KDC setup for Linux

src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj

@@ -9,6 +9,7 @@
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
     <ProjectGuid>{A55A2B9A-830F-4330-A0E7-02A9FB30ABD2}</ProjectGuid>
     <OutputType>Library</OutputType>
+    <UnsupportedPlatforms>OSX</UnsupportedPlatforms>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(TargetsWindows)' == 'true' and '$(ProjectJson)' == '' ">
     <ProjectJson>win/project.json</ProjectJson>
@@ -82,16 +83,23 @@
   </ItemGroup>
   <ItemGroup Condition=" '$(TargetsUnix)' == 'true' ">
     <Compile Include="IdentityValidator.Unix.cs" />
-    <None Include="..\Scripts\kdc.conf">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetsLinux)' == 'true' ">
     <None Include="..\Scripts\setup-kdc.sh">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
     <None Include="..\Scripts\krb5.conf">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="..\Scripts\kdc.conf.ubuntu">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="..\Scripts\kdc.conf.centos">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
   </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\System.Net.Security.csproj">
       <Project>{89F37791-6254-4D60-AB96-ACD3CCA0E771}</Project>

src/System.Net.Security/tests/Scripts/kdc.conf.centos

@@ -0,0 +1,11 @@
+[kdcdefaults]
+ kdc_ports = 88
+ kdc_tcp_ports = 88
+
+[realms]
+ TEST.COREFX.NET = {
+  acl_file = /var/kerberos/krb5kdc/kadm5.acl
+  dict_file = /usr/share/dict/words
+  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
+  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
+ }

src/System.Net.Security/tests/Scripts/kdc.conf.ubuntu

@@ -0,0 +1,16 @@
+[kdcdefaults]
+    kdc_ports = 750,88
+
+[realms]
+    TEST.COREFX.NET = {
+        database_name = /var/lib/krb5kdc/principal
+        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+        acl_file = /etc/krb5kdc/kadm5.acl
+        key_stash_file = /etc/krb5kdc/stash
+        kdc_ports = 750,88
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = des3-hmac-sha1
+        supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
+        default_principal_flags = +preauth
+    }

src/System.Net.Security/tests/Scripts/setup-kdc.sh

@@ -1,11 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-OS=`cat /etc/os-release | grep "PRETTY_NAME" | sed 's/PRETTY_NAME=//g' | sed 's/["]//g' | awk '{print $1}'`
+OS=`cat /etc/os-release | grep "^ID=" | sed 's/ID=//g' | sed 's/["]//g' | awk '{print $1}'`
+echo -e "Operating System: ${OS}\n"
 
 realm="TEST.COREFX.NET"
 
-principal1="HOST/host.test.corefx.net"
-principal2="HTTP"
+principal1="TESTHOST/testfqdn.test.corefx.net"
+principal2="TESTHTTP"
 krb_user="krb_user"
 password="password"
 
@@ -15,83 +16,215 @@ kdb5_util="kdb5_util"
 add_principal_cmd="add_principal -pw ${password}"
 
 krb_conf="krb5.conf"
-kdc_conf="kdc.conf"
+krb_conf_location="/etc/krb5.conf"
 keytabfile="/etc/krb5.keytab"
 
-# TODO: These locations varies for different distros, Set the values conditianally
-krb_conf_location="/etc/"
-kdc_conf_location="/etc/krb5kdc/"
-database_file="/var/lib/krb5kdc/principal*"
+PROGNAME=$(basename $0)
+usage()
+{
+	echo "This script must be run with super-user privileges."
+	echo "Usage: ${PROGNAME} [-h|--help] [-y|--yes] [-u|--uninstall]";
+}
 
-kdc_setup()
+# Cleanup config files and uninstall KDC
+clean_up()
 {
-	#Create/copy krb5.conf in /etc/ and kdc.conf in /etc/krb5kdc/	
+	echo "Stopping KDC.."
+	if pgrep krb5kdc 2> /dev/null; then killall krb5kdc ; fi
+
+	echo "Removing config files"
+	if [ -f ${krb_conf_location} ]; then
+		rm -f ${krb_conf_location}
+	fi
+
+	case ${OS} in
+		"ubuntu" | "debian")
+			kdc_conf_location="/etc/krb5kdc/kdc.conf"
+			dpkg -s krb5-kdc >/dev/null 2>&1
+			if [ $? -eq 0 ]; then
+				echo "Uninstalling krb5-kdc"
+				apt-get -y purge krb5-kdc
+			fi
+			;;
+
+		"centos" | "rhel")
+			kdc_conf_location="/var/kerberos/krb5kdc/kdc.conf"
+			yum list installed krb5-server >/dev/null 2>&1
+			if [ $? -eq 0 ]; then
+				echo "Uninstalling krb5-server"
+				yum -y remove krb5-server
+			fi
+			;;
+
+		*)
+			echo "This is an unsupported operating system"
+			;;
+	esac
+
+	if [ -f ${kdc_conf_location} ]; then
+		rm -f ${kdc_conf_location}
+	fi
+
+	echo "Cleanup completed"
+}
+
+error_exit()
+{
+	echo "${1:-"Unknown Error"}"
+	echo "Aborting"
+	clean_up
+	exit 1
+}
+
+# Common function across linux distros to configure KDC post installation
+configure_kdc()
+{
+	echo "Stopping KDC.."
+	if pgrep krb5kdc 2> /dev/null; then killall krb5kdc ; fi
+
+	# Remove database files if exist
+	rm -f ${database_files}
+
+	# Create/copy krb5.conf and kdc.conf
 	echo "Copying krb5.conf and kdc.conf.."
-	sudo /bin/cp ${krb_conf} ${krb_conf_location}
-	sudo /bin/cp ${kdc_conf} ${kdc_conf_location}
+	cp ${krb_conf} ${krb_conf_location} || \
+	error_exit "Cannot copy ${krb_conf} to ${krb_conf_location}"
+
+	cp ${kdc_conf} ${kdc_conf_location} || \
+	error_exit "Cannot copy ${kdc_conf} to ${kdc_conf_location}"
 
 	echo "Creating KDC database for realm ${realm}.."
-	sudo ${kdb5_util} create -r ${realm} -P ${password} -s
+	${kdb5_util} create -r ${realm} -P ${password} -s || \
+	error_exit "Cannot create KDC database for realm ${realm}"
 
 	echo "Adding principal ${principal1}.."
-	sudo ${kadmin} -q "${add_principal_cmd} ${principal1}@${realm}"
+	${kadmin} -q "${add_principal_cmd} ${principal1}@${realm}" || \
+	error_exit "Cannot add ${principal1}"
 
 	echo "Adding principal ${principal2}.."
-	sudo ${kadmin} -q "${add_principal_cmd} ${principal2}@${realm}"
+	${kadmin} -q "${add_principal_cmd} ${principal2}@${realm}" || \
+	error_exit "Cannot add ${principal2}"
 
 	echo "Adding user ${krb_user}.."
-	sudo ${kadmin} -q "${add_principal_cmd} ${krb_user}@${realm}"
+	${kadmin} -q "${add_principal_cmd} ${krb_user}@${realm}" || \
+	error_exit "Cannot add ${krb_user}"
 
 	echo "Exporting keytab for ${principal1}"
-	sudo ${kadmin} -q "ktadd ${principal1}@${realm}"
+	${kadmin} -q "ktadd -norandkey ${principal1}@${realm}" || \
+	error_exit "Cannot export kytab for ${principal1}"
 
 	echo "Exporting keytab for ${principal2}"
-	sudo ${kadmin} -q "ktadd ${principal2}@${realm}"
+	${kadmin} -q "ktadd -norandkey ${principal2}@${realm}" || \
+	error_exit "Cannot export kytab for ${principal2}"
 
 	echo "Exporting keytab for ${krb_user}"
-	sudo ${kadmin} -q "ktadd ${krb_user}@${realm}"
+	${kadmin} -q "ktadd -norandkey ${krb_user}@${realm}" || \
+	error_exit "Cannot export kytab for ${krb_user}"
+}
+
+# check the invoker of this script
+if [ $EUID -ne 0 ]; then
+	usage
+	exit 1
+fi
+
+# Parse command-line arguments
+TEMP=`getopt -o hyu --long help,yes,uninstall -n 'test.sh' -- "$@"`
+[ $? -eq 0 ] || {
+    usage
+    exit 1
 }
+eval set -- "$TEMP"
+uninstall=0
+force=0
+while true; do
+	case $1 in
+        -h|--help) usage; exit 0;;
+        -y|--yes) force=1; shift ;;
+        -u|--uninstall) uninstall=1; shift;;
+        --) shift; break;;
+        *) usage; exit 1;;
+    esac
+done
+
+# Uninstallation
+if [ $uninstall -eq 1 ]; then
+	if [ $force -eq 0 ]; then
+		echo "This will uninstall KDC from your machine and cleanup the related config files."
+		read -p "Do you want to continue? ([Y]es/[N]o)? " choice
+		case $(echo $choice | tr '[A-Z]' '[a-z]') in
+			y|yes) clean_up;;
+			*) echo "Skipping uninstallation";;
+		esac
+	else
+		clean_up
+	fi
+	exit 0
+fi
 
-echo "Removing existing database"
-sudo rm -rf ${database_file}
+# Installation
+if [ $force -eq 0 ]; then
+	read -p "This will install KDC on your machine and create KDC principals. Do you want to continue? ([Y]es/[N]o)? " choice
+	case $(echo $choice | tr '[A-Z]' '[a-z]') in
+		y|yes) ;;
+		*) echo "Skipping installation"; exit 0;;
+	esac
+fi
 
 case ${OS} in
-	"Ubuntu")
+	"ubuntu" | "debian")
+		kdc_conf="kdc.conf.ubuntu"
+		kdc_conf_location="/etc/krb5kdc/kdc.conf"
+		database_files="/var/lib/krb5kdc/principal*"
+
 		dpkg -s krb5-kdc >/dev/null 2>&1
-		if [ $? -ne 0 ]
-		then 
+		if [ $? -ne 0 ]; then
 			echo "Installing krb5-kdc.."
-			sudo DEBIAN_FRONTEND=noninteractive apt-get -y install krb5-kdc krb5-admin-server
+			export DEBIAN_FRONTEND=noninteractive
+			apt-get -y install krb5-kdc krb5-admin-server
+			if [ $? -ne 0 ]; then
+				echo "Error occurred during installation, aborting"
+				exit 1
+			fi
 		else
 			echo "krb5-kdc already installed.."
+			exit 2
 		fi
 
-		echo "Stopping KDC.."
-		if pgrep krb5kdc 2> /dev/null; then killall krb5kdc ; fi
-		if pgrep kadmind 2> /dev/null; then killall kadmind ; fi
-
-		kdc_setup
+		configure_kdc
 
 		echo "Starting KDC.."
-		sudo ${krb5kdc}
-
+		${krb5kdc}
 		;;
+
+	"centos" | "rhel")
+		kdc_conf="kdc.conf.centos"
+		kdc_conf_location="/var/kerberos/krb5kdc/kdc.conf"
+		database_files="/var/kerberos/krb5kdc/principal*"
 
-	"Debian")
-		echo "This is a Debian system"
-		;;
-
-	"CentOS")
-		echo "This is a CentOS system"
-		;;
-
-	"Red Hat")
-		echo "This is a RedHat system"
+		yum list installed krb5-server >/dev/null 2>&1
+		if [ $? -ne 0 ]; then
+			echo "Installing krb5-server.."
+			yum -y install krb5-server krb5-libs
+			if [ $? -ne 0 ]; then
+				echo "Error occurred during installation, aborting"
+				exit 1
+			fi
+		else
+			echo "krb5-server already installed.."
+			exit 2
+		fi
+
+		configure_kdc
+
+		echo "Starting KDC.."
+		systemctl start krb5kdc.service
+		systemctl enable krb5kdc.service
 		;;
-
+	
 	*)
-		echo "This is an Unknown system"
+		echo "This is an unsupported operating system"
 		;;
 esac
-	
-sudo chmod +r ${keytabfile}
+
+chmod +r ${keytabfile}