asdf

.gitignore

@@ -37,6 +37,8 @@ asn1_*_asn1.c
 *.log
 *.trs
 *.tmp
+result
+result-*
 
 # Top-level files.
 

configure.ac

@@ -246,6 +246,22 @@ AM_CONDITIONAL([HAVE_CJWT], [test "$with_cjwt" != "no"])
 AC_SUBST([CJWT_CFLAGS])
 AC_SUBST([CJWT_LIBS])
 
+dnl libsystemd
+AC_ARG_WITH([systemd],
+  AC_HELP_STRING([--with-systemd], [(Experimental) notify systemd about daemon state @<:@default=check@:>@]),
+  [],
+  [with_systemd=check])
+if test "$with_systemd" != "no"; then
+  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 256.0],
+		    [with_systemd=yes],[with_systemd=no])
+fi
+if test "$with_systemd" = "yes"; then
+  AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [whether libsystemd is available])
+fi
+AM_CONDITIONAL([HAVE_SYSTEMD], [test "$with_systemd" != "no"])
+AC_SUBST([SYSTEMD_CFLAGS])
+AC_SUBST([SYSTEMD_LIBS])
+
 dnl libcjson
 AC_ARG_WITH([cjson],
   AC_HELP_STRING([--with-cjson], [(Experimental) use cJSON to extract private claims from JWT tokens @<:@default=check@:>@]),

kadmin/Makefile.am

@@ -75,6 +75,10 @@ kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
 	$(LIB_pidfile) \
 	$(LIB_dlopen)
 
+if HAVE_SYSTEMD
+kadmind_LDADD += $(SYSTEMD_LIBS)
+endif
+
 kadmin_LDADD = \
 	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
 	$(top_builddir)/lib/kadm5/libkadm5srv.la \

kadmin/rpc.c

@@ -36,6 +36,9 @@
 #include <gssapi.h>
 #include <gssapi_krb5.h>
 #include <gssapi_spnego.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 
 #define CHECK(x)							\
 	do {								\
@@ -799,6 +802,10 @@ process_stream(krb5_context contextp,
      */
 
     INSIST(ilen >= 4);
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "READY=1");
+    #endif
 
     while (1) {
 	struct call_header chdr;
@@ -1129,6 +1136,10 @@ process_stream(krb5_context contextp,
 	}
 
     }
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "STOPPING=1");
+    #endif
 }
 
 

kadmin/server.c

@@ -31,8 +31,12 @@
  * SUCH DAMAGE.
  */
 
+#include <stdio.h>
 #include "kadmin_locl.h"
 #include <krb5-private.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 
 static kadm5_ret_t check_aliases(kadm5_server_context *,
                                  kadm5_principal_ent_rec *,
@@ -1071,6 +1075,8 @@ handle_v5(krb5_context contextp,
     unsigned kadm_version = 1;
     kadm5_config_params realm_params;
 
+    printf("handle_v5\n");
+
     ret = krb5_recvauth_match_version(contextp, &ac, &fd,
 				      match_appl_version, &kadm_version,
 				      NULL, KRB5_RECVAUTH_IGNORE_VERSION,
@@ -1131,7 +1137,16 @@ handle_v5(krb5_context contextp,
 	krb5_err(contextp, 1, ret, "kadm5_init_with_password_ctx");
         return;
     }
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "READY=1");
+    #endif
+    
     v5_loop(contextp, ac, initial, kadm_handlep, fd, readonly);
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "STOPPING=1");
+    #endif
 }
 
 krb5_error_code
@@ -1144,6 +1159,8 @@ kadmind_loop(krb5_context contextp,
     ssize_t n;
     unsigned long len;
 
+    printf("kadmind_loop\n");
+
     n = krb5_net_read(contextp, &sock, buf, 4);
     if(n == 0)
 	exit(0);
@@ -1167,8 +1184,8 @@ kadmind_loop(krb5_context contextp,
     } else
 	len = 4;
 
+    printf("handle_mit\n");
     handle_mit(contextp, buf, len, sock, readonly);
 
     return 0;
 }
-

kpasswd/Makefile.am

@@ -21,6 +21,10 @@ kpasswdd_LDADD = \
 	$(LIB_pidfile) \
 	$(LIB_dlopen) \
 	$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
+	
+if HAVE_SYSTEMD
+kpasswdd_LDADD += $(SYSTEMD_LIBS)
+endif
 
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
 	$(LIB_hcrypto) \

kpasswd/kpasswdd.c

@@ -38,6 +38,9 @@ RCSID("$Id$");
 #ifdef HAVE_SYS_UN_H
 #include <sys/un.h>
 #endif
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 #include <hdb.h>
 #include <kadm5/private.h>
 #include <kadm5/kadm5_err.h>
@@ -744,6 +747,10 @@ doit(krb5_keytab keytab, int port)
 	krb5_errx(context, 1, "No sockets!");
 
     roken_detach_finish(NULL, daemon_child);
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "READY=1");
+    #endif
 
     while (exit_flag == 0) {
 	krb5_ssize_t retx;
@@ -776,6 +783,10 @@ doit(krb5_keytab keytab, int port)
 			 buf, retx);
 	    }
     }
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "STOPPING=1");
+    #endif
 
     for (i = 0; i < n; ++i)
 	close(sockets[i]);

nix/heimdal/default.nix

@@ -22,6 +22,7 @@
   pam,
   libmicrohttpd,
   cjson,
+  systemdMinimal,
 
   CoreFoundation,
   Security,
@@ -43,6 +44,7 @@
   withOpenLDAPAsHDBModule ? false,
   withOpenSSL ? true,
   withSQLite3 ? true,
+  withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemdMinimal
 }:
 
 assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
@@ -89,7 +91,8 @@ stdenv.mkDerivation {
     ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
     ++ lib.optionals (withOpenLDAP) [ openldap ]
     ++ lib.optionals (withOpenSSL) [ openssl ]
-    ++ lib.optionals (withSQLite3) [ sqlite ];
+    ++ lib.optionals (withSQLite3) [ sqlite ]
+    ++ lib.optionals (withSystemd) [ systemdMinimal ];
 
   doCheck = true;
   nativeCheckInputs = [
@@ -125,6 +128,9 @@ stdenv.mkDerivation {
     ]
     ++ lib.optionals (withSQLite3) [
       "--with-sqlite3=${sqlite.dev}"
+    ]
+    ++ lib.optionals (withSystemd) [
+      "--with-systemd=yes"
     ];
 
   patches = [

nix/module/heimdal.nix

@@ -74,6 +74,7 @@ in
         ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
         Slice = "system-kerberos-server.slice";
         StateDirectory = "heimdal";
+        Type = "notify";
       };
       restartTriggers = [ kdcConfFile ];
     };
@@ -98,6 +99,7 @@ in
         ExecStart = "${package}/libexec/kpasswdd";
         Slice = "system-kerberos-server.slice";
         StateDirectory = "heimdal";
+        Type = "notify";
       };
       restartTriggers = [ kdcConfFile ];
     };

nix/shell.nix

@@ -31,6 +31,7 @@ pkgs.mkShell {
     openldap
     openssl
     sqlite
+    systemdMinimal
   ];
 
   env = {