- use portreserve to make sure the KDC can always bind to the kerberos-ivkrb5-1_6_3-24_fc11

port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - backport the LSB headers for the init scripts - make the kpropd init script treat 'reload' as 'restart' (part of #225974)
author: Nalin Dahyabhai <nalin@fedoraproject.org> 2010-01-14 23:29:56 +0000
committer: Nalin Dahyabhai <nalin@fedoraproject.org> 2010-01-14 23:29:56 +0000
commit: 55968244fe3859144583e7c51fec25ec98ee86ff (patch)
tree: e4fcfcdfb91ceab3a66131a34369f139391d288c
parent: 6f10766af6a76d3b8c8fef2e8668dbaad6ea0792 (diff)
download: krb5-55968244fe3859144583e7c51fec25ec98ee86ff.tar.gz
krb5-55968244fe3859144583e7c51fec25ec98ee86ff.tar.xz
krb5-55968244fe3859144583e7c51fec25ec98ee86ff.zip
5 files changed, 67 insertions, 2 deletions
diff --git a/kadmind.init b/kadmind.init
index d4b4949..a57e4ff 100755
--- a/kadmind.init
+++ b/kadmind.init
@@ -11,6 +11,19 @@
 # config: /etc/sysconfig/kadmin
 #
 
+### BEGIN INIT INFO
+# Provides: kadmin
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: portreserve
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop the Kerberos 5 admin server
+# Description: The kadmind service allows administrators to remotely manage \
+#              the Kerberos 5 realm database.  It should only be run on a \
+#              master KDC.
+### END INIT INFO
+
 # Get config.
 . /etc/sysconfig/network
 
@@ -41,6 +54,8 @@ start() {
 	    [ -x $kadmind ] || exit 5
 	fi
 	echo -n $"Starting $prog: "
+	# tell portreserve to release the kerberos-adm port
+	[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-adm &>/dev/null || :
 	daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS
 	RETVAL=$?
 	echo
diff --git a/kpropd.init b/kpropd.init
index d0ecee2..773df69 100755
--- a/kpropd.init
+++ b/kpropd.init
@@ -9,6 +9,18 @@
 # processname: kpropd
 #
 
+### BEGIN INIT INFO
+# Provides: kprop
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: portreserve
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop the Kerberos 5 propagation client
+# Description: The kpropd service accepts database updates pushed to it from \
+#              the master KDC.  It will never be needed on a master KDC.
+### END INIT INFO
+
 # Get config.
 . /etc/sysconfig/network
 
@@ -24,6 +36,8 @@ start() {
   	[ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6
 	[ -x $kpropd ] || exit 5
 	echo -n $"Starting $prog: "
+	# tell portreserve to release the krb5_prop port
+	[ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || :
 	daemon ${kpropd} -S
 	RETVAL=$?
 	echo
@@ -45,7 +59,8 @@ case "$1" in
   stop)
 	stop
 	;;
-  restart)
+  # We don't really "do" reload, so treat it as a restart.
+  restart|reload)
 	stop
 	start
 	;;
diff --git a/krb5.portreserve b/krb5.portreserve
new file mode 100644
index 0000000..8e1e0d7
--- /dev/null
+++ b/krb5.portreserve
@@ -0,0 +1,3 @@
+kerberos-adm/tcp
+kerberos-iv
+krb5_prop/tcp
diff --git a/krb5.spec b/krb5.spec
index 119c218..8e047b7 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -16,7 +16,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.3
-Release: 23%{?dist}
+Release: 24%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -50,6 +50,7 @@ Source25: krb5-trunk-manpaths.txt
 Source26: gssftp.pamd
 Source27: kshell.pamd
 Source28: ekshell.pamd
+Source29: krb5.portreserve
 
 Patch3: krb5-1.3-netkit-rsh.patch
 Patch4: krb5-1.3-rlogind-environ.patch
@@ -159,6 +160,8 @@ Group: System Environment/Daemons
 Summary: The KDC and related programs for Kerberos 5.
 Requires: %{name}-libs = %{version}-%{release}
 Prereq: grep, /sbin/install-info, /bin/sh, sh-utils, /sbin/chkconfig
+# portreserve is used by init scripts for kadmind, kpropd, and krb5kdc
+Requires: portreserve
 
 %description server
 Kerberos is a network authentication system. The krb5-server package
@@ -236,6 +239,13 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Thu Jan 14 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-24
+- use portreserve to make sure the KDC can always bind to the kerberos-iv
+  port, kpropd can always bind to the krb5_prop port, and that kadmind can
+  always bind to the kerberos-adm port (#555279)
+- backport the LSB headers for the init scripts
+- make the kpropd init script treat 'reload' as 'restart' (part of #225974)
+
 * Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-23
 - add upstream patch for integer underflow during AES and RC4 decryption
   (CVE-2009-4212), via Tom Yu (#545015)
@@ -1574,6 +1584,8 @@ mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
 install -pm 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc
 install -pm 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin
 install -pm 644 $RPM_SOURCE_DIR/krb524.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb524
+mkdir -p $RPM_BUILD_ROOT/etc/portreserve
+install -pm 644 $RPM_SOURCE_DIR/krb5.portreserve $RPM_BUILD_ROOT/etc/portreserve/krb5
 
 # Xinetd configuration files.
 mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/
@@ -1836,6 +1848,7 @@ exit 0
 %config(noreplace) /etc/sysconfig/krb5kdc
 %config(noreplace) /etc/sysconfig/kadmin
 %config(noreplace) /etc/sysconfig/krb524
+%config(noreplace) /etc/portreserve/krb5
 
 %doc doc/admin*.ps.gz
 %doc doc/krb425*.ps.gz
diff --git a/krb5kdc.init b/krb5kdc.init
index 18d530e..d3a6586 100755
--- a/krb5kdc.init
+++ b/krb5kdc.init
@@ -10,6 +10,18 @@
 # config: /etc/sysconfig/krb5kdc
 #
 
+### BEGIN INIT INFO
+# Provides: krb5kdc
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: portreserve
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop the Kerberos 5 KDC
+# Description: The krb5kdc is the Kerberos 5 key distribution center, which \
+#              issues credentials to Kerberos 5 clients.
+### END INIT INFO
+
 # Get config.
 . /etc/sysconfig/network
 
@@ -27,9 +39,16 @@ krb5kdc=/usr/kerberos/sbin/krb5kdc
 start() {
 	[ -x $krb5kdc ] || exit 5
 	echo -n $"Starting $prog: "
+	# tell portreserve to release the kerberos-iv port
+	[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :
 	daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS
 	RETVAL=$?
 	echo
+	if test $RETVAL -ne 0 ; then
+	    if status ${krb5kdc} > /dev/null ; then
+		RETVAL=0
+	    fi
+	fi
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc
 }
 stop() {
author	Nalin Dahyabhai <nalin@fedoraproject.org>	2010-01-14 23:29:56 +0000
committer	Nalin Dahyabhai <nalin@fedoraproject.org>	2010-01-14 23:29:56 +0000
commit	55968244fe3859144583e7c51fec25ec98ee86ff (patch)
tree	e4fcfcdfb91ceab3a66131a34369f139391d288c
parent	6f10766af6a76d3b8c8fef2e8668dbaad6ea0792 (diff)
download	krb5-55968244fe3859144583e7c51fec25ec98ee86ff.tar.gz krb5-55968244fe3859144583e7c51fec25ec98ee86ff.tar.xz krb5-55968244fe3859144583e7c51fec25ec98ee86ff.zip