blob: 3ec355f1f9de798422ea4aa26e5481fc4c9d669f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/bin/bash
## BEGIN COPYRIGHT BLOCK
## (C) 2008 Red Hat, Inc.
## All rights reserved.
## END COPYRIGHT BLOCK
## Always switch into this base directory
## prior to script execution so that all
## of its output is written to this directory
cd `dirname $0`
##
## This script MUST be run as root!
##
ROOTUID=0
OS=`uname`
if [ "${OS}" = "Linux" ] ; then
MY_EUID=`/usr/bin/id -u`
MY_UID=`/usr/bin/id -ur`
USERNAME=`/usr/bin/id -un`
else
printf "ERROR: Unsupported operating system '${OS}'!\n"
exit 255
fi
if [ "${MY_UID}" != "${ROOTUID}" ] &&
[ "${MY_EUID}" != "${ROOTUID}" ] ; then
printf "ERROR: The '$0' script must be run as root!\n"
exit 255
fi
##
## Define DEFAULT PKI Instances
##
PKI_DIR="/var/lib"
PKI_CA="pki-ca"
PKI_DRM="pki-kra"
PKI_OCSP="pki-ocsp"
PKI_TKS="pki-tks"
PKI_RA="pki-ra"
PKI_TPS="pki-tps"
##
## NOTE: Always remove "${PKI_CA}" last, as it will most
## likely host the default Security Domain!
##
PKI_INSTANCES="${PKI_TPS} ${PKI_RA} ${PKI_TKS} ${PKI_OCSP} ${PKI_DRM} ${PKI_CA}"
##
## Ask user if is is okay to remove ALL DEFAULT PKI instances
##
printf "REMINDER: PKI instances contain user's PKI data, and consist of\n"
printf " DEFAULT PKI instances and CUSTOMIZED PKI instances.\n\n"
printf " DEFAULT PKI instances are automatically created whenever\n"
printf " one of the PKI subsystems are installed UNLESS that\n"
printf " particular PKI subsystem's DEFAULT PKI instance\n"
printf " already exists.\n\n"
printf " DEFAULT PKI instances consist of the following:\n\n"
printf " CA - ${PKI_DIR}/${PKI_CA}\n"
printf " DRM - ${PKI_DIR}/${PKI_DRM}\n"
printf " OCSP - ${PKI_DIR}/${PKI_OCSP}\n"
printf " RA - ${PKI_DIR}/${PKI_RA}\n"
printf " TKS - ${PKI_DIR}/${PKI_TKS}\n"
printf " TPS - ${PKI_DIR}/${PKI_TPS}\n\n"
while :
do
printf "This script REMOVES ALL DEFAULT PKI instances! "
printf "Is this okay? [yn] "
read ANSWER
printf "\n"
if [ "${ANSWER}" = "Y" ] ||
[ "${ANSWER}" = "y" ] ; then
printf "\n"
break
elif [ "${ANSWER}" = "N" ] ||
[ "${ANSWER}" = "n" ] ; then
printf "\n"
printf "No DEFAULT PKI instances will be removed.\n\n"
exit 255
else
continue
fi
done
##
## Remove ALL DEFAULT PKI Instances present . . .
##
INSTANCES=0
for INSTANCE in ${PKI_INSTANCES} ; do
if [ -d "${PKI_DIR}/${INSTANCE}" ] ; then
INSTANCES=`expr $INSTANCES + 1`
pkiremove -pki_instance_root=${PKI_DIR} -pki_instance_name=${INSTANCE} -force
fi
done
if [ ${INSTANCES} -eq 0 ] ; then
printf "No DEFAULT PKI instances need to be removed.\n\n"
fi
exit 0
|