73 lines
No EOL
1.6 KiB
Text
73 lines
No EOL
1.6 KiB
Text
<%
|
|
|
|
require 'digest/md5'
|
|
require 'expect'
|
|
require 'tempfile'
|
|
require 'pty'
|
|
|
|
|
|
config = {}
|
|
config['cachedir'] = '/var/cache/puppet'
|
|
config['kadmin'] = '/opt/heimdal/sbin/kadmin'
|
|
config['klist'] = '/usr/kerberos/bin/klist'
|
|
|
|
|
|
# set global vars
|
|
cachefile = File.join(config['cachedir'],
|
|
fqdn + '.' + Digest::MD5.hexdigest(name))
|
|
|
|
|
|
# function to check if keytab contains required principals
|
|
def check_keytab(config, keytab, principals)
|
|
entries = []
|
|
IO.popen(sprintf('%s -k %s', config['klist'], keytab), mode='r') { |f|
|
|
f.readlines.each do |l|
|
|
next unless l =~ / \d+ .*/
|
|
entries << l.split()[1]
|
|
end
|
|
}
|
|
t = principals & entries.uniq
|
|
if t.size != principals.size
|
|
return false
|
|
else
|
|
return true
|
|
end
|
|
end
|
|
|
|
|
|
# check if we have cached keytab up to date
|
|
cached = true
|
|
if File.exists?(cachefile)
|
|
if not check_keytab(config, cachefile, principals)
|
|
cached = false
|
|
File.unlink(cachefile)
|
|
end
|
|
else
|
|
cached = false
|
|
end
|
|
|
|
# create new keytab if cache is not up to date
|
|
if not cached
|
|
cmd = sprintf('%s -p %s ext_keytab --keytab=%s %s', config['kadmin'],
|
|
kerberos_user, cachefile, principals.join(' '))
|
|
retval = nil
|
|
PTY.getpty(cmd) do |r,w,pid|
|
|
r.expect(/^.*'s Password:\s+/)
|
|
w.puts kerberos_pass + "\n"
|
|
begin
|
|
pid, retval = Process.wait2(pid)
|
|
rescue
|
|
nil
|
|
end
|
|
end
|
|
if not File.exists?(cachefile)
|
|
raise 'Failed to create keytab ' + name
|
|
elsif not check_keytab(config, cachefile, principals)
|
|
raise 'Invalid keytab ' + name + ' created'
|
|
end
|
|
end
|
|
|
|
# read keytab into memory
|
|
data = File.open(cachefile).read
|
|
|
|
-%><%= data -%> |