1#!/bin/sh 2# ------------- Begin Post Install Functions ----------------- 3# These functions are included by various different installers. 4 5# We assume that the following variables are defined in the main script: 6# amanda_user: the amanda account username 7# amanda_group: the amanda account's group 8# AMANDAHOMEDIR: a directory to use as amanda's home 9# dist: used on linux for the distro. 10# install_log: a log file we append to 11# os: Linux, Mac, Solaris, etc... 12# SYSCONFDIR: location of system config files (ie, /etc) 13# LOGDIR: logging directory for amanda 14# encoder: either base64 or uuencode depending on the default for this platform 15 16#TODO: gnutar-lists dir for solaris?? 17 18add_service() { 19 # Only needed on Solaris! 20 entry="amanda 10080/tcp # amanda backup services" 21 # make sure amanda is in /etc/services 22 if [ -z "`grep 'amanda' ${SYSCONFDIR}/services |grep '10080/tcp'`" ] ; then 23 logger "Adding amanda entry to ${SYSCONFDIR}/services." 24 echo "${entry}" >> ${SYSCONFDIR}/services 25 fi 26 27 # make sure kamanda is in /etc/services 28 entry_2="amanda 10081/tcp famdc # amanda backup services (kerberos)" 29 if [ -z "`grep 'kamanda' /etc/services |grep '10081/tcp'`" ] ; then 30 logger "Adding kamanda entry to ${SYSCONFDIR}/services." 31 echo "${entry_2}" >> ${SYSCONFDIR}/services 32 fi 33} 34 35create_amandates() { 36 logger "Creating ${AMANDATES}." 37 if [ ! -f ${AMANDATES} ] ; then 38 touch ${AMANDATES} || { logger "WARNING: Could not create Amandates." ; return 1; } 39 fi 40} 41 42check_amandates() { 43 logger "Ensuring correct permissions for '${AMANDATES}'." 44 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDATES} || \ 45 { logger "WARNING: Could not chown ${AMANDATES}" ; return 1; } 46 log_output_of chmod 0640 ${AMANDATES} || \ 47 { logger "WARNING: Could not fix perms on ${AMANDATES}" ; return 1; } 48 if [ -x /sbin/restorecon ] ; then 49 log_output_of /sbin/restorecon ${AMANDATES} || \ 50 { logger "WARNING: restorecon execution failed." ; return 1; } 51 fi 52} 53 54create_gnupg() { 55 # Install .gnupg directory 56 if [ ! -d ${AMANDAHOMEDIR}/.gnupg ] ; then 57 logger "Creating '${AMANDAHOMEDIR}/.gnupg'" 58 log_output_of mkdir ${AMANDAHOMEDIR}/.gnupg || \ 59 { logger "WARNING: Could not create .gnupg dir" ; return 1; } 60 fi 61} 62 63get_random_lines() { 64 # Print $1 lines of random strings to stdout. 65 66 [ "$1" ] && [ $1 -gt 0 ] || \ 67 { logger "Error: '$1' not valid number of lines" ; return 1 ; } 68 lines=$1 69 [ -f "${encoder}" ] || \ 70 { logger "Warning: Encoder '${encoder}' was not found. Random passwords cannot be generated." ; return 1; } 71 case ${encoder} in 72 # "foo" is a required parameter that we throw away. 73 *uuencode*) enc_cmd="${encoder} foo" ;; 74 *base64*) enc_cmd="${encoder}" ;; 75 esac 76 # Uuencode leaves a header (and footer) line, but base64 does not. 77 # So we pad output with an extra line, and strip any trailing lines over 78 # $lines 79 pad_lines=`expr $lines + 1` 80 # Increasing bs= is substantially faster than increasing count=. 81 # The number of bytes needed to start line wrapping is implementation 82 # specific. base64. 60b > 1 base64 encoded line for all versions tested. 83 block_size=`expr $pad_lines \* 60` 84 # Head -c is not portable. 85 dd bs=${block_size} count=1 if=/dev/urandom 2>/dev/null | \ 86 ${enc_cmd} | \ 87 head -$pad_lines | \ 88 tail -$lines || \ 89 { logger "Warning: Error generating random passphrase."; return 1; } 90} 91 92create_ampassphrase() { 93 # install am_passphrase file to server 94 logger "Checking '${AMANDAHOMEDIR}/.am_passphrase' file." 95 if [ ! -f ${AMANDAHOMEDIR}/.am_passphrase ] ; then 96 # Separate file creation from password creation to ease debugging. 97 logger "Creating '${AMANDAHOMEDIR}/.am_passphrase' file." 98 log_output_of touch ${AMANDAHOMEDIR}/.am_passphrase || \ 99 { logger "WARNING: Could not create .am_passphrase." ; return 1; } 100 phrase=`get_random_lines 1` || return 1 # Error already logged 101 echo ${phrase} >>${AMANDAHOMEDIR}/.am_passphrase 102 else 103 logger "Info: ${AMANDAHOMEDIR}/.am_passphrase already exists." 104 fi 105 # Fix permissions for both new or existing installations. 106 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.am_passphrase || \ 107 { logger "WARNING: Could not chown .am_passphrase" ; return 1; } 108 log_output_of chmod 0600 ${AMANDAHOMEDIR}/.am_passphrase || \ 109 { logger "WARNING: Could not fix permissions on .am_passphrase" ; return 1; } 110} 111 112create_amkey() { 113 [ -f ${AMANDAHOMEDIR}/.am_passphrase ] || \ 114 { logger "Error: ${AMANDAHOMEDIR}/.am_passphrase is missing, can't create amcrypt key."; return 1; } 115 logger "Creating encryption key for amcrypt" 116 if [ ! -f ${AMANDAHOMEDIR}/.gnupg/am_key.gpg ]; then 117 # TODO: don't write this stuff to disk! 118 get_random_lines 50 >${AMANDAHOMEDIR}/.gnupg/am_key || return 1 119 exec 3<${AMANDAHOMEDIR}/.am_passphrase 120 # setting homedir prevents some errors, but creates a permissions 121 # warning. perms are fixed in check_gnupg. 122 log_output_of gpg --homedir ${AMANDAHOMEDIR}/.gnupg \ 123 --no-permission-warning \ 124 --no-use-agent \ 125 --armor \ 126 --batch \ 127 --symmetric \ 128 --passphrase-fd 3 \ 129 --output ${AMANDAHOMEDIR}/.gnupg/am_key.gpg \ 130 ${AMANDAHOMEDIR}/.gnupg/am_key || \ 131 { logger "WARNING: Error encrypting keys." ; 132 rm ${AMANDAHOMEDIR}/.gnupg/am_key; 133 return 1; } 134 # Be nice and clean up. 135 exec 3<&- 136 else 137 logger "Info: Encryption key '${AMANDAHOMEDIR}/.gnupg/am_key.gpg' already exists." 138 fi 139 # Always try to delete unencrypted keys 140 rm -f ${AMANDAHOMEDIR}/.gnupg/am_key 141} 142 143check_gnupg() { 144 logger "Ensuring correct permissions for '${AMANDAHOMEDIR}/.gnupg'." 145 log_output_of chown -R ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.gnupg || \ 146 { logger "WARNING: Could not chown .gnupg dir." ; return 1; } 147 log_output_of chmod -R u=rwX,go= ${AMANDAHOMEDIR}/.gnupg || \ 148 { logger "WARNING: Could not set permissions on .gnupg dir." ; return 1; } 149 # If am_key.gpg and .am_passphrase already existed, we should check 150 # if they match! 151 if [ -f ${AMANDAHOMEDIR}/.gnupg/am_key.gpg ] && [ -f ${AMANDAHOMEDIR}/.am_passphrase ]; then 152 exec 3<${AMANDAHOMEDIR}/.am_passphrase 153 # Perms warning will persist because we are not running as ${amanda_user} 154 log_output_of gpg --homedir ${AMANDAHOMEDIR}/.gnupg \ 155 --no-permission-warning \ 156 --no-use-agent\ 157 --batch \ 158 --decrypt \ 159 --passphrase-fd 3 \ 160 --output /dev/null \ 161 ${AMANDAHOMEDIR}/.gnupg/am_key.gpg || \ 162 { logger "WARNING: .am_passphrase does not decrypt .gnupg/am_key.gpg."; 163 return 1; 164 } 165 # Be nice and clean up. 166 exec 3<&- 167 fi 168} 169 170create_amandahosts() { 171 # Install .amandahosts to server 172 if [ ! -f ${AMANDAHOMEDIR}/.amandahosts ] ; then 173 logger "Creating ${AMANDAHOMEDIR}/.amandahosts" 174 log_output_of touch ${AMANDAHOMEDIR}/.amandahosts || \ 175 { logger "WARNING: Could not create .amandahosts file." ; return 1; } 176 fi 177} 178 179check_amandahosts_entry() { 180 # Entries for client and server differ slightly 181 # $1 username (root, ${amanda_user}) 182 # subsequent parameters are a list of programs to check (amindexd 183 # amidxtaped, or amdump) 184 logger "Checking '${AMANDAHOMEDIR}/.amandahosts' for '${@}' entries." 185 # Generate our grep expression 186 expr="" 187 for prog in ${@} ; do 188 expr=${expr}"[[:blank:]]\+${prog}" 189 done 190 for host in localhost localhost.localdomain ; do 191 logger "Searching .amandahosts for ^${host}${expr}" 192 if `grep "^${host}${expr}" ${AMANDAHOMEDIR}/.amandahosts >> /dev/null` ; then 193 continue 194 else 195 add_amandahosts_entry ${host} ${@} 196 fi 197 done 198} 199 200add_amandahosts_entry() { 201 # Add entries to amandahosts. 202 # $@ is a fully formatted entry for amandahosts 203 logger "Appending '${@}' to amandahosts" 204 echo "${@}" >>${AMANDAHOMEDIR}/.amandahosts || \ 205 { logger "WARNING: Could not append to .amandahosts" ; return 1; } 206} 207 208check_amandahosts_perms() { 209 logger "Ensuring correct permissions on .amandahosts" 210 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.amandahosts || \ 211 { logger "WARNING: Could not chown .amandahosts." ; return 1; } 212 log_output_of chmod 0600 ${AMANDAHOMEDIR}/.amandahosts || \ 213 { logger "WARNING: Could not fix permissions on .amandahosts" ; return 1; } 214} 215 216create_ssh_key() { 217 # SSH RSA key generation for amdump and amrecover 218 # $1 must be "server" or "client" 219 KEYDIR="${AMANDAHOMEDIR}/.ssh" 220 if [ $1 = "server" ] ; then 221 KEYFILE="id_rsa_amdump" 222 elif [ $1 = "client" ] ; then 223 KEYFILE="id_rsa_amrecover" 224 else 225 logger "Bad parameter to create_ssh_key" ; return 1 226 fi 227 COMMENT="${amanda_user}@$1" 228 if [ ! -d ${KEYDIR} ] ; then 229 if [ -f ${KEYDIR} ] ; then 230 logger "Directory '${KEYDIR}' exists as a file. Renaming to '${KEYDIR}.save'." 231 log_output_of mv ${KEYDIR} ${KEYDIR}.save || \ 232 { logger "WARNING: Could not backup old .ssh directory." ; return 1; } 233 fi 234 logger "Creating directory '${KEYDIR}'." 235 log_output_of mkdir ${KEYDIR} || \ 236 { logger "WARNING: Could not create .ssh dir." ; return 1; } 237 fi 238 if [ ! -f ${KEYDIR}/${KEYFILE} ] ; then 239 logger "Creating ssh RSA key in '${KEYDIR}/${KEYFILE}'" 240 log_output_of ssh-keygen -q -C $COMMENT -t rsa -f ${KEYDIR}/${KEYFILE} -N '' || \ 241 { logger "WARNING: Error generating ssh key" ; return 1; } 242 fi 243 logger "Setting ownership and permissions for '${KEYDIR}' and '${KEYDIR}/${KEYFILE}*'" 244 log_output_of chown ${amanda_user}:${amanda_group} ${KEYDIR} ${KEYDIR}/${KEYFILE}* || \ 245 { logger "WARNING: Could not chown one of ${KEYDIR} or ${KEYFILE}"; return 1; } 246 log_output_of chmod 0750 ${KEYDIR} || \ 247 { logger "WARNING: Could not fix permissions on ${KEYDIR}"; return 1; } 248 log_output_of chmod 0600 ${KEYDIR}/${KEYFILE}* || \ 249 { logger "WARNING: Could not fix permissions on ${KEYFILE}"; return 1; } 250} 251 252create_profile() { 253 # environment variables (~${amanda_user}/.profile) 254 logger "Checking for '${AMANDAHOMEDIR}/.profile'." 255 if [ ! -f ${AMANDAHOMEDIR}/.profile ] ; then 256 log_output_of touch ${AMANDAHOMEDIR}/.profile || \ 257 { logger "WARNING: Could not create .profile" ; return 1; } 258 fi 259} 260 261check_profile(){ 262 logger "Checking for ${SBINDIR} in path statement." 263 if [ -z "`grep PATH.*${SBINDIR} ${AMANDAHOMEDIR}/.profile`" ] ; then 264 echo "PATH=\"\$PATH:${SBINDIR}\"" >>${AMANDAHOMEDIR}/.profile || \ 265 { logger "WARNING: Could not append to .profile" ; return 1; } 266 echo "export PATH" >>${AMANDAHOMEDIR}/.profile 267 fi 268 case $os in 269 SunOS) 270 sun_paths=/opt/csw/bin:/usr/ucb:${AMANDAHOMEDIR}/sbin 271 if [ -z "`grep PATH ${AMANDAHOMEDIR}/.profile | grep ${sun_paths}`" ] ; then 272 echo "PATH=\"$PATH:${SBINDIR}:${sun_paths}\"" >>${AMANDAHOMEDIR}/.profile 273 fi 274 ;; 275 esac 276 logger "Setting ownership and permissions for '${AMANDAHOMEDIR}/.profile'" 277 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.profile || \ 278 { logger "WARNING: Could not chown .profile." ; return 1; } 279 log_output_of chmod 0640 ${AMANDAHOMEDIR}/.profile || \ 280 { logger "WARNING: Could not fix permissions on .profile" ; return 1; } 281} 282 283install_client_conf() { 284 # Install client config 285 if [ "$os" = "SunOS" ] ; then 286 install="install -m 0600 -u ${amanda_user} -g ${amanda_group}" 287 else 288 install="install -m 0600 -o ${amanda_user} -g ${amanda_group}" 289 fi 290 logger "Checking '${SYSCONFDIR}/amanda/amanda-client.conf' file." 291 if [ ! -f ${SYSCONFDIR}/amanda/amanda-client.conf ] ; then 292 logger "Installing amanda-client.conf." 293 log_output_of ${install} ${AMANDAHOMEDIR}/example/amanda-client.conf \ 294 ${SYSCONFDIR}/amanda/ || \ 295 { logger "WARNING: Could not install amanda-client.conf" ; return 1; } 296 else 297 logger "Note: ${SYSCONFDIR}/amanda/amanda-client.conf exists. Please check ${AMANDAHOMEDIR}/example/amanda-client.conf for updates." 298 fi 299} 300 301create_amtmp() { 302 # Check for existence of and permissions on ${AMTMP} 303 logger "Checking for '${AMTMP}' dir." 304 if [ ! -d ${AMTMP} ]; then 305 logger "Create '${AMTMP}' dir." 306 log_output_of mkdir ${AMTMP} || \ 307 { logger "WARNING: Could not create ${AMTMP}." ; return 1; } 308 log_output_of chown ${amanda_user}:${amanda_group} ${AMTMP} || \ 309 { logger "WARNING: Could not chown ${AMTMP}" ; return 1; } 310 fi 311} 312 313# ------------- End Post Install Functions ----------------- 314