Restructure rc.d scripts for kerberos5 daemons:

- Rename $kerberos5_server_enable with $kdc_enable and rename rc.d/kerberos with rc.d/kdc. - Rename $kadmin5_server_enable with $kadmind_enable. - Rename ${kerberos5,kpasswdd}_server with ${kdc,kpasswdd}_program. - Fix rc.d/{kadmind,kerberos,kpasswdd,kfd} scripts not to change variables after load_rc_config(). - Add rc.d/ipropd_master and rc.d/ipropd_slave scripts. These are for iprop-master(8) and iprop-slave(8). Keytab used for iprop service is defined in ipropd_{master,slave}_keytab (/etc/krb5.keytab by default). - Add dependency on rc.d/kdc to SERVERS. rc.d/kdc must be invoked as early as possible before scripts divided by rc.d/SERVERS. Note that changes to rc.d/{kdc,kpasswdd,kadmind} are backward-compatible with the old configuration variables: ${kerberos5,kpasswdd,kadmin5}_server{,_enable,_flags}.
2026-05-28 04:12:45 -04:00 · 2014-08-29 07:51:47 +00:00 · 2014-08-29 07:51:47 +00:00 · 137ae2c4f0
commit 137ae2c4f0
parent 7b3e8bee90
10 changed files with 167 additions and 48 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -271,15 +271,28 @@ local_unbound_enable="NO"	# local caching resolver
 #
 # kerberos. Do not run the admin daemons on slave servers
 #
-kerberos5_server_enable="NO"	# Run a kerberos 5 master server (or NO).
-kerberos5_server="/usr/libexec/kdc"	# path to kerberos 5 KDC
-kerberos5_server_flags="--detach"	# Additional flags to the kerberos 5 server
-kadmind5_server_enable="NO"	# Run kadmind (or NO)
-kadmind5_server="/usr/libexec/kadmind"	# path to kerberos 5 admin daemon
-kpasswdd_server_enable="NO"	# Run kpasswdd (or NO)
-kpasswdd_server="/usr/libexec/kpasswdd"	# path to kerberos 5 passwd daemon
+kdc_enable="NO"			# Run a kerberos 5 KDC (or NO).
+kdc_program="/usr/libexec/kdc"	# path to kerberos 5 KDC
+kdc_flags=""			# Additional flags to the kerberos 5 KDC
+kadmind_enable="NO"		# Run kadmind (or NO)
+kadmind_program="/usr/libexec/kadmind"	# path to kadmind
+kpasswdd_enable="NO"		# Run kpasswdd (or NO)
+kpasswdd_program="/usr/libexec/kpasswdd" # path to kpasswdd
 kfd_enable="NO"			# Run kfd (or NO)
 kfd_program="/usr/libexec/kfd"	# path to kerberos 5 kfd daemon
+kfd_flags=""
+ipropd_master_enable="NO"	# Run Heimdal incremental propagation daemon
+				# (master daemon).
+ipropd_master_program="/usr/libexec/ipropd-master"
+ipropd_master_flags=""		# Flags to ipropd-master.
+ipropd_master_keytab="/etc/krb5.keytab"	# keytab for ipropd-master.
+ipropd_master_slaves=""		# slave node names used for /var/heimdal/slaves.
+ipropd_slave_enable="NO"	# Run Heimdal incremental propagation daemon
+				# (slave daemon).
+ipropd_slave_program="/usr/libexec/ipropd-slave"
+ipropd_slave_flags=""		# Flags to ipropd-slave.
+ipropd_slave_keytab="/etc/krb5.keytab"	# keytab for ipropd-slave.
+ipropd_slave_masters=""		# master node names.

 gssd_enable="NO"		# Run the gssd daemon (or NO).
 gssd_program="/usr/sbin/gssd"	# Path to gssd.
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@ -65,12 +65,14 @@ FILES=	DAEMON \
 	ipfw \
 	ipmon \
 	ipnat \
+	ipropd_master \
+	ipropd_slave \
 	ipsec \
 	iscsictl \
 	iscsid \
 	jail \
 	kadmind \
-	kerberos \
+	kdc \
 	keyserv \
 	kfd \
 	kld \
--- a/etc/rc.d/SERVERS
+++ b/etc/rc.d/SERVERS
@ -4,7 +4,7 @@
 #

 # PROVIDE: SERVERS
-# REQUIRE: mountcritremote abi ldconfig savecore watchdogd
+# REQUIRE: mountcritremote abi ldconfig savecore watchdogd kdc

 #	This is a dummy dependency, for early-start servers relying on
 #	some basic configuration.
--- a/etc/rc.d/ipropd_master
+++ b/etc/rc.d/ipropd_master
@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipropd_master
+# REQUIRE: kdc
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=ipropd_master
+rcvar=${name}_enable
+required_files="$ipropd_master_keytab"
+start_precmd=${name}_start_precmd
+start_postcmd=${name}_start_postcmd
+
+ipropd_master_start_precmd()
+{
+
+	if [ -z "$ipropd_master_slaves" ]; then
+		warn "\$ipropd_master_slaves is empty."
+		return 1
+	fi
+	for _slave in $ipropd_master_slaves; do
+		echo $_slave
+	done > /var/heimdal/slaves || return 1
+	command_args="$command_args \
+	    --keytab=\"$ipropd_master_keytab\" \
+	    --detach \
+	"
+}
+ipropd_master_start_postcmd()
+{
+
+	echo "${name}: slave nodes: $ipropd_master_slaves"
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/etc/rc.d/ipropd_slave
+++ b/etc/rc.d/ipropd_slave
@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipropd_slave
+# REQUIRE: kdc
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=ipropd_slave
+rcvar=${name}_enable
+required_files="$ipropd_slave_keytab"
+start_precmd=${name}_start_precmd
+
+ipropd_slave_start_precmd()
+{
+
+	if [ -z "$ipropd_slave_masters" ]; then
+		warn "\$ipropd_slave_masters is empty."
+		return 1
+	fi
+	command_args=" \
+	    $command_args \
+	    --keytab=\"$ipropd_slave_keytab\" \
+	    --detach \
+	    $ipropd_slave_masters"
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/etc/rc.d/kadmind
+++ b/etc/rc.d/kadmind
@ -3,18 +3,26 @@
 # $FreeBSD$
 #

-# PROVIDE: kadmin
-# REQUIRE: kerberos
-# BEFORE: DAEMON
+# PROVIDE: kadmind
+# REQUIRE: kdc
+# KEYWORD: shutdown

 . /etc/rc.subr

-name="kadmind5"
-load_rc_config $name
-rcvar="kadmind5_server_enable"
-unset start_cmd
-command="${kadmind5_server}"
-command_args="&"
-required_vars="kerberos5_server_enable"
+name=kadmind
+rcvar=${name}_enable
+required_vars=kdc_enable
+start_precmd=${name}_start_precmd

+set_rcvar_obsolete kadmind5_server_enable kadmind_enable
+set_rcvar_obsolete kadmind5_server kadmind_program
+set_rcvar_obsolete kerberos5_server_enable kdc_enable
+
+kadmind_start_precmd()
+{
+
+	command_args="$command_args &"
+}
+
+load_rc_config $name
 run_rc_command "$1"
--- a/etc/rc.d/kdc
+++ b/etc/rc.d/kdc
@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: kdc
+# REQUIRE: NETWORKING
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=kdc
+rcvar=${name}_enable
+start_precmd=${name}_start_precmd
+
+set_rcvar_obsolete kerberos5_server_enable kdc_enable
+set_rcvar_obsolete kerberos5_server kdc_program
+set_rcvar_obsolete kerberos5_server_flags kdc_flags
+
+kdc_start_precmd()
+{
+
+	command_args="$command_args --detach"
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/etc/rc.d/kerberos
+++ b/etc/rc.d/kerberos
@ -1,17 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# PROVIDE: kerberos
-# REQUIRE: NETWORKING
-
-. /etc/rc.subr
-
-name="kerberos5"
-rcvar="kerberos5_server_enable"
-
-load_rc_config $name
-command="${kerberos5_server}"
-kerberos5_flags="${kerberos5_server_flags}"
-run_rc_command "$1"
--- a/etc/rc.d/kfd
+++ b/etc/rc.d/kfd
@ -10,8 +10,14 @@
 . /etc/rc.subr

 name=kfd
-rcvar=kfd_enable
-load_rc_config $name
-command_args="-i &"
+rcvar=${name}_enable
+start_precmd=${name}_start_precmd

+kfd_start_precmd()
+{
+
+	command_args="$command_args -i &"
+}
+
+load_rc_config $name
 run_rc_command "$1"
--- a/etc/rc.d/kpasswdd
+++ b/etc/rc.d/kpasswdd
@ -4,17 +4,25 @@
 #

 # PROVIDE: kpasswdd
-# REQUIRE: kadmin
-# BEFORE: DAEMON
+# REQUIRE: kdc
+# KEYWORD: shutdown

 . /etc/rc.subr

-name="kpasswdd"
-load_rc_config $name
-rcvar="kpasswdd_server_enable"
-unset start_cmd
-command="${kpasswdd_server}"
-command_args="&"
-required_vars="kadmind5_server_enable"
+name=kpasswdd
+rcvar=${name}_enable
+required_vars=kdc_enable
+start_precmd=${name}_start_precmd

+set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable
+set_rcvar_obsolete kpasswdd_server kpasswdd_program
+set_rcvar_obsolete kerberos5_server_enable kdc_enable
+
+kpasswdd_start_precmd()
+{
+
+	command_args="$command_args &"
+}
+
+load_rc_config $name
 run_rc_command "$1"