oysteikt/heimdal
0
0
Fork 0
Code Issues5 Pull Requests Releases Activity

Compare commits

...

3 Commits
master ... sd-notify

Author SHA1 Message Date
h7x4
cea03aebfb asdf 2025-03-29 17:30:49 +01:00
h7x4
161e2b8ed7 fixup! WIP: find libsystemd with autoconfig 2025-03-29 16:56:30 +01:00
h7x4
3761a26a59 WIP: find libsystemd with autoconfig 2025-03-26 13:01:01 +01:00
10 changed files with 76 additions and 2 deletions

2
.gitignore vendored

@ -37,6 +37,8 @@ asn1_*_asn1.c
*.log *.log
*.trs *.trs
*.tmp *.tmp
result
result-*
# Top-level files. # Top-level files.

16
configure.ac

@ -246,6 +246,22 @@ AM_CONDITIONAL([HAVE_CJWT], [test "$with_cjwt" != "no"])
AC_SUBST([CJWT_CFLAGS]) AC_SUBST([CJWT_CFLAGS])
AC_SUBST([CJWT_LIBS]) AC_SUBST([CJWT_LIBS])
dnl libsystemd
AC_ARG_WITH([systemd],
AC_HELP_STRING([--with-systemd], [(Experimental) notify systemd about daemon state @<:@default=check@:>@]),
[],
[with_systemd=check])
if test "$with_systemd" != "no"; then
PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 256.0],
[with_systemd=yes],[with_systemd=no])
fi
if test "$with_systemd" = "yes"; then
AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [whether libsystemd is available])
fi
AM_CONDITIONAL([HAVE_SYSTEMD], [test "$with_systemd" != "no"])
AC_SUBST([SYSTEMD_CFLAGS])
AC_SUBST([SYSTEMD_LIBS])
dnl libcjson dnl libcjson
AC_ARG_WITH([cjson], AC_ARG_WITH([cjson],
AC_HELP_STRING([--with-cjson], [(Experimental) use cJSON to extract private claims from JWT tokens @<:@default=check@:>@]), AC_HELP_STRING([--with-cjson], [(Experimental) use cJSON to extract private claims from JWT tokens @<:@default=check@:>@]),

4
kadmin/Makefile.am

@ -75,6 +75,10 @@ kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
$(LIB_pidfile) \ $(LIB_pidfile) \
$(LIB_dlopen) $(LIB_dlopen)
if HAVE_SYSTEMD
kadmind_LDADD += $(SYSTEMD_LIBS)
endif
kadmin_LDADD = \ kadmin_LDADD = \
$(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
$(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/kadm5/libkadm5srv.la \

11
kadmin/rpc.c

@ -36,6 +36,9 @@
#include <gssapi.h> #include <gssapi.h>
#include <gssapi_krb5.h> #include <gssapi_krb5.h>
#include <gssapi_spnego.h> #include <gssapi_spnego.h>
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
#define CHECK(x) \ #define CHECK(x) \
do { \ do { \
@ -799,6 +802,10 @@ process_stream(krb5_context contextp,
*/ */
INSIST(ilen >= 4); INSIST(ilen >= 4);
#ifdef HAVE_SYSTEMD
sd_notify(0, "READY=1");
#endif
while (1) { while (1) {
struct call_header chdr; struct call_header chdr;
@ -1129,6 +1136,10 @@ process_stream(krb5_context contextp,
} }
} }
#ifdef HAVE_SYSTEMD
sd_notify(0, "STOPPING=1");
#endif
} }

19
kadmin/server.c

@ -31,8 +31,12 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
#include <stdio.h>
#include "kadmin_locl.h" #include "kadmin_locl.h"
#include <krb5-private.h> #include <krb5-private.h>
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
static kadm5_ret_t check_aliases(kadm5_server_context *, static kadm5_ret_t check_aliases(kadm5_server_context *,
kadm5_principal_ent_rec *, kadm5_principal_ent_rec *,
@ -1071,6 +1075,8 @@ handle_v5(krb5_context contextp,
unsigned kadm_version = 1; unsigned kadm_version = 1;
kadm5_config_params realm_params; kadm5_config_params realm_params;
printf("handle_v5\n");
ret = krb5_recvauth_match_version(contextp, &ac, &fd, ret = krb5_recvauth_match_version(contextp, &ac, &fd,
match_appl_version, &kadm_version, match_appl_version, &kadm_version,
NULL, KRB5_RECVAUTH_IGNORE_VERSION, NULL, KRB5_RECVAUTH_IGNORE_VERSION,
@ -1131,7 +1137,16 @@ handle_v5(krb5_context contextp,
krb5_err(contextp, 1, ret, "kadm5_init_with_password_ctx"); krb5_err(contextp, 1, ret, "kadm5_init_with_password_ctx");
return; return;
} }
#ifdef HAVE_SYSTEMD
sd_notify(0, "READY=1");
#endif
v5_loop(contextp, ac, initial, kadm_handlep, fd, readonly); v5_loop(contextp, ac, initial, kadm_handlep, fd, readonly);
#ifdef HAVE_SYSTEMD
sd_notify(0, "STOPPING=1");
#endif
} }
krb5_error_code krb5_error_code
@ -1144,6 +1159,8 @@ kadmind_loop(krb5_context contextp,
ssize_t n; ssize_t n;
unsigned long len; unsigned long len;
printf("kadmind_loop\n");
n = krb5_net_read(contextp, &sock, buf, 4); n = krb5_net_read(contextp, &sock, buf, 4);
if(n == 0) if(n == 0)
exit(0); exit(0);
@ -1167,8 +1184,8 @@ kadmind_loop(krb5_context contextp,
} else } else
len = 4; len = 4;
printf("handle_mit\n");
handle_mit(contextp, buf, len, sock, readonly); handle_mit(contextp, buf, len, sock, readonly);
return 0; return 0;
} }

4
kpasswd/Makefile.am

@ -21,6 +21,10 @@ kpasswdd_LDADD = \
$(LIB_pidfile) \ $(LIB_pidfile) \
$(LIB_dlopen) \ $(LIB_dlopen) \
$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB) $(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
if HAVE_SYSTEMD
kpasswdd_LDADD += $(SYSTEMD_LIBS)
endif
LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_hcrypto) \ $(LIB_hcrypto) \

11
kpasswd/kpasswdd.c

@ -38,6 +38,9 @@ RCSID("$Id$");
#ifdef HAVE_SYS_UN_H #ifdef HAVE_SYS_UN_H
#include <sys/un.h> #include <sys/un.h>
#endif #endif
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
#include <hdb.h> #include <hdb.h>
#include <kadm5/private.h> #include <kadm5/private.h>
#include <kadm5/kadm5_err.h> #include <kadm5/kadm5_err.h>
@ -744,6 +747,10 @@ doit(krb5_keytab keytab, int port)
krb5_errx(context, 1, "No sockets!"); krb5_errx(context, 1, "No sockets!");
roken_detach_finish(NULL, daemon_child); roken_detach_finish(NULL, daemon_child);
#ifdef HAVE_SYSTEMD
sd_notify(0, "READY=1");
#endif
while (exit_flag == 0) { while (exit_flag == 0) {
krb5_ssize_t retx; krb5_ssize_t retx;
@ -776,6 +783,10 @@ doit(krb5_keytab keytab, int port)
buf, retx); buf, retx);
} }
} }
#ifdef HAVE_SYSTEMD
sd_notify(0, "STOPPING=1");
#endif
for (i = 0; i < n; ++i) for (i = 0; i < n; ++i)
close(sockets[i]); close(sockets[i]);

8
nix/heimdal/default.nix

@ -22,6 +22,7 @@
pam, pam,
libmicrohttpd, libmicrohttpd,
cjson, cjson,
systemdMinimal,
CoreFoundation, CoreFoundation,
Security, Security,
@ -43,6 +44,7 @@
withOpenLDAPAsHDBModule ? false, withOpenLDAPAsHDBModule ? false,
withOpenSSL ? true, withOpenSSL ? true,
withSQLite3 ? true, withSQLite3 ? true,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemdMinimal
}: }:
assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) '' assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
@ -89,7 +91,8 @@ stdenv.mkDerivation {
++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ] ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
++ lib.optionals (withOpenLDAP) [ openldap ] ++ lib.optionals (withOpenLDAP) [ openldap ]
++ lib.optionals (withOpenSSL) [ openssl ] ++ lib.optionals (withOpenSSL) [ openssl ]
++ lib.optionals (withSQLite3) [ sqlite ]; ++ lib.optionals (withSQLite3) [ sqlite ]
++ lib.optionals (withSystemd) [ systemdMinimal ];
doCheck = true; doCheck = true;
nativeCheckInputs = [ nativeCheckInputs = [
@ -125,6 +128,9 @@ stdenv.mkDerivation {
] ]
++ lib.optionals (withSQLite3) [ ++ lib.optionals (withSQLite3) [
"--with-sqlite3=${sqlite.dev}" "--with-sqlite3=${sqlite.dev}"
]
++ lib.optionals (withSystemd) [
"--with-systemd=yes"
]; ];
patches = [ patches = [

2
nix/module/heimdal.nix

@ -74,6 +74,7 @@ in
ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
Slice = "system-kerberos-server.slice"; Slice = "system-kerberos-server.slice";
StateDirectory = "heimdal"; StateDirectory = "heimdal";
Type = "notify";
}; };
restartTriggers = [ kdcConfFile ]; restartTriggers = [ kdcConfFile ];
}; };
@ -98,6 +99,7 @@ in
ExecStart = "${package}/libexec/kpasswdd"; ExecStart = "${package}/libexec/kpasswdd";
Slice = "system-kerberos-server.slice"; Slice = "system-kerberos-server.slice";
StateDirectory = "heimdal"; StateDirectory = "heimdal";
Type = "notify";
}; };
restartTriggers = [ kdcConfFile ]; restartTriggers = [ kdcConfFile ];
}; };

1
nix/shell.nix

@ -31,6 +31,7 @@ pkgs.mkShell {
openldap openldap
openssl openssl
sqlite sqlite
systemdMinimal
]; ];
env = { env = {