KRBCreateSession.pl [plain text]
use Socket;
my $krb_create_session = "/usr/local/bin/KRBCreateSession";
if (! -x $krb_create_session) {
die "You must build KerberosHelper '-target Everything' to get ". $krb_create_session;
}
(my $lkdc = qx{$krb_create_session}) =~ s/REALM=//;
chomp ($lkdc);
chomp (my $my_hostname = qx{/bin/hostname -s});
my $l = '.local.'; my $d = '.apple.com'; my $btmm_d = '.s\\\\.p\\\\.cooper.members.mac.com.';
my $l_h = 'kura'; my $r_h = 'src'; my $mr = 'OD.APPLE.COM'; my $ml_h = 'homedepot'; my $mr_h = 'od'; my $btmm_h = 'kura';
my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname ($l_h . $d);
my $ip4_h = inet_ntoa ($addrs[0]);
my $s_princ_l = 'cifs/'. $lkdc .'@'. $lkdc;
my $s_princ_ml = 'cifs/'. $ml_h. $d .'@'. $mr;
my $s_princ_mr = 'cifs/'. $mr_h. $d .'@'. $mr;
print <<__EOD__;
My hostname: $my_hostname
Another host reachable by bonjour: $l_h
Managed realm $mr
A host in a managed realm: $mr_h
A routed host: $r_h
Derived names:
Barename will be: $l_h
.local host will be: $l_h$l
FQDN host will be: $l_h$d
FQDN (routed) host will be: $r_h$d
IP4 addr will be: $ip4_h
Barename local managed host will be: $ml_h
FQDN local managed host will be: $ml_h$d
Barename routed managed host will be: $mr_h
FQDN routed managed host will be: $mr_h$d
BTMM host will be: $btmm_h$btmm_d
LocalKDC service principal s_princ_lkdc: $s_princ_l
Managed realm service principal (local): $s_princ_ml
Managed realm service principal (routed): $s_princ_mr
__EOD__
if ($my_hostname eq $l_h or $my_hostname eq $btmm_h) {
die "The l_h host or btmm_h cannot be the same as this host";
}
my $s_princ_l = 'cifs/'. $lkdc .'@'. $lkdc;
my $s_princ_ml = 'cifs/'. $ml_h. $d .'@'. $mr;
my $s_princ_mr = 'cifs/'. $mr_h. $d .'@'. $mr;
my $r_lkdc = [0, 'REALM=LKDC:SHA1.']; my $r_mged = [0, 'REALM='. $mr]; my $r_norlm= [1, 'ERROR.*'];
my $no_krb_tests = [
[ undef, undef, $r_lkdc, "Getting our LocalKDC Realm"],
[ $l_h, undef, $r_lkdc, "barename host, no s_princ"],
[ $l_h . $l, undef, $r_lkdc, ".local host, no s_princ"],
[ $l_h . $d, undef, $r_norlm, "FQDN host, no s_princ (req unicast)"],
[ $r_h . $d, undef, $r_norlm, "FQDN (routed) host, no s_princ (req unicast)"],
[ $ip4_h, undef, $r_norlm, "IP4 addr, no s_princ (req unicast)"],
[ $ml_h, undef, $r_lkdc, "barename local managed host, no s_princ (req krb-conf)"],
[ $ml_h . $d, undef, $r_norlm, "FQDN local managed host, no s_princ (req krb-conf)"],
[ $mr_h, undef, $r_norlm, "barename routed managed host, no s_princ (req krb-conf)"],
[ $mr_h . $d, undef, $r_norlm, "FQDN routed managed host, no s_princ (req krb-conf)"],
[ $btmm_h . $btmm_d, undef, $r_lkdc, "Using BTMM host, no s_princ"],
[ $l_h, $s_princ_l, $r_lkdc, "barename host, s_princ_lkdc"],
[ $l_h . $l, $s_princ_l, $r_lkdc, ".local host, s_princ_lkdc"],
[ $l_h . $d, $s_princ_l, $r_norlm, "FQDN host, s_princ_lkdc (req unicast)"],
[ $r_h . $d, $s_princ_l, $r_norlm, "FQDN (routed) host, s_princ_lkdc (req unicast)"],
[ $ip4_h, $s_princ_l, $r_norlm, "IP4 addr, s_princ_lkdc (req unicast)"],
[ $ml_h, $s_princ_l, $r_lkdc, "barename local managed host, s_princ_lkdc (req krb-conf)"],
[ $ml_h . $d, $s_princ_l, $r_norlm, "FQDN local managed host, s_princ_lkdc (req krb-conf)"],
[ $mr_h, $s_princ_l, $r_norlm, "barename routed managed host, s_princ_lkdc (req krb-conf)"],
[ $mr_h . $d, $s_princ_l, $r_norlm, "FQDN routed managed host, s_princ_lkdc (req krb-conf)"],
[ $btmm_h . $btmm_d, $s_princ_l, $r_lkdc, "Using BTMM host, s_princ_lkdc"],
[ $ml_h, $s_princ_ml, $r_norlm, "barename local managed host, s_princ_managed (req krb-conf)"],
[ $ml_h . $d, $s_princ_ml, $r_norlm, "FQDN local managed host, s_princ_managed (req krb-conf)"],
[ $mr_h, $s_princ_mr, $r_norlm, "barename routed managed host, s_princ_managed (req krb-conf)"],
[ $mr_h . $d, $s_princ_mr, $r_norlm, "FQDN routed managed host, s_princ_managed (req krb-conf)"],
];
my $krb_tests = [
[ undef, undef, $r_lkdc, "Getting our LocalKDC Realm"],
[ $l_h, undef, $r_lkdc, "barename host, no s_princ"],
[ $l_h . $l, undef, $r_lkdc, ".local host, no s_princ"],
[ $l_h . $d, undef, $r_mged, "FQDN host, no s_princ (req unicast)"],
[ $r_h . $d, undef, $r_mged, "FQDN (routed) host, no s_princ (req unicast)"],
[ $ip4_h, undef, $r_mged, "IP4 addr, no s_princ (req unicast)"],
[ $ml_h, undef, $r_lkdc, "barename local managed host, no s_princ"],
[ $ml_h . $d, undef, $r_mged, "FQDN local managed host, no s_princ"],
[ $mr_h, undef, $r_mged, "barename routed managed host, no s_princ"],
[ $mr_h . $d, undef, $r_mged, "FQDN routed managed host, no s_princ"],
[ $btmm_h . $btmm_d, undef, $r_lkdc, "Using BTMM host, no s_princ"],
[ $l_h, $s_princ_l, $r_lkdc, "barename host, s_princ_lkdc"],
[ $l_h . $l, $s_princ_l, $r_lkdc, ".local host, s_princ_lkdc"],
[ $l_h . $d, $s_princ_l, $r_mged, "FQDN host, s_princ_lkdc (req unicast)"],
[ $r_h . $d, $s_princ_l, $r_mged, "FQDN (routed) host, s_princ_lkdc (req unicast)"],
[ $ip4_h, $s_princ_l, $r_mged, "IP4 addr, s_princ_lkdc (req unicast)"],
[ $ml_h, $s_princ_l, $r_lkdc, "barename local managed host, s_princ_lkdc"],
[ $ml_h . $d, $s_princ_l, $r_mged, "FQDN local managed host, s_princ_lkdc (req unicast)"],
[ $mr_h, $s_princ_l, $r_mged, "barename routed managed host, s_princ_lkdc (req unicast)"],
[ $mr_h . $d, $s_princ_l, $r_mged, "FQDN routed managed host, s_princ_lkdc (req unicast)"],
[ $btmm_h . $btmm_d, $s_princ_l, $r_lkdc, "Using BTMM host, s_princ_lkdc"],
[ $ml_h, $s_princ_ml, $r_mged, "barename local managed host, s_princ_managed"],
[ $ml_h . $d, $s_princ_ml, $r_mged, "FQDN local managed host, s_princ_managed"],
[ $mr_h, $s_princ_mr, $r_mged, "barename routed managed host, s_princ_managed"],
[ $mr_h . $d, $s_princ_mr, $r_mged, "FQDN routed managed host, s_princ_managed"],
];
my $passed = 0;
my $failures = 0;
my $krb_conf = '/Library/Preferences/edu.mit.Kerberos';
my $krb_conf_off = $krb_conf .'.OFF';
if (-s $krb_conf > 0) {
print $krb_conf. " should be empty to run these tests - moving aside!\n\n";
system ('sudo', 'mv', $krb_conf, $krb_conf_off) == 0 or die "Failed to move ". $krb_conf;
system ('sudo', 'touch', $krb_conf) == 0 or die "Failed to touch ". $krb_conf;
}
run_tests ($no_krb_tests);
if (-s $krb_conf_off) {
print "\nrestoring ". $krb_conf. "\n\n";
system ('sudo', 'mv', $krb_conf_off, $krb_conf) == 0 or die "Failed to restore ". $krb_conf;
}
run_tests ($krb_tests);
printf "\n\nTotal tests run = %d. %d passes, %d failures\n", $passed+$failures, $passed, $failures;
sub run_tests {
my $tests = shift;
foreach $t (@{$tests}) {
my $hostname = $t->[0];
my $s_princ = $t->[1];
my ($exit_code, $pattern) = @{$t->[2]};
my $desc = $t->[3];
my $return = qx{$krb_create_session $hostname $s_princ};
my $exit = $? >> 8;
chomp ($return);
if ($exit == $exit_code and $return =~ m{$pattern}) {
printf "%7s: %s -> %d: %s\n", 'PASSED', $desc, $exit, $return;
$passed++;
} else {
printf "%7s: %s -> %d (%d): %s (%s)\n", 'FAILED', $desc, $exit, $exit_code, $return, $pattern;
$failures++;
}
}
}