#!/bin/sh
# $Id$
#*****************************************************************************
# $Copyright: Copyright (c) 2022 Veritas Technologies LLC. All rights reserved $
#*****************************************************************************
# Set umask to 022 to make sure files and directories
# are not created with world writable permissions.
umask 022
#----- $Id$ -----
#
# This function is a case statement sets
# the ECHO variable
# with the appropriate path & flags.
#Define Echo to allow escape characters
case "`uname -s`" in
Linux*)
unset POSIXLY_CORRECT
ECHO="/bin/echo -e"
;;
SunOS*)
ECHO="/usr/bin/echo"
;;
*)
ECHO="echo"
;;
esac
# Solaris's default awk doesn't support regex functions, but nawk does. Nawk
# isn't installed on all platforms, though. Let's use nawk when it's available,
# but awk otherwise. In order of preference:
# /bin/nawk
# /usr/bin/nawk
# /usr/bin/awk
#
# This logic is duplicated in nbcheck at
# lib/NBCheck/NixPlatformCheck.pm. Any change to the logic
# here should be ported to nbcheck to keep the two components
# synchronized.
AWK=/bin/nawk
if [ ! -f ${AWK} ] && [ -f /usr/bin/nawk ]; then
AWK=/usr/bin/nawk
elif [ ! -f ${AWK} ] && [ -f /usr/bin/awk ]; then
AWK=/usr/bin/awk
fi
# vim: set ft=sh et sw=4 ts=4:
# Read the configuration value(s) given by $2 from the file given in $1. The
# file should contain key=value pairs. Whitespace is ignored. Comments start
# with #. Whitespace surrounding the value is stripped before returning.
#
# Returns 0 if the key exists in the file. Prints the value to stdout. (If the
# key is present, but there's no value, then we print nothing, but still return
# 0.)
# Returns 1 if the key does not exist in the file, or if the file does not
# exist.
#
# Examples:
#
# Get name of master server
# read_first_config_value /usr/openv/netbackup/bp.conf SERVER
#
# Read answer file
# read_config_values /tmp/NBInstallAnswer.conf CA_CERTIFICATE_FINGERPRINT
#
# Requires fn.set_echo_var and fn.set_awk_var
__read_config_helper()
{
config_file="${1}"
key="${2}"
filter="${3}"
if [ ! -f "${config_file}" ]; then
return 1
fi
result=`
${AWK} -v key="${key}" -F'[ \t]*=' '
BEGIN { result = 227 }
{
sub("#.*", "", $0);
if (match($1, "^[ \t]*" key "$")) {
sub("^[^=]*=[ \t]*", "", $0);
sub("[ \t]*$", "", $0);
print;
result = 0
}
}
END { exit result }' "${config_file}"
`
if [ $? -ne 0 ]; then
# no value specified
return 1
else
# Filter
${ECHO} "${result}" | ${filter}
return 0
fi
}
read_config_values()
{
__read_config_helper "$@" cat
}
read_first_config_value()
{
__read_config_helper "$@" 'head -1'
}
read_last_config_value()
{
__read_config_helper "$@" 'tail -1'
}
# vim: set ft=sh et sw=4 ts=4:
#----- $Id$
# Checks in configuration if FIPS mode is enabled
# on this machine.
#
# Returns:
# CFN_FIPS_DISABLED i.e 0 if FIPS is not enabled
# CFN_FIPS_ENABLED i.e. 1 if FIPS is enabled
# CFN_ERROR i.e. 2 if an error occurred
#
# These functions are expected to be included already:
# fn.set_echo_var
# fn.set_awk_var
# fn.read_config_values
BP_CONF_FILE=/usr/openv/netbackup/bp.conf
CFN_FIPS_DISABLED=0
CFN_FIPS_ENABLED=1
CFN_ERROR=2
check_for_nbfips ()
{
use_fips=""
if [ -f "${BP_CONF_FILE}" ] ; then
use_fips=`read_config_values ${BP_CONF_FILE} NB_FIPS_MODE | tr '[:lower:]' '[:upper:]'`
else
# Return error if bp.conf is not present.
return ${CFN_ERROR}
fi
# Return 1 if NB_FIPS_MODE flag is set, else return 0.
if [ "${use_fips}" = "ENABLE" -o "${use_fips}" = "1" ] ; then
return ${CFN_FIPS_ENABLED}
else
return ${CFN_FIPS_DISABLED}
fi
}
# FIPS mode case handling
NB_INSTALL_DIR=/usr/openv
NB_DIR=${NB_INSTALL_DIR}/netbackup
NB_BIN=${NB_DIR}/bin
NB_GOODIES=${NB_BIN}/goodies
check_for_nbfips
ENABLE_FIPS=$?
OPENSSL_FIPS_MODE=""
if [ ${ENABLE_FIPS} -eq ${CFN_FIPS_ENABLED} ] ; then
OPENSSL_FIPS_MODE="OPENSSL_FIPS=1"
fi
/usr/bin/env ${OPENSSL_FIPS_MODE} ${NB_GOODIES}/vxsslcmd $*
RETVAL=$?
exit $RETVAL