Home | History | Annotate | Download | only in nfsgen
      1 #! /usr/bin/ksh -p
      2 #
      3 # CDDL HEADER START
      4 #
      5 # The contents of this file are subject to the terms of the
      6 # Common Development and Distribution License (the "License").
      7 # You may not use this file except in compliance with the License.
      8 #
      9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10 # or http://www.opensolaris.org/os/licensing.
     11 # See the License for the specific language governing permissions
     12 # and limitations under the License.
     13 #
     14 # When distributing Covered Code, include this CDDL HEADER in each
     15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16 # If applicable, add the following below this CDDL HEADER, with the
     17 # fields enclosed by brackets "[]" replaced with your own identifying
     18 # information: Portions Copyright [yyyy] [name of copyright owner]
     19 #
     20 # CDDL HEADER END
     21 #
     22 
     23 #
     24 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     25 # Use is subject to license terms.
     26 #
     27 # ident	"@(#)krb5_config.ksh	1.2	09/08/02 SMI"
     28 #
     29 
     30 DIR=$(dirname $0)
     31 NAME=$(basename $0)
     32 
     33 Usage="Usage: $NAME -s | -c \n
     34 	-s: to setup the kerberos\n
     35 	-c: to cleanup the kerberos\n
     36 "
     37 if (( $# < 1 )); then
     38         echo $Usage
     39         exit 99
     40 fi
     41 
     42 . $STF_TOOLS/include/stf.kshlib
     43 . ${STF_TOOLS}/contrib/include/nfs-util.kshlib
     44 . ${STF_TOOLS}/contrib/include/nfs-tx.kshlib
     45 
     46 # Turn on debug info, if requested
     47 export _NFS_STF_DEBUG=$_NFS_STF_DEBUG:$NFSGEN_DEBUG
     48 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
     49 	&& set -x
     50 
     51 DEFAULT_DNS_SERVER="129.145.155.226"
     52 DEFAULT_DNS_DOMAIN="sfbay.sun.com"
     53 
     54 # get dns server from the following sources
     55 #	- user specified value
     56 #	- /etc/resolv.conf
     57 #	- default("129.145.155.226")
     58 if [[ -z $DNS_SERVER && -f /etc/resolv.conf ]]; then
     59 	dns_server=$(grep nameserver /etc/resolv.conf | head -1 | \
     60 	    awk '{print $2}')
     61 	[[ -n $dns_server  ]] && DNS_SERVER=$dns_server
     62 fi
     63 DNS_SERVER=${DNS_SERVER:-$DEFAULT_DNS_SERVER}
     64 
     65 # get the domain for all systems from the following sources
     66 #	- user specified value
     67 #	- /etc/resolv.conf
     68 #	- default("sfbay.sun.com")
     69 [[ -z $DNS_DOMAIN ]] \
     70 	&& DNS_DOMAIN=$(get_DNS_INFO "domain" "localhost" "$DEFAULT_DNS_DOMAIN")
     71 
     72 [[ -z $SRV_DNS_DOMAIN ]] \
     73 	&& SRV_DNS_DOMAIN=$(get_DNS_INFO domain $SERVER $DNS_DOMAIN)
     74 SRV_FQDN=${SERVER%%.*}.$SRV_DNS_DOMAIN
     75 
     76 if [[ -n $CLIENT2 ]]; then
     77 	[[ -z $CLT2_DNS_DOMAIN ]] \
     78 		&& CLT2_DNS_DOMAIN=$(get_DNS_INFO domain $CLIENT2 $DNS_DOMAIN)
     79 	CLT2_FQDN=${CLIENT2%%.*}.$CLT2_DNS_DOMAIN
     80 fi
     81 
     82 krb5_hosts="local $SRV_FQDN $CLT2_FQDN"
     83 
     84 getopts sc opt
     85 case $opt in
     86 s)
     87 	# We need to set kerberos, first check if kerberos
     88 	# has been set up on server and client
     89 	RUN_CHECK rm -f $KRB5_NO_CLEANUP_FILE
     90 	check_knfs "$SERVER" "$CLIENT2 localhost" \
     91 		>$STF_TMPDIR/check_knfs.out.$$ 2>&1
     92 	(( $? == 1 )) && need_to_setup=1 || need_to_setup=0
     93 	# if debug is on, print out the log
     94 	[[ :$NFSGEN_DEBUG: = *:${NAME}:* \
     95 	    || :${NFSGEN_DEBUG}: = *:all:* ]] \
     96 	    && cat $STF_TMPDIR/check_knfs.out.$$
     97 
     98 	# if kerberos has been set up, exit immediately.
     99 	if (( $need_to_setup == 0 )); then
    100 		# create a flag file
    101 		RUN_CHECK touch $KRB5_NO_CLEANUP_FILE || exit $STF_FAIL
    102 		echo "Using existing Kerberos setup."
    103 		echo "Please make sure test principals($TUSER01,$TUSER02) \c"
    104 		echo "are created in KDC !!"
    105 		exit $STF_PASS
    106 	fi
    107 
    108 	# while arriving here, we need to call krb5tools to setup kerberos
    109 	# first setup KDC on $SERVER
    110 	RUN_CHECK ${KRB5TOOLS_HOME}/bin/kdccfg -s $SRV_FQDN. \
    111 	    || exit $STF_UNINITIATED
    112 
    113 	for host in $krb5_hosts; do
    114 		if [[ $host = "local" ]]; then
    115 			host=""
    116 			host_fqdn=$(uname -n).$DNS_DOMAIN
    117 		else
    118 			host_fqdn=$host
    119 		fi
    120 
    121 		# setup the host as KDC client, create host principal
    122 		RUN_CHECK ${KRB5TOOLS_HOME}/bin/kdc_clientcfg -s -k $SRV_FQDN. \
    123 		    -p host/$host_fqdn $host \
    124 		    || exit $STF_UNINITIATED
    125 
    126 		# enable kerberized nfs support on the host
    127 		RUN_CHECK ${KRB5TOOLS_HOME}/bin/krb5nfscfg -s $host \
    128 		    || exit $STF_UNINITIATED
    129 	done
    130 
    131 	# verify the above setup works
    132 	RUN_CHECK check_knfs "$SERVER" "$CLIENT2 localhost"
    133 	if (( $? != 0 )); then
    134 		# print client and server configuration 
    135 		# and status information
    136 		${KRB5TOOLS_HOME}/bin/kinfo all
    137 		${KRB5TOOLS_HOME}/bin/kinfo all $CLIENT2
    138 		${KRB5TOOLS_HOME}/bin/kinfo all $SERVER
    139 		exit $STF_UNINITIATED
    140 	fi
    141 
    142 	# create two test user principals.
    143 	${KRB5TOOLS_HOME}/bin/princadm -c -p $TUSER01 >/dev/null 2>&1
    144 	RUN_CHECK ${KRB5TOOLS_HOME}/bin/princadm -s \
    145 	    -p $TUSER01,password=$KPASSWORD \
    146 	    || exit $STF_UNINITIATED
    147 	${KRB5TOOLS_HOME}/bin/princadm -c -p $TUSER02 >/dev/null 2>&1
    148 	RUN_CHECK ${KRB5TOOLS_HOME}/bin/princadm -s \
    149 	    -p $TUSER02,password=$KPASSWORD \
    150 	    || exit $STF_UNINITIATED
    151 	;;
    152 
    153 c)
    154 	# check if it is necessary to do cleanup or not
    155 	if [[  -f $KRB5_NO_CLEANUP_FILE ]]; then
    156 		rm -f $NO_CLEANUP_FILE
    157 		exit $STF_PASS
    158 	fi
    159 
    160 	warning=0
    161 
    162 	# remove the test user principals.
    163 	RUN_CHECK ${KRB5TOOLS_HOME}/bin/princadm -c -p $TUSER01
    164 	warning=$((warning + $?))
    165 	RUN_CHECK ${KRB5TOOLS_HOME}/bin/princadm -c -p $TUSER02
    166 	warning=$((warning + $?))
    167 
    168 	for host in $krb5_hosts; do
    169 		[[ $host = "local" ]] && host=""
    170 		# clean up the host with its kerberized NFS configuration
    171 		RUN_CHECK ${KRB5TOOLS_HOME}/bin/krb5nfscfg -c $host 
    172 		warning=$((warning + $?))
    173 	
    174 		# clean up the host with its KDC client configuration
    175 		RUN_CHECK ${KRB5TOOLS_HOME}/bin/kdc_clientcfg -c $host
    176 		warning=$((warning + $?))
    177 	done
    178 
    179 	# clean up $SERVER with its KDC configuration
    180 	RUN_CHECK ${KRB5TOOLS_HOME}/bin/kdccfg -c $SRV_FQDN.
    181 	warning=$((warning + $?))
    182 
    183 	if (( warning != 0 )); then
    184 		echo "WARNING: the script failed to restore the system's " \
    185 		     "original state. This may affect other tests that follow."
    186 		rm -rf $STF_TMPDIR/*.$$
    187 		exit $STF_WARNING
    188 	fi
    189 	;;
    190 \?)
    191 	echo $Usage
    192 	exit 99
    193 	;;
    194 esac
    195 
    196 rm -rf $STF_TMPDIR/*.$$
    197 exit $STF_PASS
    198