sys-auth/kstart-krenew: The openafs-kstart ebuild was renamed to kstart-krenew and patched for happy tickets. Thanks to Gautam Iyer.

svn path=/sunrise/; revision=5076

5 files changed, 245 insertions, 0 deletions

diff --git a/sys-auth/kstart-krenew/ChangeLog b/sys-auth/kstart-krenew/ChangeLog
new file mode 100644
index 000000000..f307538a7
--- /dev/null
+++ b/sys-auth/kstart-krenew/ChangeLog
@@ -0,0 +1,10 @@
+# ChangeLog for sys-auth/kstart-krenew
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+  18 Nov 2007; Oliver Borm (boroli) <oli.borm@web.de>
+  +files/kstart-3.10-happy-tickets.patch, +metadata.xml,
+  +kstart-krenew-3.10.ebuild:
+  The openafs-kstart ebuild was renamed to kstart-krenew and patched for happy
+  tickets. Thanks to Gautam Iyer.
+
diff --git a/sys-auth/kstart-krenew/Manifest b/sys-auth/kstart-krenew/Manifest
new file mode 100644
index 000000000..eeed9d155
--- /dev/null
+++ b/sys-auth/kstart-krenew/Manifest
@@ -0,0 +1,5 @@
+AUX kstart-3.10-happy-tickets.patch 5958 RMD160 378e2d570f5934451514c5bc1c3b7345fb6eb28e SHA1 2ebf28f43e9297039a5c8fef72e0ba96791f5053 SHA256 f23d38bd6ed390aa60efd7f30df25553e35d335f88d08c45987e512586f8edcd
+DIST kstart-3.10.tar.gz 123477 RMD160 92cf78288fade9a6d7d407989d41be641619ce3d SHA1 15584458988b37aa1719b83a9ba80434858fe4be SHA256 120320685f67776f823830c93a154a5960209f2e09f55e0519debcd18e89ffea
+EBUILD kstart-krenew-3.10.ebuild 1022 RMD160 23acbfccb06423475c55c51992f9612e1779d83e SHA1 be72c0161ea5046dd7ee0655a6532b955283dd45 SHA256 033a4c3d4acb39d06acb3d50df862eb1117d270537fa22da466389ab749ed071
+MISC ChangeLog 378 RMD160 986afad023aa93d04cb71d53c63f77f0b3fd2cce SHA1 39b76a543b9877f935a19f4462d750c405ebbe12 SHA256 6fbf080f04d3d579e0c114d275ae5ea663d425490a6aabe7cb46a0d94b92723f
+MISC metadata.xml 170 RMD160 645927a396fdc21cdeb089fe42c5397332420ea6 SHA1 ac7f48a14fec325926f9ce1be8fbf1f311b4f2e4 SHA256 d797a2ec6f9dc516c9f9c1a758ee87ad3e8c43101b5dc76c2f872d5bd4639b42
diff --git a/sys-auth/kstart-krenew/files/kstart-3.10-happy-tickets.patch b/sys-auth/kstart-krenew/files/kstart-3.10-happy-tickets.patch
new file mode 100644
index 000000000..bb685914b
--- /dev/null
+++ b/sys-auth/kstart-krenew/files/kstart-3.10-happy-tickets.patch
@@ -0,0 +1,180 @@
+diff -ru ../kstart-3.10/krenew.c ./krenew.c
+--- ../kstart-3.10/krenew.c	2007-03-03 20:42:26.000000000 -0800
++++ ./krenew.c	2007-11-11 18:20:25.000000000 -0800
+@@ -33,6 +33,7 @@
+ Usage: krenew [options] [command]\n\
+    -b                   Fork and run in the background\n\
+    -h                   Display this usage message and exit\n\
++   -H <min>		Only renew tickets if we don't have a happy ticket\n\
+    -K <interval>        Run as daemon, renew ticket every <interval> minutes\n\
+                         (implies -q unless -v is given)\n\
+    -k <file>            Use <file> as the ticket cache\n\
+@@ -53,7 +54,7 @@
+ {
+     va_list args;
+ 
+-    fprintf(stderr, "k5start: ");
++    fprintf(stderr, "krenew: ");
+     va_start(args, format);
+     vfprintf(stderr, format, args);
+     va_end(args);
+@@ -165,7 +166,8 @@
+ **  Renew the user's tickets, exiting with an error if this isn't possible.
+ */
+ static void
+-renew(krb5_context ctx, krb5_ccache cache, int verbose)
++renew(krb5_context ctx, krb5_ccache cache, int verbose, int do_aklog,
++	const char *aklog, int happy_interval)
+ {
+     int status;
+     krb5_principal user;
+@@ -175,6 +177,37 @@
+     krb5_creds in, *old = NULL;
+ #endif
+ 
++    if( happy_interval > 0 )
++    {
++	krb5_cc_cursor cursor;
++
++	status = krb5_cc_start_seq_get( ctx, cache, &cursor );
++	if( status != 0 )
++	    krb5_err( ctx, 1, status, "krenew: error reading cache" );
++	status = krb5_cc_next_cred( ctx, cache, &cursor, &creds);
++	if( status != 0 )
++	    krb5_err( ctx, 1, status, "krenew: error reading cache" );
++	status = krb5_cc_end_seq_get( ctx, cache, &cursor );
++	if( status != 0 )
++	    krb5_err( ctx, 1, status, "krenew: error reading cache" );
++
++	if( time(NULL) + happy_interval * 60 < creds.times.endtime )
++	{
++	    if( verbose )
++		fputs( "krenew: Happy ticket. Not renewing credentials\n",
++			stderr );
++	    return;
++	}
++
++	if( time(NULL) + happy_interval * 60 >= creds.times.renew_till )
++	{
++	    if( verbose )
++		fputs( "krenew: Renewing ticket will not make it happy\n",
++			stderr );
++	    exit(1);
++	}
++    }
++
+     memset(&creds, 0, sizeof(creds));
+     status = krb5_cc_get_principal(ctx, cache, &user);
+     if (status != 0)
+@@ -186,10 +219,12 @@
+         if (status != 0)
+             krb5_warn(ctx, status, "krenew: error unparsing name");
+         else {
+-            printf("kstart: renewing credentials for %s\n", name);
++            printf("krenew: renewing credentials for %s\n", name);
+             free(name);
+         }
+     }
++
++
+ #ifdef HAVE_KRB5_GET_RENEWED_CREDS
+     status = krb5_get_renewed_creds(ctx, &creds, user, cache, NULL);
+     out = &creds;
+@@ -228,6 +263,10 @@
+     if (out != NULL)
+         krb5_free_creds(ctx, out);
+ #endif
++
++    /* If requested, run the aklog program. */
++    if (do_aklog)
++	run_aklog(aklog, verbose);
+ }
+ 
+ 
+@@ -241,6 +280,7 @@
+     int background = 0;
+     int keep_ticket = 0;
+     int do_aklog = 0;
++    int happy_interval = 0;
+     int verbose = 0;
+     const char *aklog = NULL;
+     krb5_context ctx;
+@@ -249,7 +289,7 @@
+     pid_t child = 0;
+ 
+     /* Parse command-line options. */
+-    while ((option = getopt(argc, argv, "bhK:k:p:qtv")) != EOF)
++    while ((option = getopt(argc, argv, "bhH:K:k:p:qtv")) != EOF)
+         switch (option) {
+         case 'b': background = 1;               break;
+         case 'h': usage(0);                     break;
+@@ -257,6 +297,12 @@
+         case 't': do_aklog = 1;                 break;
+         case 'v': verbose = 1;                  break;
+ 
++	case 'H':
++	    happy_interval = atoi(optarg);
++	    if( happy_interval <= 0 )
++		die("Happy interval must be a positive integer");
++	    break;
++
+         case 'K':
+             keep_ticket = atoi(optarg);
+             if (keep_ticket <= 0)
+@@ -283,6 +329,8 @@
+     /* Check the arguments for consistency. */
+     if (background && keep_ticket == 0 && command == NULL)
+         die("-b only makes sense with -K or a command to run");
++    if (happy_interval > 0 && (background || keep_ticket || command))
++	die("-H should only be used for one time renuals");
+ 
+     /* Set aklog from KINIT_PROG or the compiled-in default. */
+     aklog = getenv("KINIT_PROG");
+@@ -321,13 +369,11 @@
+         }
+     }
+ 
+-    /* Now, do the initial ticket renewal even if it's not necessary so that
+-       we can catch any problems. */
+-    renew(ctx, cache, verbose);
++    /* Now, do the initial ticket renewal, if we don't have a happy ticket. If
++       the happy interval was not specified, then do it anyway, if it's not
++       necessary so that we can catch any problems. */
++    renew(ctx, cache, verbose, do_aklog, aklog, happy_interval);
+ 
+-    /* If requested, run the aklog program. */
+-    if (do_aklog)
+-        run_aklog(aklog, verbose);
+ 
+     /* If told to background, background ourselves.  We do this late so that
+        we can report initial errors.  We have to do this before spawning the
+@@ -373,11 +419,8 @@
+             timeout.tv_sec = keep_ticket * 60;
+             timeout.tv_usec = 0;
+             select(0, NULL, NULL, NULL, &timeout);
+-            if (ticket_expired(ctx, cache, keep_ticket)) {
+-                renew(ctx, cache, verbose);
+-                if (do_aklog)
+-                    run_aklog(aklog, verbose);
+-            }
++            if (ticket_expired(ctx, cache, keep_ticket))
++                renew(ctx, cache, verbose, do_aklog, aklog, 0);
+         }
+     }
+ 
+diff -ru ../kstart-3.10/krenew.pod ./krenew.pod
+--- ../kstart-3.10/krenew.pod	2006-06-23 19:39:40.000000000 -0700
++++ ./krenew.pod	2007-11-11 18:15:31.000000000 -0800
+@@ -71,6 +71,12 @@
+ 
+ Display a usage message and exit.
+ 
++=item B<-H> I<minutes>
++
++Only renew the ticket if it can be renewed, and and has fewer than I<minutes>
++to expiry. Exits with status 0 if ticket is happy, or was successfully renewed
++to a happy ticket. Exits with status 1 otherwise.
++
+ =item B<-K> I<minutes>
+ 	
+ Run in daemon mode to keep a ticket alive indefinitely.  The program
diff --git a/sys-auth/kstart-krenew/kstart-krenew-3.10.ebuild b/sys-auth/kstart-krenew/kstart-krenew-3.10.ebuild
new file mode 100644
index 000000000..90e484d13
--- /dev/null
+++ b/sys-auth/kstart-krenew/kstart-krenew-3.10.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header:  $
+
+inherit eutils
+
+DESCRIPTION="kerberos-ticket refresher for running services on data in kerberized file systems"
+HOMEPAGE="http://www.eyrie.org/~eagle/software/kstart/"
+SRC_URI="http://archives.eyrie.org/software/kerberos/kstart-${PV}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="afs kerberos krb4"
+
+DEPEND="afs? ( net-fs/openafs )
+	kerberos? ( app-crypt/mit-krb5 )"
+
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/kstart-${PV}"
+
+src_unpack() {
+	unpack "${A}"
+	cd "${S}"
+
+	epatch "${FILESDIR}"/kstart-"${PV}"-happy-tickets.patch || die "could not configure"
+}
+
+src_compile() {
+	econf \
+		$(use_enable krb4 k4start) \
+		$(use_with kerberos) \
+		$(use_with afs aklog /usr/bin/aklog) || die "could not configure"
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "could not install"
+	dobin k5start krenew
+	if use krb4; then
+		dobin k4start
+	fi
+	dodoc README NEWS
+}
diff --git a/sys-auth/kstart-krenew/metadata.xml b/sys-auth/kstart-krenew/metadata.xml
new file mode 100644
index 000000000..7e3286984
--- /dev/null
+++ b/sys-auth/kstart-krenew/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>maintainer-wanted</herd>
+</pkgmetadata>