/etc/ix.rc.d/ix-kinit
#!/bin/sh # # $FreeBSD$ # # PROVIDE: ix-kinit # REQUIRE: kerberos # REQUIRE: ix-samba # REQUIRE: ntpd . /etc/rc.freenas kerberos_start() { local res=1 local pwfile local timeout=60 if dirsrv_enabled activedirectory then AD_init local bindname="$(AD_get ad_bindname)" local bindpw="$(AD_get ad_bindpw)" local domainname="$(AD_get ad_domainname)" local use_keytab=$(AD_get ad_use_keytab) local keytab="$(AD_get ad_keytab)" if [ "${use_keytab}" = "1" -a -f "${keytab}" ] then local res=0 local principals domainname="$(echo "${domainname}" | tr a-z A-Z)" principals="$(/usr/sbin/ktutil -k "${keytab}" list|tail +4|awk '{ print $3 }')" for p in ${principals} do AD_log "kerberos_start: /usr/bin/kinit --renewable -t ${keytab} -k ${p}" /usr/bin/kinit -t "${keytab}" --renewable -k "${p}" if [ "$?" != "0" ] then res=1 break fi res=0 done local ok="Failed" if [ "${res}" = "0" ] then ok="Successful" fi AD_log "kerberos_start: ${ok}" rm -f "${pwfile}" sleep 10 elif [ -n "${bindname}" -a -n "${domainname}" -a -n "${bindpw}" ] then domainname="$(echo "${domainname}" | tr a-z A-Z)" pwfile="$(mktemp /tmp/tmp.XXXXXXXX)" echo -n "${bindpw}" > ${pwfile} AD_log "kerberos_start: /usr/bin/kinit --renewable " \ "--password-file=${pwfile} ${bindname}@${domainname}" __AD_tc ${timeout} /usr/bin/kinit --renewable \ --password-file="${pwfile}" "${bindname}@${domainname}" res=$? local ok="Failed" if [ "${res}" = "0" ] then ok="Successful" fi AD_log "kerberos_start: ${ok}" rm -f "${pwfile}" sleep 10 fi fi return ${res} } kerberos_status() { local res=1 if dirsrv_enabled activedirectory then AD_init local domainname=$(AD_get ad_domainname) local bindname=$(AD_get ad_bindname) local bindpw=$(AD_get ad_bindpw) if [ -n "${bindname}" -a -n "${domainname}" -a -n "${bindpw}" ] then domainname=$(echo "${domainname}"|tr a-z A-Z) AD_log "kerberos_status: klist -t" /usr/bin/klist -t res=$? local ok="Failed" if [ "${res}" = "0" ] then ok="Successful" fi AD_log "kerberos_status: ${ok}" fi fi return ${res} } kerberos_stop() { /usr/bin/kdestroy } kerberos_renew() { if ! dirsrv_enabled activedirectory then return fi local klist_out="$(/usr/bin/mktemp /tmp/XXXXXX)" /usr/bin/klist -v > "${klist_out}" local krbtgt_ticket=false local auth_time= local end_time= local renew_until= local cur_time= local time_regex='[a-zA-Z]{3,4} +[0-9]{1,2} +[0-9]{2}:[0-9]{2}:[0-9]{2} +[0-9]{4}' exec 3