summaryrefslogtreecommitdiffstats
path: root/ldap/cm/newinst/ns-keygen
blob: c959f402ef45098db9ae746f5e3cd7da62cb8e61 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

#!/bin/sh 
#
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
# Copyright (C) 2005 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
#
# Usage  ns-keygen password_file fully_qualified_hostname
# Example:
#	./ns-keygen  ../password.txt myhost.redhat.com
#
# Assumes that NSHOME is Set
# if NSHOME is not set, it will be derived from the path of this script, which is
# usually NSHOME/bin/slapd/admin/bin

if [ $# -ge 2 ]
then 
 	passwd_file="$1"
	certDN="$2"
else
	echo "ERROR:Incorrect Usage: $0 password_file certDN"
	exit
fi

if [ ! "$NSHOME" ]; then
	fullpath=`pwd`
	if echo $0 | grep \^/ > /dev/null 2>&1 ; then # is absolute
		fullpath=`dirname $0`
	else # is a relative path - could be ./ or ../ or something else
		base=`basename $0`
		if [ "$base" != $0 ]; then # e.g. ns-keygen bare from that directory
			savedir=$fullpath
			cd `dirname $0`
			fullpath=`pwd`
			cd $savedir
		fi
	fi
	# is $0 relative or absolute path?
	NSHOME=`echo $fullpath | sed -e s@/bin/slapd/admin/bin@@g`
fi

# set the LD_LIBRARY_PATH - required for the cert tools
TOOL_PATH=$NSHOME/bin/slapd/admin/bin ; export TOOL_PATH
# for HPUX
SHLIB_PATH=$TOOL_PATH:$TOOL_PATH/../lib:$TOOL_PATH/../../lib:$TOOL_PATH/../../../lib:$TOOL_PATH/../../../../lib:$SHLIB_PATH ; export SHLIB_PATH
# for other unix
LD_LIBRARY_PATH=$TOOL_PATH:$TOOL_PATH/../lib:$TOOL_PATH/../../lib:$TOOL_PATH/../../../lib:$TOOL_PATH/../../../../lib:$LD_LIBRARY_PATH ; export LD_LIBRARY_PATH

#echo password file name is: $passwd_file
#echo certDN is: $certDN

rm -f key3.db key4.db cert7.db cert8.db secmodule.db secmod.db random.dat keyid.dat

# Check for  password file

#
# Set umask for best security
#
umask 077 

#
# Create some "random" data. 
#
ps -ale >>random.dat
date >>random.dat
netstat -a >>random.dat

if [ ! -s "$passwd_file" ]
then
	echo "Error:Password file is missing."
	exit 1
fi

#
# Set the key database password
#
$TOOL_PATH/certutil -W -d . -f "$passwd_file"
RC=$?
if [ $RC != 0 ]
then 
	echo "Error:Unable to set the key database password."
	exit 1
fi

#
# Create and sign a self-signed certificate for this
# server using the server name
#
$TOOL_PATH/certutil -S -s "$certDN" -x -t u,, \
 -v 60 -d . -n Server-Cert -f "$passwd_file" -z random.dat
RC=$?
if [ $RC != 0 ]
then 
	echo "Error:Unable to create the cert."
	exit 1
fi

hostname=`uname -n`

#
# Copy the key/cert db & password file to the correct place.
#
keydb=key3.db
if [ -f key4.db ] ; then
	keydb=key4.db
fi

if [ -f $NSHOME/alias/slapd-$hostname-$keydb ]; then
	echo "Found existing key database - copying to $NSHOME/alias/slapd-$hostname-$keydb.bak"
	cp $NSHOME/alias/slapd-$hostname-$keydb $NSHOME/alias/slapd-$hostname-$keydb.bak
	if [ ! -f $NSHOME/alias/slapd-$hostname-$keydb.orig ] ; then
		cp $NSHOME/alias/slapd-$hostname-$keydb $NSHOME/alias/slapd-$hostname-$keydb.orig
	fi
fi
cp $keydb $NSHOME/alias/slapd-$hostname-$keydb
RC=$?
if [ $RC != 0 ]
then 
	echo "Error:Key Database $keydb could not be copied"
	exit 1
fi

certdb=cert7.db
if [ -f cert8.db ] ; then
	certdb=cert8.db
fi
if [ -f $NSHOME/alias/slapd-$hostname-$certdb ]; then
	echo "Found existing cert database - copying to $NSHOME/alias/slapd-$hostname-$certdb.bak"
	cp $NSHOME/alias/slapd-$hostname-$certdb $NSHOME/alias/slapd-$hostname-$certdb.bak
	if [ ! -f $NSHOME/alias/slapd-$hostname-$certdb.orig ] ; then
		cp $NSHOME/alias/slapd-$hostname-$certdb $NSHOME/alias/slapd-$hostname-$certdb.orig
	fi
fi
cp $certdb $NSHOME/alias/slapd-$hostname-$certdb
RC=$?
if [ $RC != 0 ]
then 
	echo "Error:Cert Database $certdb could not be copied"
	exit 1
fi

# create and copy pin file
passwd=`cat $passwd_file`
if [ -f $NSHOME/alias/slapd-$hostname-pin.txt ]; then
	echo "Found existing pin file - copying to $NSHOME/alias/slapd-$hostname-pin.txt.bak"
	cp $NSHOME/alias/slapd-$hostname-pin.txt $NSHOME/alias/slapd-$hostname-pin.txt.bak
	if [ ! -f $NSHOME/alias/slapd-$hostname-pin.txt.orig ]; then
		cp $NSHOME/alias/slapd-$hostname-pin.txt $NSHOME/alias/slapd-$hostname-pin.txt.orig
	fi
fi
echo "Internal (Software) Token:$passwd" > $NSHOME/alias/slapd-$hostname-pin.txt
RC=$?
if [ $RC != 0 ]
then 
	echo "Error:password file could not be copied"
	exit 1
fi
# Test the new location for the files.

#
# Cleanup
rm -f random.dat

#
# End
#
generated by cgit (git 2.34.1) at 2025-01-07 12:09:21 +0000