oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

iprop: Fix default dbname choice on initial prop

Browse Source 
If a DB does not already exist, ipropd-slave will use the compiled
default, which is not necessarily what is desired or configured in
`[kdc]`.

This change makes `hdb_default_db()` return the first dbanme in the
`[kdc]` configuration, falling back on `HDB_DEFAULT_DB`.

Also, this adds a `--database` option to `ipropd-slave`.
This commit is contained in:
Nicolas Williams
2021-05-03 15:00:36 -05:00
parent e609e61f21
commit 0c1cd18e03
3 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/kadm5/iprop.8
View File

@@ -66,6 +66,7 @@
.Nm ipropd-slave
.Oo Fl c Ar string \*(Ba Xo Fl Fl config-file= Ns Ar string Xc Oc
.Oo Fl r Ar string \*(Ba Xo Fl Fl realm= Ns Ar string Xc Oc
.Oo Fl d Ar file \*(Ba Xo Fl Fl database= Ns Ar file Xc Oc
.Oo Fl k Ar kspec \*(Ba Xo Fl Fl keytab= Ns Ar kspec Xc Oc
.Op Fl Fl statusfile= Ns Ar file
.Op Fl Fl hostname= Ns Ar hostname
@@ -168,6 +169,8 @@ Supported options for
.Bl -tag -width Ds
.It Fl c Ar string , Fl Fl config-file= Ns Ar string
.It Fl r Ar string , Fl Fl realm= Ns Ar string
.It Fl d Ar file , Fl Fl database= Ns Ar file
Database (default per KDC)
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
Keytab with client credentials for authenticating to
.Nm ipropd-master .

6
lib/kadm5/ipropd_slave.c
View File

@@ -676,6 +676,7 @@ is_up_to_date(krb5_context context, const char *file,
(unsigned long)server_context->log_context.version, buf);
}
static char *database;
static char *status_file;
static char *config_file;
static int version_flag;
@@ -688,6 +689,7 @@ static int daemon_child = -1;
static struct getargs args[] = {
{ "config-file", 'c', arg_string, &config_file, NULL, NULL },
{ "realm", 'r', arg_string, &realm, NULL, NULL },
{ "database", 'd', arg_string, &database, "database", "file"},
{ "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication from", "kspec" },
{ "time-lost", 0, arg_string, &server_time_lost,
@@ -813,6 +815,10 @@ main(int argc, char **argv)
conf.mask |= KADM5_CONFIG_REALM;
conf.realm = realm;
}
if (database) {
conf.mask |= KADM5_CONFIG_DBNAME;
conf.dbname = database;
}
ret = kadm5_init_with_password_ctx (context,
KADM5_ADMIN_SERVICE,
NULL,