From d5435b7fa414e964547259012ea92d14213d8a75 Mon Sep 17 00:00:00 2001
From: Greg Brockman <gdb@mit.edu>
Date: Thu, 24 Dec 2009 16:45:00 -0500
Subject: [PATCH] Added debathena krb and ssh config stuff to invirt-base

svn path=/package_branches/invirt-base/hvirt/; revision=2776
---
 debian/changelog                  |    6 ++++++
 debian/control                    |   10 ++++++----
 debian/rules                      |   21 +++++++++++++++++++++
 debian/transform_krb5.conf.invirt |   25 +++++++++++++++++++++++++
 4 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100755 debian/transform_krb5.conf.invirt

diff --git a/debian/changelog b/debian/changelog
index 96d9ea7..17041c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+invirt-base (0.0.28) unstable; urgency=low
+
+  * Added debathena SSH and KRB5 config
+
+ -- Greg Brockman <gdb@mit.edu>  Thu, 24 Dec 2009 16:30:55 -0500
+
 invirt-base (0.0.27) unstable; urgency=low
 
   * Move invirt.authz.locker to xvm.authz.locker, in the xvm-authz-locker
diff --git a/debian/control b/debian/control
index bab7571..aedeee0 100644
--- a/debian/control
+++ b/debian/control
@@ -2,15 +2,17 @@ Source: invirt-base
 Section: base
 Priority: extra
 Maintainer: Invirt project <invirt@mit.edu>
-Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), python-all-dev, python-support, python-setuptools, python-debian, python-apt
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), python-all-dev, python-support, python-setuptools, python-debian, python-apt, krb5-config, krb5-user, krb5-clients, openssh-server
 Standards-Version: 3.8.0
 
 Package: invirt-base
 Architecture: all
-Depends: ${python:Depends}, ${misc:Depends},
+Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends},
  python-json (>= 3.4-2), python-yaml (>= 3.05), python-mako (>=
- 0.2.2), remctl-client, invirt-config
-Provides: ${python:Provides}
+ 0.2.2), remctl-client, invirt-config, krb5-config, krb5-user,
+ krb5-clients, openssh-server
+Provides: ${python:Provides}, ${diverted-files}
+Conflicts: ${diverted-files}
 XB-Python-Version: ${python:Versions}
 Description: Base configuration required for all Invirt servers
  This package includes common files for the Invirt system.
diff --git a/debian/rules b/debian/rules
index 96d7158..4ab2a9f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,12 +1,33 @@
 #!/usr/bin/make -f
 
 DEB_PYTHON_SYSTEM=pysupport
+DEB_DIVERT_EXTENSION = .invirt
+# Stolen from Debathena
+DEB_CHECK_FILES_SOURCE_/etc/krb5.conf.invirt = \
+        /usr/share/kerberos-configs/krb5.conf.template
+DEB_TRANSFORM_FILES_invirt-base += \
+        /etc/krb5.conf.invirt
 
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/class/python-distutils.mk
+include /usr/share/cdbs/1/rules/config-package.mk
 
 binary-fixup/invirt-base::
 	mv $(DEB_DESTDIR)usr/bin/invirt-reload $(DEB_DESTDIR)usr/sbin/invirt-reload
 
+# Stolen from Debathena
+debian/sshd_config.invirt-orig: /var/lib/dpkg/info/openssh-server.postinst
+	perl -0pe 's/^.*<<EOF[^\n]*\n(.*\n)EOF\n.*$$/$$1/s or die;' $< > $@
+
+# Stolen from Debathena
+debian/sshd_config.invirt: debian/sshd_config.invirt-orig
+	perl -0pe '# Debathena rules (from debathena-ssh-server-config) \
+s/^#?GSSAPIAuthentication .*$/GSSAPIAuthentication yes\nGSSAPIKeyExchange yes\nGSSAPIStrictAcceptorCheck no/m or die; \
+s/^#?GSSAPICleanupCredentials .*$/GSSAPICleanupCredentials yes/m or die; \
+s/^#?ChallengeResponseAuthentication .*$/ChallengeResponseAuthentication yes/m or die; \
+## In Debathena, privilege separation is configurable. \
+s/^#?UsePrivilegeSeparation .*$/UsePrivilegeSeparation yes/m or die; \
+s/^#?PasswordAuthentication .*$/PasswordAuthentication no/m or die;' $< > $@
+
 clean::
 	rm -rf python/invirt.egg-info
diff --git a/debian/transform_krb5.conf.invirt b/debian/transform_krb5.conf.invirt
new file mode 100755
index 0000000..7ea96da
--- /dev/null
+++ b/debian/transform_krb5.conf.invirt
@@ -0,0 +1,25 @@
+#!/usr/bin/perl -p0
+# Debathena rules (from debathena-kerberos-config)
+s/^([ \t]*default_realm *=).*$/\1 ATHENA.MIT.EDU/m or die;
+s/(\[realms\][^[]*\n)[ \t]*NUMENOR\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tNUMENOR.MIT.EDU = {\n\t\tkdc = numenor.mit.edu\n\t\tadmin_server = numenor.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*CSAIL\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tCSAIL.MIT.EDU = {\n\t\tkdc = kerberos-1.csail.mit.edu\n\t\tkdc = kerberos-2.csail.mit.edu\n\t\tadmin_server = kerberos.csail.mit.edu\n\t\tdefault_domain = csail.mit.edu\n\t\tkrb524_server = krb524.csail.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*ATHENA\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tATHENA.MIT.EDU = {\n\t\tkdc = kerberos.mit.edu:88\n\t\tkdc = kerberos-1.mit.edu:88\n\t\tkdc = kerberos-2.mit.edu:88\n\t\tadmin_server = kerberos.mit.edu\n\t\tdefault_domain = mit.edu\n\t}\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*numenor\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tnumenor.mit.edu = NUMENOR.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tcsail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.csail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tmit.edu = ATHENA.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.mit.edu = ATHENA.MIT.EDU\n/ or die;
+
+# Invirt rules
+
+s/(\[realms\]\n)/\1\tHCS.HARVARD.EDU = {\n\t\tkdc = krb1.hcs.harvard.edu\n\t\tadmin_server = krb1.hcs.harvard.edu\n\t}\n/ or die;
+s/(\[domain_realm\]\n)/\1\thcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
+s/(\[domain_realm\]\n)/\1\t.hcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
-- 
1.7.9.5