From e513b335006bb2d22a8a27c9828b918a7995d525 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Jun 08 2010 15:20:43 +0000 Subject: Merge branch 'master' of git.fedorahosted.org:/git/certmonger --- diff --git a/certmonger.spec b/certmonger.spec index 8c745bb..e071542 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -2,7 +2,7 @@ %{?_with_check: %global pcheck 1} Name: certmonger -Version: 0.23 +Version: 0.24 Release: 1%{?dist} Summary: Certificate status monitor and PKI enrollment client @@ -100,6 +100,13 @@ exit 0 %{_localstatedir}/lib/certmonger %changelog +* Tue Jun 8 2010 Nalin Dahyabhai 0.24-1 +- update to 0.24 + - keep the lock on the pid file, if we have one, when we fork, and cancel + daemon startup if we can't gain ownership of the lock (the rest of #596719) + - make the man pages note which external configuration files we consult when + submitting requests to certmaster and ipa CAs + * Thu May 27 2010 Nalin Dahyabhai 0.23-1 - update to 0.23 - new translations diff --git a/configure.ac b/configure.ac index 89d2779..1e54cfc 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT(certmonger,0.23) +AC_INIT(certmonger,0.24) AM_INIT_AUTOMAKE([foreign]) AC_CONFIG_MACRO_DIR(m4) AM_MAINTAINER_MODE diff --git a/src/certmonger-certmaster-submit.8.in b/src/certmonger-certmaster-submit.8.in index c76a6f4..e2c30fb 100644 --- a/src/certmonger-certmaster-submit.8.in +++ b/src/certmonger-certmaster-submit.8.in @@ -1,4 +1,4 @@ -.TH certmonger 8 "23 November 2009" "certmonger Manual" +.TH certmonger 8 "7 June 2010" "certmonger Manual" .SH NAME certmaster-submit @@ -47,6 +47,18 @@ if the CA was unreachable. An error message may be printed. 4 if critical configuration information is missing. An error message may be printed. +.SH FILES +.TP +.I /var/run/certmaster.pid +the certmaster service's PID file. Its presence is taken to indicate that this +system is a CA, and that requests should be submitted to a certmaster server +running on the local system. +.TP +.I /etc/certmaster/minion.conf +the certmaster minion configuration file. If there is no indication that the +local system is a certmaster server, then this file is consulted to determine +the location of the certmaster server. + .SH KNOWN BUGS Checking for the existence of certmaster's PID file is a terrible way to figure out whether we're a minion or not. diff --git a/src/certmonger-ipa-submit.8.in b/src/certmonger-ipa-submit.8.in index 554683a..08802ec 100644 --- a/src/certmonger-ipa-submit.8.in +++ b/src/certmonger-ipa-submit.8.in @@ -1,4 +1,4 @@ -.TH certmonger 8 "23 November 2009" "certmonger Manual" +.TH certmonger 8 "7 June 2010" "certmonger Manual" .SH NAME ipa-submit @@ -64,6 +64,12 @@ if the CA was unreachable. An error message may be printed. 4 if critical configuration information is missing. An error message may be printed. +.SH FILES +.TP +.I /etc/ipa/default.conf +is the IPA client configuration file. This file is consulted to determine +the URI for the IPA server's XML-RPC interface. + .SH BUGS Please file tickets for any that you find at https://fedorahosted.org/certmonger/ diff --git a/src/main.c b/src/main.c index d347267..9c20df3 100644 --- a/src/main.c +++ b/src/main.c @@ -105,22 +105,30 @@ main(int argc, char **argv) } if (pidfile != NULL) { - pfd = open(pidfile, O_RDWR | O_CREAT | O_TRUNC, + pfd = open(pidfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (pfd == -1) { fprintf(stderr, "Error opening pidfile \"%s\": %s\n", pidfile, strerror(errno)); exit(1); } - if (flock(pfd, LOCK_EX | LOCK_NB) != 0) { + if (lockf(pfd, F_TLOCK, 0) != 0) { fprintf(stderr, "Error locking pidfile \"%s\": %s\n", pidfile, strerror(errno)); + close(pfd); + exit(1); + } + if (ftruncate(pfd, 0) != 0) { + fprintf(stderr, "Error truncating pidfile \"%s\": %s\n", + pidfile, strerror(errno)); + close(pfd); exit(1); } pfp = fdopen(pfd, "w"); if (pfp == NULL) { fprintf(stderr, "Error opening pidfile \"%s\": %s\n", pidfile, strerror(errno)); + close(pfd); exit(1); } } else { @@ -134,14 +142,17 @@ main(int argc, char **argv) if (i != 0) { fprintf(stderr, "Error: %s\n", strerror(i)); talloc_free(ec); + if ((pidfile != NULL) && (pfp != NULL)) { + fclose(pfp); + } exit(1); } if (cm_tdbus_setup(ec, bus, ctx) != 0) { fprintf(stderr, "Error connecting to D-Bus.\n"); talloc_free(ec); - if (pidfile != NULL) { - remove(pidfile); + if ((pidfile != NULL) && (pfp != NULL)) { + fclose(pfp); } exit(1); } @@ -152,8 +163,8 @@ main(int argc, char **argv) case -1: /* failure */ fprintf(stderr, "fork() error: %s\n", strerror(errno)); - if (pfp != NULL) { - remove(pidfile); + if ((pidfile != NULL) && (pfp != NULL)) { + fclose(pfp); } exit(1); break; @@ -164,7 +175,20 @@ main(int argc, char **argv) strerror(errno)); exit(1); } - if (pfp != NULL) { + /* lock the pid file now that our parent is exiting and + * thus losing its lock; it should be safe to block + * here, even if the parent gives up the lock before we + * get here, because we've already ensured that only we + * and our parent have the named connection to the bus, + * and wouldn't have gotten here otherwise */ + if ((pidfile != NULL) && (pfp != NULL)) { + if (lockf(pfd, F_LOCK, 0) != 0) { + cm_log(0, + "Error locking pidfile \"%s\": " + "%s\n", + pidfile, strerror(errno)); + exit(1); + } fprintf(pfp, "%ld\n", (long) getpid()); fflush(pfp); } @@ -175,14 +199,11 @@ main(int argc, char **argv) break; } } else { - if (pfp != NULL) { + if ((pidfile != NULL) && (pfp != NULL)) { fprintf(pfp, "%ld\n", (long) getpid()); fflush(pfp); } } - if (pfp != NULL) { - fclose(pfp); - } cm_start_all(ctx); do { i = tevent_loop_once(ec); @@ -197,6 +218,7 @@ main(int argc, char **argv) talloc_free(ec); if ((pidfile != NULL) && (pfp != NULL)) { remove(pidfile); + fclose(pfp); } return 0; }