Skip Menu |
 

Date: Thu, 27 Dec 2012 13:41:39 -0500
From: Richard Basch <basch@alum.mit.edu>
Subject: krb5-1.11: patch 4 of 4: tree-based iprop
To: krb5-bugs@mit.edu
Download (untitled) / with headers
text/plain 4.8KiB
Download (untitled) / with headers
text/html 20.8KiB

Add an option to allow tree-based propagation of updates (it requires other 3 patches). Specifically, add an option to kpropd to redirect where to get its updates from and add an option to kadmind to allow it to service iprop requests only (without enabling all other update functions).

 

diff -ru src.03/kadmin/server/ovsec_kadmd.c src.04/kadmin/server/ovsec_kadmd.c

--- src.03/kadmin/server/ovsec_kadmd.c       2012-12-17 21:47:04.000000000 -0500

+++ src.04/kadmin/server/ovsec_kadmd.c       2012-12-26 00:01:25.838990178 -0500

@@ -110,6 +110,7 @@

                       "[-port port-number]\n"

                       "\t\t[-p path-to-kdb5_util] [-F dump-file]\n"

                       "\t\t[-K path-to-kprop] [-P pid_file]\n"

+                      "\t\t[-proponly]\n"

                       "\nwhere,\n\t[-x db_args]* - any number of database "

                       "specific arguments.\n"

                       "\t\t\tLook at each database documentation for "

@@ -204,6 +205,7 @@

static krb5_context hctx;

 int nofork = 0;

+int prop_only = 0;

char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;

char *kprop = KPROPD_DEFAULT_KPROP;

char *dump_file = KPROP_DEFAULT_FILE;

@@ -290,6 +292,8 @@

         } else if (strcmp(*argv, "-passwordserver") == 0) {

             kadm5_set_use_password_server ();

#endif

+        } else if (strcmp(*argv, "-proponly") == 0) {

+            prop_only = 1;

         } else if(strcmp(*argv, "-port") == 0) {

             argc--; argv++;

             if(!argc)

@@ -400,10 +404,15 @@

     }

 #define server_handle ((kadm5_server_handle_t)global_server_handle)

-    if ((ret = loop_add_udp_port(server_handle->params.kpasswd_port))

+    if (prop_only

+        || (ret = loop_add_udp_port(server_handle->params.kpasswd_port))

         || (ret = loop_add_tcp_port(server_handle->params.kpasswd_port))

         || (ret = loop_add_rpc_service(server_handle->params.kadmind_port,

                                        KADM, KADMVERS, kadm_1))

+        )

+        /* Do nothing; our error handling will follow */

+        1;

+    if (ret

#ifndef DISABLE_IPROP

         || (server_handle->params.iprop_enabled

             ? (ret = loop_add_rpc_service(server_handle->params.iprop_port,

Only in src.04/kadmin/server: ovsec_kadmd.c.~1~

diff -ru src.03/slave/kpropd.c src.04/slave/kpropd.c

--- src.03/slave/kpropd.c     2012-12-17 21:47:05.000000000 -0500

+++ src.04/slave/kpropd.c     2012-12-25 23:59:41.888938248 -0500

@@ -137,6 +137,7 @@

char    *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;

char    *kerb_database = NULL;

char    *acl_file_name = KPROPD_ACL_FILE;

+char    *admin_server = NULL;

 krb5_address    *sender_addr;

krb5_address    *receiver_addr;

@@ -170,6 +171,7 @@

             progname);

     fprintf(stderr, _("\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"));

     fprintf(stderr, _("\t[-x db_args]* [-P port] [-a acl_file]\n"));

+    fprintf(stderr, _("\t[-A admin_server]\n"));

     exit(1);

}

@@ -981,7 +983,7 @@

             goto done;

         /*

-         * Sleep for the specified poll interval (Default is 2 mts),

+         * Sleep for the specified poll interval (Default is 2 m),

          * or do a binary exponential backoff if we get an

          * UPDATE_BUSY signal

          */

@@ -993,6 +995,15 @@

                         backoff_time);

             }

             (void) sleep(backoff_time);

+        } else if (incr_ret && full_ret &&

+                   incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED &&

+                   full_ret->ret == UPDATE_OK) {

+            /*

+             * Poll immediately after a full resync to ensure we are

+             * up-to-date with any incremental changes received during

+             * the processing of the database transfer & reload.

+             */

+            1;

         } else {

             if (debug) {

                 fprintf(stderr, _("Waiting for %d seconds before checking "

@@ -1095,6 +1106,15 @@

             word++;

             while (word && (ch = *word++)) {

                 switch(ch){

+                case 'A':

+                    if (*word)

+                        admin_server = word;

+                    else

+                        admin_server = *argv++;

+                    if (!admin_server)

+                        usage();

+                    word = 0;

+                    break;

                 case 'f':

                     if (*word)

                         file = word;

@@ -1241,6 +1261,11 @@

         com_err(progname, retval, _("while initializing"));

         exit(1);

     }

+    if (admin_server) {

+        char *x = params.admin_server;

+        params.admin_server = admin_server;

+        admin_server = x;

+    }

     if (params.iprop_enabled == TRUE) {

         ulog_set_role(kpropd_context, IPROP_SLAVE);

Only in src.04/slave: kpropd.c.~1~