[krbdev.mit.edu #7521] krb5-1.11: patch 4 of 4: tree-based iprop
Richard Basch via RT
rt-comment at krbdev.mit.edu
Thu Dec 27 16:15:53 EST 2012
Add an option to allow tree-based propagation of updates (it requires other
3 patches). Specifically, add an option to kpropd to redirect where to get
its updates from and add an option to kadmind to allow it to service iprop
requests only (without enabling all other update functions).
diff -ru src.03/kadmin/server/ovsec_kadmd.c
src.04/kadmin/server/ovsec_kadmd.c
--- src.03/kadmin/server/ovsec_kadmd.c 2012-12-17 21:47:04.000000000
-0500
+++ src.04/kadmin/server/ovsec_kadmd.c 2012-12-26 00:01:25.838990178
-0500
@@ -110,6 +110,7 @@
"[-port port-number]\n"
"\t\t[-p path-to-kdb5_util] [-F dump-file]\n"
"\t\t[-K path-to-kprop] [-P pid_file]\n"
+ "\t\t[-proponly]\n"
"\nwhere,\n\t[-x db_args]* - any number of database "
"specific arguments.\n"
"\t\t\tLook at each database documentation for "
@@ -204,6 +205,7 @@
static krb5_context hctx;
int nofork = 0;
+int prop_only = 0;
char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
char *kprop = KPROPD_DEFAULT_KPROP;
char *dump_file = KPROP_DEFAULT_FILE;
@@ -290,6 +292,8 @@
} else if (strcmp(*argv, "-passwordserver") == 0) {
kadm5_set_use_password_server ();
#endif
+ } else if (strcmp(*argv, "-proponly") == 0) {
+ prop_only = 1;
} else if(strcmp(*argv, "-port") == 0) {
argc--; argv++;
if(!argc)
@@ -400,10 +404,15 @@
}
#define server_handle ((kadm5_server_handle_t)global_server_handle)
- if ((ret = loop_add_udp_port(server_handle->params.kpasswd_port))
+ if (prop_only
+ || (ret = loop_add_udp_port(server_handle->params.kpasswd_port))
|| (ret = loop_add_tcp_port(server_handle->params.kpasswd_port))
|| (ret = loop_add_rpc_service(server_handle->params.kadmind_port,
KADM, KADMVERS, kadm_1))
+ )
+ /* Do nothing; our error handling will follow */
+ 1;
+ if (ret
#ifndef DISABLE_IPROP
|| (server_handle->params.iprop_enabled
? (ret = loop_add_rpc_service(server_handle->params.iprop_port,
Only in src.04/kadmin/server: ovsec_kadmd.c.~1~
diff -ru src.03/slave/kpropd.c src.04/slave/kpropd.c
--- src.03/slave/kpropd.c 2012-12-17 21:47:05.000000000 -0500
+++ src.04/slave/kpropd.c 2012-12-25 23:59:41.888938248 -0500
@@ -137,6 +137,7 @@
char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
char *kerb_database = NULL;
char *acl_file_name = KPROPD_ACL_FILE;
+char *admin_server = NULL;
krb5_address *sender_addr;
krb5_address *receiver_addr;
@@ -170,6 +171,7 @@
progname);
fprintf(stderr, _("\t[-F kerberos_db_file ] [-p
kdb5_util_pathname]\n"));
fprintf(stderr, _("\t[-x db_args]* [-P port] [-a acl_file]\n"));
+ fprintf(stderr, _("\t[-A admin_server]\n"));
exit(1);
}
@@ -981,7 +983,7 @@
goto done;
/*
- * Sleep for the specified poll interval (Default is 2 mts),
+ * Sleep for the specified poll interval (Default is 2 m),
* or do a binary exponential backoff if we get an
* UPDATE_BUSY signal
*/
@@ -993,6 +995,15 @@
backoff_time);
}
(void) sleep(backoff_time);
+ } else if (incr_ret && full_ret &&
+ incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED &&
+ full_ret->ret == UPDATE_OK) {
+ /*
+ * Poll immediately after a full resync to ensure we are
+ * up-to-date with any incremental changes received during
+ * the processing of the database transfer & reload.
+ */
+ 1;
} else {
if (debug) {
fprintf(stderr, _("Waiting for %d seconds before checking "
@@ -1095,6 +1106,15 @@
word++;
while (word && (ch = *word++)) {
switch(ch){
+ case 'A':
+ if (*word)
+ admin_server = word;
+ else
+ admin_server = *argv++;
+ if (!admin_server)
+ usage();
+ word = 0;
+ break;
case 'f':
if (*word)
file = word;
@@ -1241,6 +1261,11 @@
com_err(progname, retval, _("while initializing"));
exit(1);
}
+ if (admin_server) {
+ char *x = params.admin_server;
+ params.admin_server = admin_server;
+ admin_server = x;
+ }
if (params.iprop_enabled == TRUE) {
ulog_set_role(kpropd_context, IPROP_SLAVE);
Only in src.04/slave: kpropd.c.~1~
More information about the krb5-bugs
mailing list