kadmin/kdcmgr/kdcmgr.sh

	kdcmgr.sh revision 47fc6f3c5b3c55e162497f2704e8a30366037e6d
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#!/usr/bin/ksh
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# CDDL HEADER START
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# The contents of this file are subject to the terms of the
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# Common Development and Distribution License (the "License").
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# You may not use this file except in compliance with the License.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# or http://www.opensolaris.org/os/licensing.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# See the License for the specific language governing permissions
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# and limitations under the License.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# When distributing Covered Code, include this CDDL HEADER in each
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# If applicable, add the following below this CDDL HEADER, with the
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# fields enclosed by brackets "[]" replaced with your own identifying
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# information: Portions Copyright [yyyy] [name of copyright owner]
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# CDDL HEADER END
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# Use is subject to license terms.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# ident "%Z%%M% %I% %E% SMI"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# This command provides an simple interface to configure, destroy, and to obtain
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# the status of a master or slave Kerberos KDC server.
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis#
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction usage {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    app=`basename $0`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "Usage: %s [ -a admprincipal ] [ -e enctype ] [ -h ]")\n" $app
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "[ -p pwfile ] [ -r realm ] subcommand")\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "-a: Create non-default admin principal.")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "-e: Encryption type used to encrypt the master key")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "-h: This help message.")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "-p: File that contains the admin principal and master key password.")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "-r: Set the default realm for this server.")\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "where 'subcommand' is one of the following:")\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "create [ master ]")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "create [ -m masterkdc ] slave")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "destroy")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$(gettext "status")\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    cleanup 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction ask {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # ask question, set global answer
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    typeset question=$1 default_answer=$2
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $default_answer ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        print "$question \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        print "$question [$default_answer]: \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    read answer
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    [ -z "$answer" ] && answer="$default_answer"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction yesno {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    typeset question="$1"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # answer is a global set by ask
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    answer=
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    yn=`printf "$(gettext "y/n")"`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    y=`printf "$(gettext "y")"`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    n=`printf "$(gettext "n")"`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    yes=`printf "$(gettext "yes")"`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    no=`printf "$(gettext "no")"`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    while [[ -z $answer ]]; do
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        ask "$question" $yn
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        case $answer in
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            $y|$yes)    answer=yes;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            $n|$no)     answer=no;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            *)      answer=;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        esac
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    done
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction query {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    yesno "$*"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $answer = no ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\t$(gettext "No action performed").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction cleanup {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    integer ret=$1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    kdestroy -q -c $TMP_CCACHE 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        rm -f $TMP_FILE
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        exit $ret
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction error_message {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "---------------------------------------------------\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$(gettext "Setup FAILED").\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    cleanup 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction check_bin {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    bin=$1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ ! -x $bin ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$(gettext "Could not access/execute %s").\n" $bin
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction check_ret {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    integer ret=$1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    prog=$2
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $ret -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "%s failed with return value %d, exiting").\n\n" $prog $ret
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction ok_to_proceed {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    yesno "$@"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $answer = no ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Exiting, no action performed")\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cleanup 0
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction check_value {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    typeset arg="$1"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $arg ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "No input obtained for %s, exiting").\n" $checkval
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        echo "$arg">$TMP_FILE
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if egrep -s '[*$^#!]+' $TMP_FILE; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "Invalid input obtained for %s, exiting").\n" $checkval
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_kdc_conf {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "Setting up %s").\n" $KRB5_KDC_CONF
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -r $KRB5_KDC_CONF ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $KRB5_KDC_CONF > $KRB5_KDC_CONF.sav
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cannot_create $KRB5_KDC_CONF.sav $?
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    exec 3>$KRB5_KDC_CONF
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Cannot write to %s, exiting").\n" $KRB5_KDC_CONF
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n[kdcdefaults]\n\tkdc_ports = 88,750\n\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "[realms]\n\t$REALM = {\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tprofile = $KRB5_KRB_CONF\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tdatabase_name = $PRINCDB\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tmaster_key_type = $ENCTYPE\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tadmin_keytab = $KADM5KT\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tacl_file = $KADM5ACL\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tkadmind_port = 749\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tmax_life = 8h 0m 0s\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tmax_renewable_life = 7d 0h 0m 0s\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tdefault_principal_flags = +preauth\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tsunw_dbprop_enable = true\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $master = yes ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\t\tsunw_dbprop_master_ulogsize = 1000\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $slave = yes ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\t\tsunw_dbprop_slave_poll = 2m\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t}\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_krb_conf {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "Setting up %s").\n" $KRB5_KRB_CONF
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -r $KRB5_KRB_CONF ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $KRB5_KRB_CONF > $KRB5_KRB_CONF.sav
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cannot_create $KRB5_KRB_CONF.sav $?
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    exec 3>$KRB5_KRB_CONF
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Cannot write to %s, exiting").\n" $KRB5_KRB_CONF
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "[libdefaults]\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\tdefault_realm = $REALM\n\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "[realms]\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t$REALM = {\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $slave = yes ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\t\tkdc = $master_hn\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t\tkdc = $fqhn\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $master = yes ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\t\tadmin_server = $fqhn\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\t\tadmin_server = $master_hn\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t}\n\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "[domain_realm]\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t.$domain = $REALM\n\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "[logging]\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\tdefault = FILE:/var/krb5/kdc.log\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\tkdc = FILE:/var/krb5/kdc.log\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\tkdc_rotate = {\n\t\tperiod = 1d\n\t\tversions = 10\n\t}\n\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "[appdefaults]\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\tkinit = {\n\t\trenewable = true\n\t\tforwardable = true\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\t}\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction cannot_create {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    typeset filename="$1"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    typeset stat="$2"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $stat -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Cannot create/edit %s, exiting").\n" $filename
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction check_admin {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    message=$1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $ADMIN_PRINC ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$message"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        read ADMIN_PRINC
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        checkval="ADMIN_PRINC"; check_value $ADMIN_PRINC
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    echo "$ADMIN_PRINC">$TMP_FILE
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if egrep -s '\/admin' $TMP_FILE; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        # Already in "/admin" format, do nothing
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        :
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if egrep -s '\/' $TMP_FILE; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "Improper entry for krb5 admin principal, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            ADMIN_PRINC=$(echo "$ADMIN_PRINC/admin")
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction ping_check {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    typeset machine="$1"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if $PING $machine > /dev/null 2>&1; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        :
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "%s %s is unreachable, exiting").\n" $string $machine
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction check_host {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    host=$(echo "$host"|tr '[A-Z]' '[a-z]')
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    echo "$host">$TMP_FILE
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if egrep -s '[^.]\.[^.]+$' $TMP_FILE; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        # do nothing, host is in fqhn format
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        :
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if egrep -s '\.+' $TMP_FILE; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "Improper format of host name: '%s'").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "$(gettext "Expecting the following format: 'somehost.example.com' or 'somehost', exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            # Attach fqdn to host, to get the Fully Qualified Domain
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            # Name of the host requested
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            host=$(echo "$host.$domain")
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    #
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # Ping to see if the host is alive!
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    #
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    ping_check $host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction kill_daemons {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # Kill daemons so they won't go into maintenance mode
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM disable -s krb5kdc
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Error in disabling krb5kdc, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM disable -s kadmin
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Error in disabling kadmind, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM disable -s krb5_prop
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Error in disabling kpropd, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # Make sure that none of the daemons outside of SMF are running either
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    pkill kadmind
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -gt 1 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Error in killing kadmind, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    pkill krb5kdc
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -gt 1 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Error in killing krb5kdc, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    pkill kpropd
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -gt 1 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Error in killing kpropd, exiting").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_mkeytab {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_admin "\n$(gettext "Enter the krb5 administrative principal to be created"): \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $PWFILE ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        echo
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        $KADMINL -q "ank $ADMIN_PRINC"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $PWFILE $PWFILE | $KADMINL -q "ank $ADMIN_PRINC" > /dev/null 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMINL -q "ktadd -k $KADM5KT kadmin/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMINL -q "ktadd -k $KADM5KT changepw/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # To support Horowitz change password protocol
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMINL -q "ktadd -k $KADM5KT kadmin/changepw" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMINL -q "ktadd -k $KADM5KT kiprop/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMINL -q "ank -randkey host/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMINL -q "ktadd host/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_skeytab {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_admin "\n$(gettext "Enter the krb5 administrative principal to be used"): \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "Obtaining TGT for %s") ...\n" $ADMIN_PRINC
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $PWFILE ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        kinit -c $TMP_CCACHE -S kadmin/$master_hn $ADMIN_PRINC
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        check_ret $? kinit
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $PWFILE | kinit -c $TMP_CCACHE -S kadmin/$master_hn \
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            $ADMIN_PRINC > /dev/null 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    klist -c $TMP_CCACHE 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if egrep -s "$(gettext "Valid starting")" $TMP_FILE && \
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis       egrep -s "kadmin/$master_hn@$REALM" $TMP_FILE; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        :
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "kinit of %s failed, exiting").\n" $ADMIN_PRINC
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMIN -c $TMP_CCACHE -q "ank -randkey kiprop/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMIN
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMIN -c $TMP_CCACHE -q "ktadd kiprop/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMIN
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMIN -c $TMP_CCACHE -q "ank -randkey host/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMIN
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $KADMIN -c $TMP_CCACHE -q "ktadd host/$fqhn" 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $KADMIN
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    kdestroy -q -c $TMP_CCACHE 1>$TMP_FILE 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_ret $? $kdestroy
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_kadm5acl {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "Setting up %s").\n" $KADM5ACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -r $KADM5ACL ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $KADM5ACL > $KADM5ACL.sav
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cannot_create $KADM5ACL.sav $?
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    exec 3>$KADM5ACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Cannot write to %s, exiting").\n" $KADM5ACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $master = yes ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$ADMIN_PRINC@$REALM\t\tacmil\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\nkiprop/*@$REALM\t\tp\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n*/admin@___default_realm___\t\t*\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_kpropdacl {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "Setting up %s").\n\n" $KPROPACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -r $KPROPACL ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $KPROPACL > $KPROPACL.sav
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cannot_create $KPROPACL.sav $?
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    exec 3>$KPROPACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $? -ne 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "Cannot write to %s, exiting").\n" $KPROPACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\nhost/$master_hn@$REALM\n" 1>&3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_master {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # create principal DB (KDB)
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $PWFILE ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        echo
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        kdb5_util create
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        check_ret $? kdb5_util
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $PWFILE $PWFILE | kdb5_util create > /dev/null
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        check_ret $? kdb5_util
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_mkeytab
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_kadm5acl
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM enable -r -s krb5kdc
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM enable -r -s kadmin
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction setup_slave {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    integer count=1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_skeytab
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # Clear the kadm5acl, since the start methods look at this file
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # to see if the server has been configured as a master server
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_kadm5acl
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_kpropdacl
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM enable -r -s krb5_prop
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # Wait for full propagation of the database, in some environments
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # this could take a few seconds
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    while [[ ! -f /var/krb5/principal ]]; do
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if [[ count -gt $LOOPCNT ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "Could not receive updates from the master").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                        error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            ((count = count + 1))
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$(gettext "Waiting for database from master")...\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        sleep $SLEEPTIME
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    done
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # The database is propagated now we need to create the stash file
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -z $PWFILE ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        kdb5_util stash
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        check_ret $? kdb5_util
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        cat $PWFILE | kdb5_util stash > /dev/null 2>&1
1ec68d336ba97cd53f46053ac10401d16014d075Richard Lowe        check_ret $? kdb5_util
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    $SVCADM enable -r -s krb5kdc
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction destroy_kdc {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    # Check first to see if this is an existing KDC or server
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -f $KRB5KT || -f $KADM5KT || -f $PRINCDB || -f $OLDPRINCDB ]]
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if [[ -z $PWFILE ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "Some of the following files are present on this system"):\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            echo "\t$KRB5KT\n\t$KADM5KT\n\t$PRINCDB\n\t$OLDPRINCDB\n\t$STASH\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            if [[ -z $d_option ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                printf "$(gettext "You must first run 'kdcmgr destroy' to remove all of these files before creating a KDC server").\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                cleanup 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                ok_to_proceed "$(gettext "All of these files will be removed, okay to proceed?")"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if [[ -n $d_option ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "No KDC related files exist, exiting").\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            cleanup 0
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        return
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "yes")\n" | kdb5_util destroy > /dev/null 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    rm -f $KRB5KT $KADM5KT
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction kadm5_acl_configed {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ -s $KADM5ACL ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        grep -v '^[    ]*#' $KADM5ACL | \
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            egrep '_default_realm_' > /dev/null 2>&1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if [[ $? -gt 0 ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            return 0
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    return 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfunction status_kdc {
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    integer is_master=0
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "KDC Status Information")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    echo "--------------------------------------------"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    svcs -xv svc:/network/security/krb5kdc:default
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if kadm5_acl_configed; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        is_master=1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "KDC Master Status Information")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        echo "--------------------------------------------"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        svcs -xv svc:/network/security/kadmin:default
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    else
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "\n$(gettext "KDC Slave Status Information")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        echo "--------------------------------------------"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        svcs -xv svc:/network/security/krb5_prop:default
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "\n$(gettext "Transaction Log Information")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    echo "--------------------------------------------"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    /usr/sbin/kproplog -h
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "Kerberos Related File Information")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    echo "--------------------------------------------"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "(will display any missing files below)")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    FILELIST="$KRB5_KDC_CONF $KRB5_KRB_CONF $KADM5ACL $KRB5KT $PRINCDB "
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    for file in $FILELIST; do
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if [[ ! -s $file ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "$(gettext "%s not found").\n" $file
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    done
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $is_master -eq 0 && ! -s $KPROPACL ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$(gettext "%s not found").\n" $KPROPACL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $is_master -eq 1 && ! -s $KADM5KT ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$(gettext "%s not found").\n" $KADM5KT
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    test ! -s $STASH &&
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        printf "$(gettext "Stash file not found") (/var/krb5/.k5.*).\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    echo
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    cleanup 0
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis}
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# Start of Main script
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# Defaults
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKRB5_KDC_CONF=/etc/krb5/kdc.conf
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKRB5_KRB_CONF=/etc/krb5/krb5.conf
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKADM5ACL=/etc/krb5/kadm5.acl
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKPROPACL=/etc/krb5/kpropd.acl
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKRB5KT=/etc/krb5/krb5.keytab
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKADM5KT=/etc/krb5/kadm5.keytab
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisPRINCDB=/var/krb5/principal
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisOLDPRINCDB=/var/krb5/principal.old
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisSTASH=/var/krb5/.k5.*
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKADMINL=/usr/sbin/kadmin.local; check_bin $KADMINL
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKADMIN=/usr/sbin/kadmin;    check_bin $KADMIN
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisKDCRES=/usr/lib/krb5/klookup;   check_bin $KDCRES
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisSVCADM=/usr/sbin/svcadm;    check_bin $SVCADM
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisPING=/usr/sbin/ping;        check_bin $PING
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisENCTYPE=aes128-cts-hmac-sha1-96
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisLOOPCNT=10
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisSLEEPTIME=5
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ -x /usr/bin/mktemp ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    TMP_FILE=$(/usr/bin/mktemp /etc/krb5/krb5tmpfile.XXXXXX)
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    TMP_CCACHE=$(/usr/bin/mktemp /etc/krb5/krb5tmpccache.XXXXXX)
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiselse
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    TMP_FILE="/etc/krb5/krb5tmpfile.$$"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    TMP_CCACHE="/etc/krb5/krb5tmpccache.$$"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ ! -f /etc/resolv.conf ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "Error: need to configure /etc/resolv.conf").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    cleanup 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfqhn=`$KDCRES`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ -n "$fqhn" ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    :
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiselif [[ -n $(hostname) && -n $(domainname) ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fqhn=$(hostname|cut -f1 -d'.').$(domainname|cut -f2- -d'.'|/usr/ucb/tr 'A-Z' 'a-z')
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiselse
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "Error: can not determine full hostname (FQHN).  Aborting")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "Note, trying to use hostname and domainname to get FQHN").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    cleanup 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisping_check $fqhn
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisdomain=${fqhn#*.} # remove host part
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisexitmsg=`printf "$(gettext "Exiting...")"`
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtistrap "echo $exitmsg; rm -f $TMP_FILE $TMP_CCACHE; exit 1" HUP INT QUIT TERM
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiswhile getopts :a:e:hp:r:s flag
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisdo
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    case "$flag" in
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        a)  ADMIN_PRINC=$OPTARG;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        e)  ENCTYPE=$OPTARG;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        h)  usage;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        p)  PWFILE=$OPTARG
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            if [[ ! -r $PWFILE ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                printf "\n$(gettext "Password file %s does not exist, exiting").\n\n" $PWFILE
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                cleanup 1
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            ;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        r)  REALM=$OPTARG;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        *)  usage;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    esac
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisdone
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisshift $(($OPTIND - 1))
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiscase "$*" in
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    create)         master=yes;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    "create master")    master=yes;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    "create -m "*)      host=$3
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                checkval="MASTER"; check_value $host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                check_host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                master_hn=$host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                if [[ $4 != slave ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                    usage
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                fi;&
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    "create slave")     slave=yes;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    destroy)        d_option=yes
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                kill_daemons
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                destroy_kdc
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis                cleanup 0;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    status)         status_kdc;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    *)          usage;;
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisesac
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiskill_daemons
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisprintf "\n$(gettext "Starting server setup")\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisprintf "---------------------------------------------------\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis# Checks for existing kdb and destroys if desired
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisdestroy_kdc
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ -z $REALM ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "Enter the Kerberos realm"): \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    read REALM
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    checkval="REALM"; check_value $REALM
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr JasiukajtisREALM=$(echo "$REALM"|tr '[a-z]' '[A-Z]')
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ -z $master && -z $slave ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    query "$(gettext "Is this machine to be configured as a master?"): \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    master=$answer
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    if [[ $answer = no ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        query "$(gettext "Is this machine to be configured as a slave?"): \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        slave=$answer
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        if [[ $answer = no ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            printf "\n$(gettext "Machine must either be a master or a slave KDC server").\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis            error_message
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis        fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    fi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ $slave = yes && -z $master_hn ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    printf "$(gettext "What is the master KDC's host name?"): \c"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    read host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    checkval="MASTER"; check_value $host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    check_host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    master_hn=$host
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtissetup_kdc_conf
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtissetup_krb_conf
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisif [[ $master = yes ]]; then
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_master
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiselse
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis    setup_slave
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisfi
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisprintf "\n---------------------------------------------------\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtisprintf "$(gettext "Setup COMPLETE").\n\n"
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtiscleanup 0
25c28e83beb90e7c80452a7c818c5e6f73a07dc8Piotr Jasiukajtis