--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cyrus-sasl/test/setup_testsuite Thu Apr 07 12:48:43 2016 -0700
@@ -0,0 +1,425 @@
+#!/bin/ksh93 -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+# Run this command as root to set up for sasl testsuite
+# creates a standard set of sasl users and makes them principals
+# -- create/recreate the KDC principal DB
+# -- create a sasldb
+
+#TODO
+# -- create a TestSuite.conf file for a default simple test
+
+#PATH=/usr/bin:/usr/sbin:/usr/gnu/bin
+
+export THIRTYTWO
+case `uname -p` in
+ i386)
+ THIRTYTWO="i86"
+ ;;
+
+ sparc) THIRTYTWO="sparcv7"
+ ;;
+
+ *) echo "Architecture unknown"
+ exit 1
+ ;;
+esac
+
+
+# realm used as default, edit if a different realm is desired.
+realm="SASLTEST.NET"
+# realm for cross-realm auth.
+crossrealm=
+
+# password for all principals not added to keytab
+export passwd="1234"
+
+# Set this to the ID that is allowed to run kadmin
+# Be default you would do: "kadmin -p kdc/admin" and use the passwd above.
+admin_princ="kdc/admin"
+
+# used to determine if in batch/non-intera/home/willf/app_support/etc/krb5/templates/db2ctive mode
+force='false'
+check_leaks='false'
+
+# keytab config file
+kt_config_file=
+num_keytabs=0
+set -A kt_transfer_command
+
+ldap_ds=
+
+# should be null if seting up master kdc
+master_kdc=
+
+# get the base script name
+me=${0##*/}
+
+function usage {
+ cat >&2 <<EOF
+
+ -f: Force answer yes (non-interactive mode). Use with caution as
+ this script will delete existing KDB.
+
+ -?: This help message.
+
+EOF
+ exit 1
+}
+
+function ask {
+ trap - ERR
+ # ask question, set global answer
+ typeset question=$1 default_answer=$2
+ if [ -z "$default_answer" ]; then
+ print "$question \c"
+ else
+ print "$question [$default_answer]: \c"
+ fi
+ read answer
+ [ -z "$answer" ] && answer="$default_answer"
+}
+
+function yesno {
+ trap - ERR
+ typeset question="$1"
+ # answer is a global set by ask
+ answer=
+ while [ -z "$answer" ]; do
+ ask "$question" 'n'
+ case $answer in
+ y|yes) answer=yes;;
+ n|no) answer=no;;
+ *) answer=;;
+ esac
+ done
+}
+
+function ok_to_proceed {
+ trap - ERR
+ yesno "$@"
+ if [[ "$answer" == 'no' ]]; then
+ echo "Exiting, no action performed"
+ exit 1
+ fi
+}
+
+
+################################ Start of Main script #########################
+
+while getopts f flag
+do
+ case "$flag" in
+ f) force=true ;;
+ \?) usage ;;
+ *) usage ;;
+ esac
+done
+shift $((OPTIND - 1))
+
+if [ -n "$1" ] ; then
+ echo "'$1'" = $1
+ usage
+fi
+
+if [[ -f .setup ]]
+then
+ print -u2 "Notice: $me alread run"
+ exit 0
+fi
+
+if [[ "$(/usr/bin/id -un)" != "root" ]]
+then
+ print -u2 "Error: $me must be run as root. aborting..."
+ exit 1
+fi
+
+# Check for the testsuites we need
+if [[ ! -e ./testsuite || ! -e $THIRTYTWO/testsuite ]]
+then
+ print -u2 \
+ "Error: testsuite and $THIRTYTWO/testsuite must be in the local \
+directory, Aborting..."
+ exit 1
+fi
+ln -s $THIRTYTWO 32
+
+PACKAGES_NEEDED="service/security/kerberos-5 \
+ system/security/kerberos-5 \
+ system/library/security/sasl/crammd5 \
+ system/library/security/sasl/digestmd5 \
+ system/library/security/sasl/anonymous "
+
+pkg list $PACKAGES_NEEDED > /dev/null
+if (( $? != 0 ))
+then
+ pkg install $PACKAGES_NEEDED
+fi
+
+pkg list $PACKAGES_NEEDED > /dev/null
+if (( $? != 0 ))
+then
+ echo "One or more packages failed to install"
+ exit 1
+fi
+
+export MYLOC=`pwd`
+if [[ ! -f /etc/sasl2/TestSuite.conf ]] ; then
+ (cd /etc/sasl2 && ln -s $MYLOC/TestSuite.conf . )
+else
+ print -u2 "Please rename /etc/sasl2/TestSuite.conf and try again"
+ exit 1
+fi
+
+if [[ ! -f /etc/resolv.conf ]]
+then
+ print -u2 "Error: need to configure /etc/resolv.conf."
+ exit 1
+fi
+
+if [[ -n "$fqdn" ]]
+then
+ host=$fqdn
+else
+ host=$(uname -n)
+fi
+
+if [[ -x /usr/sbin/nslookup ]]
+then
+ /usr/sbin/nslookup $host 2>/dev/null | grep '^Name:' |\
+ tr '[:upper:]' '[:lower:]' | read j fqdn
+elif [[ -x /usr/sbin/dig ]]
+then
+ /usr/sbin/dig +noall +search +answer $host 2>/dev/null |\
+ tr '[:upper:]' '[:lower:]' | read fqdn j
+ fqdn=${fqdn%.}
+fi
+
+if ! ping $fqdn >/dev/null
+then
+ print -u2 "Error: ping full hostname ${fqdn} failed. Aborting..."
+ exit 1
+fi
+
+passwd="1234"
+
+trap "echo 'A command failed, aborting.'; exit 1" ERR
+
+svcadm disable -s svc:/network/security/krb5kdc:default
+svcadm disable -s svc:/network/security/kadmin:default
+svcadm disable -s svc:/network/security/krb5_prop:default
+
+if ! $force
+then
+ ok_to_proceed "Existing KDC config will be destroyed, okay to proceed?"
+fi
+
+trap - ERR # in kdcmgr destroy fails, run it again
+yes | /usr/sbin/kdcmgr destroy > /dev/null
+if (( $? != 0 ))
+then
+ yes | /usr/sbin/kdcmgr destroy > /dev/null
+fi
+print "Existing KDC config destroyed."
+trap "echo 'A command failed, aborting.'; exit 1" ERR
+
+passwd_file=$(/usr/bin/mktemp /var/run/setup_kdc_passwd.XXXXXX)
+
+print $passwd > $passwd_file
+
+# create the master KDC
+if [[ -n $master_kdc ]]
+then
+ /usr/sbin/kdcmgr -a $admin_princ -r $realm -p $passwd_file create -m $master_kdc slave
+else
+ /usr/sbin/kdcmgr -a $admin_princ -r $realm -p $passwd_file create master
+fi
+
+rm -f $passwd_file
+
+# Optional stuff follows...
+
+# Note, this next section is adding various service principals local to
+# this system. If you have servers running on other systems, edit this
+# section to add the services using the FQDN hostnames of those systems
+# and ouput the keytab to a non-default filename.
+# You will then either copy the non-default filename created on the
+# system you ran this script on or login to the other system and do a
+# kadmin/ktadd to add the service principal to the /etc/krb5/krb5.keytab
+# located on that server.
+
+# addprincs if not in slave mode
+if [[ -z $master_kdc ]]
+then
+ if [[ -n "$kt_config_file" ]]
+ then
+ if ! $force
+ then
+ ok_to_proceed "Existing keytab files will be modified, okay to proceed?"
+ fi
+ while read host services
+ do
+ if [[ "$host" == "#*" ]]
+ then
+ # skip comments
+ continue
+ fi
+ if [[ "$host" != "localhost" ]]
+ then
+ hostkeytab="/var/run/${host}.keytab"
+ rm -f $hostkeytab
+ kt_transfer_command[num_keytabs]="scp $hostkeytab ${host}:/etc/krb5/krb5.keytab"
+ fi
+ for service in $services
+ do
+ if [[ "$host" == "localhost" ]]
+ then
+ # add service to KDC's keytab
+ kadmin.local -q "addprinc -randkey $service/$fqdn"
+ kadmin.local -q "ktadd $service/$fqdn"
+ print "Added $service/$fqdn to /etc/krb5/krb5.keytab"
+ else
+ # add service to $host's keytab
+ kadmin.local -q "addprinc -randkey $service/$host"
+ kadmin.local -q "ktadd -k $hostkeytab $service/$host"
+ print "\nAdded $service/$host to $hostkeytab"
+ fi
+ done
+ ((num_keytabs = num_keytabs + 1))
+ done < $kt_config_file
+ fi
+
+ if [[ -n "$crossrealm" ]]
+ then
+ # Setup Cross-realm auth.
+ kadmin.local -q "addprinc -pw $passwd krbtgt/$realm@$crossrealm"
+ kadmin.local -q "addprinc -pw $passwd krbtgt/$crossrealm@$realm"
+ print "\n\nNote, /etc/krb5/krb5.conf will need to be modified to support crossrealm."
+ fi
+
+ # Optional, Add service principals on KDC
+ for srv in nfs ldap smtp imap cifs
+ do
+ # randomizes the key anyway so use the -randkey option for addprinc).
+ kadmin.local -q "addprinc -randkey $srv/$fqdn"
+ kadmin.local -q "ktadd $srv/$fqdn"
+ done
+
+
+ # "tester" needed for setup
+ kadmin.local -q "addprinc -pw $passwd tester"
+
+ # "ken" needed for test
+ echo "1234" | saslpasswd2 -c -p -f ./sasldb ken
+ kadmin.local -q "addprinc -pw $passwd ken"
+
+fi # addprincs if not in slave mode
+
+# turn off err trap because svcadm below may return an unimportant error
+trap "" ERR
+
+if ! egrep '^[ ]*krb5[ ]+390003' /etc/nfssec.conf > /dev/null
+then
+ tmpnfssec=$(/usr/bin/mktemp /tmp/nfssec.conf_XXXXX)
+ [[ -n $tmpnfssec ]] || exit 1
+ sed -e 's/^ *# *krb5/krb5/g' /etc/nfssec.conf > $tmpnfssec
+ mv -f $tmpnfssec /etc/nfssec.conf
+ print 'Enabled krb5 sec in /etc/nfssec.conf.'
+ print 'Copy /etc/nfssec.conf to all systems doing NFS sec=krb5*.'
+ print
+fi
+
+# get time and DNS running
+
+if [[ ! -f /etc/inet/ntp.conf && -f /etc/inet/ntp.client ]]
+then
+ cp /etc/inet/ntp.client /etc/inet/ntp.conf
+fi
+if [[ -f /etc/inet/ntp.conf ]]
+then
+ svcadm enable -s svc:/network/ntp:default
+fi
+
+
+svcadm enable svc:/network/security/ktkt_warn:default
+
+if ! svcadm enable -s svc:/network/security/krb5kdc:default
+then
+ svcs -x svc:/network/security/krb5kdc:default
+ cat <<-EOF
+
+Error, the krb5kdc daemon did not start. You will not be able to do Kerberos
+authentication. Check your kerberos config and rerun this script.
+
+ EOF
+ exit 1
+fi
+
+if [[ -z $master_kdc ]] && ! svcadm enable -s svc:/network/security/kadmin:default
+then
+ svcs -x svc:/network/security/kadmin:default
+ cat <<-EOF
+
+Error, the kadmind daemon did not start. You will not be able to change
+passwords or run the kadmin command. Make sure /etc/krb5/kadm5.acl is
+configured properly and rerun this script.
+
+ EOF
+ exit 1
+fi
+
+if ! svcadm enable -s svc:/network/rpc/gss:default
+then
+ svcs -x svc:/network/rpc/gss:default
+ cat <<-EOF
+
+Error, the gss service did not start. You will not be able to do nfssec with sec=krb5*
+
+ EOF
+ exit 1
+fi
+
+tmpccache=$(/usr/bin/mktemp /tmp/ccache_XXXXXX)
+[[ -n $tmpccache ]] || exit 1
+if ! print "$passwd" | kinit -c $tmpccache tester
+then
+ print -u2 "Warning, kinit for tester princ failed, kdc setup is not working!"
+ exit 1
+fi
+
+integer i=0
+while ((i < num_keytabs))
+do
+ if ((i == 0))
+ then
+ print "\nRun the following commands to transfer generated keytabs:"
+ fi
+ print ${kt_transfer_command[i]}
+ ((i = i + 1))
+done
+
+print 1234 | kinit ken
+touch .setup