5739N/A#!/bin/ksh93 -p
5739N/A#
5739N/A# CDDL HEADER START
5739N/A#
5739N/A# The contents of this file are subject to the terms of the
5739N/A# Common Development and Distribution License (the "License").
5739N/A# You may not use this file except in compliance with the License.
5739N/A#
5739N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5739N/A# or http://www.opensolaris.org/os/licensing.
5739N/A# See the License for the specific language governing permissions
5739N/A# and limitations under the License.
5739N/A#
5739N/A# When distributing Covered Code, include this CDDL HEADER in each
5739N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5739N/A# If applicable, add the following below this CDDL HEADER, with the
5739N/A# fields enclosed by brackets "[]" replaced with your own identifying
5739N/A# information: Portions Copyright [yyyy] [name of copyright owner]
5739N/A#
5739N/A# CDDL HEADER END
5739N/A#
5739N/A
5739N/A#
5739N/A# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
5739N/A#
5739N/A
5739N/A# Run this command as root to set up for sasl testsuite
5739N/A# creates a standard set of sasl users and makes them principals
5739N/A# -- create/recreate the KDC principal DB
5739N/A# -- create a sasldb
5739N/A
5739N/A
5739N/Aexport THIRTYTWO
5739N/Acase `uname -p` in
5739N/A i386)
5739N/A THIRTYTWO="i86"
5739N/A ;;
5739N/A
5739N/A sparc) THIRTYTWO="sparcv7"
5739N/A ;;
5739N/A
5739N/A *) echo "Architecture unknown"
5739N/A exit 1
5739N/A ;;
5739N/Aesac
5739N/A
5739N/A
5739N/A# realm used as default, edit if a different realm is desired.
5864N/Aexport realm="SASLTEST.NET"
5739N/A# realm for cross-realm auth.
5739N/Acrossrealm=
5739N/A
5739N/A# password for all principals not added to keytab
5739N/Aexport passwd="1234"
5739N/A
5739N/A# Set this to the ID that is allowed to run kadmin
5739N/A# Be default you would do: "kadmin -p kdc/admin" and use the passwd above.
5739N/Aadmin_princ="kdc/admin"
5739N/A
5864N/A# used to determine if in
5864N/A# batch/non-intera/home/willf/app_support/etc/krb5/templates/db2ctive mode
5739N/Aforce='false'
5739N/Acheck_leaks='false'
5739N/A
5739N/A# keytab config file
5739N/Akt_config_file=
5739N/Anum_keytabs=0
5739N/Aset -A kt_transfer_command
5739N/A
5739N/A# should be null if seting up master kdc
5739N/Amaster_kdc=
5739N/A
5739N/A# get the base script name
5739N/Ame=${0##*/}
5739N/A
5739N/Afunction usage {
5739N/A cat >&2 <<EOF
5739N/A
5739N/A -f: Force answer yes (non-interactive mode). Use with caution as
5739N/A this script will delete existing KDB.
5739N/A
5739N/A -?: This help message.
5739N/A
5739N/AEOF
5739N/A exit 1
5739N/A}
5739N/A
5739N/Afunction ask {
5739N/A trap - ERR
5739N/A # ask question, set global answer
5739N/A typeset question=$1 default_answer=$2
5739N/A if [ -z "$default_answer" ]; then
5739N/A print "$question \c"
5739N/A else
5739N/A print "$question [$default_answer]: \c"
5739N/A fi
5739N/A read answer
5739N/A [ -z "$answer" ] && answer="$default_answer"
5739N/A}
5739N/A
5739N/Afunction yesno {
5739N/A trap - ERR
5739N/A typeset question="$1"
5739N/A # answer is a global set by ask
5739N/A answer=
5739N/A while [ -z "$answer" ]; do
5739N/A ask "$question" 'n'
5739N/A case $answer in
5739N/A y|yes) answer=yes;;
5739N/A n|no) answer=no;;
5739N/A *) answer=;;
5739N/A esac
5739N/A done
5739N/A}
5739N/A
5739N/Afunction ok_to_proceed {
5739N/A trap - ERR
5739N/A yesno "$@"
5739N/A if [[ "$answer" == 'no' ]]; then
5739N/A echo "Exiting, no action performed"
5739N/A exit 1
5739N/A fi
5739N/A}
5739N/A
5739N/A
5739N/A################################ Start of Main script #########################
5739N/A
5739N/Awhile getopts f flag
5739N/Ado
5739N/A case "$flag" in
5739N/A f) force=true ;;
5739N/A \?) usage ;;
5739N/A *) usage ;;
5739N/A esac
5739N/Adone
5739N/Ashift $((OPTIND - 1))
5739N/A
5739N/Aif [ -n "$1" ] ; then
5739N/A echo "'$1'" = $1
5739N/A usage
5739N/Afi
5739N/A
5739N/Aif [[ -f .setup ]]
5739N/Athen
5864N/A print -u2 "Notice: $me already run"
5739N/A exit 0
5739N/Afi
5739N/A
5739N/Aif [[ "$(/usr/bin/id -un)" != "root" ]]
5739N/Athen
5739N/A print -u2 "Error: $me must be run as root. aborting..."
5739N/A exit 1
5739N/Afi
5739N/A
5739N/A# Check for the testsuites we need
5739N/Aif [[ ! -e ./testsuite || ! -e $THIRTYTWO/testsuite ]]
5739N/Athen
5739N/A print -u2 \
5739N/A "Error: testsuite and $THIRTYTWO/testsuite must be in the local \
5739N/Adirectory, Aborting..."
5739N/A exit 1
5739N/Afi
5739N/Aln -s $THIRTYTWO 32
5739N/A
5864N/Aexport SASL_PACKAGES_NEEDED="system/library/security/sasl/crammd5 \
5739N/A system/library/security/sasl/digestmd5 \
5739N/A system/library/security/sasl/anonymous "
5739N/A
5739N/A
5739N/Aexport MYLOC=`pwd`
5739N/Aif [[ ! -f /etc/sasl2/TestSuite.conf ]] ; then
5739N/A (cd /etc/sasl2 && ln -s $MYLOC/TestSuite.conf . )
5739N/Aelse
5739N/A print -u2 "Please rename /etc/sasl2/TestSuite.conf and try again"
5739N/A exit 1
5739N/Afi
5739N/A
5739N/Aif [[ ! -f /etc/resolv.conf ]]
5739N/Athen
5739N/A print -u2 "Error: need to configure /etc/resolv.conf."
5739N/A exit 1
5739N/Afi
5739N/A
5739N/Aif [[ -n "$fqdn" ]]
5739N/Athen
5739N/A host=$fqdn
5739N/Aelse
5739N/A host=$(uname -n)
5739N/Afi
5739N/A
5739N/Aif [[ -x /usr/sbin/nslookup ]]
5739N/Athen
5739N/A /usr/sbin/nslookup $host 2>/dev/null | grep '^Name:' |\
5739N/A tr '[:upper:]' '[:lower:]' | read j fqdn
5739N/Aelif [[ -x /usr/sbin/dig ]]
5739N/Athen
5739N/A /usr/sbin/dig +noall +search +answer $host 2>/dev/null |\
5739N/A tr '[:upper:]' '[:lower:]' | read fqdn j
5739N/A fqdn=${fqdn%.}
5739N/Afi
5739N/A
5739N/Aif ! ping $fqdn >/dev/null
5739N/Athen
5739N/A print -u2 "Error: ping full hostname ${fqdn} failed. Aborting..."
5739N/A exit 1
5739N/Afi
5739N/A
5739N/A# get time and DNS running
5739N/A
5739N/Aif [[ ! -f /etc/inet/ntp.conf && -f /etc/inet/ntp.client ]]
5739N/Athen
5739N/A cp /etc/inet/ntp.client /etc/inet/ntp.conf
5739N/Afi
5739N/Aif [[ -f /etc/inet/ntp.conf ]]
5739N/Athen
5739N/A svcadm enable -s svc:/network/ntp:default
5739N/Afi
5739N/A
5864N/Aexport KMODE="mit"
5864N/Aset -A MEDIATOR `pkg mediator -H kerberos5`
5739N/A
5864N/Acase ${MEDIATOR[3]} in
5739N/A
5864N/A "solaris" ) # old kerberos configured
5864N/A KMODE="seam"
5864N/A ;;
5739N/A
5864N/A *) # "MIT" or mediator does not exist
5864N/A KMODE="mit"
5864N/A ;;
5864N/Aesac
5739N/A
5864N/A. ./setup-for-$KMODE
5864N/Aif (( $? != 0 ))
5739N/Athen
5864N/A print -u2 "Setup failed"
5864N/A exit 1
5739N/Afi
5739N/A
5739N/A
5864N/Aprint "$passwd" | kinit ken
5739N/Atouch .setup