s4-kdc: Add a MIT Kerberos KDC service

This starts the krb5kdc binary shipped with MIT Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
new file mode 100644 (file)
index 0000000..fde7c06
--- /dev/null
+++ b/source4/kdc/kdc-service-mit.c
@@ -0,0 +1,120 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Start MIT krb5kdc server within Samba AD
+
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "talloc.h"
+#include "tevent.h"
+#include "system/filesys.h"
+#include "lib/param/param.h"
+#include "lib/util/samba_util.h"
+#include "source4/smbd/service.h"
+#include "source4/smbd/process_model.h"
+#include "kdc/kdc-service-mit.h"
+#include "dynconfig.h"
+#include "libds/common/roles.h"
+
+static void mitkdc_server_done(struct tevent_req *subreq);
+
+/*
+ * Startup a copy of the krb5kdc as a child daemon
+ */
+void mitkdc_task_init(struct task_server *task)
+{
+       struct tevent_req *subreq;
+       const char * const *kdc_cmd;
+
+       task_server_set_title(task, "task[mitkdc_parent]");
+
+       switch (lpcfg_server_role(task->lp_ctx)) {
+       case ROLE_STANDALONE:
+               task_server_terminate(task,
+                                     "The KDC is not required in standalone "
+                                     "server configuration, terminate!",
+                                     false);
+               return;
+       case ROLE_DOMAIN_MEMBER:
+               task_server_terminate(task,
+                                     "The KDC is not required in member "
+                                     "server configuration",
+                                     false);
+               return;
+       case ROLE_ACTIVE_DIRECTORY_DC:
+               /* Yes, we want to start the KDC */
+               break;
+       }
+
+       /* start it as a child process */
+       kdc_cmd = lpcfg_mit_kdc_command(task->lp_ctx);
+
+       subreq = samba_runcmd_send(task,
+                                  task->event_ctx,
+                                  timeval_zero(),
+                                  1, /* stdout log level */
+                                  0, /* stderr log level */
+                                  kdc_cmd,
+                                  "-n", /* Don't go into background */
+#if 0
+                                  "-w 2", /* Start two workers */
+#endif
+                                  NULL);
+       if (subreq == NULL) {
+               DEBUG(0, ("Failed to start MIT KDC as child daemon\n"));
+
+               task_server_terminate(task,
+                                     "Failed to startup mitkdc task",
+                                     true);
+               return;
+       }
+
+       tevent_req_set_callback(subreq, mitkdc_server_done, task);
+
+       DEBUG(5,("Started krb5kdc process\n"));
+}
+
+/*
+ * This gets called the kdc exits.
+ */
+static void mitkdc_server_done(struct tevent_req *subreq)
+{
+       struct task_server *task =
+               tevent_req_callback_data(subreq,
+               struct task_server);
+       int sys_errno;
+       int ret;
+
+       ret = samba_runcmd_recv(subreq, &sys_errno);
+       if (ret != 0) {
+               DEBUG(0, ("The MIT KDC daemon died with exit status %d\n",
+                         sys_errno));
+       } else {
+               DEBUG(0,("The MIT KDC daemon exited normally\n"));
+       }
+
+       task_server_terminate(task, "mitkdc child process exited", true);
+}
+
+/* Called at MIT KRB5 startup - register ourselves as a server service */
+NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx);
+
+NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx)
+{
+       return register_server_service("kdc", mitkdc_task_init);
+}

diff --git a/source4/kdc/kdc-service-mit.h b/source4/kdc/kdc-service-mit.h
new file mode 100644 (file)
index 0000000..6f38fe7
--- /dev/null
+++ b/source4/kdc/kdc-service-mit.h
@@ -0,0 +1,27 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Start MIT krb5kdc server within Samba AD
+
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _KDC_SERVICE_MIT_H
+#define _KDC_SERVICE_MIT_H
+
+void mitkdc_task_init(struct task_server *task);
+
+#endif /* _KDC_SERVICE_MIT_H */

diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build
index 76efb1f02ca206b25be7989e4a20ebd649223f2f..b700c11ee441f36cb353ab40660ebcae2e3403d2 100644 (file)
--- a/source4/kdc/wscript_build
+++ b/source4/kdc/wscript_build
@@ -6,24 +6,38 @@ if not bld.CONFIG_SET("USING_SYSTEM_KDC"):
 else:
     kdc_include = getattr(bld.env, "CPPPATH_KDC")
 
-bld.SAMBA_MODULE('service_kdc',
-                 source='kdc-heimdal.c',
-                 subsystem='service',
-                 init_function='server_service_kdc_init',
-                 deps='''
-                      kdc
-                      HDB_SAMBA4
-                      WDC_SAMBA4
-                      samba-hostconfig
-                      com_err
-                      samba_server_gensec
-                      PAC_GLUE
-                      KDC-GLUE
-                      KDC-SERVER
-                      KPASSWD-SERVICE
-                      KPASSWD_GLUE
-                 ''',
-                 internal_module=False)
+if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'):
+    bld.SAMBA_MODULE('service_kdc',
+                     source='kdc-heimdal.c',
+                     subsystem='service',
+                     init_function='server_service_kdc_init',
+                     deps='''
+                          kdc
+                          HDB_SAMBA4
+                          WDC_SAMBA4
+                          samba-hostconfig
+                          com_err
+                          samba_server_gensec
+                          PAC_GLUE
+                          KDC-GLUE
+                          KDC-SERVER
+                          KPASSWD-SERVICE
+                          KPASSWD_GLUE
+                     ''',
+                     internal_module=False)
+
+if bld.CONFIG_GET('SAMBA_USES_MITKDC'):
+    bld.SAMBA_MODULE('service_kdc',
+                     source='kdc-service-mit.c',
+                     subsystem='service',
+                     init_function='server_service_mitkdc_init',
+                     deps='''
+                          samba-hostconfig
+                          service
+                          talloc
+                          UTIL_RUNCMD
+                     ''',
+                     internal_module=False)
 
 bld.SAMBA_LIBRARY('HDB_SAMBA4',
                   source='hdb-samba4.c hdb-samba4-plugin.c',