIS RSA PRODUCT FROM RSA SECURITY INC., FROM EITHER NORTH AMERICA, SOUTH AMERICA OR THE PEOPLE'S REPUBLIC OF CHINA (EXCLUDING HONG KONG): (y/n) [y]" if [ "$YESORNO" = TRUE ] ; then if [ -f $LICENSE ] ; then more $LICENSE else echo "The License Agreement text file could not be found in the current directory." echo "Installation is aborting..." abort_installation fi else if [ -f $LICENSE2 ] ; then more $LICENSE2 else echo "The License Agreement text file could not be found in the current directory." echo "Installation is aborting..." abort_installation fi fi getAcceptDecline FALSE "Do you accept the License Terms and Conditions stated above? (Accept/Decline) [D]" if [ "$AORD" = FALSE ] ; then abort_installation; fi echo "" echo "" echo "" } ############################################################ # Check to see if the environment variable VAR_ACE is # defined and sdconf.rec exists ############################################################ check_sdconf() { noerror=0 if [ ! -n "$VAR_ACE" ]; then VAR_ACE="/var/ace" fi theans="" while [ "$theans" = "" ] do getfilename "Enter Directory where sdconf.rec is located" $VAR_ACE DIRECTORY if [ ! -f "$theans/sdconf.rec" ]; then echo file "$theans/sdconf.rec" not found theans="" elif [ ! -r "$theans/sdconf.rec" ]; then echo file "$theans/sdconf.rec" not readable: change protection if needed VAR_ACE="$theans" theans="" else if [ "$theans" != "" ]; then VAR_ACE="$theans" fi break fi done } ############################################################ # Check to see if this is a supported platform. ############################################################ check_platform() { case $UNAME in 'SunOS' ) SUN_VERS=`echo $UNAMER ` case "$SUN_VERS" in * ) WHOAMISOL=`/usr/ucb/whoami` OS_DIR="sol" OS_EXT="so" USER_NAME=`echo $WHOAMISOL`;; esac;; 'Linux' ) LNX_VERS=`echo $UNAMER ` case "$LNX_VERS" in * ) WHOAMILNX=`/usr/bin/whoami` OS_DIR="lnxas3" OS_EXT="so" MODULE_DIR="/lib/security" USER_NAME=`echo $WHOAMILNX`;; esac;; 'HP-UX' ) HP_VERS=`echo $UNAMER` case "$HP_VERS" in * ) WHOAMIHP11=`/bin/whoami` OS_DIR="hp11" OS_EXT="1" USER_NAME=`echo $WHOAMIHP11`;; esac;; 'AIX' ) AIX_VERS=`uname -vr | awk '{print $2 * 1000 + $1}'` case "$AIX_VERS" in *) OS_DIR="aix" OS_EXT="so"; USER_NAME=`/usr/bin/whoami` esac;; * ) echo "" echo "Sorry, $UNAME is not currently supported." echo "" abort_installation ;; esac } ############################################################ # Ask the user for the destination of the Agent files and # other installation information, documentation ############################################################ setup_paths() { ########################################### # Get the Agent directory path ########################################### theans="" DEFAULT_AGENT_ROOT="/opt" AGENT_ROOT="" echo "" getfilename "Please enter the root path for the RSA Authentication Agent for PAM directory" $DEFAULT_AGENT_ROOT DIRECTORY if [ "$theans" = "" ]; then theans="$DEFAULT_AGENT_ROOT" fi while [ -d "$theans/pam" ] do echo PAM Agent is already installed in the "$theans/pam" getyesorno TRUE "Would you like to over write it? (y/n) [y]" if [ "$YESORNO" = FALSE ] ; then getfilename "Please enter the root path for the new RSA Authentication Agent for PAM directory" $DEFAULT_AGENT_ROOT DIRECTORY else AGENT_ROOT="$theans" break fi done if [ "$AGENT_ROOT" = "" ]; then AGENT_ROOT="$theans" fi echo "" echo "The RSA Authentication Agent for PAM will be installed in the $AGENT_ROOT directory." } create_conf() { ################# # create sd_pam.conf ################# touch /etc/sd_pam.conf rm /etc/sd_pam.conf echo "#VAR_ACE :: the location where the sdconf.rec, sdstatus.12 and securid files will go" >> /etc/sd_pam.conf echo "VAR_ACE=$VAR_ACE" >> /etc/sd_pam.conf echo "" >> /etc/sd_pam.conf echo "" >> /etc/sd_pam.conf echo "#ENALE_GROUP_SUPPORT :: 1 to enable; 0 to disable group support" >> /etc/sd_pam.conf echo "ENABLE_GROUP_SUPPORT=0" >> /etc/sd_pam.conf echo "" >> /etc/sd_pam.conf echo "" >> /etc/sd_pam.conf echo "#INCL_EXCL_GROUPS :: 1 to always prompt the listed groups for securid authentication (include)" >> /etc/sd_pam.conf echo "# :: 0 to never prompt the listed groups for securid authentication (exclude)" >> /etc/sd_pam.conf echo "INCL_EXCL_GROUPS=0" >> /etc/sd_pam.conf echo "" >> /etc/sd_pam.conf echo "" >> /etc/sd_pam.conf echo "#LIST_OF_GROUPS :: a list of groups to include or exclude...Example" >> /etc/sd_pam.conf echo "LIST_OF_GROUPS=other:wheel:eng:othergroupnames " >> /etc/sd_pam.conf chmod 644 /etc/sd_pam.conf } ############################################################ # Install the RSA Authentication Agent 5.3 for PAM library and documentation. ############################################################ install_pam_agent() { ############## #untar the RPM file ############## cd $AGENT_ROOT/ if [ -f $HERE/$OS_DIR/$PAM_AGENT_TAR ]; then tar xvf $HERE/$OS_DIR/$PAM_AGENT_TAR elif [ -f $HERE/$OS_DIR/$PAM_AGENT_TAR_GZ ]; then tar xzvf $HERE/$OS_DIR/$PAM_AGENT_TAR_GZ else echo Error $HERE/$OS_DIR/$PAM_AGENT_TAR or $HERE/$OS_DIR/$PAM_AGENT_TAR_GZ does not exist abort_installation fi if [ -d $HERE/$PAM_AGENT_DOC ]; then cp -r $HERE/$PAM_AGENT_DOC $WEB_AGENT_DIR fi if [ -f $HERE/$PAM_AGENT_README ]; then cp $HERE/$PAM_AGENT_README $WEB_AGENT_DIR fi if [ -f $AGENT_ROOT/pam/lib/$PAM_AGENT_MODULE.$OS_EXT ]; then cp $HERE/uninstall* $AGENT_ROOT/pam cp $AGENT_ROOT/pam/lib/$PAM_AGENT_MODULE.$OS_EXT $MODULE_DIR chmod 755 $MODULE_DIR/$PAM_AGENT_MODULE.$OS_EXT else echo Error Could not find $PAM_AGENT_MODULE.$OS_EXT in $AGENT_ROOT/pam/$OS_DIR directory. abort_installation fi cd $HERE chown -R root $AGENT_ROOT/pam chmod -R 700 $AGENT_ROOT/pam } check_user() { ######################### # make sure user is root ######################### if [ "$USER_NAME" != root ]; then echo "You Must be ROOT to install this agent" abort_installation fi } check_platform check_user startup_screen check_sdconf setup_paths install_pam_agent create_conf echo "" echo "*************************************************************" echo "* You have successfully installed RSA Authentication Agent 5.3 for PAM" echo "*************************************************************" echo ""