--- a/components/cyrus-sasl/test/setup_testsuite Wed Apr 27 16:15:18 2016 -0700
+++ b/components/cyrus-sasl/test/setup_testsuite Wed Apr 27 16:55:22 2016 -0700
@@ -29,10 +29,6 @@
# -- create/recreate the KDC principal DB
# -- create a sasldb
-#TODO
-# -- create a TestSuite.conf file for a default simple test
-
-#PATH=/usr/bin:/usr/sbin:/usr/gnu/bin
export THIRTYTWO
case `uname -p` in
@@ -50,7 +46,7 @@
# realm used as default, edit if a different realm is desired.
-realm="SASLTEST.NET"
+export realm="SASLTEST.NET"
# realm for cross-realm auth.
crossrealm=
@@ -61,7 +57,8 @@
# Be default you would do: "kadmin -p kdc/admin" and use the passwd above.
admin_princ="kdc/admin"
-# used to determine if in batch/non-intera/home/willf/app_support/etc/krb5/templates/db2ctive mode
+# used to determine if in
+# batch/non-intera/home/willf/app_support/etc/krb5/templates/db2ctive mode
force='false'
check_leaks='false'
@@ -70,8 +67,6 @@
num_keytabs=0
set -A kt_transfer_command
-ldap_ds=
-
# should be null if seting up master kdc
master_kdc=
@@ -147,7 +142,7 @@
if [[ -f .setup ]]
then
- print -u2 "Notice: $me alread run"
+ print -u2 "Notice: $me already run"
exit 0
fi
@@ -167,24 +162,10 @@
fi
ln -s $THIRTYTWO 32
-PACKAGES_NEEDED="service/security/kerberos-5 \
- system/security/kerberos-5 \
- system/library/security/sasl/crammd5 \
+export SASL_PACKAGES_NEEDED="system/library/security/sasl/crammd5 \
system/library/security/sasl/digestmd5 \
system/library/security/sasl/anonymous "
-pkg list $PACKAGES_NEEDED > /dev/null
-if (( $? != 0 ))
-then
- pkg install $PACKAGES_NEEDED
-fi
-
-pkg list $PACKAGES_NEEDED > /dev/null
-if (( $? != 0 ))
-then
- echo "One or more packages failed to install"
- exit 1
-fi
export MYLOC=`pwd`
if [[ ! -f /etc/sasl2/TestSuite.conf ]] ; then
@@ -224,134 +205,6 @@
exit 1
fi
-passwd="1234"
-
-trap "echo 'A command failed, aborting.'; exit 1" ERR
-
-svcadm disable -s svc:/network/security/krb5kdc:default
-svcadm disable -s svc:/network/security/kadmin:default
-svcadm disable -s svc:/network/security/krb5_prop:default
-
-if ! $force
-then
- ok_to_proceed "Existing KDC config will be destroyed, okay to proceed?"
-fi
-
-trap - ERR # in kdcmgr destroy fails, run it again
-yes | /usr/sbin/kdcmgr destroy > /dev/null
-if (( $? != 0 ))
-then
- yes | /usr/sbin/kdcmgr destroy > /dev/null
-fi
-print "Existing KDC config destroyed."
-trap "echo 'A command failed, aborting.'; exit 1" ERR
-
-passwd_file=$(/usr/bin/mktemp /var/run/setup_kdc_passwd.XXXXXX)
-
-print $passwd > $passwd_file
-
-# create the master KDC
-if [[ -n $master_kdc ]]
-then
- /usr/sbin/kdcmgr -a $admin_princ -r $realm -p $passwd_file create -m $master_kdc slave
-else
- /usr/sbin/kdcmgr -a $admin_princ -r $realm -p $passwd_file create master
-fi
-
-rm -f $passwd_file
-
-# Optional stuff follows...
-
-# Note, this next section is adding various service principals local to
-# this system. If you have servers running on other systems, edit this
-# section to add the services using the FQDN hostnames of those systems
-# and ouput the keytab to a non-default filename.
-# You will then either copy the non-default filename created on the
-# system you ran this script on or login to the other system and do a
-# kadmin/ktadd to add the service principal to the /etc/krb5/krb5.keytab
-# located on that server.
-
-# addprincs if not in slave mode
-if [[ -z $master_kdc ]]
-then
- if [[ -n "$kt_config_file" ]]
- then
- if ! $force
- then
- ok_to_proceed "Existing keytab files will be modified, okay to proceed?"
- fi
- while read host services
- do
- if [[ "$host" == "#*" ]]
- then
- # skip comments
- continue
- fi
- if [[ "$host" != "localhost" ]]
- then
- hostkeytab="/var/run/${host}.keytab"
- rm -f $hostkeytab
- kt_transfer_command[num_keytabs]="scp $hostkeytab ${host}:/etc/krb5/krb5.keytab"
- fi
- for service in $services
- do
- if [[ "$host" == "localhost" ]]
- then
- # add service to KDC's keytab
- kadmin.local -q "addprinc -randkey $service/$fqdn"
- kadmin.local -q "ktadd $service/$fqdn"
- print "Added $service/$fqdn to /etc/krb5/krb5.keytab"
- else
- # add service to $host's keytab
- kadmin.local -q "addprinc -randkey $service/$host"
- kadmin.local -q "ktadd -k $hostkeytab $service/$host"
- print "\nAdded $service/$host to $hostkeytab"
- fi
- done
- ((num_keytabs = num_keytabs + 1))
- done < $kt_config_file
- fi
-
- if [[ -n "$crossrealm" ]]
- then
- # Setup Cross-realm auth.
- kadmin.local -q "addprinc -pw $passwd krbtgt/$realm@$crossrealm"
- kadmin.local -q "addprinc -pw $passwd krbtgt/$crossrealm@$realm"
- print "\n\nNote, /etc/krb5/krb5.conf will need to be modified to support crossrealm."
- fi
-
- # Optional, Add service principals on KDC
- for srv in nfs ldap smtp imap cifs
- do
- # randomizes the key anyway so use the -randkey option for addprinc).
- kadmin.local -q "addprinc -randkey $srv/$fqdn"
- kadmin.local -q "ktadd $srv/$fqdn"
- done
-
-
- # "tester" needed for setup
- kadmin.local -q "addprinc -pw $passwd tester"
-
- # "ken" needed for test
- echo "1234" | saslpasswd2 -c -p -f ./sasldb ken
- kadmin.local -q "addprinc -pw $passwd ken"
-
-fi # addprincs if not in slave mode
-
-# turn off err trap because svcadm below may return an unimportant error
-trap "" ERR
-
-if ! egrep '^[ ]*krb5[ ]+390003' /etc/nfssec.conf > /dev/null
-then
- tmpnfssec=$(/usr/bin/mktemp /tmp/nfssec.conf_XXXXX)
- [[ -n $tmpnfssec ]] || exit 1
- sed -e 's/^ *# *krb5/krb5/g' /etc/nfssec.conf > $tmpnfssec
- mv -f $tmpnfssec /etc/nfssec.conf
- print 'Enabled krb5 sec in /etc/nfssec.conf.'
- print 'Copy /etc/nfssec.conf to all systems doing NFS sec=krb5*.'
- print
-fi
-
# get time and DNS running
if [[ ! -f /etc/inet/ntp.conf && -f /etc/inet/ntp.client ]]
@@ -363,63 +216,27 @@
svcadm enable -s svc:/network/ntp:default
fi
-
-svcadm enable svc:/network/security/ktkt_warn:default
+export KMODE="mit"
+set -A MEDIATOR `pkg mediator -H kerberos5`
-if ! svcadm enable -s svc:/network/security/krb5kdc:default
-then
- svcs -x svc:/network/security/krb5kdc:default
- cat <<-EOF
+case ${MEDIATOR[3]} in
-Error, the krb5kdc daemon did not start. You will not be able to do Kerberos
-authentication. Check your kerberos config and rerun this script.
+ "solaris" ) # old kerberos configured
+ KMODE="seam"
+ ;;
- EOF
- exit 1
-fi
+ *) # "MIT" or mediator does not exist
+ KMODE="mit"
+ ;;
+esac
-if [[ -z $master_kdc ]] && ! svcadm enable -s svc:/network/security/kadmin:default
+. ./setup-for-$KMODE
+if (( $? != 0 ))
then
- svcs -x svc:/network/security/kadmin:default
- cat <<-EOF
-
-Error, the kadmind daemon did not start. You will not be able to change
-passwords or run the kadmin command. Make sure /etc/krb5/kadm5.acl is
-configured properly and rerun this script.
-
- EOF
- exit 1
+ print -u2 "Setup failed"
+ exit 1
fi
-if ! svcadm enable -s svc:/network/rpc/gss:default
-then
- svcs -x svc:/network/rpc/gss:default
- cat <<-EOF
-Error, the gss service did not start. You will not be able to do nfssec with sec=krb5*
-
- EOF
- exit 1
-fi
-
-tmpccache=$(/usr/bin/mktemp /tmp/ccache_XXXXXX)
-[[ -n $tmpccache ]] || exit 1
-if ! print "$passwd" | kinit -c $tmpccache tester
-then
- print -u2 "Warning, kinit for tester princ failed, kdc setup is not working!"
- exit 1
-fi
-
-integer i=0
-while ((i < num_keytabs))
-do
- if ((i == 0))
- then
- print "\nRun the following commands to transfer generated keytabs:"
- fi
- print ${kt_transfer_command[i]}
- ((i = i + 1))
-done
-
-print 1234 | kinit ken
+print "$passwd" | kinit ken
touch .setup