revize kodu; zmena pristupovych prav k SSL certifikatu a klici

1c4beed6 · Tomáš Plesník · 8617734a · 1c4beed6 · 1c4beed6 · 1c4beed6
Commit 1c4beed6 authored 13 years ago by Tomáš Plesník
--- a/src/warden-client/sh/install.sh
+++ b/src/warden-client/sh/install.sh
@@ -183,7 +183,7 @@ modules_chck()
 make_warden_dir()
 {
 	echo -n "Creating warden client directory ... "
-	if cp -R $dirname/warden-client $prefix 2> $err; then
+	if cp -R ${dirname}/warden-client $prefix 2> $err; then
 		echo "OK"
 	else
 		err_clean
@@ -192,9 +192,9 @@ make_warden_dir()
 	files=(CHANGELOG INSTALL LICENSE README README.cesnet)
 	for file in ${files[@]};
 	do
-		cp $dirname/$file "$client_path/doc"
+		cp ${dirname}/$file "${client_path}/doc"
 	done
-	cp $dirname/uninstall.sh "$client_path"
+	cp ${dirname}/uninstall.sh "$client_path"
 }


@@ -235,17 +235,17 @@ make_conf_file()
 #-------------------------------------------------------------------------------
 # SSL_KEY_FILE - path to client SSL certificate key file
 #-------------------------------------------------------------------------------
-\$SSL_KEY_FILE = \"$etc/$key_file\";
+\$SSL_KEY_FILE = \"${etc}/${key_file}\";

 #-------------------------------------------------------------------------------
 # SSL_CERT_FILE - path to client SSL certificate file
 #-------------------------------------------------------------------------------
-\$SSL_CERT_FILE = \"$etc/$cert_file\";
+\$SSL_CERT_FILE = \"${etc}/${cert_file}\";

 #-------------------------------------------------------------------------------
 # SSL_CA_FILE - path to CA certificate file
 #-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"$ca_file\";
+\$SSL_CA_FILE = \"${ca_file}\";
 " > $conf_file 2> $err; ret_val=`echo $?`

 	if [ $ret_val -eq 0 ]; then
@@ -259,7 +259,9 @@ make_conf_file()
 change_permissions()
 {
 	echo -n "Changing permissions to installed package ... "
-	if chown -R $user: $client_path 2>$err; then
+	chown -R $user: $client_path 2> $err || err_clean
+	chmod 400 ${etc}/$key_file ${etc}/$cert_file || err_clean
+	if chmod 600 $conf_file; then
 		echo "OK"
 	else
 		err_clean
@@ -303,13 +305,13 @@ params_chck

 # create variables
 dirname=`dirname $0`
-package_version=`cat $dirname/warden-client/etc/package_version`
+package_version=`cat ${dirname}/warden-client/etc/package_version`
 key_file=`basename $key`
 cert_file=`basename $cert`
 [[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
-client_path="$prefix/warden-client"
-etc="$client_path/etc"
-conf_file="$etc/warden-client.conf"
+client_path="${prefix}/warden-client"
+etc="${client_path}/etc"
+conf_file="${etc}/warden-client.conf"
 err="/tmp/warden-err"

 # check if warden-client is installed

--- a/src/warden-client/sh/uninstall.sh
+++ b/src/warden-client/sh/uninstall.sh
@@ -74,8 +74,8 @@ err_clean()
 {
 	echo "FAILED!"
 	echo " -> Reverting changes of warden client package ... OK"
-	rm -rf "$client_path/*" > /dev/null 2>&1
-	cp -R "$backup_dir/*" $client_path
+	rm -rf ${client_path}/* > /dev/null 2>&1
+	cp -R ${backup_dir}/* $client_path
 	cat $err
 	rm -rf $err $backup_dir
 	echo
@@ -195,9 +195,9 @@ params_chck

 # create variables
 [[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
-client_path="$prefix/warden-client"
-etc="$client_path/etc"
-old_package_version_file="$etc/package_version"
+client_path="${prefix}/warden-client"
+etc="${client_path}/etc"
+old_package_version_file="${etc}/package_version"
 err="/tmp/warden-err"
 backup_dir="/tmp/warden-backup"


--- a/src/warden-client/sh/update.sh
+++ b/src/warden-client/sh/update.sh
@@ -76,8 +76,8 @@ err_clean()
 {
 	echo "FAILED!"
 	echo " -> Reverting changes of warden client package ... OK"
-	rm -rf "$client_path/*" > /dev/null 2>&1
-	cp -R "$backup_dir/*" $client_path
+	rm -rf ${client_path}/* > /dev/null 2>&1
+	cp -R ${backup_dir}/* $client_path
 	cat $err
 	rm -rf $err $backup_dir
 	echo
@@ -206,7 +206,7 @@ obtain_warden_user()
 update_warden_dir()
 {
 	echo -n "Updating warden client directory ... "
-	if rsync -q --recursive --archive --delete --exclude='etc' --exclude='var' "$dirname/warden-client" $prefix 2> $err; then
+	if rsync -q --recursive --archive --delete --exclude='etc' --exclude='var' ${dirname}/warden-client $prefix 2> $err; then
 		echo "OK"
 	else
 		err_clean
@@ -215,10 +215,10 @@ update_warden_dir()
 	files=(CHANGELOG INSTALL LICENSE README README.cesnet)
 	for file in ${files[@]};
 	do  
-		cp "$dirname/$file" "$client_path/doc"
+		cp ${dirname}/$file ${client_path}/doc
 	done
-	cp "$dirname/uninstall.sh" "$client_path"
-	cp "$dirname/warden-client/etc/package_version" "$etc"
+	cp ${dirname}/uninstall.sh $client_path
+	cp ${dirname}/warden-client/etc/package_version $etc
 }


@@ -265,11 +265,15 @@ $ssl_ca_file
 change_permissions()
 {
 	echo -n "Changing permissions to updated package ... "
-	if chown -R $user: $client_path 2>$err; then
+	chown -R $user: $client_path 2>$err || err_clean
+	key_file=`echo $ssl_key_file` | cut -d "\"" -f 2 | cut -d "\"" -f 1
+	cert_file=`echo $ssl_cert_file` | cut -d "\"" -f 2 | cut -d "\"" -f 1
+       	chmod 400 ${etc}/$key_file ${etc}/$cert_file || err_clean
+	if chmod 600 $conf_file; then
 		echo "OK"
 	else
 		err_clean
-	fi
+	fi 
 }