NTSTATUS
SvcmStart(
PLW_SVCM_INSTANCE pInstance,
ULONG ArgCount,
PWSTR* ppArgs,
ULONG FdCount,
int* pFds
)
{
DWORD dwError = 0;
dwError = pthread_rwlock_init(&gUmnConfigLock, NULL);
BAIL_ON_UMN_ERROR(dwError);
dwError = UmnSrvInitConfig(&gpAPIConfig);
BAIL_ON_UMN_ERROR(dwError);
// This function creates threads, so signals must be blocked first
dwError = UmnSrvRefreshConfiguration();
BAIL_ON_UMN_ERROR(dwError);
dwError = LWNetExtendEnvironmentForKrb5Affinity(TRUE);
BAIL_ON_UMN_ERROR(dwError);
dwError = UmnSrvStartPollerThread();
BAIL_ON_UMN_ERROR(dwError);
error:
return dwError;
}
int
main(
int argc,
char** ppszArgv
)
{
DWORD dwError = 0;
/* Parse command line */
dwError = LwSmParseArguments(argc, ppszArgv);
BAIL_ON_ERROR(dwError);
/* Block all signals */
dwError = LwNtStatusToWin32Error(LwRtlBlockSignals());
BAIL_ON_ERROR(dwError);
/* Fork into background if running as a daemon */
if (gState.bStartAsDaemon)
{
dwError = LwSmDaemonize();
BAIL_ON_ERROR(dwError);
}
/* If we're starting as the control server, acquire lock */
if (!gState.bContainer)
{
dwError = LwSmControlLock();
BAIL_ON_ERROR(dwError);
}
/* Create thread pool */
dwError = LwNtStatusToWin32Error(LwRtlCreateThreadPool(&gpPool, NULL));
BAIL_ON_ERROR(dwError);
dwError = LWNetExtendEnvironmentForKrb5Affinity(FALSE);
BAIL_ON_ERROR(dwError);
/* Mac OS X - avoid potential circular calls into directory services */
dwError = LwDsCacheAddPidException(getpid());
BAIL_ON_ERROR(dwError);
/* Initialize i18n */
setlocale(LC_ALL, "");
/* Initialize logging subsystem */
LwSmLogInit();
/* Set up logging */
dwError = LwSmConfigureLogging(gState.pName);
BAIL_ON_ERROR(dwError);
/* Initialize the container subsystem */
dwError = LwSmContainerInit();
BAIL_ON_ERROR(dwError);
/* Initialize the service table subsystem */
dwError = LwSmTableInit();
BAIL_ON_ERROR(dwError);
/* Enter main loop */
dwError = LwSmMain();
BAIL_ON_ERROR(dwError);
error:
/* If we are starting as a daemon and have not
notified the parent process yet, notify it
of an error now */
if (gState.bStartAsDaemon && !gState.bNotified)
{
LwSmNotify(dwError);
}
/* Shut down service table */
LwSmTableShutdown();
/* Shut down containers */
LwSmContainerShutdown();
/* Shut down logging */
LwSmLoggingShutdown();
/* Remove DS cache exception */
LwDsCacheRemovePidException(getpid());
/* Free thread pool */
LwRtlFreeThreadPool(&gpPool);
/* Close control file if it is open */
if (gState.ControlLock >= 0)
{
close(gState.ControlLock);
}
if (dwError)
{
fprintf(stderr, "Error: %s (%d)\n", LwWin32ExtErrorToName(dwError), (int) dwError);
}
return dwError ? 1 : 0;
}
static
DWORD
ADUKerb5GetTGTFromKeytab(
char *szUserName,
char *szPassword,
char *pszCachePath,
PDWORD pdwGoodUntilTime
)
{
DWORD dwError = 0;
krb5_error_code ret = 0;
krb5_context ctx = NULL;
krb5_creds creds = { 0 };
krb5_ccache cc = NULL;
krb5_keytab keytab = 0;
krb5_principal client_principal = NULL;
dwError = ADUKerb5DestroyCache(pszCachePath);
BAIL_ON_MAC_ERROR(dwError);
dwError = LWNetExtendEnvironmentForKrb5Affinity(TRUE);
BAIL_ON_MAC_ERROR(dwError);
ret = krb5_init_context(&ctx);
BAIL_ON_KRB_ERROR(ctx, ret);
ret = krb5_parse_name(ctx, szUserName, &client_principal);
BAIL_ON_KRB_ERROR(ctx, ret);
/* use krb5_cc_resolve to get an alternate cache */
ret = krb5_cc_resolve(ctx, pszCachePath, &cc);
BAIL_ON_KRB_ERROR(ctx, ret);
ret = krb5_kt_default(ctx, &keytab);
BAIL_ON_KRB_ERROR(ctx, ret);
ret = krb5_get_init_creds_keytab(
ctx,
&creds,
client_principal,
keytab,
0, /* start time */
NULL, /* in_tkt_service */
NULL /* options */
);
BAIL_ON_KRB_ERROR(ctx, ret);
ret = krb5_cc_initialize(ctx, cc, client_principal);
BAIL_ON_KRB_ERROR(ctx, ret);
ret = krb5_cc_store_cred(ctx, cc, &creds);
BAIL_ON_KRB_ERROR(ctx, ret);
*pdwGoodUntilTime = creds.times.endtime;
error:
if (creds.client == client_principal) {
creds.client = NULL;
}
if (ctx) {
if (client_principal) {
krb5_free_principal(ctx, client_principal);
}
if (keytab) {
krb5_kt_close(ctx, keytab);
}
if (cc) {
krb5_cc_close(ctx, cc);
}
krb5_free_cred_contents(ctx, &creds);
krb5_free_context(ctx);
}
return(dwError);
}
