#!/bin/sh # $Id$ #***************************************************************************** # $Copyright: Copyright (c) 2022 Veritas Technologies LLC. All rights reserved $ #***************************************************************************** # Set umask to 022 to make sure files and directories # are not created with world writable permissions. umask 022 #----- $Id$ ----- # # This function is a case statement sets # the ECHO variable # with the appropriate path & flags. #Define Echo to allow escape characters case "`uname -s`" in Linux*) unset POSIXLY_CORRECT ECHO="/bin/echo -e" ;; SunOS*) ECHO="/usr/bin/echo" ;; *) ECHO="echo" ;; esac # Solaris's default awk doesn't support regex functions, but nawk does. Nawk # isn't installed on all platforms, though. Let's use nawk when it's available, # but awk otherwise. In order of preference: # /bin/nawk # /usr/bin/nawk # /usr/bin/awk # # This logic is duplicated in nbcheck at # lib/NBCheck/NixPlatformCheck.pm. Any change to the logic # here should be ported to nbcheck to keep the two components # synchronized. AWK=/bin/nawk if [ ! -f ${AWK} ] && [ -f /usr/bin/nawk ]; then AWK=/usr/bin/nawk elif [ ! -f ${AWK} ] && [ -f /usr/bin/awk ]; then AWK=/usr/bin/awk fi # vim: set ft=sh et sw=4 ts=4: # Read the configuration value(s) given by $2 from the file given in $1. The # file should contain key=value pairs. Whitespace is ignored. Comments start # with #. Whitespace surrounding the value is stripped before returning. # # Returns 0 if the key exists in the file. Prints the value to stdout. (If the # key is present, but there's no value, then we print nothing, but still return # 0.) # Returns 1 if the key does not exist in the file, or if the file does not # exist. # # Examples: # # Get name of master server # read_first_config_value /usr/openv/netbackup/bp.conf SERVER # # Read answer file # read_config_values /tmp/NBInstallAnswer.conf CA_CERTIFICATE_FINGERPRINT # # Requires fn.set_echo_var and fn.set_awk_var __read_config_helper() { config_file="${1}" key="${2}" filter="${3}" if [ ! -f "${config_file}" ]; then return 1 fi result=` ${AWK} -v key="${key}" -F'[ \t]*=' ' BEGIN { result = 227 } { sub("#.*", "", $0); if (match($1, "^[ \t]*" key "$")) { sub("^[^=]*=[ \t]*", "", $0); sub("[ \t]*$", "", $0); print; result = 0 } } END { exit result }' "${config_file}" ` if [ $? -ne 0 ]; then # no value specified return 1 else # Filter ${ECHO} "${result}" | ${filter} return 0 fi } read_config_values() { __read_config_helper "$@" cat } read_first_config_value() { __read_config_helper "$@" 'head -1' } read_last_config_value() { __read_config_helper "$@" 'tail -1' } # vim: set ft=sh et sw=4 ts=4: #----- $Id$ # Checks in configuration if FIPS mode is enabled # on this machine. # # Returns: # CFN_FIPS_DISABLED i.e 0 if FIPS is not enabled # CFN_FIPS_ENABLED i.e. 1 if FIPS is enabled # CFN_ERROR i.e. 2 if an error occurred # # These functions are expected to be included already: # fn.set_echo_var # fn.set_awk_var # fn.read_config_values BP_CONF_FILE=/usr/openv/netbackup/bp.conf CFN_FIPS_DISABLED=0 CFN_FIPS_ENABLED=1 CFN_ERROR=2 check_for_nbfips () { use_fips="" if [ -f "${BP_CONF_FILE}" ] ; then use_fips=`read_config_values ${BP_CONF_FILE} NB_FIPS_MODE | tr '[:lower:]' '[:upper:]'` else # Return error if bp.conf is not present. return ${CFN_ERROR} fi # Return 1 if NB_FIPS_MODE flag is set, else return 0. if [ "${use_fips}" = "ENABLE" -o "${use_fips}" = "1" ] ; then return ${CFN_FIPS_ENABLED} else return ${CFN_FIPS_DISABLED} fi } # FIPS mode case handling NB_INSTALL_DIR=/usr/openv NB_DIR=${NB_INSTALL_DIR}/netbackup NB_BIN=${NB_DIR}/bin NB_GOODIES=${NB_BIN}/goodies check_for_nbfips ENABLE_FIPS=$? OPENSSL_FIPS_MODE="" if [ ${ENABLE_FIPS} -eq ${CFN_FIPS_ENABLED} ] ; then OPENSSL_FIPS_MODE="OPENSSL_FIPS=1" fi /usr/bin/env ${OPENSSL_FIPS_MODE} ${NB_GOODIES}/vxsslcmd $* RETVAL=$? exit $RETVAL