#!/bin/sh # If it's set, set it to true VERBOSE=${VERBOSE_TEST:+true} # Otherwise, set it to false DUMMY=${VERBOSE:=false} if $VERBOSE; then REDIRECT= else REDIRECT='>/dev/null' fi # Requires that /krb5, /etc/krb.conf, and .k5.$REALM be world-writeable. if [ "$TOP" = "" ]; then echo "init_db: Environment variable \$TOP must point to top of build tree" 1>&2 exit 1 fi IROOT=$TOP/.. ADMIN=$TOP/dbutil BIN=$IROOT/bin ETC=$IROOT/etc SBIN=$TOP/keytab:$TOP/server DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL DUMMY=${TCLUTIL=$TESTDIR/tcl/util.t}; export TCLUTIL DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl} PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH rm -rf /krb5/* if [ -d /krb5 ]; then true else mkdir /krb5 fi # touch /krb5/syslog # for pid in `$PS_ALL | awk '/syslogd/ && !/awk/ {print $2}'` ; do # case "$pid" in # xxx) ;; # *) # if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi # kill -1 $pid # ;; # esac # done sed -e "s/__REALM__/$REALM/" < $TESTDIR/proto/krb5.conf.proto > /krb5/krb5.conf sed -e "s/__REALM__/$REALM/" < $TESTDIR/proto/kdc.conf.proto > /krb5/kdc.conf kdb5_util -r $REALM create -P mrroot -s $REDIRECT cp $TESTDIR/proto/ovsec_adm.dict /krb5/ovsec_adm.dict eval $SRVTCL <<'EOF' $REDIRECT source $env(TCLUTIL) set r $env(REALM) set cmds { {ovsec_kadm_init $env(SRVTCL) mrroot null $r $OVSEC_KADM_STRUCT_VERSION \ $OVSEC_KADM_API_VERSION_1 server_handle} {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \ {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}} {ovsec_kadm_create_policy $server_handle "once-a-min 30 0 0 0 0 0" \ {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}} {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \ {OVSEC_KADM_POLICY}} {ovsec_kadm_create_policy $server_handle [simple_policy test-pol-nopw] \ {OVSEC_KADM_POLICY}} {ovsec_kadm_create_principal $server_handle \ [simple_principal testuser@$r] {OVSEC_KADM_PRINCIPAL} notathena} {ovsec_kadm_create_principal $server_handle \ [simple_principal test1@$r] {OVSEC_KADM_PRINCIPAL} test1} {ovsec_kadm_create_principal $server_handle \ [simple_principal test2@$r] {OVSEC_KADM_PRINCIPAL} test2} {ovsec_kadm_create_principal $server_handle \ [simple_principal test3@$r] {OVSEC_KADM_PRINCIPAL} test3} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/get@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/modify@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/delete@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/add@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/none@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/rename@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/mod-add@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/mod-delete@$r] {OVSEC_KADM_PRINCIPAL} \ admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/get-add@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/get-delete@$r] {OVSEC_KADM_PRINCIPAL} \ admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/get-mod@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/no-add@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [simple_principal admin/no-delete@$r] {OVSEC_KADM_PRINCIPAL} admin} {ovsec_kadm_create_principal $server_handle \ [princ_w_pol pol1@$r test-pol] {OVSEC_KADM_PRINCIPAL \ OVSEC_KADM_POLICY} pol111111} {ovsec_kadm_create_principal $server_handle \ [princ_w_pol pol2@$r once-a-min] {OVSEC_KADM_PRINCIPAL \ OVSEC_KADM_POLICY} pol222222} {ovsec_kadm_create_principal $server_handle \ [princ_w_pol pol3@$r dict-only] {OVSEC_KADM_PRINCIPAL \ OVSEC_KADM_POLICY} pol333333} {ovsec_kadm_create_principal $server_handle \ [princ_w_pol admin/get-pol@$r test-pol-nopw] \ {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} StupidAdmin} {ovsec_kadm_create_principal $server_handle \ [princ_w_pol admin/pol@$r test-pol-nopw] {OVSEC_KADM_PRINCIPAL \ OVSEC_KADM_POLICY} StupidAdmin} {ovsec_kadm_create_principal $server_handle \ [simple_principal changepw/kerberos] \ {OVSEC_KADM_PRINCIPAL} {XXX THIS IS WRONG}} {ovsec_kadm_destroy $server_handle} } foreach cmd $cmds { if {[catch $cmd output]} { puts stderr "Error! Command: $cmd\nError: $output" exit 1 } else { puts stdout $output } } EOF if [ $? -ne 0 ]; then echo "Error in $SRVTCL!" 1>&2 exit 1 fi cat > /krb5/ovsec_adm.acl < /krb5/setup.csh <