iprop: Fix default dbname choice on initial prop
If a DB does not already exist, ipropd-slave will use the compiled default, which is not necessarily what is desired or configured in `[kdc]`. This change makes `hdb_default_db()` return the first dbanme in the `[kdc]` configuration, falling back on `HDB_DEFAULT_DB`. Also, this adds a `--database` option to `ipropd-slave`.
This commit is contained in:
@@ -271,5 +271,21 @@ hdb_db_dir(krb5_context context)
|
||||
const char *
|
||||
hdb_default_db(krb5_context context)
|
||||
{
|
||||
return HDB_DEFAULT_DB;
|
||||
static char *default_hdb = NULL;
|
||||
struct hdb_dbinfo *dbinfo = NULL;
|
||||
struct hdb_dbinfo *d = NULL;
|
||||
const char *s;
|
||||
|
||||
if (default_hdb)
|
||||
return default_hdb;
|
||||
|
||||
(void) hdb_get_dbinfo(context, &dbinfo);
|
||||
while ((d = hdb_dbinfo_get_next(dbinfo, d)) != NULL) {
|
||||
if ((s = hdb_dbinfo_get_dbname(context, d)) &&
|
||||
(default_hdb = strdup(s)))
|
||||
break;
|
||||
}
|
||||
|
||||
hdb_free_dbinfo(context, &dbinfo);
|
||||
return default_hdb ? default_hdb : HDB_DEFAULT_DB;
|
||||
}
|
||||
|
@@ -66,6 +66,7 @@
|
||||
.Nm ipropd-slave
|
||||
.Oo Fl c Ar string \*(Ba Xo Fl Fl config-file= Ns Ar string Xc Oc
|
||||
.Oo Fl r Ar string \*(Ba Xo Fl Fl realm= Ns Ar string Xc Oc
|
||||
.Oo Fl d Ar file \*(Ba Xo Fl Fl database= Ns Ar file Xc Oc
|
||||
.Oo Fl k Ar kspec \*(Ba Xo Fl Fl keytab= Ns Ar kspec Xc Oc
|
||||
.Op Fl Fl statusfile= Ns Ar file
|
||||
.Op Fl Fl hostname= Ns Ar hostname
|
||||
@@ -168,6 +169,8 @@ Supported options for
|
||||
.Bl -tag -width Ds
|
||||
.It Fl c Ar string , Fl Fl config-file= Ns Ar string
|
||||
.It Fl r Ar string , Fl Fl realm= Ns Ar string
|
||||
.It Fl d Ar file , Fl Fl database= Ns Ar file
|
||||
Database (default per KDC)
|
||||
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
|
||||
Keytab with client credentials for authenticating to
|
||||
.Nm ipropd-master .
|
||||
|
@@ -676,6 +676,7 @@ is_up_to_date(krb5_context context, const char *file,
|
||||
(unsigned long)server_context->log_context.version, buf);
|
||||
}
|
||||
|
||||
static char *database;
|
||||
static char *status_file;
|
||||
static char *config_file;
|
||||
static int version_flag;
|
||||
@@ -688,6 +689,7 @@ static int daemon_child = -1;
|
||||
static struct getargs args[] = {
|
||||
{ "config-file", 'c', arg_string, &config_file, NULL, NULL },
|
||||
{ "realm", 'r', arg_string, &realm, NULL, NULL },
|
||||
{ "database", 'd', arg_string, &database, "database", "file"},
|
||||
{ "keytab", 'k', arg_string, &keytab_str,
|
||||
"keytab to get authentication from", "kspec" },
|
||||
{ "time-lost", 0, arg_string, &server_time_lost,
|
||||
@@ -813,6 +815,10 @@ main(int argc, char **argv)
|
||||
conf.mask |= KADM5_CONFIG_REALM;
|
||||
conf.realm = realm;
|
||||
}
|
||||
if (database) {
|
||||
conf.mask |= KADM5_CONFIG_DBNAME;
|
||||
conf.dbname = database;
|
||||
}
|
||||
ret = kadm5_init_with_password_ctx (context,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
NULL,
|
||||
|
Reference in New Issue
Block a user