Tree - rpms/ipa - CentOS Git server

pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago

Source
Stats

Blame SOURCES/0021-server-uninstall-fails-to-remove-krb-principals.patch

Blob History Raw

		403b09	`From 028ae66827085960cdfa9861c413a7aeccea5221 Mon Sep 17 00:00:00 2001`
		403b09	`From: Florence Blanc-Renaud <frenaud@redhat.com>`
		403b09	`Date: Mon, 11 Jul 2016 09:00:44 +0200`
		403b09	`Subject: [PATCH] server uninstall fails to remove krb principals`
		403b09
		403b09	`This patch fixes the 3rd issue of ticket 6012:`
		403b09	`ipa-server-install --uninstall -U`
		403b09	`complains while removing Kerberos service principals from /etc/krb5.keytab`
		403b09	`----`
		403b09	`Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r DOM-221.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM' returned non-zero exit status 5`
		403b09	`----`
		403b09
		403b09	`This happens because the uninstaller performs the following sequence:`
		403b09	`1/ restore pre-install files, including /etc/krb5.keytab`
		403b09	`At this point /etc/krb5.keytab does not contain any principal for`
		403b09	`IPA domain`
		403b09	`2/ call ipa-client-install --uninstall, which in turns runs`
		403b09	`ipa-rmkeytab -k /etc/krb5.keytab -r <domain>`
		403b09	`to remove the principals.`
		403b09
		403b09	`The fix ignores ipa-rmkeytab's exit code 5 (Principal name or realm not`
		403b09	`found in keytab)`
		403b09
		403b09	`https://fedorahosted.org/freeipa/ticket/6012`
		403b09
		403b09	`Reviewed-By: Martin Basti <mbasti@redhat.com>`
		403b09	`---`
		403b09	`client/ipa-client-install \| 7 +++++++`
		403b09	`1 file changed, 7 insertions(+)`
		403b09
		403b09	`diff --git a/client/ipa-client-install b/client/ipa-client-install`
		403b09	`index cee202f89e0f40f4b7ee77e5c38a2c7d50e0dee9..45185d44feb43a8b8d30e412a26dd63121be4ad1 100755`
		403b09	`--- a/client/ipa-client-install`
		403b09	`+++ b/client/ipa-client-install`
		403b09	`@@ -614,6 +614,13 @@ def uninstall(options, env):`
		403b09	`fp.close()`
		403b09	`realm = parser.get('global', 'realm')`
		403b09	`run([paths.IPA_RMKEYTAB, "-k", paths.KRB5_KEYTAB, "-r", realm])`
		403b09	`+ except CalledProcessError as err:`
		403b09	`+ if err.returncode != 5:`
		403b09	`+ # 5 means Principal name or realm not found in keytab`
		403b09	`+ # and can be ignored`
		403b09	`+ root_logger.error(`
		403b09	`+ "Failed to remove Kerberos service principals: %s",`
		403b09	`+ str(err))`
		403b09	`except Exception as e:`
		403b09	`root_logger.error(`
		403b09	`"Failed to remove Kerberos service principals: %s", str(e))`
		403b09	`--`
		403b09	`2.7.4`
		403b09

pgreco / rpms / ipa

Source Code

Blame SOURCES/0021-server-uninstall-fails-to-remove-krb-principals.patch