rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Replace _kadmin/_kprop with systemd macros

Browse Source 
Remove traces of upstart from fedora package per policy

Resolves: #1290185
This commit is contained in:
Robbie Harwood 2016-01-28 19:35:44 +00:00
parent c52f5baf4b
commit f525729cee
8 changed files with 15 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
_kadmind
View File

@ -1,14 +0,0 @@
#!/bin/sh
#
# Check for error conditions which the init system expects us to check and
# for other common errors, and exit with the expected status codes.
#
kadmind=/usr/sbin/kadmind
if test -f /var/kerberos/krb5kdc/kpropd.acl ; then
echo $"Error. This appears to be a slave server, found kpropd.acl"
exit 6
fi
if ! test -x "$kadmind" ; then
exit 5
fi
exec "$kadmind" "$@"

14
_kpropd
View File

@ -1,14 +0,0 @@
#!/bin/sh
#
# Check for error conditions which the init system expects us to check and
# for other common errors, and exit with the expected status codes.
#
kpropd=/usr/sbin/kpropd
if ! test -f /var/kerberos/krb5kdc/kpropd.acl ; then
echo $"Error. This does not appear to be a slave server, kpropd.acl not found"
exit 6
fi
if ! test -x "$kpropd" ; then
exit 5
fi
exec "$kpropd" "$@"

3
kadmin.service
View File

@ -1,12 +1,13 @@
[Unit] [Unit]
Description=Kerberos 5 Password-changing and Administration Description=Kerberos 5 Password-changing and Administration
After=syslog.target network.target After=syslog.target network.target
AssertPathExists=!/var/kerberos/krb5kdc/kpropd.acl
[Service] [Service]
Type=forking Type=forking
PIDFile=/var/run/kadmind.pid PIDFile=/var/run/kadmind.pid
EnvironmentFile=-/etc/sysconfig/kadmin EnvironmentFile=-/etc/sysconfig/kadmin
ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
[Install] [Install]

108
kadmind.init
View File

@ -1,108 +0,0 @@
#!/bin/bash
#
# kadmind Start and stop the Kerberos 5 administrative server.
#
# chkconfig: - 35 65
# description: Kerberos 5 is a trusted third-party authentication system. \
# This script starts and stops the Kerberos 5 administrative \
# server, which should only be run on the master server for a \
# realm.
# processname: kadmind
# config: /etc/sysconfig/kadmin
# pidfile: /var/run/kadmind.pid
#
### BEGIN INIT INFO
# Provides: kadmin
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Should-Start: portreserve
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop the Kerberos 5 admin server
# Description: The kadmind service allows administrators to remotely manage \
# the Kerberos 5 realm database. It should only be run on a \
# master KDC.
### END INIT INFO
# Get config.
. /etc/sysconfig/network
# Get config.
[ -r /etc/sysconfig/kadmin ] && . /etc/sysconfig/kadmin
# Source function library.
. /etc/init.d/functions
prog="Kerberos 5 Admin Server"
kadmind=/usr/sbin/kadmind
pidfile=/var/run/kadmind.pid
RETVAL=0
# Shell functions to cut down on useless shell instances.
start() {
if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then
echo $"Error. This appears to be a slave server, found kpropd.acl"
exit 6
else
[ -x $kadmind ] || exit 5
fi
echo -n $"Starting $prog: "
# tell portreserve to release the kerberos-adm port
[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-adm &>/dev/null || :
daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} -P $pidfile $KADMIND_ARGS
RETVAL=$?
echo
if test $RETVAL -ne 0 ; then
if status -l kadmin ${kadmind} > /dev/null ; then
RETVAL=0
fi
fi
[ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin
}
stop() {
echo -n $"Stopping $prog: "
killproc ${kadmind}
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/kadmin
}
reload() {
echo -n $"Reopening $prog log file: "
killproc ${kadmind} -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status -l kadmin ${kadmind}
RETVAL=$?
;;
reload)
reload
;;
condrestart)
if [ -f /var/lock/subsys/kadmin ] ; then
stop
start
fi
;;
*)
echo $"Usage: $0 {start|stop|status|condrestart|reload|restart}"
RETVAL=2
;;
esac
exit $RETVAL

3
kprop.service
View File

@ -1,10 +1,11 @@
[Unit] [Unit]
Description=Kerberos 5 Propagation Description=Kerberos 5 Propagation
After=syslog.target network.target After=syslog.target network.target
AssertPathExists=!/var/kerberos/krb5kdc/kpropd.acl
[Service] [Service]
Type=forking Type=forking
ExecStart=/usr/sbin/_kpropd ExecStart=/usr/sbin/kpropd
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

92
kpropd.init
View File

@ -1,92 +0,0 @@
#!/bin/bash
#
# kpropd.init Start and stop the Kerberos 5 propagation client.
#
# chkconfig: - 35 65
# description: Kerberos 5 is a trusted third-party authentication system. \
# This script starts and stops the service that allows this \
# KDC to receive updates from your master KDC.
# processname: kpropd
#
### BEGIN INIT INFO
# Provides: kprop
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Should-Start: portreserve
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop the Kerberos 5 propagation client
# Description: The kpropd service accepts database updates pushed to it from \
# the master KDC. It will never be needed on a master KDC.
### END INIT INFO
# Get config.
. /etc/sysconfig/network
# Source function library.
. /etc/init.d/functions
RETVAL=0
prog="Kerberos 5 Propagation Server"
kpropd=/usr/sbin/kpropd
# Shell functions to cut down on useless shell instances.
start() {
[ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6
[ -x $kpropd ] || exit 5
echo -n $"Starting $prog: "
# tell portreserve to release the krb5_prop port
[ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || :
daemon ${kpropd} -S
RETVAL=$?
echo
if test $RETVAL -ne 0 ; then
if status -l kprop ${kpropd} > /dev/null ; then
RETVAL=0
fi
fi
[ $RETVAL = 0 ] && touch /var/lock/subsys/kprop
}
stop() {
echo -n $"Stopping $prog: "
killproc ${kpropd}
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/kprop
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
# We don't really "do" reload, so treat it as a restart.
restart|force-reload)
stop
start
;;
reload)
echo "can't reload configuration, you have to restart it"
RETVAL=3
;;
status)
status -l kprop ${kpropd}
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/kprop ] ; then
stop
start
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|reload|status|force-reload}"
RETVAL=2
;;
esac
exit $RETVAL

25
krb5.spec
View File

@ -13,7 +13,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.14 Version: 1.14
Release: 18%{?dist} Release: 19%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead? # - Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
# - The sources below are stored in a lookaside cache. Upload with # - The sources below are stored in a lookaside cache. Upload with
@ -26,8 +26,8 @@ Source2: kprop.service
Source4: kadmin.service Source4: kadmin.service
Source5: krb5kdc.service Source5: krb5kdc.service
Source6: krb5.conf Source6: krb5.conf
Source7: _kpropd #Source7: _kpropd
Source8: _kadmind #Source8: _kadmind
Source10: kdc.conf Source10: kdc.conf
Source11: kadm5.acl Source11: kadm5.acl
Source19: krb5kdc.sysconfig Source19: krb5kdc.sysconfig
@ -37,9 +37,9 @@ Source31: kerberos-adm.portreserve
Source32: krb5_prop.portreserve Source32: krb5_prop.portreserve
Source33: krb5kdc.logrotate Source33: krb5kdc.logrotate
Source34: kadmind.logrotate Source34: kadmind.logrotate
Source36: kpropd.init #Source36: kpropd.init
Source37: kadmind.init #Source37: kadmind.init
Source38: krb5kdc.init #Source38: krb5kdc.init
Source39: krb5-krb5kdc.conf Source39: krb5-krb5kdc.conf
# Carry this locally until it's available in a packaged form. # Carry this locally until it's available in a packaged form.
@ -432,12 +432,6 @@ for unit in \
# is an upgrade-time problem I'm in no hurry to deal with. # is an upgrade-time problem I'm in no hurry to deal with.
install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir} install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir}
done done
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
for wrapper in \
%{SOURCE7} \
%{SOURCE8} ; do
install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/
done
mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir} mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -pm 644 %{SOURCE39} $RPM_BUILD_ROOT/%{_tmpfilesdir}/ install -pm 644 %{SOURCE39} $RPM_BUILD_ROOT/%{_tmpfilesdir}/
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc
@ -658,14 +652,12 @@ exit 0
%{_sbindir}/kadmin.local %{_sbindir}/kadmin.local
%{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kadmin.local.8*
%{_sbindir}/kadmind %{_sbindir}/kadmind
%{_sbindir}/_kadmind
%{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmind.8*
%{_sbindir}/kdb5_util %{_sbindir}/kdb5_util
%{_mandir}/man8/kdb5_util.8* %{_mandir}/man8/kdb5_util.8*
%{_sbindir}/kprop %{_sbindir}/kprop
%{_mandir}/man8/kprop.8* %{_mandir}/man8/kprop.8*
%{_sbindir}/kpropd %{_sbindir}/kpropd
%{_sbindir}/_kpropd
%{_mandir}/man8/kpropd.8* %{_mandir}/man8/kpropd.8*
%{_sbindir}/kproplog %{_sbindir}/kproplog
%{_mandir}/man8/kproplog.8* %{_mandir}/man8/kproplog.8*
@ -775,6 +767,11 @@ exit 0
%changelog %changelog
* Thu Jan 28 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-19
- Replace _kadmin/_kprop with systemd macros
- Remove traces of upstart from fedora package per policy
- Resolves: #1290185
* Wed Jan 27 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-18 * Wed Jan 27 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-18
- Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 - Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631

102
krb5kdc.init
View File

@ -1,102 +0,0 @@
#!/bin/bash
#
# krb5kdc Start and stop the Kerberos 5 servers.
#
# chkconfig: - 35 65
# description: Kerberos 5 is a trusted third-party authentication system. \
# This script starts and stops the server that Kerberos 5 \
# clients need to connect to in order to obtain credentials.
# processname: krb5kdc
# config: /etc/sysconfig/krb5kdc
# pidfile: /var/run/krb5kdc.pid
#
### BEGIN INIT INFO
# Provides: krb5kdc
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Should-Start: portreserve
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop the Kerberos 5 KDC
# Description: The krb5kdc is the Kerberos 5 key distribution center, which \
# issues credentials to Kerberos 5 clients.
### END INIT INFO
# Get config.
. /etc/sysconfig/network
# Get config.
[ -r /etc/sysconfig/krb5kdc ] && . /etc/sysconfig/krb5kdc
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
prog="Kerberos 5 KDC"
krb5kdc=/usr/sbin/krb5kdc
pidfile=/var/run/krb5kdc.pid
PATH=/usr/lib64/krb5:/usr/lib/krb5:"$PATH"
# Shell functions to cut down on useless shell instances.
start() {
[ -x $krb5kdc ] || exit 5
echo -n $"Starting $prog: "
# tell portreserve to release the kerberos-iv port
[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :
daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} -P $pidfile $KRB5KDC_ARGS
RETVAL=$?
echo
if test $RETVAL -ne 0 ; then
if status ${krb5kdc} > /dev/null ; then
RETVAL=0
fi
fi
[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc
}
stop() {
echo -n $"Stopping $prog: "
killproc ${krb5kdc}
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb5kdc
}
reload() {
echo -n $"Reopening $prog log file: "
killproc ${krb5kdc} -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
status)
status ${krb5kdc}
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/krb5kdc ] ; then
stop
start
fi
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
RETVAL=2
;;
esac
exit $RETVAL