Subversion Repositories ALCASAR

Rev

Rev 1740 | Rev 1744 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1740 Rev 1743
1 
#!/bin/sh
 1 
#!/bin/sh
2 
 
 2 
 
3 
# alcasar-importcert.sh
 3 
# alcasar-importcert.sh
4 
# by Raphaël, Hugo, Clément, Bettyna & rexy
 4 
# by Raphaël, Hugo, Clément, Bettyna & rexy
5 
 
 5 
 
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
8 
# Script permettant
 8 
# Script permettant
9 
# - d'importer des certificats sur Alcasar
 9 
# - d'importer des certificats sur Alcasar
10 
# - de revenir au certificat par default
 10 
# - de revenir au certificat par default
11 
 
 11 
 
12 
# This script allows
 12 
# This script allows
13 
# - to import a certificate in Alcasar
 13 
# - to import a certificate in Alcasar
14 
# - to go back to the default certificate
 14 
# - to go back to the default certificate
15 
 
 15 
 
16 
SED="/bin/sed -ri"
 16 
SED="/bin/sed -ri"
17 
DIR_CERT="/etc/pki/tls"
 17 
DIR_CERT="/etc/pki/tls"
18 
CONF_FILE="/usr/local/etc/alcasar.conf"
 18 
CONF_FILE="/usr/local/etc/alcasar.conf"
19 
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
 19 
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
20 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 20 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
21 
 
 21 
 
22 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
 22 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
23 
nb_args=$#
 23 
nb_args=$#
24 
arg1=$1
 24 
arg1=$1
25 
 
 25 
 
26 
 
 26 
 
27 
function defaultNdd()
 27 
function defaultNdd()
28 
{
 28 
{
29 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
 29 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
30 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
 30 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
31 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
 31 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
32 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
 32 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
33 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
 33 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
34 
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
 34 
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
35 
	hostnamectl set-hostname alcasar.localdomain
 35 
	hostnamectl set-hostname alcasar.localdomain
36 
	$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
 36 
	$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
37 
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
 37 
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
- 
 
 38 
	$SED "s/:.*:/:alcasar.localdomain:/g" /usr/local/etc/digest/key_*
38 
}
 39 
}
39 
 
 40 
 
40 
function defaultCert()
 41 
function defaultCert()
41 
{
 42 
{
42 
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
 43 
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
43 
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
 44 
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
44 
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
 45 
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
45 
	then
 46 
	then
46 
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
 47 
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
47 
	else
48 
	#else
48 
		rm -f $DIR_CERT/certs/server-chain.crt
 49 
	#	rm -f $DIR_CERT/certs/server-chain.crt
49 
	fi
 50 
	fi
50 
}
 51 
}
51 
 
 52 
 
52 
function domainName() # change the domain name in the conf files
 53 
function domainName() # change the domain name in the conf files
53 
{
 54 
{
54 
 
 55 
 
55 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
 56 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
56 
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
 57 
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
57 
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
 58 
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
58 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
 59 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
59 
	if [ "$fqdn" != "" ]
 60 
	if [ "$fqdn" != "" ]
60 
	then
 61 
	then
61 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
 62 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
62 
		cat <<EOF > /etc/hosts
 63 
		cat <<EOF > /etc/hosts
63 
127.0.0.1	localhost
 64 
127.0.0.1	localhost
64 
$PRIVATE_IP	$fqdn $hostname
 65 
$PRIVATE_IP	$fqdn $hostname
65 
EOF
 66 
EOF
66 
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
 67 
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
67 
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
 68 
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
68 
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
 69 
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
69 
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
 70 
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
70 
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
 71 
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
71 
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
 72 
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
72 
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
 73 
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
73 
		hostnamectl set-hostname $fqdn
 74 
		hostnamectl set-hostname $fqdn
74 
		$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
 75 
		$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
75 
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
 76 
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
- 
 
 77 
		$SED "s/:.*:/:$fqdn:/g" /usr/local/etc/digest/key_*
76 
	fi
 78 
	fi
77 
}
 79 
}
78 
 
 80 
 
79 
function certImport()
 81 
function certImport()
80 
{
 82 
{
81 
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
 83 
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
82 
	then
 84 
	then
83 
		echo "Backup of old cert (alcasar.crt)"
 85 
		echo "Backup of old cert (alcasar.crt)"
84 
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
 86 
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
85 
	fi
 87 
	fi
86 
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
 88 
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
87 
	then
 89 
	then
88 
		echo "Backup of old private key (alcasar.key)"
 90 
		echo "Backup of old private key (alcasar.key)"
89 
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
 91 
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
90 
	fi
 92 
	fi
91 
	cp $cert $DIR_CERT/certs/alcasar.crt
 93 
	cp $cert $DIR_CERT/certs/alcasar.crt
92 
	cp $key $DIR_CERT/private/alcasar.key
 94 
	cp $key $DIR_CERT/private/alcasar.key
93 
 
 95 
 
- 
 
 96 
	rm $cert $key
- 
 
 97 
 
94 
	chown root:apache $DIR_CERT/certs/alcasar.crt
 98 
	chown root:apache $DIR_CERT/certs/alcasar.crt
95 
	chown root:apache $DIR_CERT/private/alcasar.key
 99 
	chown root:apache $DIR_CERT/private/alcasar.key
96 
 
 100 
 
97 
	chmod 750 $DIR_CERT/certs/alcasar.crt
 101 
	chmod 750 $DIR_CERT/certs/alcasar.crt
98 
	chmod 750 $DIR_CERT/private/alcasar.key
 102 
	chmod 750 $DIR_CERT/private/alcasar.key
99 
	if [ "$sc" != "" ]
 103 
	if [ "$sc" != "" ]
100 
	then
 104 
	then
101 
		echo "cert-chain exists"
 105 
		echo "cert-chain exists"
102 
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
 106 
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
103 
		then
 107 
		then
104 
			echo "Backup of old cert-chain (server-chain.crt)"
 108 
			echo "Backup of old cert-chain (server-chain.crt)"
105 
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
 109 
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
106 
		fi
 110 
		fi
107 
		cp $sc $DIR_CERT/certs/server-chain.crt
 111 
		cp $sc $DIR_CERT/certs/server-chain.crt
- 
 
 112 
		rm $sc
108 
		chown root:apache $DIR_CERT/certs/server-chain.crt
 113 
		chown root:apache $DIR_CERT/certs/server-chain.crt
109 
		chmod 750 $DIR_CERT/certs/server-chain.crt
 114 
		chmod 750 $DIR_CERT/certs/server-chain.crt
110 
	fi
 115 
	fi
111 
}
 116 
}
112 
 
 117 
 
113 
 
 118 
 
114 
if [ $nb_args -eq 0 ]
 119 
if [ $nb_args -eq 0 ]
115 
then
 120 
then
116 
	echo "$usage"
 121 
	echo "$usage"
117 
	exit 1
 122 
	exit 1
118 
fi
 123 
fi
119 
 
 124 
 
120 
case $arg1 in
 125 
case $arg1 in
121 
	-\? | -h* | --h*)
 126 
	-\? | -h* | --h*)
122 
		echo "$usage"
 127 
		echo "$usage"
123 
		exit 0
 128 
		exit 0
124 
		;;
 129 
		;;
125 
	-i)
 130 
	-i)
126 
		arg3=$3
 131 
		arg3=$3
127 
		arg5=$5
 132 
		arg5=$5
128 
		cert=$2
 133 
		cert=$2
129 
		key=$4
 134 
		key=$4
130 
		sc=$6
 135 
		sc=$6
131 
 
 136 
 
132 
		if [ "$cert" == "" ] || [ "$key" == "" ]
 137 
		if [ "$cert" == "" ] || [ "$key" == "" ]
133 
		then
 138 
		then
134 
			echo "$usage"
 139 
			echo "$usage"
135 
			exit 1
 140 
			exit 1
136 
		fi
 141 
		fi
137 
 
 142 
 
138 
		if [ ! -f "$cert" -o ! -f "$key" ]
 143 
		if [ ! -f "$cert" -o ! -f "$key" ]
139 
		then
 144 
		then
140 
			echo "Certificate and/or private key not found"
 145 
			echo "Certificate and/or private key not found"
141 
			exit 1
 146 
			exit 1
142 
		fi
 147 
		fi
143 
 
 148 
 
144 
		if [ ${cert: -4} != ".crt" ]
 149 
		if [ ${cert: -4} != ".crt" ]
145 
		then
 150 
		then
146 
			echo "Invalid certificate file"
 151 
			echo "Invalid certificate file"
147 
			exit 1
 152 
			exit 1
148 
		fi
 153 
		fi
149 
 
 154 
 
150 
		if [ ${key: -4} != ".key" ]
 155 
		if [ ${key: -4} != ".key" ]
151 
		then
 156 
		then
152 
			echo "Invalid private key"
 157 
			echo "Invalid private key"
153 
			exit 1
 158 
			exit 1
154 
		fi
 159 
		fi
155 
 
 160 
 
156 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
 161 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
157 
		then
 162 
		then
158 
			echo "No server-chain given"
 163 
			echo "No server-chain given"
159 
			echo "Importing certificate $cert with private key $key"
 164 
			echo "Importing certificate $cert with private key $key"
160 
			sc=""
 165 
			sc=""
161 
		else
 166 
		else
162 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
 167 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
163 
		fi
 168 
		fi
164 
		domainName $cert
 169 
		domainName $cert
165 
		certImport $cert $key $sc
 170 
		certImport $cert $key $sc
166 
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
 171 
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
167 
		do
 172 
		do
168 
			echo "restarting $services"; systemctl restart $services; sleep 1
 173 
			echo "restarting $services"; systemctl restart $services; sleep 1
169 
		done
 174 
		done
170 
		;;
 175 
		;;
171 
	-d)
 176 
	-d)
172 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
 177 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
173 
		then
 178 
		then
174 
			echo "Restoring default certificate"
 179 
			echo "Restoring default certificate"
175 
			defaultCert
 180 
			defaultCert
176 
			defaultNdd
 181 
			defaultNdd
177 
			for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
 182 
			for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
178 
			do
 183 
			do
179 
				echo "restarting $services"; systemctl restart $services; sleep 1
 184 
				echo "restarting $services"; systemctl restart $services; sleep 1
180 
			done
 185 
			done
181 
		fi
 186 
		fi
182 
		;;
 187 
		;;
183 
	*)
 188 
	*)
184 
		echo "$usage"
 189 
		echo "$usage"
185 
		;;
 190 
		;;
186 
esac
 191 
esac
187 
 
 192