[PC-BSD Commits] r18012 - pcbsd/current/src-sh/pc-adctl/scripts

svn at pcbsd.org svn at pcbsd.org
Mon Jul 30 21:43:07 PDT 2012


Author: johnh
Date: 2012-07-31 04:43:07 +0000 (Tue, 31 Jul 2012)
New Revision: 18012

Modified:
   pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos
Log:
We have pc-kerberos now! w00t.



Modified: pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos
===================================================================
--- pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos	2012-07-31 04:29:04 UTC (rev 18011)
+++ pcbsd/current/src-sh/pc-adctl/scripts/pc-kerberos	2012-07-31 04:43:07 UTC (rev 18012)
@@ -9,10 +9,13 @@
 . /usr/local/etc/rc.AD
 
 : ${PATH_KRB5_CONFIG:="/etc/krb5.conf"}
+: ${KRBCONF:="/usr/local/bin/krbconf"}
 
-#
-# For now, blatently overwrite /etc/krb5.conf
-#
+esc()
+{
+	echo "${1}" | sed 's|\.|\\.|g'
+}
+
 generate_krb5_conf()
 {
 	local _dcname="${1}"
@@ -27,49 +30,47 @@
 	local _admin_server=${_kdc}
 	local _domain=$(echo ${_domainname} | tr A-Z a-z)
 
-	cat<<__EOF__>"${PATH_KRB5_CONFIG}"
-[appdefaults]
-    pam = {
-        forwardable = true
-        krb4_convert = false
-        debug = false
-        ticket_lifetime = 36000
-        renew_lifetime = 36000
-    }
+	local tmp=$(mktemp /tmp/krb5.XXXXXX)
 
-[libdefaults]
-    dns_lookup_realm = true
-    dns_lookup_kdc = true
-    ticket_lifetime = 24h
-    clockskew = 300
-    forwardable = yes
-    default_realm = ${_upper_realm}
+	cp "${PATH_KRB5_CONFIG}" "${PATH_KRB5_CONFIG}.orig"
+	${KRBCONF} \
+		-c -m "^appdefaults.pam.forwardable=true" \
+		-c -m "^appdefaults.pam.krb4_convert=false" \
+		-c -m "^appdefaults.pam.debug=false" \
+		-c -m "^appdefaults.pam.ticket_lifetime=36000" \
+		-c -m "^appdefaults.pam.renew_lifetime=36000" \
+		\
+		-c -m "^libdefaults.dns_lookup_realm=true" \
+		-c -m "^libdefaults.dns_lookup_kdc=true" \
+		-c -m "^libdefaults.ticket_lifetime=24h" \
+		-c -m "^libdefaults.clockskew=300" \
+		-c -m "^libdefaults.forwardable=yes" \
+		-c -m "^libdefaults.default_realm=${_upper_realm}" \
+		\
+		-c -m "^logging.default=SYSLOG:INFO:LOCAL7" \
+		\
+		-c -m "^realms.$(esc ${_upper_realm}).kdc=${_kdc}" \
+		-c -m "^realms.$(esc ${_upper_realm}).admin_server=${_admin_server}" \
+		-c -m "^realms.$(esc ${_upper_realm}).default_domain=${_domain}" \
+		\
+		-c -m "^domain_realm.$(esc ${_lower_realm})=${_upper_realm}" \
+		-c -m "^domain_realm.$(esc .${_lower_realm})=${_upper_realm}" \
+		-c -m "^domain_realm.$(esc ${_upper_realm})=${_upper_realm}" \
+		-c -m "^domain_realm.$(esc .${_upper_realm})=${_upper_realm}" \
+		\
+		-o "${tmp}"
 
-[logging]
-        default = SYSLOG:INFO:LOCAL7
+	if [ "$?" = "0" -a -s "${tmp}" ]
+	then
+		mv "${tmp}" "${PATH_KRB5_CONFIG}"
+		return $?
+	fi
 
-[realms]
-        ${_upper_realm} = {
-        kdc = ${_kdc}
-        admin_server = ${_admin_server}
-        default_domain = ${_domain}
-    }
-
-[domain_realm]
-    ${_lower_realm} = ${_upper_realm}
-    .${_lower_realm} = ${_upper_realm}
-    ${_upper_realm} = ${_upper_realm}
-    .${_upper_realm} = ${_upper_realm}
-
-__EOF__
-
 	return 0
 }
 
-generate_kerberos_files()
+ad_krb5conf_start()
 {
-	: ${activedirectory_krb5conf_overwrite:="YES"}
-
 	if checkyesno activedirectory_enable 2>/dev/null
 	then
 		AD_init
@@ -80,18 +81,25 @@
 		adminname=$(AD_get adminname)
 		adminpw=$(AD_get adminpw)
 
-		if checkyesno activedirectory_krb5conf_overwrite 2>/dev/null
-		then
-			generate_krb5_conf "${dcname}" "${domainname}" \
-				"${netbiosname}" "${adminname}" "${adminpw}"
-		fi
-		
+		generate_krb5_conf "${dcname}" "${domainname}" \
+			"${netbiosname}" "${adminname}" "${adminpw}"
 	fi
 }
 
+ad_krb5conf_stop()
+{
+	if checkyesno activedirectory_enable 2>/dev/null
+	then
+		cp "${PATH_KRB5_CONFIG}.orig" "${PATH_KRB5_CONFIG}"
+		return $?
+	fi
+
+	return 0
+}
+
 name="pc-kerberos"
-start_cmd='generate_kerberos_files'
-stop_cmd=':'
+start_cmd='ad_krb5conf_start'
+stop_cmd='ad_krb5conf_stop'
         
 load_rc_config $name
 run_rc_command "$1"



More information about the Commits mailing list