#!/bin/sh pre_install() { if [ 1 = 0 ] ; then groupadd -r sso 2>/dev/null || : else pw groupadd sso 2>/dev/null || : fi if [ 1 = 0 ] ;then useradd sso -c "Parallels SSO system user" -d /usr/local/var/lib/sso -g sso -s /bin/false -M -r 2>/dev/null || : else pw useradd sso -c "Parallels SSO system user" -d /usr/local/var/lib/sso -g sso -s /usr/sbin/nologin 2>/dev/null || : fi } if [ "X${SSO_INSTALLER_DEBUG}" != "X" ]; then set -x fi if [ 1 = 0 ] ;then pre_install fi # Checks whether initial schema has been uploaded to database. This # funciton should be changed in future to allow DB schema upgrades. check_database() { echo if test -e $DBFILE then echo "DB file already exists, updating..." CURDIR=`pwd` cd /usr/local/sso sw-engine process/DBMigrate.php /usr/local/etc/sso/sso_config.ini if [ 1 = 0 ] ; then chown $USER:root $DBFILE || err "Can not set owner for DB file" else chown $USER:wheel $DBFILE || err "Can not set owner for DB file" fi cd $CURDIR return fi echo "Creating initial database" if [ 1 = 0 ] ; then su -m $USER -s /bin/sh -c "sqlite3 $DBFILE < $SCHEMAFILE" || err "Can not create DB." else su -m $USER -c "sqlite3 $DBFILE < $SCHEMAFILE" || err "Can not create DB." fi sqlite3 $DBFILE "INSERT INTO idp_info VALUES ('$INST_ID')" || err "Can not set installation identifier." echo echo "Initial database created" } # Generates self-signed certificate for SSL connections. # check_ssl_certificate() { test -e $SSL_CERT && return test -e $SSL_PUB_CERT && return echo echo "Creating SSL certificate" :> $SSL_CERT :> $SSL_PUB_CERT chmod $SSL_CERT_MODE $SSL_CERT || err chown $USER $SSL_CERT || err chmod $SSL_CERT_MODE $SSL_PUB_CERT || err chown $USER $SSL_PUB_CERT || err dd if=/dev/urandom of=$RANDFILE count=1 2>/dev/null || err RANDFILE=$RANDFILE FQDN=$DEFHOST openssl req -new -x509 -days 3650 -nodes -config $OPENSSLCONF -keyout $SSL_CERT -out $SSL_PUB_CERT cat $SSL_PUB_CERT >> $SSL_CERT openssl gendh -rand $RANDFILE 512 >> $SSL_CERT || err rm -f $RANDFILE echo echo "SSL certificate created" } # Generates self-signed CA certificate for sign application certificates. # check_ssl_ca_certificate() { test -e $SSL_CA_CERT && return echo echo "Creating SSL CA certificate" :> $SSL_CA_CERT chmod $SSL_CERT_MODE $SSL_CA_CERT || err chown $USER $SSL_CA_CERT || err dd if=/dev/urandom of=$RANDFILE count=1 2>/dev/null RANDFILE=$RANDFILE FQDN=$DEFHOST openssl req -new -x509 -days 3650 -nodes -config $OPENSSLCACONF -keyout $SSL_CA_CERT -out $SSL_CA_CERT openssl gendh -rand $RANDFILE 512 >> $SSL_CA_CERT || err rm -f $RANDFILE echo echo "SSL CA certificate created" } check_sso_config() { test -e $$ && return echo echo "Create SSO config" sed -e "s|@@RELAYHOST@@|$DEFHOST|g" < $SSO_CONFIG_IN > $SSO_CONFIG rm -f $SSO_CONFIG_IN echo echo "SSO config created" } init() { check_database check_ssl_certificate check_ssl_ca_certificate } post_install() { DESC="Parallels Single Sign-On Server" USER=sso LOCALSTATEDIR=/usr/local/var/lib/sso DBFILE=$LOCALSTATEDIR/sso.db RANDFILE=$LOCALSTATEDIR/sso.rand DATADIR=/usr/local/share/sso SCHEMAFILE=$DATADIR/db-schema-1.sql OPENSSLCONF=$DATADIR/openssl.conf OPENSSLCACONF=$DATADIR/openssl-ca.conf SYSCONFIGDIR=/usr/local/etc/sso SSL_CERT=$SYSCONFIGDIR/sso.pem SSL_PUB_CERT=$SYSCONFIGDIR/sso-public.pem SSL_CA_CERT=$SYSCONFIGDIR/sso-ca.pem SSL_CERT_MODE=600 INST_ID=`openssl rand 512 | openssl md5` if [ 1 = 0 ] ;then DEFHOST=`hostname -f` else DEFHOST=`hostname` fi if [ 1 = 0 ] ; then chown $USER:root $LOCALSTATEDIR || err else chown $USER:wheel $LOCALSTATEDIR || err fi chown $USER:wheel /usr/local/var/log/sso || err init if [ 1 = 0 ] ; then /etc/init.d/sw-cp-server restart || err "Can not restart web server." else /usr/local/etc/rc.d/sw-cp-server reload || err "Can not restart web server." fi echo } err() { echo "Failed. $1" exit 1 } if [ "X${SSO_INSTALLER_DEBUG}" != "X" ]; then set -x fi if [ 1 = 0 ] ; then post_install else case $2 in PRE-INSTALL) pre_install ;; POST-INSTALL) post_install ;; esac fi