source4/kdc/kdc-service-mit.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Start MIT krb5kdc server within Samba AD
   5
   6    Copyright (c) 2014      Andreas Schneider <asn@samba.org>
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "talloc.h"
  24 #include "tevent.h"
  25 #include "system/filesys.h"
  26 #include "lib/param/param.h"
  27 #include "lib/util/samba_util.h"
  28 #include "source4/smbd/service.h"
  29 #include "source4/smbd/process_model.h"
  30 #include "kdc/kdc-service-mit.h"
  31 #include "dynconfig.h"
  32 #include "libds/common/roles.h"
  33
  34 static void mitkdc_server_done(struct tevent_req *subreq);
  35
  36 /*
  37  * Startup a copy of the krb5kdc as a child daemon
  38  */
  39 void mitkdc_task_init(struct task_server *task)
  40 {
  41         struct tevent_req *subreq;
  42         const char * const *kdc_cmd;
  43
  44         task_server_set_title(task, "task[mitkdc_parent]");
  45
  46         switch (lpcfg_server_role(task->lp_ctx)) {
  47         case ROLE_STANDALONE:
  48                 task_server_terminate(task,
  49                                       "The KDC is not required in standalone "
  50                                       "server configuration, terminate!",
  51                                       false);
  52                 return;
  53         case ROLE_DOMAIN_MEMBER:
  54                 task_server_terminate(task,
  55                                       "The KDC is not required in member "
  56                                       "server configuration",
  57                                       false);
  58                 return;
  59         case ROLE_ACTIVE_DIRECTORY_DC:
  60                 /* Yes, we want to start the KDC */
  61                 break;
  62         }
  63
  64         /* start it as a child process */
  65         kdc_cmd = lpcfg_mit_kdc_command(task->lp_ctx);
  66
  67         subreq = samba_runcmd_send(task,
  68                                    task->event_ctx,
  69                                    timeval_zero(),
  70                                    1, /* stdout log level */
  71                                    0, /* stderr log level */
  72                                    kdc_cmd,
  73                                    "-n", /* Don't go into background */
  74 #if 0
  75                                    "-w 2", /* Start two workers */
  76 #endif
  77                                    NULL);
  78         if (subreq == NULL) {
  79                 DEBUG(0, ("Failed to start MIT KDC as child daemon\n"));
  80
  81                 task_server_terminate(task,
  82                                       "Failed to startup mitkdc task",
  83                                       true);
  84                 return;
  85         }
  86
  87         tevent_req_set_callback(subreq, mitkdc_server_done, task);
  88
  89         DEBUG(5,("Started krb5kdc process\n"));
  90 }
  91
  92 /*
  93  * This gets called the kdc exits.
  94  */
  95 static void mitkdc_server_done(struct tevent_req *subreq)
  96 {
  97         struct task_server *task =
  98                 tevent_req_callback_data(subreq,
  99                 struct task_server);
 100         int sys_errno;
 101         int ret;
 102
 103         ret = samba_runcmd_recv(subreq, &sys_errno);
 104         if (ret != 0) {
 105                 DEBUG(0, ("The MIT KDC daemon died with exit status %d\n",
 106                           sys_errno));
 107         } else {
 108                 DEBUG(0,("The MIT KDC daemon exited normally\n"));
 109         }
 110
 111         task_server_terminate(task, "mitkdc child process exited", true);
 112 }
 113
 114 /* Called at MIT KRB5 startup - register ourselves as a server service */
 115 NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx);
 116
 117 NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx)
 118 {
 119         return register_server_service("kdc", mitkdc_task_init);
 120 }