Compare commits
3 Commits
Author | SHA1 | Date | |
---|---|---|---|
cea03aebfb
|
|||
161e2b8ed7
|
|||
3761a26a59
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -37,6 +37,8 @@ asn1_*_asn1.c
|
|||||||
*.log
|
*.log
|
||||||
*.trs
|
*.trs
|
||||||
*.tmp
|
*.tmp
|
||||||
|
result
|
||||||
|
result-*
|
||||||
|
|
||||||
# Top-level files.
|
# Top-level files.
|
||||||
|
|
||||||
|
16
configure.ac
16
configure.ac
@ -246,6 +246,22 @@ AM_CONDITIONAL([HAVE_CJWT], [test "$with_cjwt" != "no"])
|
|||||||
AC_SUBST([CJWT_CFLAGS])
|
AC_SUBST([CJWT_CFLAGS])
|
||||||
AC_SUBST([CJWT_LIBS])
|
AC_SUBST([CJWT_LIBS])
|
||||||
|
|
||||||
|
dnl libsystemd
|
||||||
|
AC_ARG_WITH([systemd],
|
||||||
|
AC_HELP_STRING([--with-systemd], [(Experimental) notify systemd about daemon state @<:@default=check@:>@]),
|
||||||
|
[],
|
||||||
|
[with_systemd=check])
|
||||||
|
if test "$with_systemd" != "no"; then
|
||||||
|
PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 256.0],
|
||||||
|
[with_systemd=yes],[with_systemd=no])
|
||||||
|
fi
|
||||||
|
if test "$with_systemd" = "yes"; then
|
||||||
|
AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [whether libsystemd is available])
|
||||||
|
fi
|
||||||
|
AM_CONDITIONAL([HAVE_SYSTEMD], [test "$with_systemd" != "no"])
|
||||||
|
AC_SUBST([SYSTEMD_CFLAGS])
|
||||||
|
AC_SUBST([SYSTEMD_LIBS])
|
||||||
|
|
||||||
dnl libcjson
|
dnl libcjson
|
||||||
AC_ARG_WITH([cjson],
|
AC_ARG_WITH([cjson],
|
||||||
AC_HELP_STRING([--with-cjson], [(Experimental) use cJSON to extract private claims from JWT tokens @<:@default=check@:>@]),
|
AC_HELP_STRING([--with-cjson], [(Experimental) use cJSON to extract private claims from JWT tokens @<:@default=check@:>@]),
|
||||||
|
@ -75,6 +75,10 @@ kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
|
|||||||
$(LIB_pidfile) \
|
$(LIB_pidfile) \
|
||||||
$(LIB_dlopen)
|
$(LIB_dlopen)
|
||||||
|
|
||||||
|
if HAVE_SYSTEMD
|
||||||
|
kadmind_LDADD += $(SYSTEMD_LIBS)
|
||||||
|
endif
|
||||||
|
|
||||||
kadmin_LDADD = \
|
kadmin_LDADD = \
|
||||||
$(top_builddir)/lib/kadm5/libkadm5clnt.la \
|
$(top_builddir)/lib/kadm5/libkadm5clnt.la \
|
||||||
$(top_builddir)/lib/kadm5/libkadm5srv.la \
|
$(top_builddir)/lib/kadm5/libkadm5srv.la \
|
||||||
|
11
kadmin/rpc.c
11
kadmin/rpc.c
@ -36,6 +36,9 @@
|
|||||||
#include <gssapi.h>
|
#include <gssapi.h>
|
||||||
#include <gssapi_krb5.h>
|
#include <gssapi_krb5.h>
|
||||||
#include <gssapi_spnego.h>
|
#include <gssapi_spnego.h>
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
#include <systemd/sd-daemon.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#define CHECK(x) \
|
#define CHECK(x) \
|
||||||
do { \
|
do { \
|
||||||
@ -799,6 +802,10 @@ process_stream(krb5_context contextp,
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
INSIST(ilen >= 4);
|
INSIST(ilen >= 4);
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
sd_notify(0, "READY=1");
|
||||||
|
#endif
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
struct call_header chdr;
|
struct call_header chdr;
|
||||||
@ -1129,6 +1136,10 @@ process_stream(krb5_context contextp,
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
sd_notify(0, "STOPPING=1");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -31,8 +31,12 @@
|
|||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
#include "kadmin_locl.h"
|
#include "kadmin_locl.h"
|
||||||
#include <krb5-private.h>
|
#include <krb5-private.h>
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
#include <systemd/sd-daemon.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
static kadm5_ret_t check_aliases(kadm5_server_context *,
|
static kadm5_ret_t check_aliases(kadm5_server_context *,
|
||||||
kadm5_principal_ent_rec *,
|
kadm5_principal_ent_rec *,
|
||||||
@ -1071,6 +1075,8 @@ handle_v5(krb5_context contextp,
|
|||||||
unsigned kadm_version = 1;
|
unsigned kadm_version = 1;
|
||||||
kadm5_config_params realm_params;
|
kadm5_config_params realm_params;
|
||||||
|
|
||||||
|
printf("handle_v5\n");
|
||||||
|
|
||||||
ret = krb5_recvauth_match_version(contextp, &ac, &fd,
|
ret = krb5_recvauth_match_version(contextp, &ac, &fd,
|
||||||
match_appl_version, &kadm_version,
|
match_appl_version, &kadm_version,
|
||||||
NULL, KRB5_RECVAUTH_IGNORE_VERSION,
|
NULL, KRB5_RECVAUTH_IGNORE_VERSION,
|
||||||
@ -1131,7 +1137,16 @@ handle_v5(krb5_context contextp,
|
|||||||
krb5_err(contextp, 1, ret, "kadm5_init_with_password_ctx");
|
krb5_err(contextp, 1, ret, "kadm5_init_with_password_ctx");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
sd_notify(0, "READY=1");
|
||||||
|
#endif
|
||||||
|
|
||||||
v5_loop(contextp, ac, initial, kadm_handlep, fd, readonly);
|
v5_loop(contextp, ac, initial, kadm_handlep, fd, readonly);
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
sd_notify(0, "STOPPING=1");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
krb5_error_code
|
krb5_error_code
|
||||||
@ -1144,6 +1159,8 @@ kadmind_loop(krb5_context contextp,
|
|||||||
ssize_t n;
|
ssize_t n;
|
||||||
unsigned long len;
|
unsigned long len;
|
||||||
|
|
||||||
|
printf("kadmind_loop\n");
|
||||||
|
|
||||||
n = krb5_net_read(contextp, &sock, buf, 4);
|
n = krb5_net_read(contextp, &sock, buf, 4);
|
||||||
if(n == 0)
|
if(n == 0)
|
||||||
exit(0);
|
exit(0);
|
||||||
@ -1167,8 +1184,8 @@ kadmind_loop(krb5_context contextp,
|
|||||||
} else
|
} else
|
||||||
len = 4;
|
len = 4;
|
||||||
|
|
||||||
|
printf("handle_mit\n");
|
||||||
handle_mit(contextp, buf, len, sock, readonly);
|
handle_mit(contextp, buf, len, sock, readonly);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,6 +21,10 @@ kpasswdd_LDADD = \
|
|||||||
$(LIB_pidfile) \
|
$(LIB_pidfile) \
|
||||||
$(LIB_dlopen) \
|
$(LIB_dlopen) \
|
||||||
$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
|
$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
|
||||||
|
|
||||||
|
if HAVE_SYSTEMD
|
||||||
|
kpasswdd_LDADD += $(SYSTEMD_LIBS)
|
||||||
|
endif
|
||||||
|
|
||||||
LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
|
LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
|
||||||
$(LIB_hcrypto) \
|
$(LIB_hcrypto) \
|
||||||
|
@ -38,6 +38,9 @@ RCSID("$Id$");
|
|||||||
#ifdef HAVE_SYS_UN_H
|
#ifdef HAVE_SYS_UN_H
|
||||||
#include <sys/un.h>
|
#include <sys/un.h>
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
#include <systemd/sd-daemon.h>
|
||||||
|
#endif
|
||||||
#include <hdb.h>
|
#include <hdb.h>
|
||||||
#include <kadm5/private.h>
|
#include <kadm5/private.h>
|
||||||
#include <kadm5/kadm5_err.h>
|
#include <kadm5/kadm5_err.h>
|
||||||
@ -744,6 +747,10 @@ doit(krb5_keytab keytab, int port)
|
|||||||
krb5_errx(context, 1, "No sockets!");
|
krb5_errx(context, 1, "No sockets!");
|
||||||
|
|
||||||
roken_detach_finish(NULL, daemon_child);
|
roken_detach_finish(NULL, daemon_child);
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
sd_notify(0, "READY=1");
|
||||||
|
#endif
|
||||||
|
|
||||||
while (exit_flag == 0) {
|
while (exit_flag == 0) {
|
||||||
krb5_ssize_t retx;
|
krb5_ssize_t retx;
|
||||||
@ -776,6 +783,10 @@ doit(krb5_keytab keytab, int port)
|
|||||||
buf, retx);
|
buf, retx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
sd_notify(0, "STOPPING=1");
|
||||||
|
#endif
|
||||||
|
|
||||||
for (i = 0; i < n; ++i)
|
for (i = 0; i < n; ++i)
|
||||||
close(sockets[i]);
|
close(sockets[i]);
|
||||||
|
@ -22,6 +22,7 @@
|
|||||||
pam,
|
pam,
|
||||||
libmicrohttpd,
|
libmicrohttpd,
|
||||||
cjson,
|
cjson,
|
||||||
|
systemdMinimal,
|
||||||
|
|
||||||
CoreFoundation,
|
CoreFoundation,
|
||||||
Security,
|
Security,
|
||||||
@ -43,6 +44,7 @@
|
|||||||
withOpenLDAPAsHDBModule ? false,
|
withOpenLDAPAsHDBModule ? false,
|
||||||
withOpenSSL ? true,
|
withOpenSSL ? true,
|
||||||
withSQLite3 ? true,
|
withSQLite3 ? true,
|
||||||
|
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemdMinimal
|
||||||
}:
|
}:
|
||||||
|
|
||||||
assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
|
assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
|
||||||
@ -89,7 +91,8 @@ stdenv.mkDerivation {
|
|||||||
++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
|
++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
|
||||||
++ lib.optionals (withOpenLDAP) [ openldap ]
|
++ lib.optionals (withOpenLDAP) [ openldap ]
|
||||||
++ lib.optionals (withOpenSSL) [ openssl ]
|
++ lib.optionals (withOpenSSL) [ openssl ]
|
||||||
++ lib.optionals (withSQLite3) [ sqlite ];
|
++ lib.optionals (withSQLite3) [ sqlite ]
|
||||||
|
++ lib.optionals (withSystemd) [ systemdMinimal ];
|
||||||
|
|
||||||
doCheck = true;
|
doCheck = true;
|
||||||
nativeCheckInputs = [
|
nativeCheckInputs = [
|
||||||
@ -125,6 +128,9 @@ stdenv.mkDerivation {
|
|||||||
]
|
]
|
||||||
++ lib.optionals (withSQLite3) [
|
++ lib.optionals (withSQLite3) [
|
||||||
"--with-sqlite3=${sqlite.dev}"
|
"--with-sqlite3=${sqlite.dev}"
|
||||||
|
]
|
||||||
|
++ lib.optionals (withSystemd) [
|
||||||
|
"--with-systemd=yes"
|
||||||
];
|
];
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
|
@ -74,6 +74,7 @@ in
|
|||||||
ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
|
ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
|
||||||
Slice = "system-kerberos-server.slice";
|
Slice = "system-kerberos-server.slice";
|
||||||
StateDirectory = "heimdal";
|
StateDirectory = "heimdal";
|
||||||
|
Type = "notify";
|
||||||
};
|
};
|
||||||
restartTriggers = [ kdcConfFile ];
|
restartTriggers = [ kdcConfFile ];
|
||||||
};
|
};
|
||||||
@ -98,6 +99,7 @@ in
|
|||||||
ExecStart = "${package}/libexec/kpasswdd";
|
ExecStart = "${package}/libexec/kpasswdd";
|
||||||
Slice = "system-kerberos-server.slice";
|
Slice = "system-kerberos-server.slice";
|
||||||
StateDirectory = "heimdal";
|
StateDirectory = "heimdal";
|
||||||
|
Type = "notify";
|
||||||
};
|
};
|
||||||
restartTriggers = [ kdcConfFile ];
|
restartTriggers = [ kdcConfFile ];
|
||||||
};
|
};
|
||||||
|
@ -31,6 +31,7 @@ pkgs.mkShell {
|
|||||||
openldap
|
openldap
|
||||||
openssl
|
openssl
|
||||||
sqlite
|
sqlite
|
||||||
|
systemdMinimal
|
||||||
];
|
];
|
||||||
|
|
||||||
env = {
|
env = {
|
||||||
|
Reference in New Issue
Block a user