From 88536329c00b7c8fd7217aa0b5e25f4a2c82126d Mon Sep 17 00:00:00 2001
From: Petr Hracek <phracek@redhat.com>
Date: Nov 21 2014 15:29:45 +0000
Subject: add kamanda unit files (#1077642)


---

diff --git a/amanda-krb5.patch b/amanda-krb5.patch
new file mode 100644
index 0000000..f3e237a
--- /dev/null
+++ b/amanda-krb5.patch
@@ -0,0 +1,56 @@
+diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c
+index d864c3f..4a899fb 100644
+--- a/amandad-src/amandad.c
++++ b/amandad-src/amandad.c
+@@ -456,7 +456,7 @@ main(
+     }
+ 
+ #ifndef SINGLE_USERID
+-    if (geteuid() == 0) {
++    if (getuid() == 0) {
+ 	if (strcasecmp(auth, "krb5") != 0) {
+ 	    struct passwd *pwd;
+ 	    /* lookup our local user name */
+diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
+index c3075fa..8d3b18a 100644
+--- a/common-src/krb5-security.c
++++ b/common-src/krb5-security.c
+@@ -334,6 +334,7 @@ krb5_accept(
+     char hostname[NI_MAXHOST];
+     int result;
+     char *errmsg = NULL;
++    struct passwd *pw;
+ 
+     krb5_init();
+ 
+@@ -372,6 +373,12 @@ krb5_accept(
+ 	error("gss_server failed: %s\n", rc->errmsg);
+     rc->accept_fn = fn;
+     sec_tcp_conn_read(rc);
++
++    /* totally drop privileges at this point
++     *(making the userid equal to the dumpuser)
++     */
++    pw = getpwnam(CLIENT_LOGIN);
++    setreuid(pw->pw_uid, pw->pw_uid);
+ }
+ 
+ /*
+@@ -712,7 +719,7 @@ krb5_init(void)
+     beenhere = 1;
+ 
+ #ifndef BROKEN_MEMORY_CCACHE
+-    putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));
++    putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));
+ #else
+     /*
+      * MEMORY ccaches seem buggy and cause a lot of internal heap
+@@ -727,7 +734,7 @@ krb5_init(void)
+ 	char *ccache;
+ 	ccache = malloc(128);
+ 	g_snprintf(ccache, SIZEOF(ccache),
+-		 "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",
++		 KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",
+ 		 (long)geteuid(), (long)getpid());
+ 	putenv(ccache);
+     }
diff --git a/amanda.spec b/amanda.spec
index 856ffa5..1699d43 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -10,7 +10,7 @@
 Summary: A network-capable tape backup solution
 Name: amanda
 Version: 3.3.6
-Release: 7%{?dist}
+Release: 8%{?dist}
 Source: http://downloads.sourceforge.net/amanda/amanda-%{version}.tar.gz
 Source1: amanda.crontab
 Source4: disklist
@@ -25,6 +25,7 @@ Patch2: amanda-3.1.1-xattrs.patch
 Patch3: amanda-3.1.1-tcpport.patch
 Patch6: amanda-3.2.0-config-dir.patch
 Patch11: amanda-3.3.2-autogen.patch
+Patch12: amanda-krb5.patch
 
 License: BSD and GPLv3+ and GPLv2+ and GPLv2
 Group: Applications/System
@@ -106,6 +107,7 @@ server also needs to have the amanda-client package installed.
 %patch3 -p1 -b .tcpport
 %patch6 -p1 -b .config
 %patch11 -p1 -b .autogen
+%patch12 -p1 -b .krb5
 ./autogen
 
 %build
@@ -474,6 +476,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Fri Nov 21 2014 Petr Hracek <phracek@redhat.com> - 3.3.6-8
+- add kamanda unit files (#1077642)
+
 * Tue Nov 11 2014 Petr Hracek <phracek@redhat.com> - 3.3.6-7
 - Resolves #1033896 Add amindexd as argument to amandad
 
diff --git a/kamanda.socket b/kamanda.socket
new file mode 100644
index 0000000..13b786b
--- /dev/null
+++ b/kamanda.socket
@@ -0,0 +1,9 @@
+[Unit]
+Description=Amanda Kerberos Activation Socket
+
+[Socket]
+ListenStream=10082
+Accept=true
+
+[Install]
+WantedBy=sockets.target
diff --git a/kamanda@.service b/kamanda@.service
new file mode 100644
index 0000000..50007de
--- /dev/null
+++ b/kamanda@.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Amanda Backup System
+After=local-fs.target
+
+[Service]
+User=root
+Group=disk
+ExecStart=/usr/sbin/amandad -auth=krb5 amdump amindexd amidxtaped
+StandardInput=socket