From be77082bc545b88029413160af2a0fa9a26f261e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Tue, 19 Jun 2012 14:38:50 +0000
Subject: [PATCH] Support GLITE_GSS_MECH in startup scripts - using Kerberos
 environment variables instead of certificates for "krb5".

---
 org.glite.lb.logger/config/startup | 31 +++++++++++++++++++------------
 org.glite.lb.server/config/startup | 31 +++++++++++++++++++------------
 2 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/org.glite.lb.logger/config/startup b/org.glite.lb.logger/config/startup
index 5032daf..3d4a673 100755
--- a/org.glite.lb.logger/config/startup
+++ b/org.glite.lb.logger/config/startup
@@ -42,9 +42,12 @@ LL_PIDFILE=${LL_PIDFILE:-$GLITE_LB_LOCATION_VAR/glite-lb-logd.pid}
 IL_PIDFILE=${IL_PIDFILE:-$GLITE_LB_LOCATION_VAR/glite-lb-interlogd.pid}
 IL_SOCKFILE=/tmp/interlogger.sock
 
+KRB5_KTNAME=${KRB5_KTNAME:-'FILE:/var/glite/krb5kt_lb'}
+KRB5CCNAME=${KRB5CCNAME:-'FILE:/var/glite/krb5cc_lb'}
+
 lockfile=/var/lock/glite-lb-locallogger
 
-unset creds port log4c
+unset creds port env
 
 start_daemon()
 {
@@ -67,7 +70,7 @@ start_daemon()
 		fi
 	fi
 	echo -n "Starting $name ..."
-	su - $GLITE_USER -c "$log4c $cmd"
+	su - $GLITE_USER -c "$env $cmd"
 
 	if [ $? -eq 0 ]; then
 		echo " done"
@@ -120,24 +123,28 @@ start()
 		return 1
 	fi
 
-	[ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
-		creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+	env="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
 
-	if test -z "$creds"; then
-		if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
-			echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
-			creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+	if [ x"$GLITE_GSS_MECH" = x"krb5" ]; then
+		env="$env KRB5_KTNAME='$KRB5_KTNAME' KRB5CCNAME='$KRB5CCNAME'"
+	else
+		[ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
+			creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+
+		if test -z "$creds"; then
+			if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+				echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+				creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+			fi
 		fi
-	fi
 
-	[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+		[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+	fi
 
 	[ -n "$GLITE_LB_LOGGER_PORT" ] && port="--port $GLITE_LB_LOGGER_PORT"
 	[ -n "$GLITE_LB_IL_SOCK" ] && sock="--socket $GLITE_LB_IL_SOCK"
 	[ -n "$GLITE_LB_IL_FPREFIX" ] && fprefix="--file-prefix $GLITE_LB_IL_FPREFIX"
 
-	log4c="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
-
 	mkdir -p /var/glite/log 
 	chown $GLITE_USER /var/glite/log
         (cd /tmp && ls -f /tmp |grep ^dglogd_sock_ |xargs rm -f)
diff --git a/org.glite.lb.server/config/startup b/org.glite.lb.server/config/startup
index 023b74b..3c94508 100755
--- a/org.glite.lb.server/config/startup
+++ b/org.glite.lb.server/config/startup
@@ -58,9 +58,12 @@ if [ -f "$msgconf" ]; then
 	GLITE_LB_SERVER_OTHER_OPTIONS="$GLITE_LB_SERVER_OTHER_OPTIONS -F $msgconf"
 fi
 
+KRB5_KTNAME=${KRB5_KTNAME:-'FILE:/var/glite/krb5kt_lb'}
+KRB5CCNAME=${KRB5CCNAME:-'FILE:/var/glite/krb5cc_lb'}
+
 lockfile=/var/lock/glite-lb-bkserverd
 
-unset creds port log4c
+unset creds port env
 
 start_daemon()
 {
@@ -83,7 +86,7 @@ start_daemon()
 		fi
 	fi
 	echo -n "Starting $name ..."
-	su - $GLITE_USER -c "$log4c $cmd"
+	su - $GLITE_USER -c "$env $cmd"
 
 	if [ $? -eq 0 ]; then
 		echo " done"
@@ -157,17 +160,23 @@ start()
 		return 1
 	fi
 
-	[ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
-		creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+	env="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
+
+	if [ x"$GLITE_GSS_MECH" = x"krb5" ]; then
+		env="$env KRB5_KTNAME='$KRB5_KTNAME' KRB5CCNAME='$KRB5CCNAME'"
+	else
+		[ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
+			creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
 
-	if test -z "$creds"; then
-		if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
-			echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
-			creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+		if test -z "$creds"; then
+			if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+				echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+				creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+			fi
 		fi
-	fi
 
-	log4c="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
+		[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+	fi
 
 	policy="$GLITE_LB_LOCATION_ETC/glite-lb/glite-lb-authz.conf"
 	lcas_log="LCAS_LOG_FILE='/var/log/glite/glite-lb-server-lcas.log' LCAS_ETC_DIR='$GLITE_LB_LOCATION_ETC/glite-lb'"
@@ -213,8 +222,6 @@ start()
 		[ -n "$GLITE_LB_EXPORT_JPPS" ] && jpps="--jpps $GLITE_LB_EXPORT_JPPS"
 	fi
 
-	[ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
-
 	[ -n "$GLITE_LB_SERVER_PORT" ] && port="-p $GLITE_LB_SERVER_PORT"
 	[ -n "$GLITE_LB_SERVER_WPORT" ] && wport="-w $GLITE_LB_SERVER_WPORT"
 	[ -z "$GLITE_LB_NOTIF_FPREFIX" ] && GLITE_LB_NOTIF_FPREFIX="/var/tmp/glite-lb-notif"
-- 
1.8.2.3