#!/bin/ksh
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# bos720 src/bos/usr/lib/nim/methods/config_rpcsec_server.sh 1.4.1.1 
#  
# Licensed Materials - Property of IBM 
#  
# Restricted Materials of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2007,2013 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 

#   initialize script variables
DNSDOM=`/usr/bin/grep domain /etc/resolv.conf | /usr/bin/awk '{print $2}'`
NFSDOM=""
HOST="$(/usr/bin/hostname -s).${DNSDOM}"
IREALM="REALM1.IBM.COM"
PASSWD="nimKRB5passwd"
USER="nim"

function create_user { #	creates a system user for KDC client entry
	#	if user isn't specified w/ -u, default to nim
	if ! `/usr/sbin/lsuser -c $USER >/dev/null 2>&1`
	then
		/usr/bin/mkuser -a $USER || exit 1
		/usr/bin/passwd $USER
	fi
	return 0
}


function create_principals { #	define the krb5 server/admin
	#   define krb5 server
	/usr/sbin/mkkrb5srv -r ${IREALM} -d ${DNSDOM} || exit 1 
	
	#   verify logon principle
	/usr/krb5/bin/kinit admin/admin || exit 1
	/usr/krb5/bin/klist 
	
	#	add user principal
	/usr/krb5/sbin/kadmin.local << EOF
add_principal -e des-cbc-crc:normal -pw ${PASSWD} ${USER}
EOF
	[[ $? -ne 0 ]] && exit 1

	#	add nfs service principal
	/usr/krb5/sbin/kadmin -p admin/admin -w ${PASSWD}<< EOF
add_principal -e des-cbc-crc:normal -randkey nfs/${HOST}
EOF
	[[ $? -ne 0 ]] && exit 1

	#	create keytab file
	/usr/krb5/sbin/kadmin -p admin/admin -w ${PASSWD}<< EOF
ktadd nfs/${HOST}
EOF
	[[ $? -ne 0 ]] && exit 1 || return 0
}


function create_hostkey { #	create the nfs host key for server
	/usr/sbin/nfshostkey -p nfs/${HOST} -f /etc/krb5/krb5.keytab || exit 1
	/usr/sbin/nfshostkey -l
	return 0
}


function create_realm { #	create the realm-domain mapping
	/usr/sbin/chnfsrtd -a ${IREALM} ${NFSDOM} || exit 1
	/usr/sbin/chnfsrtd
	return 0
}

# set parameters from command line
while getopts :p:u:v c
do
	case ${c} in

		p)		# set password for kadmin
				PASSWD=${OPTARG}
				;;
		
		u)		# define system user
				USER=${OPTARG}
				;;
		
		v)		# verbose mode (for debugging)
				set -x
				for i in $(typeset +f)
				do
					typeset -ft $i
				done
				;;

		\?)		# unknown option
				print "Usage config_rpcsec_server:  Creates a simple KDC server with an NFSv4 server"
				print "      config_rpcsec_server [-p <password>] [-u <user>] [-v]"
				print ""
				exit 1
				;;
	esac
done

#	check install of fileset dependency
/usr/bin/lslpp -l krb5.lic krb5.server.rte krb5.client.rte modcrypt.base.lib clic.rte.kernext
[[ $? -ne 0 ]] && exit 1 || /usr/bin/sleep 2

#   obtain new krb5 ticket
unset KRB5CCNAME

#	set the nfs domain
[[ ! -r /etc/nfs/local_domain ]] && /usr/sbin/chnfsdom $DNSDOM
NFSDOM=`/usr/bin/cat /etc/nfs/local_domain`

#	define KDC / NFS server
create_user
create_principals
create_hostkey
create_realm

#	finished w KDC setup
#	create tar image for KDC Slim Clients
SlimList="/tmp/SlimClntFiles.$$"
SlimTar="/tftpboot/SlimClientImage.tar"
/usr/bin/ls /etc/nfs/* >$SlimList
/usr/bin/ls /etc/krb5/* >>$SlimList
/usr/bin/tar -cvf $SlimTar -L $SlimList
/usr/bin/rm $SlimList

#	clean exports list
/usr/sbin/exportfs -ua
/etc/nfs.clean

#	recycle nfs services
chnfs -S -B
/etc/rc.nfs

#	re-export filesystems
/usr/sbin/exportfs -va

#	Call nimcrypt to add Kerberos user/password as credential attribute to NIM master.
/usr/lpp/bos.sysmgt/nim/methods/nimcrypt -u $USER -p $PASSWD >/dev/null 2>&1

exit 0
#	done