#!/bin/sh # # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # In addition, as a special exception, Red Hat, Inc. gives You the additional # right to link the code of this Program with code not covered under the GNU # General Public License ("Non-GPL Code") and to distribute linked combinations # including the two, subject to the limitations in this paragraph. Non-GPL Code # permitted under this exception must only link to the code of this Program # through those well defined interfaces identified in the file named EXCEPTION # found in the source code files (the "Approved Interfaces"). The files of # Non-GPL Code may instantiate templates or use macros or inline functions from # the Approved Interfaces without causing the resulting work to be covered by # the GNU General Public License. Only Red Hat, Inc. may make changes or # additions to the list of Approved Interfaces. You must obey the GNU General # Public License in all respects for all of the Program code and other code used # in conjunction with the Program except the Non-GPL Code covered by this # exception. If you modify this file, you may extend this exception to your # version of the file, but you are not obligated to do so. If you do not wish to # provide this exception without modification, you must delete this exception # statement from your version and license this file solely under the GPL without # exception. # # # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. # Copyright (C) 2005 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # # # Usage ns-keygen password_file fully_qualified_hostname # Example: # ./ns-keygen ../password.txt myhost.redhat.com # # Assumes that NSHOME is Set # if NSHOME is not set, it will be derived from the path of this script, which is # usually NSHOME/bin/slapd/admin/bin if [ $# -ge 2 ] then passwd_file="$1" certDN="$2" else echo "ERROR:Incorrect Usage: $0 password_file certDN" exit fi if [ ! "$NSHOME" ]; then fullpath=`pwd` if echo $0 | grep \^/ > /dev/null 2>&1 ; then # is absolute fullpath=`dirname $0` else # is a relative path - could be ./ or ../ or something else base=`basename $0` if [ "$base" != $0 ]; then # e.g. ns-keygen bare from that directory savedir=$fullpath cd `dirname $0` fullpath=`pwd` cd $savedir fi fi # is $0 relative or absolute path? NSHOME=`echo $fullpath | sed -e s@/bin/slapd/admin/bin@@g` fi # set the LD_LIBRARY_PATH - required for the cert tools TOOL_PATH=$NSHOME/bin/slapd/admin/bin ; export TOOL_PATH # for HPUX SHLIB_PATH=$TOOL_PATH:$TOOL_PATH/../lib:$TOOL_PATH/../../lib:$TOOL_PATH/../../../lib:$TOOL_PATH/../../../../lib:$SHLIB_PATH ; export SHLIB_PATH # for other unix LD_LIBRARY_PATH=$TOOL_PATH:$TOOL_PATH/../lib:$TOOL_PATH/../../lib:$TOOL_PATH/../../../lib:$TOOL_PATH/../../../../lib:$LD_LIBRARY_PATH ; export LD_LIBRARY_PATH #echo password file name is: $passwd_file #echo certDN is: $certDN rm -f key3.db key4.db cert7.db cert8.db secmodule.db secmod.db random.dat keyid.dat # Check for password file # # Set umask for best security # umask 077 # # Create some "random" data. # ps -ale >>random.dat date >>random.dat netstat -a >>random.dat if [ ! -s "$passwd_file" ] then echo "Error:Password file is missing." exit 1 fi # # Set the key database password # $TOOL_PATH/certutil -W -d . -f "$passwd_file" RC=$? if [ $RC != 0 ] then echo "Error:Unable to set the key database password." exit 1 fi # # Create and sign a self-signed certificate for this # server using the server name # $TOOL_PATH/certutil -S -s "$certDN" -x -t u,, \ -v 60 -d . -n Server-Cert -f "$passwd_file" -z random.dat RC=$? if [ $RC != 0 ] then echo "Error:Unable to create the cert." exit 1 fi hostname=`uname -n` # # Copy the key/cert db & password file to the correct place. # keydb=key3.db if [ -f key4.db ] ; then keydb=key4.db fi if [ -f $NSHOME/alias/slapd-$hostname-$keydb ]; then echo "Found existing key database - copying to $NSHOME/alias/slapd-$hostname-$keydb.bak" cp $NSHOME/alias/slapd-$hostname-$keydb $NSHOME/alias/slapd-$hostname-$keydb.bak if [ ! -f $NSHOME/alias/slapd-$hostname-$keydb.orig ] ; then cp $NSHOME/alias/slapd-$hostname-$keydb $NSHOME/alias/slapd-$hostname-$keydb.orig fi fi cp $keydb $NSHOME/alias/slapd-$hostname-$keydb RC=$? if [ $RC != 0 ] then echo "Error:Key Database $keydb could not be copied" exit 1 fi certdb=cert7.db if [ -f cert8.db ] ; then certdb=cert8.db fi if [ -f $NSHOME/alias/slapd-$hostname-$certdb ]; then echo "Found existing cert database - copying to $NSHOME/alias/slapd-$hostname-$certdb.bak" cp $NSHOME/alias/slapd-$hostname-$certdb $NSHOME/alias/slapd-$hostname-$certdb.bak if [ ! -f $NSHOME/alias/slapd-$hostname-$certdb.orig ] ; then cp $NSHOME/alias/slapd-$hostname-$certdb $NSHOME/alias/slapd-$hostname-$certdb.orig fi fi cp $certdb $NSHOME/alias/slapd-$hostname-$certdb RC=$? if [ $RC != 0 ] then echo "Error:Cert Database $certdb could not be copied" exit 1 fi # create and copy pin file passwd=`cat $passwd_file` if [ -f $NSHOME/alias/slapd-$hostname-pin.txt ]; then echo "Found existing pin file - copying to $NSHOME/alias/slapd-$hostname-pin.txt.bak" cp $NSHOME/alias/slapd-$hostname-pin.txt $NSHOME/alias/slapd-$hostname-pin.txt.bak if [ ! -f $NSHOME/alias/slapd-$hostname-pin.txt.orig ]; then cp $NSHOME/alias/slapd-$hostname-pin.txt $NSHOME/alias/slapd-$hostname-pin.txt.orig fi fi echo "Internal (Software) Token:$passwd" > $NSHOME/alias/slapd-$hostname-pin.txt RC=$? if [ $RC != 0 ] then echo "Error:password file could not be copied" exit 1 fi # Test the new location for the files. # # Cleanup rm -f random.dat # # End #