Subversion Repositories ALCASAR

Rev

Rev 1733 | Rev 1740 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1733 Rev 1736
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
 
 2 
 
3 
# alcasar-importcert.sh
 3 
# alcasar-importcert.sh
4 
# by Raphaël, Hugo, Clément, Bettyna
 4 
# by Raphaël, Hugo, Clément, Bettyna & rexy
5 
 
 5 
 
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
8 
# Script permettant
 8 
# Script permettant
9 
# - d'importer des certificats sur Alcasar
 9 
# - d'importer des certificats sur Alcasar
Line 12... Line 12...
12 
# This script allows
 12 
# This script allows
13 
# - to import a certificate in Alcasar
 13 
# - to import a certificate in Alcasar
14 
# - to go back to the default certificate
 14 
# - to go back to the default certificate
15 
 
 15 
 
16 
SED="/bin/sed -ri"
 16 
SED="/bin/sed -ri"
17 
 
 - 
 
18 
DIR_CERT="/etc/pki/tls"
 17 
DIR_CERT="/etc/pki/tls"
- 
 
 18 
CONF_FILE="/usr/local/etc/alcasar.conf"
- 
 
 19 
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
- 
 
 20 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
19 
 
 21 
 
20 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
 22 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
21 
 
 - 
 
22 
 
 - 
 
23 
nb_args=$#
 23 
nb_args=$#
24 
arg1=$1
 24 
arg1=$1
25 
 
 25 
 
26 
 
 26 
 
27 
# nb_args=$#
 - 
 
28 
# args=$1
 - 
 
29 
# args1=$3
 - 
 
30 
# args2=$5
 - 
 
31 
# cert=$2
 - 
 
32 
# key=$4
 - 
 
33 
# sc=$6
 - 
 
34 
 
 - 
 
35 
function defaultNdd()
 27 
function defaultNdd()
36 
{
 28 
{
37 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
 29 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
38 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
 30 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
39 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
 31 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
40 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
 32 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
41 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
 33 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
- 
 
 34 
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
42 
}
 35 
}
43 
 
 36 
 
44 
function defaultCert()
 37 
function defaultCert()
45 
{
 38 
{
46 
	cd $DIR_CERT
 39 
	cd $DIR_CERT
Line 56... Line 49...
56 
}
 49 
}
57 
 
 50 
 
58 
function domainName() # change the domain name in the conf files
 51 
function domainName() # change the domain name in the conf files
59 
{
 52 
{
60 
 
 53 
 
61 
	ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
 54 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
- 
 
 55 
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
- 
 
 56 
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
62 
	echo $ndd
 57 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
63 
	if [ "$ndd" != "" ]
 58 
	if [ "$fqdn" != "" ]
64 
	then
 59 
	then
65 
		$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
 60 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
- 
 
 61 
		cat <<EOF > /etc/hosts
- 
 
 62 
127.0.0.1	localhost
- 
 
 63 
$PRIVATE_IP	$fqdn $hostname
- 
 
 64 
EOF
- 
 
 65 
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
66 
		$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
 66 
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
67 
		$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
 67 
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
68 
		$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
 68 
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
- 
 
 69 
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
69 
		$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
 70 
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
- 
 
 71 
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
70 
	fi
 72 
	fi
71 
}
 73 
}
72 
 
 74 
 
73 
function certImport()
 75 
function certImport()
74 
{
 76 
{
Line 160... Line 162...
160 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
 162 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
161 
		fi
 163 
		fi
162 
 
 164 
 
163 
		domainName $cert
 165 
		domainName $cert
164 
		certImport $cert $key $sc
 166 
		certImport $cert $key $sc
165 
		systemctl restart chilli.service
 167 
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
- 
 
 168 
			do
166 
		systemctl restart httpd.service
 169 
				systemctl restart $services
- 
 
 170 
			done
167 
		;;
 171 
		;;
168 
	-d)
 172 
	-d)
169 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
 173 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
170 
		then
 174 
		then
171 
			echo "Restoring default certificate"
 175 
			echo "Restoring default certificate"