Bug#550781: krb5-kdc: missing pidfiles for krb5kdc and kadmind

Russ Allbery Wed, 30 Dec 2009 21:45:39 -0800

forwarded 550781 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6618
thanks

Michael Stapelberg <michael+db20090...@stapelberg.de> writes:

> You can find the patches attached to this mail. Please have a look if
> they work for you. What is still missing is a way to specify the
> destination folder using autoconf (I’m not good at autoconf, so this
> would take me a long time).  Currently, /var/run/krb5kdc.pid and
> /var/run/kadmind.pid are hard-coded (and don’t use ${prefix} either).

I think that upstream is likely to want this to be optional, or at least I
think that's the first pass approach to take.  I submitted a variation of
your patches upstream as RT #6618 that add a command-line option instead
of hard-coding a path and that use stdio (it's a bit easier to read).

Attached is the patch I submitted, for reference.

-- 
Russ Allbery (r...@debian.org)               <http://www.eyrie.org/~eagle/>

Index: src/kdc/krb5kdc.M
===================================================================
--- src/kdc/krb5kdc.M	(revision 23554)
+++ src/kdc/krb5kdc.M	(working copy)
@@ -48,6 +48,9 @@
 .I realm
 ] [
 .B \-n
+] [
+.B \-P
+.I pid_file
 ]
 .br
 .SH DESCRIPTION
@@ -134,6 +137,14 @@
 operation, you should always allow the KDC to place itself in
 the background.
 .PP
+The
+.B \-P
+.I pid_file
+option tells the KDC to write its PID (followed by a newline) into
+.I pid_file
+after it starts up.  This can be used to identify whether the KDC is still
+running and to allow init scripts to stop the correct process.
+.PP
 The KDC may service requests for multiple realms (maximum 32 realms).  The
 realms are listed on the command line.  Per-realm options that can be
 specified on the command line pertain for each realm that follows it and are
Index: src/kdc/main.c
===================================================================
--- src/kdc/main.c	(revision 23553)
+++ src/kdc/main.c	(working copy)
@@ -59,6 +59,7 @@
 #include <signal.h>
 #include <errno.h>
 #include <netdb.h>
+#include <unistd.h>
 
 #include "k5-int.h"
 #include "com_err.h"
@@ -90,6 +91,7 @@
 void finish_realms (void);
 
 static int nofork = 0;
+static const char *pid_file = NULL;
 static int rkey_init_done = 0;
 
 #ifdef POSIX_SIGNALS
@@ -558,7 +560,7 @@
 void
 usage(char *name)
 {
-    fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [/]\n"
+    fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [-P pid_file] [/]\n"
             "\nwhere,\n\t[-x db_args]* - Any number of database specific arguments.  Look at\n"
             "\t\t\teach database module documentation for supported\n\t\t\targuments\n",
             name);
@@ -634,7 +636,7 @@
      * Loop through the option list.  Each time we encounter a realm name,
      * use the previously scanned options to fill in for defaults.
      */
-    while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:p:s:n4:X3")) != -1) {
+    while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:P:p:s:n4:X3")) != -1) {
         switch(c) {
         case 'x':
             db_args_size++;
@@ -723,6 +725,8 @@
         case 'R':
             rcname = optarg;
             break;
+        case 'P':
+            pid_file = optarg;
         case 'p':
             if (default_udp_ports)
                 free(default_udp_ports);
@@ -905,6 +909,23 @@
         finish_realms();
         return 1;
     }
+    if (pid_file != NULL) {
+        FILE *file;
+        unsigned long pid;
+
+        file = fopen(pid_file, "w");
+        if (file == NULL) {
+            kdc_err(kcontext, errno, "while creating PID file");
+            finish_realms();
+            return 1;
+        }
+        pid = (unsigned long) getpid();
+        if (fprintf(file, "%ld\n", pid) < 0 || fclose(file) == EOF) {
+            kdc_err(kcontext, errno, "while writing PID file");
+            finish_realms();
+            return 1;
+        }
+    }
     krb5_klog_syslog(LOG_INFO, "commencing operation");
     if (nofork)
         fprintf(stderr, "%s: starting...\n", kdc_progname);
Index: src/kadmin/server/ovsec_kadmd.c
===================================================================
--- src/kadmin/server/ovsec_kadmd.c	(revision 23553)
+++ src/kadmin/server/ovsec_kadmd.c	(working copy)
@@ -134,6 +134,7 @@
             "[-passwordserver] "
 #endif
             "[-port port-number]\n"
+            "\t\t[-P pid_file]\n"
             "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
             "\t\t\tLook at each database documentation for supported arguments\n"
     );
@@ -216,6 +217,7 @@
     char *errmsg;
     int i;
     int strong_random = 1;
+    const char *pid_file = NULL;
 
     kdb_log_context *log_ctx;
 
@@ -286,6 +288,11 @@
                 usage();
             params.kadmind_port = atoi(*argv);
             params.mask |= KADM5_CONFIG_KADMIND_PORT;
+        } else if (strcmp(*argv, "-P") == 0) {
+            argc--; argv++;
+            if (!argc)
+                usage();
+            pid_file = *argv;
         } else if (strcmp(*argv, "-W") == 0) {
             strong_random = 0;
         } else
@@ -468,7 +475,32 @@
         krb5_klog_close(context);
         exit(1);
     }
+    if (pid_file != NULL) {
+        FILE *file;
+        unsigned long pid;
 
+        file = fopen(pid_file, "w");
+        if (file == NULL) {
+            errmsg = krb5_get_error_message(context, errno);
+            krb5_klog_syslog(LOG_ERR, "Cannot create PID file %s: %s",
+                             pid_file, errmsg);
+            svcauth_gssapi_unset_names();
+            kadm5_destroy(global_server_handle);
+            krb5_klog_close(context);
+            exit(1);
+        }
+        pid = (unsigned long) getpid();
+        if (fprintf(file, "%ld\n", pid) < 0 || fclose(file) == EOF) {
+            errmsg = krb5_get_error_message(context, errno);
+            krb5_klog_syslog(LOG_ERR, "Cannot write PID file %s: %s",
+                             pid_file, errmsg);
+            svcauth_gssapi_unset_names();
+            kadm5_destroy(global_server_handle);
+            krb5_klog_close(context);
+            exit(1);
+        }
+    }
+
     krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
     ret = krb5_c_random_os_entropy(context, strong_random, NULL);
     if (ret) {
Index: src/kadmin/server/kadmind.M
===================================================================
--- src/kadmin/server/kadmind.M	(revision 23553)
+++ src/kadmin/server/kadmind.M	(working copy)
@@ -5,6 +5,7 @@
 .B kadmind
 [\fB\-x\fP \fIdb_args\fP] [\fB-r\fP \fIrealm\fP] [\fB\-m\fP] [\fB\-nofork\fP] [\fB\-port\fP
 \fIport-number\fP]
+    [\fB\-P\fP \fIpid_file\fP]
 .SH DESCRIPTION
 This command starts the KADM5 administration server.  If the database is db2, 
 the administration server runs on the master Kerberos server, which stores the KDC
@@ -122,6 +123,14 @@
 connections.  The default is is controlled by the 
 .I kadmind_port
 configuration variable (see below).
+.TP
+\fB\-P\fP \fIpid_file\fP
+specifies the file to which the PID of
+.B kadmind
+process should be written to after it starts up.  This can be used to
+identify whether
+.B kadmind
+is still running and to allow init scripts to stop the correct process.
 .SH CONFIGURATION VALUES
 .PP
 In addition to the relations defined in kdc.conf(5), kadmind

Bug#550781: krb5-kdc: missing pidfiles for krb5kdc and kadmind

Reply via email to