1#!/bin/sh
2# ------------- Begin Post Install Functions -----------------
3# These functions are included by various different installers.
4
5# We assume that the following variables are defined in the main script:
6# amanda_user: the amanda account username
7# amanda_group: the amanda account's group
8# AMANDAHOMEDIR: a directory to use as amanda's home
9# dist: used on linux for the distro.
10# install_log: a log file we append to
11# os: Linux, Mac, Solaris, etc...
12# SYSCONFDIR: location of system config files (ie, /etc)
13# LOGDIR: logging directory for amanda
14# encoder: either base64 or uuencode depending on the default for this platform
15
16#TODO: gnutar-lists dir for solaris??
17
18add_service() {
19    # Only needed on Solaris!
20    entry="amanda       10080/tcp    # amanda backup services"
21    # make sure amanda is in /etc/services
22    if [ -z "`grep 'amanda' ${SYSCONFDIR}/services |grep '10080/tcp'`" ] ; then
23        logger "Adding amanda entry to ${SYSCONFDIR}/services."
24        echo "${entry}" >> ${SYSCONFDIR}/services
25    fi
26
27    # make sure kamanda is in /etc/services
28    entry_2="amanda       10081/tcp    famdc    # amanda backup services (kerberos)"
29    if [ -z "`grep 'kamanda' /etc/services |grep '10081/tcp'`" ] ; then
30        logger "Adding kamanda entry to ${SYSCONFDIR}/services."
31        echo "${entry_2}" >> ${SYSCONFDIR}/services
32    fi
33}
34
35create_amandates() {
36	logger "Creating ${AMANDATES}."
37	if [ ! -f ${AMANDATES} ] ; then
38		touch ${AMANDATES} || { logger "WARNING:  Could not create Amandates." ; return 1; }
39	fi
40}
41
42check_amandates() {
43	logger "Ensuring correct permissions for '${AMANDATES}'."
44	log_output_of chown ${amanda_user}:${amanda_group} ${AMANDATES} || \
45		{ logger "WARNING:  Could not chown ${AMANDATES}" ; return 1; }
46	log_output_of chmod 0640 ${AMANDATES} || \
47		{ logger "WARNING:  Could not fix perms on ${AMANDATES}" ; return 1; }
48	if [ -x /sbin/restorecon ] ; then
49		log_output_of /sbin/restorecon ${AMANDATES} || \
50			{ logger "WARNING:  restorecon execution failed." ; return 1; }
51	fi
52}
53
54create_gnupg() {
55	# Install .gnupg directory
56	if [ ! -d ${AMANDAHOMEDIR}/.gnupg ] ; then
57		logger "Creating '${AMANDAHOMEDIR}/.gnupg'"
58		log_output_of mkdir ${AMANDAHOMEDIR}/.gnupg || \
59			{ logger "WARNING:  Could not create .gnupg dir" ; return 1; }
60	fi
61}
62
63get_random_lines() {
64    # Print $1 lines of random strings to stdout.
65
66    [ "$1" ] && [ $1 -gt 0 ] || \
67        { logger "Error: '$1' not valid number of lines" ; return 1 ; }
68    lines=$1
69    [ -f "${encoder}" ] || \
70        { logger "Warning: Encoder '${encoder}' was not found.  Random passwords cannot be generated." ; return 1; }
71    case ${encoder} in
72        # "foo" is a required parameter that we throw away.
73        *uuencode*) enc_cmd="${encoder} foo" ;;
74        *base64*)   enc_cmd="${encoder}" ;;
75    esac
76    # Uuencode leaves a header (and footer) line, but base64 does not.
77    # So we pad output with an extra line, and strip any trailing lines over
78    # $lines
79    pad_lines=`expr $lines + 1`
80    # Increasing bs= is substantially faster than increasing count=.
81    # The number of bytes needed to start line wrapping is implementation
82    # specific.  base64. 60b > 1 base64 encoded line for all versions tested.
83    block_size=`expr $pad_lines \* 60`
84    # Head -c is not portable.
85    dd bs=${block_size} count=1 if=/dev/urandom 2>/dev/null | \
86            ${enc_cmd} | \
87            head -$pad_lines | \
88            tail -$lines || \
89        { logger "Warning: Error generating random passphrase."; return 1; }
90}
91
92create_ampassphrase() {
93    # install am_passphrase file to server
94    logger "Checking '${AMANDAHOMEDIR}/.am_passphrase' file."
95    if [ ! -f ${AMANDAHOMEDIR}/.am_passphrase ] ; then
96        # Separate file creation from password creation to ease debugging.
97        logger "Creating '${AMANDAHOMEDIR}/.am_passphrase' file."
98        log_output_of touch ${AMANDAHOMEDIR}/.am_passphrase || \
99            { logger "WARNING:  Could not create .am_passphrase." ; return 1; }
100        phrase=`get_random_lines 1` || return 1 # Error already logged
101        echo ${phrase} >>${AMANDAHOMEDIR}/.am_passphrase
102    else
103        logger "Info: ${AMANDAHOMEDIR}/.am_passphrase already exists."
104    fi
105    # Fix permissions for both new or existing installations.
106    log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.am_passphrase || \
107        { logger "WARNING:  Could not chown .am_passphrase" ; return 1; }
108    log_output_of chmod 0600 ${AMANDAHOMEDIR}/.am_passphrase || \
109        { logger "WARNING:  Could not fix permissions on .am_passphrase" ; return 1; }
110}
111
112create_amkey() {
113    [ -f ${AMANDAHOMEDIR}/.am_passphrase ] || \
114        { logger "Error: ${AMANDAHOMEDIR}/.am_passphrase is missing, can't create amcrypt key."; return 1; }
115    logger "Creating encryption key for amcrypt"
116    if [ ! -f ${AMANDAHOMEDIR}/.gnupg/am_key.gpg ]; then
117        # TODO: don't write this stuff to disk!
118        get_random_lines 50 >${AMANDAHOMEDIR}/.gnupg/am_key || return 1
119        exec 3<${AMANDAHOMEDIR}/.am_passphrase
120        # setting homedir prevents some errors, but creates a permissions
121        # warning. perms are fixed in check_gnupg.
122        log_output_of gpg --homedir ${AMANDAHOMEDIR}/.gnupg \
123                --no-permission-warning \
124                --no-use-agent \
125                --armor \
126                --batch \
127                --symmetric \
128                --passphrase-fd 3 \
129                --output ${AMANDAHOMEDIR}/.gnupg/am_key.gpg \
130                ${AMANDAHOMEDIR}/.gnupg/am_key || \
131            { logger "WARNING: Error encrypting keys." ;
132              rm ${AMANDAHOMEDIR}/.gnupg/am_key;
133              return 1; }
134        # Be nice and clean up.
135        exec 3<&-
136    else
137        logger "Info: Encryption key '${AMANDAHOMEDIR}/.gnupg/am_key.gpg' already exists."
138    fi
139    # Always try to delete unencrypted keys
140    rm -f ${AMANDAHOMEDIR}/.gnupg/am_key
141}
142
143check_gnupg() {
144    logger "Ensuring correct permissions for '${AMANDAHOMEDIR}/.gnupg'."
145    log_output_of chown -R ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.gnupg || \
146        { logger "WARNING:  Could not chown .gnupg dir." ; return 1; }
147    log_output_of chmod -R u=rwX,go= ${AMANDAHOMEDIR}/.gnupg || \
148        { logger "WARNING:  Could not set permissions on .gnupg dir." ; return 1; }
149    # If am_key.gpg and .am_passphrase already existed, we should check
150    # if they match!
151    if [ -f ${AMANDAHOMEDIR}/.gnupg/am_key.gpg ] && [ -f ${AMANDAHOMEDIR}/.am_passphrase ]; then
152        exec 3<${AMANDAHOMEDIR}/.am_passphrase
153        # Perms warning will persist because we are not running as ${amanda_user}
154        log_output_of gpg --homedir ${AMANDAHOMEDIR}/.gnupg \
155                --no-permission-warning \
156                --no-use-agent\
157                --batch \
158                --decrypt \
159                --passphrase-fd 3 \
160                --output /dev/null \
161                ${AMANDAHOMEDIR}/.gnupg/am_key.gpg || \
162            { logger "WARNING: .am_passphrase does not decrypt .gnupg/am_key.gpg.";
163                return 1;
164            }
165        # Be nice and clean up.
166        exec 3<&-
167    fi
168}
169
170create_amandahosts() {
171	# Install .amandahosts to server
172	if [ ! -f ${AMANDAHOMEDIR}/.amandahosts ] ; then
173		logger "Creating ${AMANDAHOMEDIR}/.amandahosts"
174        log_output_of touch ${AMANDAHOMEDIR}/.amandahosts || \
175		{ logger "WARNING:  Could not create .amandahosts file." ; return 1; }
176	fi
177}
178
179check_amandahosts_entry() {
180	# Entries for client and server differ slightly
181	# $1 username (root, ${amanda_user})
182	# subsequent parameters are a list of programs to check (amindexd
183	# amidxtaped, or amdump)
184	logger "Checking '${AMANDAHOMEDIR}/.amandahosts' for '${@}' entries."
185	# Generate our grep expression
186	expr=""
187	for prog in ${@} ; do
188		expr=${expr}"[[:blank:]]\+${prog}"
189	done
190	for host in localhost localhost.localdomain ; do
191		logger "Searching .amandahosts for ^${host}${expr}"
192		if `grep "^${host}${expr}" ${AMANDAHOMEDIR}/.amandahosts >> /dev/null` ; then
193			continue
194		else
195			add_amandahosts_entry ${host} ${@}
196		fi
197	done
198}
199
200add_amandahosts_entry() {
201	# Add entries to amandahosts.
202	# $@ is a fully formatted entry for amandahosts
203	logger "Appending '${@}' to amandahosts"
204	echo "${@}" >>${AMANDAHOMEDIR}/.amandahosts || \
205		{ logger "WARNING:  Could not append to .amandahosts" ; return 1; }
206}
207
208check_amandahosts_perms() {
209	logger "Ensuring correct permissions on .amandahosts"
210	log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.amandahosts || \
211		{ logger "WARNING:  Could not chown .amandahosts." ; return 1; }
212	log_output_of chmod 0600 ${AMANDAHOMEDIR}/.amandahosts || \
213		{ logger "WARNING:  Could not fix permissions on .amandahosts" ; return 1; }
214}
215
216create_ssh_key() {
217	# SSH RSA key generation for amdump and amrecover
218	# $1 must be "server" or "client"
219	KEYDIR="${AMANDAHOMEDIR}/.ssh"
220	if [ $1 = "server" ] ; then
221		KEYFILE="id_rsa_amdump"
222	elif [ $1 = "client" ] ; then
223		KEYFILE="id_rsa_amrecover"
224	else
225		logger "Bad parameter to create_ssh_key" ; return 1
226	fi
227	COMMENT="${amanda_user}@$1"
228	if [ ! -d ${KEYDIR} ] ; then
229		if [ -f ${KEYDIR} ] ; then
230			logger "Directory '${KEYDIR}' exists as a file.  Renaming to '${KEYDIR}.save'."
231			log_output_of mv ${KEYDIR} ${KEYDIR}.save || \
232				{ logger "WARNING:  Could not backup old .ssh directory." ; return 1; }
233		fi
234		logger "Creating directory '${KEYDIR}'."
235		log_output_of mkdir ${KEYDIR} || \
236			{ logger "WARNING:  Could not create .ssh dir." ; return 1; }
237	fi
238	if [ ! -f ${KEYDIR}/${KEYFILE} ] ; then
239		logger "Creating ssh RSA key in '${KEYDIR}/${KEYFILE}'"
240		log_output_of ssh-keygen -q -C $COMMENT -t rsa -f ${KEYDIR}/${KEYFILE} -N '' || \
241			{ logger "WARNING:  Error generating ssh key" ; return 1; }
242	fi
243	logger "Setting ownership and permissions for '${KEYDIR}' and '${KEYDIR}/${KEYFILE}*'"
244	log_output_of chown ${amanda_user}:${amanda_group} ${KEYDIR} ${KEYDIR}/${KEYFILE}* || \
245		{ logger "WARNING:  Could not chown one of ${KEYDIR} or ${KEYFILE}"; return 1; }
246	log_output_of chmod 0750 ${KEYDIR} || \
247		{ logger "WARNING:  Could not fix permissions on ${KEYDIR}"; return 1; }
248	log_output_of chmod 0600 ${KEYDIR}/${KEYFILE}* || \
249		{ logger "WARNING:  Could not fix permissions on ${KEYFILE}"; return 1; }
250}
251
252create_profile() {
253	# environment variables (~${amanda_user}/.profile)
254	logger "Checking for '${AMANDAHOMEDIR}/.profile'."
255	if [ ! -f ${AMANDAHOMEDIR}/.profile ] ; then
256		log_output_of touch ${AMANDAHOMEDIR}/.profile || \
257			{ logger "WARNING:  Could not create .profile" ; return 1; }
258	fi
259}
260
261check_profile(){
262    logger "Checking for ${SBINDIR} in path statement."
263    if [ -z "`grep PATH.*${SBINDIR} ${AMANDAHOMEDIR}/.profile`" ] ; then
264        echo "PATH=\"\$PATH:${SBINDIR}\"" >>${AMANDAHOMEDIR}/.profile || \
265            { logger "WARNING:  Could not append to .profile" ; return 1; }
266        echo "export PATH" >>${AMANDAHOMEDIR}/.profile
267    fi
268    case $os in
269      SunOS)
270        sun_paths=/opt/csw/bin:/usr/ucb:${AMANDAHOMEDIR}/sbin
271        if [ -z "`grep PATH ${AMANDAHOMEDIR}/.profile | grep ${sun_paths}`" ] ; then
272            echo "PATH=\"$PATH:${SBINDIR}:${sun_paths}\"" >>${AMANDAHOMEDIR}/.profile
273        fi
274      ;;
275    esac
276    logger "Setting ownership and permissions for '${AMANDAHOMEDIR}/.profile'"
277    log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.profile || \
278        { logger "WARNING:  Could not chown .profile." ; return 1; }
279    log_output_of chmod 0640 ${AMANDAHOMEDIR}/.profile || \
280        { logger "WARNING:  Could not fix permissions on .profile" ; return 1; }
281}
282
283install_client_conf() {
284    # Install client config
285    if [ "$os" = "SunOS" ] ; then
286        install="install -m 0600 -u ${amanda_user} -g ${amanda_group}"
287    else
288        install="install -m 0600 -o ${amanda_user} -g ${amanda_group}"
289    fi
290    logger "Checking '${SYSCONFDIR}/amanda/amanda-client.conf' file."
291    if [ ! -f ${SYSCONFDIR}/amanda/amanda-client.conf ] ; then
292        logger "Installing amanda-client.conf."
293        log_output_of ${install} ${AMANDAHOMEDIR}/example/amanda-client.conf \
294            ${SYSCONFDIR}/amanda/ || \
295                { logger "WARNING:  Could not install amanda-client.conf" ; return 1; }
296    else
297        logger "Note: ${SYSCONFDIR}/amanda/amanda-client.conf exists. Please check ${AMANDAHOMEDIR}/example/amanda-client.conf for updates."
298    fi
299}
300
301create_amtmp() {
302	# Check for existence of and permissions on ${AMTMP}
303	logger "Checking for '${AMTMP}' dir."
304	if [ ! -d ${AMTMP} ]; then
305		logger "Create '${AMTMP}' dir."
306		log_output_of mkdir ${AMTMP} || \
307			{ logger "WARNING:  Could not create ${AMTMP}." ; return 1; }
308		log_output_of chown ${amanda_user}:${amanda_group} ${AMTMP} || \
309			{ logger "WARNING:  Could not chown ${AMTMP}" ; return 1; }
310	fi
311}
312
313# ------------- End Post Install Functions -----------------
314