$!-----------------------------------------------------------------'f$verify(0) $! SECURE.COM $! $! WASD VMS Web Services, Copyright (C) 1996-2017 Mark G.Daniel. $! This package (all associated programs), comes with ABSOLUTELY NO WARRANTY. $! This is free software, and you are welcome to redistribute it under the $! conditions of the GNU GENERAL PUBLIC LICENSE, version 3, or later version. $! http://www.gnu.org/licenses/gpl.txt $! $! Can be used standalone to 'refresh' package directory settings. $! Is called from INSTALL.COM to set initial directory settings. $! $! P1..P3 "INSTALL" called from INSTALL.COM $! P1..P3 "SERVER=" specifying the server account username $! P1..P3 "NOBODY=" specifying the scripting account username $! $! 07-NOV-2009 MGD v2.3, WASD v10 logical naming schema $! 30-JUN-2005 MGD bugfix; in ACE placement for access to [LOCAL] $! 28-JAN-2004 MGD v2.2, server write access to [LOCAL] $! 23-DEC-2003 MGD v2.1, IA64 support $! 01-NOV-2002 MGD v2.0, major revision $! 25-SEP-2002 MGD v1.0, initial release (as INSTALL_SECURE.COM) $!----------------------------------------------------------------------------- $! $ if f$trnlnm("INSTALL$DBUG") .nes. "" then set verify $! $ ss$_abort = 44 $ ss$_bugcheck = 676 $ say = "write sys$output" $ vms_version = f$integer(f$extract(1,1,f$getsyi("version"))) * 10 +- f$integer(f$extract(3,1,f$getsyi("version"))) $ if vms_version .ge. 72 then set process /parse=traditional $ set control=Y $ on controly then exit ss$_abort $! $ if f$environment("depth") .eq. 1 $ then $ type sys$input WASD VMS Web Services, Copyright (C) 1996-2017 Mark G.Daniel. This package (all associated programs), comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the conditions of the GNU GENERAL PUBLIC LICENSE, version 3, or any later version. http://www.gnu.org/licenses/gpl.txt $ endif $! $ install = 0 $ if p1 .eqs. "INSTALL" then install = 1 $ pre801 = 0 $! $ @WASD_ROOT:[INSTALL]SECHAN.COM $! $!(run SECHAN to ensure the three required rights identifiers exit) $ sechan /identifiers $! $ if .not. install $ then $! $ @WASD_ROOT:[INSTALL]ACCOUNTS.COM "''p1'" "''p2'" "''p3'" $! $ sechan /getuai "''http$server_username'" $ if .not. $status $ then $ type sys$input ********************************* * PROBLEM WITH SERVER ACCOUNT * ********************************* $ exit status $ endif $! $ if http$nobody_username .nes. http$server_username $ then $ sechan /getuai "''http$nobody_username'" $ if .not. $status then http$nobody_username = http$server_username $ endif $! $ call install_secure_post81 $! $ sechan /getuai "''http$server_username'" $ if .not. $status $ then $ type sys$input ********************************* * PROBLEM WITH SERVER ACCOUNT * ********************************* $ exit ss$_abort $ endif $! $ sechan /getuai "''http$nobody_username'" $ if .not. $status then http$nobody_username = http$server_username $! $ endif $! $ type sys$input ***************************** * (RE)SECURE THE PACKAGE? * ***************************** Begin to make changes to files and security settings in the package. $ response = "" $ read sys$command response /prompt="Secure the package? [NO]: " $ say "" $! $ if response $ then $! $! (ensure all the post-8.1 directories are present) $ if f$search("wasd_root:[000000]axp-bin.dir") .eqs. "" - then create /directory /log wasd_root:[axp-bin] $ if f$search("wasd_root:[000000]cgi-bin.dir") .eqs. "" - then create /directory /log wasd_root:[cgi-bin] $ if f$search("wasd_root:[000000]ia64-bin.dir") .eqs. "" - then create /directory /log wasd_root:[ia64-bin] $ if f$search("wasd_root:[000000]log_server.dir") .eqs. "" - then create /directory /log wasd_root:[log_server] $ if f$search("wasd_root:[000000]startup.dir") .eqs. "" - then create /directory /log wasd_root:[startup] $ if f$search("wasd_root:[000000]vax-bin.dir") .eqs. "" - then create /directory /log wasd_root:[vax-bin] $! $ type sys$input ************************************** * SETTING PACKAGE FILE PROTECTIONS * ************************************** Please be patient, this may take some (considerable) time ... $ sechan /package /progress $ say "" $! $ endif $! $! $ type sys$input ***************************** * SERVER WRITE TO [LOCAL] * ***************************** To allow updating of configuration files located in WASD_ROOT:[LOCAL] via the Server Administration interface, the [LOCAL] directory must have a specific access control entry added. Note that write access cannot occur unless HTTPD$AUTH path access is also configured. $ response = "" $ read sys$command response /prompt="Allow server write access to [LOCAL]? [NO]: " $ say "" $ if response $ then $ sechan /delete WASD_ROOT:[000000]LOCAL.DIR $ sechan /control WASD_ROOT:[000000]LOCAL.DIR $ sechan /none WASD_ROOT:[000000]LOCAL.DIR $ endif $! $ type sys$input ******************************* * [LOCAL]INSTALL_SECURE.COM * ******************************* This convenience procedure may be created and maintained by local site administration with DCL commands to ensure that the local package tree is configured for correct operation following a reapplication of site security. $ if f$search("wasd_root:[local]install_secure.com") .eqs. "" $ then $ type sys$input This procedure was NOT FOUND on this site! $ else $ @wasd_root:[local]install_secure.com $ endif $! $ type sys$input ************************************** * INSTALL SECURE C O M P L E T E * ************************************** $ exit $! $!----------------------------------------------------------------------------- $! $ INSTALL_SECURE_POST81: SUBROUTINE $! $! standalone post-v8.1 security update, provides an overview $! $ on controly then exit ss$_abort $ type sys$input ************************************************* * P L E A S E R E A D C A R E F U L L Y * ************************************************* This procedure sets WASD site directory and file protection requirements. It can be used to reset an existing installation to a known, initial state. It can be executed any number of times, only making adjustments as necessary. It always refreshes the directory and file security settings. After executing this procedure it may be necessary to reset some parts in line with local requirements. To perform this automatically you can create a DCL procedure WASD_ROOT:[LOCAL]INSTALL_SECURE.COM which is searched for and executed automatically to perform these tasks. $ response = "" $ read sys$command response /prompt="Continue? [NO]: " $ say "" $ if .not. response then exit ss$_abort $! $ exit $ endsubroutine $! $!-----------------------------------------------------------------------------