summaryrefslogtreecommitdiffstats
path: root/src/kadmin/testing/scripts/fixup-conf-files.plin
diff options
context:
space:
mode:
authorMarc Horowitz <marc@mit.edu>1996-07-22 20:49:46 +0000
committerMarc Horowitz <marc@mit.edu>1996-07-22 20:49:46 +0000
commitedf8b4d8a6a665c2aa150993cd813ea6c5cf12e1 (patch)
tree6c2974a97b448c040fa4a31708ec5e02f187526c /src/kadmin/testing/scripts/fixup-conf-files.plin
parent013bb1391582ed9e653ae706e398ddb8d08cfcc9 (diff)
downloadkrb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.tar.gz
krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.tar.xz
krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.zip
this commit includes all the changes on the OV_9510_INTEGRATION and
OV_MERGE branches. This includes, but is not limited to, the new openvision admin system, and major changes to gssapi to add functionality, and bring the implementation in line with rfc1964. before committing, the code was built and tested for netbsd and solaris. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/testing/scripts/fixup-conf-files.plin')
-rw-r--r--src/kadmin/testing/scripts/fixup-conf-files.plin344
1 files changed, 344 insertions, 0 deletions
diff --git a/src/kadmin/testing/scripts/fixup-conf-files.plin b/src/kadmin/testing/scripts/fixup-conf-files.plin
new file mode 100644
index 0000000000..d7834d1c74
--- /dev/null
+++ b/src/kadmin/testing/scripts/fixup-conf-files.plin
@@ -0,0 +1,344 @@
+#!/usr/local/bin/perl
+#
+# Usage: fixup-conf-files.pl [-server hostname]
+
+$verbose = $ENV{'VERBOSE_TEST'};
+$archos = $ENV{'ARCH_OS'};
+
+$REALM = "SECURE-TEST.OV.COM";
+
+sub replace {
+ local($old, $new, $backup) = @_;
+ local($dev, $ino, $mode);
+
+ $new = $old.".new" if !$new;
+ $backup = $old.".bak" if !$backup;
+
+ chmod($mode,$new) if (($dev, $ino, $mode) = stat($old));
+
+ unlink($backup);
+ link($old, $backup) || die "couldn't make backup link: $backup: $!\n"
+ if -e $old;
+ rename($new, $old) || die "couldn't rename $old to $new: $!\n";
+}
+
+if (@ARGV == 2 && $ARGV[0] eq "-server") {
+ $servername = $ARGV[1];
+} elsif (@ARGV != 0) {
+ print STDERR "Usage: $0 fixup-conf-files.pl [-server hostname]\n";
+}
+
+sub canonicalize_name {
+ local($hostname) = @_;
+ local($d, $addr, $addrtype);
+
+ ($host,$d,$addrtype,$d,$addr) = gethostbyname($hostname);
+ die "couldn't get hostname $hostname\n" if !$host;
+ ($host) = gethostbyaddr($addr,$addrtype);
+ die "couldn't reverse-resolve $hostname\n" if !$host;
+ return $host;
+}
+
+## Get server's canonical hostname.
+if ($servername) {
+ $serverhost = $servername;
+} else {
+ chop ($serverhost = `hostname`);
+}
+$serverhost = &canonicalize_name($serverhost);
+
+## Get local canonical hostname
+chop($localhost=`hostname`);
+$localhost = &canonicalize_name($localhost);
+
+## parse krb.conf
+
+if (open(KCONF, "/etc/athena/krb.conf")) {
+ chop($hrealm = <KCONF>);
+
+ $confok = 0;
+
+ while(<KCONF>) {
+ $confs .= $_ if !/^$REALM\s+/o;
+ $confok = 1 if /^$REALM\s+$serverhost\s+admin\s+server$/oi;
+ }
+
+ close(KCONF);
+}
+
+## rewrite krb.conf if necessary.
+
+if (($hrealm ne $REALM) || !$confok) {
+ print "Rewriting /etc/athena/krb.conf...\n" if $verbose;
+
+ open(KCONF, ">/etc/athena/krb.conf.new") ||
+ die "couldn't open /etc/athena/krb.conf.new: $!\n";
+
+ print KCONF "$REALM\n";
+ print KCONF "$REALM $serverhost admin server\n";
+ print KCONF $confs;
+
+ close(KCONF);
+
+ &replace("/etc/athena/krb.conf");
+}
+
+## parse krb.realms
+
+if (open(KREALMS, "/etc/athena/krb.realms")) {
+ $serverrealmok = 0;
+ $localrealmok = 0;
+
+ while(<KREALMS>) {
+ $realms .= $_
+ if !/^$serverhost\s+$REALM$/oi && !/^$localhost\s+$REALM$/oi;
+ $serverrealmok = 1 if /^$serverhost\s+$REALM$/oi;
+ $localrealmok = 1 if /^$localhost\s+$REALM$/oi;
+ }
+
+ close(KREALMS);
+}
+
+## rewrite krb.realms if necessary.
+
+if (!$serverrealmok || !$localrealmok) {
+ print "Rewriting /etc/athean/krb.realms...\n" if $verbose;
+
+ open(KREALMS, ">/etc/athena/krb.realms.new") ||
+ die "couldn't open /etc/athena/krb.realms.new: $!\n";
+
+ print KREALMS "$serverhost $REALM\n";
+ print KREALMS "$localhost $REALM\n" if ($localhost ne $serverhost);
+ print KREALMS $realms;
+
+ close(KREALMS);
+
+ &replace("/etc/athena/krb.realms");
+}
+
+# ## read /etc/passwd
+#
+# open(PASSWD, "/etc/passwd") || die "couldn't open /etc/passwd: $!\n";
+#
+# $passok = 0;
+#
+# if ($archos ne "solaris2.3") {
+# %mypass =
+# (
+# "root", crypt("testroot","St"),
+# "testenc", crypt("notath","HJ"),
+# "testuser", "KERBEROS5",
+# "pol1", "KERBEROS5",
+# "pol2", "KERBEROS5",
+# "pol3", "KERBEROS5",
+# );
+# } else {
+# %mypass =
+# (
+# "root", "x",
+# "testenc", "x",
+# "testuser", "x",
+# "pol1", "x",
+# "pol2", "x",
+# "pol3", "x",
+# );
+# %myshadow =
+# (
+# "root", crypt("testroot","St"),
+# "testenc", crypt("notath","HJ"),
+# "testuser", "KERBEROS5",
+# "pol1", "KERBEROS5",
+# "pol2", "KERBEROS5",
+# "pol3", "KERBEROS5",
+# );
+# }
+#
+# $chpw = 0;
+#
+# while(<PASSWD>) {
+# if (/^([^:]+):([^:]+):/ && $mypass{$1}) {
+# $users{$1}++;
+# if ($2 ne $mypass{$1}) {
+# s/^([^:]+):([^:]+):/$1:$mypass{$1}:/;
+# $chpw++;
+# }
+# }
+# $pass .= $_;
+# }
+#
+# $passok = 1;
+#
+# for (keys %mypass) {
+# if (!$users{$_}) {
+# $pass .= "$_:$mypass{$_}:32765:101::/tmp:/bin/csh\n";
+# $passok = 0;
+# }
+# }
+# close(PASSWD);
+#
+# ## rewrite passwd if necessary.
+#
+# if ($chpw || !$passok) {
+# print "Rewriting /etc/passwd...\n" if $verbose;
+#
+# open(PASSWD, ">/etc/passwd.new") ||
+# die "couldn't open /etc/passwd.new: $!\n";
+#
+# print PASSWD $pass;
+#
+# close(PASSWD);
+#
+# &replace("/etc/passwd");
+# }
+#
+# if ($archos eq "solaris2.3") {
+#
+# ## read /etc/shadow
+#
+# open(SHADOW, "/etc/shadow") || die "couldn't open /etc/shadow: $!\n";
+#
+# $shadowok = 0;
+# $chpw = 0;
+# %users = ();
+#
+# while(<SHADOW>) {
+# if (/^([^:]+):([^:]+):/ && $myshadow{$1}) {
+# $users{$1}++;
+# if ($2 ne $myshadow{$1}) {
+# s/^([^:]+):([^:]+):/$1:$myshadow{$1}:/;
+# $chpw++;
+# }
+# }
+# $shadow .= $_;
+# }
+#
+# $shadowok = 1;
+#
+# for (keys %myshadow) {
+# if (!$users{$_}) {
+# $shadow .= "$_:$myshadow{$_}:6445::::::\n";
+# $shadowok = 0;
+# }
+# }
+# close(SHADOW);
+#
+# ## rewrite shadow if necessary.
+#
+# if ($chpw || !$shadowok) {
+# print "Rewriting /etc/shadow...\n" if $verbose;
+#
+# open(SHADOW, ">/etc/shadow.new") ||
+# die "couldn't open /etc/shadow.new: $!\n";
+#
+# print SHADOW $shadow;
+#
+# close(SHADOW);
+#
+# &replace("/etc/shadow");
+# }
+# }
+#
+# if ($archos eq "aix3.2") {
+#
+# ## read /etc/security/passwd
+#
+# open(SHADOW, "/etc/security/passwd") || die "couldn't open /etc/security/passwd: $!\n";
+#
+# $shadowok = 0;
+# %users = ();
+#
+# while(<SHADOW>) {
+# if (/^([^:]+):\s*$/ && $mypass{$1}) {
+# $user = $1;
+# $users{$user}++;
+# # arrange for the user to have a password entry and none other
+# while (<SHADOW>) {
+# last if (!/=/);
+# }
+# $shadow .= "$user:\n\tpassword = KERBEROS5\n\n";
+# } else {
+# $shadow .= $_;
+# }
+# }
+#
+# $shadowok = 1;
+#
+# for (keys %mypass) {
+# if (!$users{$_}) {
+# $shadow .= "$_:\n\tpassword = KERBEROS5\n\n";
+# $shadowok = 0;
+# }
+# }
+# close(SHADOW);
+#
+# ## rewrite shadow if necessary.
+#
+# if (!$shadowok) {
+# print "Rewriting /etc/security/passwd...\n" if $verbose;
+#
+# open(SHADOW, ">/etc/security/passwd.new") ||
+# die "couldn't open /etc/security/passwd.new: $!\n";
+#
+# print SHADOW $shadow;
+#
+# close(SHADOW);
+#
+# &replace("/etc/security/passwd");
+# }
+# }
+#
+# open(SERVICES, "/etc/services") || die "couldn't open /etc/services: $!\n";
+# open(NEW_SERVICES, ">/etc/services.new") ||
+# die "couldn't open /etc/services.new: $!\n";
+#
+# print "Rewriting /etc/services...\n" if $verbose;
+#
+# @needed_services = ('klogin', 'kshell', 'kerberos', 'kerberos-sec',
+# 'kerberos5', 'kerberos4', 'kerberos_master',
+# 'passwd_server', 'eklogin', 'krb5_prop',
+# 'kerberos_adm', 'kerberos-adm');
+# for (@needed_services) {
+# $needed_services{$_}++;
+# }
+#
+# while (<SERVICES>) {
+# m/^\s*([^\#\s][^\s]+)/;
+# if ($needed_services{$1}) {
+# print "+ Commenting out old entry: $1\n" if $verbose;
+# print NEW_SERVICES "# $_";
+# } else {
+# print NEW_SERVICES $_;
+# }
+# }
+#
+# close(SERVICES);
+#
+# print NEW_SERVICES <<EOF || die "writing to /etc/services.new: $!\n";
+#
+# klogin 543/tcp # Kerberos authenticated rlogin
+# kshell 544/tcp cmd # and remote shell
+# kerberos 88/udp kdc # Kerberos authentication--udp
+# kerberos 88/tcp kdc # Kerberos authentication--tcp
+# kerberos-sec 750/udp # Kerberos authentication--udp
+# kerberos-sec 750/tcp # Kerberos authentication--tcp
+# kerberos5 88/udp kdc # Kerberos authentication--udp
+# kerberos5 88/tcp kdc # Kerberos authentication--tcp
+# kerberos4 750/udp # Kerberos authentication--udp
+# kerberos4 750/tcp # Kerberos authentication--tcp
+# kerberos_master 751/udp # Kerberos authentication
+# kerberos_master 751/tcp # Kerberos authentication
+# passwd_server 752/udp # Kerberos passwd server
+# eklogin 2105/tcp # Kerberos encrypted rlogin
+# krb5_prop 754/tcp # Kerberos slave propagation
+# kerberos_adm 752/tcp # Kerberos 5 admin/changepw
+# kerberos-adm 752/tcp # Kerberos 5 admin/changepw
+# EOF
+#
+# close(NEW_SERVICES) || die "error closing /etc/services.new: $!\n";
+#
+# rename("/etc/services", "/etc/services.old") ||
+# die "couldn't rename /etc/services to /etc/services.old: $!\n";
+# rename("/etc/services.new", "/etc/services") ||
+# die "couldn't rename /etc/services.new to /etc/services: $!\n";
+# unlink("/etc/services.old") || die "couldn't unlink /etc/services: $!\n";
+#
generated by cgit (git 2.34.1) at 2026-01-07 18:08:52 +0000