oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

iprop: Fix default dbname choice on initial prop

Browse Source 
If a DB does not already exist, ipropd-slave will use the compiled
default, which is not necessarily what is desired or configured in
`[kdc]`.

This change makes `hdb_default_db()` return the first dbanme in the
`[kdc]` configuration, falling back on `HDB_DEFAULT_DB`.

Also, this adds a `--database` option to `ipropd-slave`.
This commit is contained in:
Nicolas Williams
2021-05-03 15:00:36 -05:00
parent e609e61f21
commit 0c1cd18e03
3 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/hdb/dbinfo.c
View File

@@ -271,5 +271,21 @@ hdb_db_dir(krb5_context context)
const char * const char *
hdb_default_db(krb5_context context) hdb_default_db(krb5_context context)
{ {
return HDB_DEFAULT_DB; static char *default_hdb = NULL;
struct hdb_dbinfo *dbinfo = NULL;
struct hdb_dbinfo *d = NULL;
const char *s;
if (default_hdb)
return default_hdb;
(void) hdb_get_dbinfo(context, &dbinfo);
while ((d = hdb_dbinfo_get_next(dbinfo, d)) != NULL) {
if ((s = hdb_dbinfo_get_dbname(context, d)) &&
(default_hdb = strdup(s)))
break;
}
hdb_free_dbinfo(context, &dbinfo);
return default_hdb ? default_hdb : HDB_DEFAULT_DB;
} }

3
lib/kadm5/iprop.8
View File

@@ -66,6 +66,7 @@
.Nm ipropd-slave .Nm ipropd-slave
.Oo Fl c Ar string \*(Ba Xo Fl Fl config-file= Ns Ar string Xc Oc .Oo Fl c Ar string \*(Ba Xo Fl Fl config-file= Ns Ar string Xc Oc
.Oo Fl r Ar string \*(Ba Xo Fl Fl realm= Ns Ar string Xc Oc .Oo Fl r Ar string \*(Ba Xo Fl Fl realm= Ns Ar string Xc Oc
.Oo Fl d Ar file \*(Ba Xo Fl Fl database= Ns Ar file Xc Oc
.Oo Fl k Ar kspec \*(Ba Xo Fl Fl keytab= Ns Ar kspec Xc Oc .Oo Fl k Ar kspec \*(Ba Xo Fl Fl keytab= Ns Ar kspec Xc Oc
.Op Fl Fl statusfile= Ns Ar file .Op Fl Fl statusfile= Ns Ar file
.Op Fl Fl hostname= Ns Ar hostname .Op Fl Fl hostname= Ns Ar hostname
@@ -168,6 +169,8 @@ Supported options for
.Bl -tag -width Ds .Bl -tag -width Ds
.It Fl c Ar string , Fl Fl config-file= Ns Ar string .It Fl c Ar string , Fl Fl config-file= Ns Ar string
.It Fl r Ar string , Fl Fl realm= Ns Ar string .It Fl r Ar string , Fl Fl realm= Ns Ar string
.It Fl d Ar file , Fl Fl database= Ns Ar file
Database (default per KDC)
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec .It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
Keytab with client credentials for authenticating to Keytab with client credentials for authenticating to
.Nm ipropd-master . .Nm ipropd-master .

6
lib/kadm5/ipropd_slave.c
View File

@@ -676,6 +676,7 @@ is_up_to_date(krb5_context context, const char *file,
(unsigned long)server_context->log_context.version, buf); (unsigned long)server_context->log_context.version, buf);
} }
static char *database;
static char *status_file; static char *status_file;
static char *config_file; static char *config_file;
static int version_flag; static int version_flag;
@@ -688,6 +689,7 @@ static int daemon_child = -1;
static struct getargs args[] = { static struct getargs args[] = {
{ "config-file", 'c', arg_string, &config_file, NULL, NULL }, { "config-file", 'c', arg_string, &config_file, NULL, NULL },
{ "realm", 'r', arg_string, &realm, NULL, NULL }, { "realm", 'r', arg_string, &realm, NULL, NULL },
{ "database", 'd', arg_string, &database, "database", "file"},
{ "keytab", 'k', arg_string, &keytab_str, { "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication from", "kspec" }, "keytab to get authentication from", "kspec" },
{ "time-lost", 0, arg_string, &server_time_lost, { "time-lost", 0, arg_string, &server_time_lost,
@@ -813,6 +815,10 @@ main(int argc, char **argv)
conf.mask |= KADM5_CONFIG_REALM; conf.mask |= KADM5_CONFIG_REALM;
conf.realm = realm; conf.realm = realm;
} }
if (database) {
conf.mask |= KADM5_CONFIG_DBNAME;
conf.dbname = database;
}
ret = kadm5_init_with_password_ctx (context, ret = kadm5_init_with_password_ctx (context,
KADM5_ADMIN_SERVICE, KADM5_ADMIN_SERVICE,
NULL, NULL,