blob: 1cb96f843c6f75c1b4f47b73f708c90bd7d0ca9a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
#!/bin/sh
if $VERBOSE; then
REDIRECT=
else
REDIRECT='>/dev/null'
fi
# Requires that $K5ROOT, /etc/krb.conf, and .k5.$REALM be world-writeable.
if [ "$TOP" = "" ]; then
echo "init_db: Environment variable \$TOP must point to top of build tree" 1>&2
exit 1
fi
if [ "$STOP" = "" ]; then
echo "init_db: Environment variable \$STOP must point to top of source tree" 1>&2
exit 1
fi
if [ "$libdir" = "" ]; then
echo "init_db: Environment variable \$libdir must point to library install directory" 1>&2
exit 1
fi
IROOT=$TOP/..
ADMIN=$TOP/dbutil
BIN=$IROOT/bin
ETC=$IROOT/etc
MODDIR=$TOP/../util/fakedest$libdir/krb5/plugins/kdb
SBIN=$TOP/keytab:$TOP/server
DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM
if [ ! -d $MODDIR ]; then
echo "+++" 1>&2
echo "+++ Error! $MODDIR does not exist!" 1>&2
echo "+++ The MODDIR variable should point to the directory in which" 1>&2
echo "+++ database modules have been installed for testing." 1>&2
echo "+++" 1>&2
exit 1
fi
DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
DUMMY=${STESTDIR=$STOP/testing}
DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH
if [ ! -x $SRVTCL ]; then
echo "+++" 1>&2
echo "+++ Error! $SRVTCL does not exist!" 1>&2
echo "+++ It was probably not compiled because TCL was not available. If you" 1>&2
echo "+++ now have TCL installed, cd into that directory, re-run configure" 1>&2
echo "+++ with the --with-tcl option, and then re-run make." 1>&2
echo "+++" 1>&2
exit 1
fi
rm -rf $K5ROOT/*
if [ -d $K5ROOT ]; then
true
else
mkdir $K5ROOT
fi
# touch $K5ROOT/syslog
# for pid in `$PS_ALL | awk '/syslogd/ && !/awk/ {print $2}'` ; do
# case "$pid" in
# xxx) ;;
# *)
# if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi
# kill -1 $pid
# ;;
# esac
# done
qualname=`$QUALNAME`
sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
-e "s/__KDCHOST__/$qualname/g" \
-e "s/__LOCALHOST__/$qualname/g" \
-e "s#__MODDIR__#$MODDIR#g" \
< $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
< $STESTDIR/proto/kdc.conf.proto > $K5ROOT/kdc.conf
eval kdb5_util -r $REALM create -P mrroot -s $REDIRECT || exit 1
cp $STESTDIR/proto/ovsec_adm.dict $K5ROOT/ovsec_adm.dict
cat - > /tmp/init_db$$ <<\EOF
source $env(TCLUTIL)
set r $env(REALM)
if {[info exists env(USER)]} {
set whoami $env(USER)
} else {
set whoami [exec whoami]
}
set cmds {
{kadm5_init $env(SRVTCL) mrroot null \
[config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \
$KADM5_API_VERSION_2 server_handle}
{kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
{KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM}}
{kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
{KADM5_POLICY KADM5_PW_MIN_LIFE}}
{kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
{KADM5_POLICY}}
{kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \
{KADM5_POLICY}}
{kadm5_create_principal $server_handle \
[simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena}
{kadm5_create_principal $server_handle \
[simple_principal test1@$r] {KADM5_PRINCIPAL} test1}
{kadm5_create_principal $server_handle \
[simple_principal test2@$r] {KADM5_PRINCIPAL} test2}
{kadm5_create_principal $server_handle \
[simple_principal test3@$r] {KADM5_PRINCIPAL} test3}
{kadm5_create_principal $server_handle \
[simple_principal admin@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \
admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \
admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin}
{kadm5_create_principal $server_handle \
[princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \
KADM5_POLICY} pol111111}
{kadm5_create_principal $server_handle \
[princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \
KADM5_POLICY} pol222222}
{kadm5_create_principal $server_handle \
[princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \
KADM5_POLICY} pol333333}
{kadm5_create_principal $server_handle \
[princ_w_pol admin/get-pol@$r test-pol-nopw] \
{KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin}
{kadm5_create_principal $server_handle \
[princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \
KADM5_POLICY} StupidAdmin}
{kadm5_create_principal $server_handle \
[simple_principal changepw/kerberos] \
{KADM5_PRINCIPAL} {XXX THIS IS WRONG}}
{kadm5_create_principal $server_handle \
[simple_principal $whoami] \
{KADM5_PRINCIPAL} $whoami}
{kadm5_destroy $server_handle}
}
foreach cmd $cmds {
if {[catch $cmd output]} {
puts stderr "Error! Command: $cmd\nError: $output"
exit 1
} else {
puts stdout $output
}
}
EOF
eval "$SRVTCL < /tmp/init_db$$ $REDIRECT"
rm /tmp/init_db$$
if [ $? -ne 0 ]; then
echo "Error in $SRVTCL!" 1>&2
exit 1
fi
cat > $K5ROOT/ovsec_adm.acl <<EOF
admin@$REALM admcil
admin/get@$REALM il
admin/modify@$REALM mc
admin/delete@$REALM d
admin/add@$REALM a
admin/get-pol@$REALM il
admin/rename@$REALM adil
admin/mod-add@$REALM amc
admin/mod-delete@$REALM mcd
admin/get-add@$REALM ail
admin/get-delete@$REALM ild
admin/get-mod@$REALM ilmc
admin/no-add@$REALM mcdil
admin/no-delete@$REALM amcil
changepw/kerberos@$REALM cil
EOF
eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT
# Create $K5ROOT/setup.csh to make it easy to run other programs against
# the test db
cat > $K5ROOT/setup.csh <<EOF
setenv KRB5_CONFIG $KRB5_CONFIG
setenv KRB5_KDC_PROFILE $KRB5_KDC_PROFILE
setenv KRB5_KTNAME $KRB5_KTNAME
$KRB5_RUN_ENV_CSH
EOF
|
