Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cyrus-sasl/test/setup_testsuite
changeset 5866 683c5c035a79
parent 5741 b943514525d4 
--- a/components/cyrus-sasl/test/setup_testsuite	Wed Apr 27 16:15:18 2016 -0700
+++ b/components/cyrus-sasl/test/setup_testsuite	Wed Apr 27 16:55:22 2016 -0700
@@ -29,10 +29,6 @@
 # -- create/recreate the KDC principal DB
 # -- create a sasldb
 
-#TODO
-# -- create a TestSuite.conf file for a default simple test
-
-#PATH=/usr/bin:/usr/sbin:/usr/gnu/bin
 
 export THIRTYTWO
 case `uname -p` in
@@ -50,7 +46,7 @@
 
 
 # realm used as default, edit if a different realm is desired.
-realm="SASLTEST.NET"
+export realm="SASLTEST.NET"
 # realm for cross-realm auth.
 crossrealm=
 
@@ -61,7 +57,8 @@
 # Be default you would do: "kadmin -p kdc/admin" and use the passwd above.
 admin_princ="kdc/admin"
 
-# used to determine if in batch/non-intera/home/willf/app_support/etc/krb5/templates/db2ctive mode
+# used to determine if in
+# batch/non-intera/home/willf/app_support/etc/krb5/templates/db2ctive mode
 force='false'
 check_leaks='false'
 
@@ -70,8 +67,6 @@
 num_keytabs=0
 set -A kt_transfer_command
 
-ldap_ds=
-
 # should be null if seting up master kdc
 master_kdc=
 
@@ -147,7 +142,7 @@
 
 if [[ -f .setup ]]
 then
-	print -u2 "Notice: $me alread run"
+	print -u2 "Notice: $me already run"
 	exit 0
 fi
 
@@ -167,24 +162,10 @@
 fi
 ln -s $THIRTYTWO 32
 
-PACKAGES_NEEDED="service/security/kerberos-5 \
-	system/security/kerberos-5 \
-	system/library/security/sasl/crammd5 \
+export SASL_PACKAGES_NEEDED="system/library/security/sasl/crammd5 \
 	system/library/security/sasl/digestmd5 \
 	system/library/security/sasl/anonymous "
 
-pkg list $PACKAGES_NEEDED > /dev/null
-if (( $? != 0 ))
-then
-	pkg install $PACKAGES_NEEDED
-fi
-
-pkg list $PACKAGES_NEEDED > /dev/null
-if (( $? != 0 ))
-then
-	echo "One or more packages failed to install"
-	exit 1
-fi
 
 export MYLOC=`pwd`
 if [[ ! -f /etc/sasl2/TestSuite.conf ]] ; then
@@ -224,134 +205,6 @@
     exit 1
 fi
 
-passwd="1234"
-
-trap "echo 'A command failed, aborting.'; exit 1" ERR
-
-svcadm disable -s svc:/network/security/krb5kdc:default
-svcadm disable -s svc:/network/security/kadmin:default
-svcadm disable -s svc:/network/security/krb5_prop:default
-
-if ! $force
-then
-	ok_to_proceed "Existing KDC config will be destroyed, okay to proceed?"
-fi
-
-trap - ERR # in kdcmgr destroy fails, run it again
-yes | /usr/sbin/kdcmgr destroy > /dev/null
-if (( $? != 0 ))
-then
-	yes | /usr/sbin/kdcmgr destroy > /dev/null
-fi
-print "Existing KDC config destroyed."
-trap "echo 'A command failed, aborting.'; exit 1" ERR
-
-passwd_file=$(/usr/bin/mktemp /var/run/setup_kdc_passwd.XXXXXX)
-
-print $passwd > $passwd_file
-
-# create the master KDC
-if [[ -n $master_kdc ]]
-then
-	/usr/sbin/kdcmgr -a $admin_princ -r $realm -p $passwd_file create -m $master_kdc slave
-else
-	/usr/sbin/kdcmgr -a $admin_princ -r $realm -p $passwd_file create master
-fi
-
-rm -f $passwd_file
-
-# Optional stuff follows...
-
-# Note, this next section is adding various service principals local to
-# this system.  If you have servers running on other systems, edit this
-# section to add the services using the FQDN hostnames of those systems
-# and ouput the keytab to a non-default filename.
-# You will then either copy the non-default filename created on the
-# system you ran this script on or login to the other system and do a
-# kadmin/ktadd to add the service principal to the /etc/krb5/krb5.keytab
-# located on that server.
-
-# addprincs if not in slave mode
-if [[ -z $master_kdc ]]
-then
-	if [[ -n "$kt_config_file" ]]
-	then
-		if ! $force
-		then
-			ok_to_proceed "Existing keytab files will be modified, okay to proceed?"
-		fi
-		while read host services
-		do
-			if [[ "$host" == "#*" ]]
-			then
-				# skip comments
-				continue
-			fi
-			if [[ "$host" != "localhost" ]]
-			then
-				hostkeytab="/var/run/${host}.keytab"
-				rm -f $hostkeytab
-				kt_transfer_command[num_keytabs]="scp $hostkeytab ${host}:/etc/krb5/krb5.keytab"
-			fi
-			for service in $services
-			do
-				if [[ "$host" == "localhost" ]]
-				then
-					# add service to KDC's keytab
-					kadmin.local -q "addprinc -randkey $service/$fqdn"
-					kadmin.local -q "ktadd $service/$fqdn"
-					print "Added $service/$fqdn to /etc/krb5/krb5.keytab"
-				else
-					# add service to $host's keytab
-					kadmin.local -q "addprinc -randkey $service/$host"
-					kadmin.local -q "ktadd -k $hostkeytab $service/$host"
-					print "\nAdded $service/$host to $hostkeytab"
-				fi
-			done
-			((num_keytabs = num_keytabs + 1))
-		done < $kt_config_file
-	fi
-
-	if [[ -n "$crossrealm" ]]
-	then
-		# Setup  Cross-realm auth.
-		kadmin.local -q "addprinc -pw $passwd krbtgt/$realm@$crossrealm"
-		kadmin.local -q "addprinc -pw $passwd krbtgt/$crossrealm@$realm"
-		print "\n\nNote, /etc/krb5/krb5.conf will need to be modified to support crossrealm."
-	fi
-
-	# Optional, Add service principals on KDC
-	for srv in nfs ldap smtp imap cifs
-	do
-		# randomizes the key anyway so use the -randkey option for addprinc).
-		kadmin.local -q "addprinc -randkey $srv/$fqdn"
-		kadmin.local -q "ktadd $srv/$fqdn"
-	done
-
-
-	# "tester" needed for setup
-	kadmin.local -q "addprinc -pw $passwd tester"
-
-	# "ken" needed for test
-	echo "1234" | saslpasswd2 -c -p -f ./sasldb ken
-	kadmin.local -q "addprinc -pw $passwd ken"
-
-fi # addprincs if not in slave mode
-
-# turn off err trap because svcadm below may return an unimportant error
-trap "" ERR
-
-if ! egrep '^[ 	]*krb5[ 	]+390003' /etc/nfssec.conf > /dev/null
-then
-	tmpnfssec=$(/usr/bin/mktemp /tmp/nfssec.conf_XXXXX)
-	[[ -n $tmpnfssec ]] || exit 1
-	sed  -e 's/^ *# *krb5/krb5/g' /etc/nfssec.conf > $tmpnfssec
-	mv -f $tmpnfssec /etc/nfssec.conf
-	print 'Enabled krb5 sec in /etc/nfssec.conf.'
-	print 'Copy /etc/nfssec.conf to all systems doing NFS sec=krb5*.'
-	print
-fi
-
 # get time and DNS running
 
 if [[ ! -f /etc/inet/ntp.conf && -f /etc/inet/ntp.client ]]
@@ -363,63 +216,27 @@
 	svcadm enable -s svc:/network/ntp:default
 fi
 
-
-svcadm enable svc:/network/security/ktkt_warn:default
+export KMODE="mit"
+set -A MEDIATOR `pkg mediator -H kerberos5`
 
-if ! svcadm enable -s svc:/network/security/krb5kdc:default
-then
-	svcs -x svc:/network/security/krb5kdc:default
-    cat <<-EOF
+case ${MEDIATOR[3]} in
 
-Error, the krb5kdc daemon did not start.  You will not be able to do Kerberos
-authentication.  Check your kerberos config and rerun this script.
+	"solaris" )   # old kerberos configured
+		KMODE="seam"
+		;;
 
-	EOF
-    exit 1
-fi
+	*)	# "MIT" or mediator does not exist
+		KMODE="mit"
+		;;
+esac
 
-if [[ -z $master_kdc ]] && ! svcadm enable -s svc:/network/security/kadmin:default
+. ./setup-for-$KMODE
+if (( $? != 0 ))
 then
-	svcs -x svc:/network/security/kadmin:default
-    cat <<-EOF
-
-Error, the kadmind daemon did not start.  You will not be able to change
-passwords or run the kadmin command.  Make sure /etc/krb5/kadm5.acl is
-configured properly and rerun this script.
-
-	EOF
-    exit 1
+        print -u2 "Setup failed"
+        exit 1
 fi
 
-if ! svcadm enable -s svc:/network/rpc/gss:default
-then
-	svcs -x svc:/network/rpc/gss:default
-    cat <<-EOF
 
-Error, the gss service did not start.  You will not be able to do nfssec with sec=krb5*
-
-	EOF
-    exit 1
-fi
-
-tmpccache=$(/usr/bin/mktemp /tmp/ccache_XXXXXX)
-[[ -n $tmpccache ]] || exit 1
-if ! print "$passwd" | kinit -c $tmpccache tester
-then
-	print -u2 "Warning, kinit for tester princ failed, kdc setup is not working!"
-	exit 1
-fi
-
-integer i=0
-while ((i < num_keytabs))
-do
-	if ((i == 0))
-	then
-		print "\nRun the following commands to transfer generated keytabs:"
-	fi
-	print ${kt_transfer_command[i]}
-	((i = i + 1))
-done
-
-print 1234 | kinit ken
+print "$passwd" | kinit ken
 touch .setup
upstream/oracle/userland-gate