From ee18500d9bf63fedace5dea8d090156e640e51e3 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 15 Aug 2013 00:10:24 -0400 Subject: Fix error detection when starting kpropd/kadmind - drop a patch we're not applying - wrap kadmind and kpropd in scripts which check for the presence/absence of files which dictate particular exit codes before exec'ing the actual binaries, instead of trying to use ConditionPathExists in the unit files to accomplish that, so that we exit with failure properly when what we expect isn't actually in effect on the system (#800343) --- _kadmind | 10 ++++++++++ _kpropd | 10 ++++++++++ kadmin.service | 3 +-- kprop.service | 3 +-- krb5.spec | 22 +++++++++++++++++++--- 5 files changed, 41 insertions(+), 7 deletions(-) create mode 100644 _kadmind create mode 100644 _kpropd diff --git a/_kadmind b/_kadmind new file mode 100644 index 0000000..5088438 --- /dev/null +++ b/_kadmind @@ -0,0 +1,10 @@ +#!/bin/sh +kadmind=/usr/sbin/kadmind +if test -f /var/kerberos/krb5kdc/kpropd.acl ; then + echo $"Error. This appears to be a slave server, found kpropd.acl" + exit 6 +fi +if ! test -x "$kadmind" ; then + exit 5 +fi +exec "$kadmind" "$@" diff --git a/_kpropd b/_kpropd new file mode 100644 index 0000000..219e41c --- /dev/null +++ b/_kpropd @@ -0,0 +1,10 @@ +#!/bin/sh +kpropd=/usr/sbin/kpropd +if ! test -f /var/kerberos/krb5kdc/kpropd.acl ; then + echo $"Error. This does not appear to be a slave server, kpropd.acl not found" + exit 6 +fi +if ! test -x "$kpropd" ; then + exit 5 +fi +exec "$kpropd" "$@" diff --git a/kadmin.service b/kadmin.service index 7775ea7..ede159e 100644 --- a/kadmin.service +++ b/kadmin.service @@ -1,13 +1,12 @@ [Unit] Description=Kerberos 5 Password-changing and Administration After=syslog.target network.target -ConditionPathExists=!/var/kerberos/krb5kdc/kpropd.acl [Service] Type=forking PIDFile=/var/run/kadmind.pid EnvironmentFile=-/etc/sysconfig/kadmin -ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS +ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS ExecReload=/bin/kill -HUP $MAINPID [Install] diff --git a/kprop.service b/kprop.service index 99ba129..959a300 100644 --- a/kprop.service +++ b/kprop.service @@ -1,11 +1,10 @@ [Unit] Description=Kerberos 5 Propagation After=syslog.target network.target -ConditionPathExists=/var/kerberos/krb5kdc/kpropd.acl [Service] Type=forking -ExecStart=/usr/sbin/kpropd -S +ExecStart=/usr/sbin/_kpropd -S [Install] WantedBy=multi-user.target diff --git a/krb5.spec b/krb5.spec index 5409f20..0ea68db 100644 --- a/krb5.spec +++ b/krb5.spec @@ -32,7 +32,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.11.3 -Release: 7%{?dist} +Release: 8%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar Source0: krb5-%{version}.tar.gz @@ -45,6 +45,8 @@ Source2: kprop.service Source4: kadmin.service Source5: krb5kdc.service Source6: krb5.conf +Source7: _kpropd +Source8: _kadmind Source10: kdc.conf Source11: kadm5.acl Source19: krb5kdc.sysconfig @@ -76,7 +78,6 @@ Patch59: krb5-1.10-kpasswd_tcp.patch Patch60: krb5-1.11-pam.patch Patch63: krb5-1.11-selinux-label.patch Patch71: krb5-1.11-dirsrv-accountlock.patch -Patch75: krb5-pkinit-debug.patch Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch Patch113: krb5-1.11-alpha1-init.patch @@ -306,7 +307,6 @@ ln -s NOTICE LICENSE %patch56 -p1 -b .doublelog %patch59 -p1 -b .kpasswd_tcp %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} -#%patch75 -p1 -b .pkinit-debug %patch86 -p0 -b .debuginfo %patch105 -p1 -b .kvno %patch113 -p1 -b .init @@ -507,6 +507,12 @@ for unit in \ # is an upgrade-time problem I'm in no hurry to deal with. install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir} done +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +for wrapper in \ + %{SOURCE7} \ + %{SOURCE8} ; do + install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/ +done %else mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d for init in \ @@ -771,12 +777,14 @@ exit 0 %{_sbindir}/kadmin.local %{_mandir}/man8/kadmin.local.8* %{_sbindir}/kadmind +%{_sbindir}/_kadmind %{_mandir}/man8/kadmind.8* %{_sbindir}/kdb5_util %{_mandir}/man8/kdb5_util.8* %{_sbindir}/kprop %{_mandir}/man8/kprop.8* %{_sbindir}/kpropd +%{_sbindir}/_kpropd %{_mandir}/man8/kpropd.8* %{_sbindir}/kproplog %{_mandir}/man8/kproplog.8* @@ -902,6 +910,14 @@ exit 0 %{_sbindir}/uuserver %changelog +* Thu Aug 15 2013 Nalin Dahyabhai 1.11.3-8 +- drop a patch we weren't not applying (build tooling) +- wrap kadmind and kpropd in scripts which check for the presence/absence + of files which dictate particular exit codes before exec'ing the actual + binaries, instead of trying to use ConditionPathExists in the unit files + to accomplish that, so that we exit with failure properly when what we + expect isn't actually in effect on the system (#800343) + * Mon Jul 29 2013 Nalin Dahyabhai 1.11.3-7 - attempt to account for UnversionedDocdirs for the -libs subpackage -- cgit