diff options
author | Andreas Schneider <asn@samba.org> | 2016-09-08 09:46:52 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-04-29 23:31:09 +0200 |
commit | 32e772b4b9bb8874c64819ce3f36884ce5242339 (patch) | |
tree | aa4f71f70561f03f602740c2f67a350b9e36dbad /source4/kdc | |
parent | 7556c20d4bf90bfcc288ba1c82008105eaf8f261 (diff) | |
download | samba-32e772b4b9bb8874c64819ce3f36884ce5242339.tar.gz |
s4-kdc: Add a MIT Kerberos KDC service
This starts the krb5kdc binary shipped with MIT Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/kdc-service-mit.c | 120 | ||||
-rw-r--r-- | source4/kdc/kdc-service-mit.h | 27 | ||||
-rw-r--r-- | source4/kdc/wscript_build | 50 |
3 files changed, 179 insertions, 18 deletions
diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c new file mode 100644 index 00000000000..fde7c066ddf --- /dev/null +++ b/source4/kdc/kdc-service-mit.c @@ -0,0 +1,120 @@ +/* + Unix SMB/CIFS implementation. + + Start MIT krb5kdc server within Samba AD + + Copyright (c) 2014 Andreas Schneider <asn@samba.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "talloc.h" +#include "tevent.h" +#include "system/filesys.h" +#include "lib/param/param.h" +#include "lib/util/samba_util.h" +#include "source4/smbd/service.h" +#include "source4/smbd/process_model.h" +#include "kdc/kdc-service-mit.h" +#include "dynconfig.h" +#include "libds/common/roles.h" + +static void mitkdc_server_done(struct tevent_req *subreq); + +/* + * Startup a copy of the krb5kdc as a child daemon + */ +void mitkdc_task_init(struct task_server *task) +{ + struct tevent_req *subreq; + const char * const *kdc_cmd; + + task_server_set_title(task, "task[mitkdc_parent]"); + + switch (lpcfg_server_role(task->lp_ctx)) { + case ROLE_STANDALONE: + task_server_terminate(task, + "The KDC is not required in standalone " + "server configuration, terminate!", + false); + return; + case ROLE_DOMAIN_MEMBER: + task_server_terminate(task, + "The KDC is not required in member " + "server configuration", + false); + return; + case ROLE_ACTIVE_DIRECTORY_DC: + /* Yes, we want to start the KDC */ + break; + } + + /* start it as a child process */ + kdc_cmd = lpcfg_mit_kdc_command(task->lp_ctx); + + subreq = samba_runcmd_send(task, + task->event_ctx, + timeval_zero(), + 1, /* stdout log level */ + 0, /* stderr log level */ + kdc_cmd, + "-n", /* Don't go into background */ +#if 0 + "-w 2", /* Start two workers */ +#endif + NULL); + if (subreq == NULL) { + DEBUG(0, ("Failed to start MIT KDC as child daemon\n")); + + task_server_terminate(task, + "Failed to startup mitkdc task", + true); + return; + } + + tevent_req_set_callback(subreq, mitkdc_server_done, task); + + DEBUG(5,("Started krb5kdc process\n")); +} + +/* + * This gets called the kdc exits. + */ +static void mitkdc_server_done(struct tevent_req *subreq) +{ + struct task_server *task = + tevent_req_callback_data(subreq, + struct task_server); + int sys_errno; + int ret; + + ret = samba_runcmd_recv(subreq, &sys_errno); + if (ret != 0) { + DEBUG(0, ("The MIT KDC daemon died with exit status %d\n", + sys_errno)); + } else { + DEBUG(0,("The MIT KDC daemon exited normally\n")); + } + + task_server_terminate(task, "mitkdc child process exited", true); +} + +/* Called at MIT KRB5 startup - register ourselves as a server service */ +NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx); + +NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx) +{ + return register_server_service("kdc", mitkdc_task_init); +} diff --git a/source4/kdc/kdc-service-mit.h b/source4/kdc/kdc-service-mit.h new file mode 100644 index 00000000000..6f38fe7ed97 --- /dev/null +++ b/source4/kdc/kdc-service-mit.h @@ -0,0 +1,27 @@ +/* + Unix SMB/CIFS implementation. + + Start MIT krb5kdc server within Samba AD + + Copyright (c) 2014 Andreas Schneider <asn@samba.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _KDC_SERVICE_MIT_H +#define _KDC_SERVICE_MIT_H + +void mitkdc_task_init(struct task_server *task); + +#endif /* _KDC_SERVICE_MIT_H */ diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build index 76efb1f02ca..b700c11ee44 100644 --- a/source4/kdc/wscript_build +++ b/source4/kdc/wscript_build @@ -6,24 +6,38 @@ if not bld.CONFIG_SET("USING_SYSTEM_KDC"): else: kdc_include = getattr(bld.env, "CPPPATH_KDC") -bld.SAMBA_MODULE('service_kdc', - source='kdc-heimdal.c', - subsystem='service', - init_function='server_service_kdc_init', - deps=''' - kdc - HDB_SAMBA4 - WDC_SAMBA4 - samba-hostconfig - com_err - samba_server_gensec - PAC_GLUE - KDC-GLUE - KDC-SERVER - KPASSWD-SERVICE - KPASSWD_GLUE - ''', - internal_module=False) +if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'): + bld.SAMBA_MODULE('service_kdc', + source='kdc-heimdal.c', + subsystem='service', + init_function='server_service_kdc_init', + deps=''' + kdc + HDB_SAMBA4 + WDC_SAMBA4 + samba-hostconfig + com_err + samba_server_gensec + PAC_GLUE + KDC-GLUE + KDC-SERVER + KPASSWD-SERVICE + KPASSWD_GLUE + ''', + internal_module=False) + +if bld.CONFIG_GET('SAMBA_USES_MITKDC'): + bld.SAMBA_MODULE('service_kdc', + source='kdc-service-mit.c', + subsystem='service', + init_function='server_service_mitkdc_init', + deps=''' + samba-hostconfig + service + talloc + UTIL_RUNCMD + ''', + internal_module=False) bld.SAMBA_LIBRARY('HDB_SAMBA4', source='hdb-samba4.c hdb-samba4-plugin.c', |