#!/bin/sh # This script is used to install/update PROTELNETD and SSLeay. SSLDIR=/usr/local/ssl; export SSLDIR LHA=$PRONTO/bin/lharc PROTELLOG=/var/adm/protelnetd.log ########################################################################### get_mount_point () { echo "Enter the directory where the CD-ROM is mounted. " START_CWD=`pwd` MNT=`echo $0 | sed "s,/protnetd/.*,,"` if [ "$MNT" != "" -a -d "$MNT" ] ; then cd "$MNT" MNT=`pwd` elif [ "$0" = "./install" -o "$0" = "./INSTALL" ] ; then cd $START_CWD/.. MNT=`pwd` else if [ -d /cdrom ] ; then MNT="/cdrom" elif [ -d /CDROM ] ; then MNT="/CDROM" else MNT="/mnt" fi fi ans="" while [ "$ans" = "" ] ; do $ECHO "Directory (default $MNT): \c" read ans if [ "$ans" = "" ] ; then ans="$MNT" fi if [ ! -d "$ans" ] ; then echo "Directory $ans does not exist" ans="" else MNT="$ans" fi done } ########################################################################### get_system () { SYS=`uname -a | awk '{ print $1 }'` if [ "$SYS" = "AIX" ] ; then DEFOS=1 elif [ "$SYS" = "SCO_SV" ] ; then DEFOS=2 elif [ "$SYS" = "UnixWare" ] ; then DEFOS=3 elif [ "$SYS" = "UNIX_SV" ] ; then DEFOS=3 elif [ "$SYS" = "OpenUNIX" ] ; then DEFOS=3 elif [ "$SYS" = "OSF1" ] ; then DEFOS=4 elif [ "$SYS" = "HP-UX" ] ; then DEFOS=5 elif [ "$SYS" = "SunOS" ] ; then DEFOS=6 elif [ "$SYS" = "Linux" ] ; then # Get machine (hardware) type M=`uname -m` case "$M" in *ppc*) DEFOS=8 ;; *86*) DEFOS=7 ;; *) DEFOS="" ;; esac else SYS2=`uname -a | awk '{ print $2 }'` if [ "$SYS" = "$SYS2" ] ; then DEFOS=2 else DEFOS="" fi fi while [ "$OS" = "" ] ; do echo " Select Your Operating System and Machine type. 1) IBM RS/6000 (AIX) 2) SCO OpenServer 3) SCO OpenUNIX/UnixWare 4) HP/DEC/Compaq Alpha (OSF/TrueUNIX) 5) HP (HP-UX) 6) Sun Sparc (Solaris 2.x) 7) Linux (Intel x86) 8) Linux (OpenPower - IBM pSeries) 99) Other " if [ "$DEFOS" != "" ] ; then $ECHO "System (default $DEFOS): \c" else $ECHO "System: \c" fi read ans if [ "$ans" = "" ] ; then ans="$DEFOS" fi case "$ans" in 1|aix) OS="AIX" OSVER=`uname -a | awk '{ print $4 }'` if [ "$OSVER" = "4" ] ; then OSCODE="aix4" OSCODEUPPER="AIX4" else OSCODE="aix5" OSCODEUPPER="AIX5" fi ;; 2|sco) OS="SCO OpenServer" OSCODE="sco" OSCODEUPPER="SCO" ;; 3|unixware|uware|uw) OS="Caldera OpenUNIX / SCO Unixware" OSCODE="uw" OSCODEUPPER="UW" ;; 4|dec|osf) OS="DEC/Compaq Alpha (OSF)" OSCODE="osf" OSCODEUPPER="OSF" ;; 5|hp) OS="HP" OSCODE="hp" OSCODEUPPER="HP" ;; 6|sun) echo "NOTE:" echo "The current versions of Solaris no longer provide the required" echo "functionality to support authentication of SSL connections." echo "Until a viable workaround to this limitation is found, SSL" echo "connections to Solaris are not supported or available." exit 1 OS="SUN Solaris 2.x" OSCODE=sun OSCODEUPPER="SUN" ;; 7|linux) OS="Linux (Intel x86)" OSCODE="lin" OSCODEUPPER="LIN" PROTELLOG=/var/log/protelnetd.log ;; 8|plinux) OS="Linux (OpenPower)" OSCODE="plin" OSCODEUPPER="PLIN" PROTELLOG=/var/log/protelnetd.log ;; 99|other) OS="Other" OSCODE="" echo "Sorry, this option is not implemented." exit 1 ;; q|Q|quit|exit) echo Installation aborted. exit 1 ;; esac done } ########################################################################### get_confirmation () { echo " PROTELNETD and SSLeay Installation/Update Details ================================================= Operating System : $OS SSL files will be installed in /usr/local/ssl. protelnetd and protelnetdpwd will be installed in /usr/local/bin. " ans="" while [ "$ans" = "" ] ; do echo " " $ECHO "Confirm [y/n]? \c" read ans case "$ans" in y|Y|yes|YES) ;; n|N|no|NO) echo "Installation aborted" exit 1 ;; *) ans="" ;; esac done # Now generate the name of the required archive file for this platform. if [ ! -d "$MNT/protnetd" -a -d "$MNT/PROTNETD" ] ; then if [ "$LHAFILE" = "" ] ; then LHAFILE="$MNT/PROTNETD/$OSCODEUPPER.LZH" fi else if [ "$LHAFILE" = "" ] ; then LHAFILE="$MNT/protnetd/$OSCODE.lzh" fi fi # Verify that this platform is present on the CD if [ ! -r "$LHAFILE" ] ; then echo " " echo "The required archive file for the requested platform" echo "could not be found." echo "File: $LHAFILE" exit 1 fi if [ "$PRONTO" = "" ] ; then echo "The PRONTO environment must be set in order to locate the" echo "required LHA program to extract the files." exit 1 fi if [ ! -r "$LHA" ] ; then echo "The required LHA program could not be found." echo "File: $LHA" exit 1 fi } ########################################################################### make_dirs () { for d in /usr/local /usr/local/bin $SSLDIR $SSLDIR/bin $SSLDIR/lib \ $SSLDIR/certs $SSLDIR/private $SSLDIR/include do if [ ! -d $d ] ; then mkdir $d if [ $? -ne 0 ] ; then echo "Could not create $d!" echo "Installation aborted." exit 1 fi chown root $d chgrp bin $d chmod 755 $d fi done # Ensure that /usr/local/bin is protected, otherwise it is not safe to # have a program invoked by root there. chown root /usr/local /usr/local/bin chgrp bin /usr/local /usr/local/bin chmod 755 /usr/local /usr/local/bin } ############################################################################## extract_files () { cd /usr/local $LHA x -x $LHAFILE if [ $? -ne 0 ] ; then echo " " echo " " echo "NOTE: Errors were encountered extacting the files!" ans="" while [ "$ans" = "" ] ; do echo " " $ECHO "Continue with installation [y/n]? \c" read ans case "$ans" in y|Y|yes|YES) ;; n|N|no|NO) echo "Installation aborted" exit 1 ;; *) ans="" ;; esac done fi chmod +x ssl/bin/* chmod +x bin/protelnet* if [ ! -r /etc/protelnetd.auth ] ; then cp $MNT/protnetd/authskel.txt /etc/protelnetd.auth chown root /etc/protelnetd.auth chgrp bin /etc/protelnetd.auth chmod 644 /etc/protelnetd.auth fi if [ ! -r "$PROTELLOG" ] ; then touch "$PROTELLOG" chown adm "$PROTELLOG" chgrp adm "$PROTELLOG" chmod 664 "$PROTELLOG" fi } ############################################################################## make_links () { for L in req x509 verify ca do if [ ! -r $SSLDIR/bin/$L ] ; then ln -s $SSLDIR/bin/ssleay $SSLDIR/bin/$L fi done } ############################################################################## make_cert () { $ECHO " Making protelnetd certificate for site... You will be required to enter site specific information Press to continue with certificate generation\c" read ans echo " " if [ "$HOME" = "" ] ; then HOME=/tmp;export HOME # needed for rand file fi PATH=$SSLDIR/bin:$PATH; export PATH cd $SSLDIR/certs req -new -x509 -nodes -out protelnetd.pem -keyout protelnetd.pem if [ -r protelnetd.pem ] ; then chmod 600 protelnetd.pem ln -s protelnetd.pem `x509 -noout -hash < protelnetd.pem`.0 verify $SSLDIR/certs/protelnetd.pem fi } make_xinetd () { P=`grep includedir /etc/xinetd.conf 2>/dev/null | head -1 | awk '{ print $2 }'` if [ "$P" == "" ] ; then P="/etc/xinetd.d" echo includedir "$P" >> /etc/xinetd.conf fi if [ ! -d "$P" ] ; then mkdir "$P" chown root "$P" chgrp root "$P" chmod 755 "$P" fi echo \ "# default: on # description: The protelnet server serves SSL telnet sessions; it uses \ # SSL encryption thoughout the session. service protelnetd { protocol = tcp flags = REUSE NAMEINARGS socket_type = stream wait = no user = root server = /usr/local/bin/protelnetd server_args = protelnetd instances = UNLIMITED log_type = SYSLOG authpriv log_on_success = HOST USERID PID EXIT DURATION log_on_failure = HOST USERID } " > $P/protelnetd if [ -d "/etc/init.d" ] ; then /etc/init.d/xinetd stop sleep 2 /etc/init.d/xinetd start else if [ -d "/etc/rc.d/init.d" ] ; then /etc/rc.d/init.d/xinetd stop sleep 2 /etc/rc.d/init.d/xinetd start else echo echo "**** xinetd's initscript not found *****" echo "**** Please restart xinetd manually ****" echo $ECHO "Press \c" read ans fi fi } make_inetd () { P=`grep protelnet /etc/services 2>/dev/null` if [ "$P" = "" ] ; then echo "protelnetd 6999/tcp" >>/etc/services fi P=`grep protelnet /etc/inetd.conf` if [ "$P" = "" ] ; then if [ -r "/etc/xinetd.conf" ] ; then make_xinetd else echo "protelnetd stream tcp nowait root /usr/local/bin/protelnetd protelnetd" >>/etc/inetd.conf P=`ps -ef | grep inetd | grep -v grep | awk '{print \$2}'` W=`echo $P | wc -w` if [ "$W" -ne 1 ] ; then echo "Can't find inetd process!" $ECHO "Press \c" read ans else echo "Sending signal 1 to inetd process (pid $P)" kill -1 $P fi fi fi } ############################################################################## # Main SYS=`uname -a | awk '{ print $1 }'` if [ "$SYS" = "Linux" ] ; then ECHO="echo -e" else ECHO=echo fi umask 022 get_mount_point get_system get_confirmation make_dirs extract_files make_links if [ ! -r $SSLDIR/certs/protelnetd.pem ] ; then make_cert fi make_inetd echo " SSLeay and PROTELNETD installed! If this is a new installation, please configure the /etc/protelnetd.auth file. The format is documented in the file itself. Finished."