if (ccache_name) {
printf("Authenticating as principal %s with existing credentials.\n",
princstr);
- retval = kadm5_init_with_creds(princstr, cc,
+ retval = kadm5_init_with_creds(context, princstr, cc,
svcname,
¶ms,
KADM5_STRUCT_VERSION,
else
printf("Authenticating as principal %s with default keytab.\n",
princstr);
- retval = kadm5_init_with_skey(princstr, keytab_name,
+ retval = kadm5_init_with_skey(context, princstr, keytab_name,
svcname,
¶ms,
KADM5_STRUCT_VERSION,
} else {
printf("Authenticating as principal %s with password.\n",
princstr);
- retval = kadm5_init_with_password(princstr, password,
+ retval = kadm5_init_with_password(context, princstr, password,
svcname,
¶ms,
KADM5_STRUCT_VERSION,
retval = krb5_klog_init(context, "admin_server", progname, 0);
if (retval)
return retval;
- if ((retval = kadm5_init(progname, NULL, NULL, params,
+ if ((retval = kadm5_init(context, progname, NULL, NULL, params,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
db5util_db_args,
krb5_klog_init(context, "admin_server", whoami, 1);
- if((ret = kadm5_init("kadmind", NULL,
+ if((ret = kadm5_init(context, "kadmind", NULL,
NULL, ¶ms,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_2,
}
}
- ret = kadm5_init_with_creds(client_name, cc, service_name,
+ ret = kadm5_init_with_creds(context, client_name, cc, service_name,
¶ms, struct_version,
api_version, NULL, &server_handle);
(void) krb5_cc_close(context, cc);
} else
- ret = kadm5_init(client_name, pass, service_name, ¶ms,
+ ret = kadm5_init(context, client_name, pass, service_name, ¶ms,
struct_version, api_version, NULL, &server_handle);
if (ret != KADM5_OK) {
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
char *, size_t);
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
- char *service_name,
+/*
+ * For all initialization functions, the caller must first initialize
+ * a context with kadm5_init_krb5_context which will survive as long
+ * as the resulting handle. The caller should free the context with
+ * krb5_free_context.
+ */
+
+kadm5_ret_t kadm5_init(krb5_context context, char *client_name,
+ char *pass, char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-kadm5_ret_t kadm5_init_with_password(char *client_name,
+kadm5_ret_t kadm5_init_with_password(krb5_context context,
+ char *client_name,
char *pass,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-kadm5_ret_t kadm5_init_with_skey(char *client_name,
+kadm5_ret_t kadm5_init_with_skey(krb5_context context,
+ char *client_name,
char *keytab,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
+kadm5_ret_t kadm5_init_with_creds(krb5_context context,
+ char *client_name,
krb5_ccache cc,
char *service_name,
kadm5_config_params *params,
enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS };
-static kadm5_ret_t _kadm5_init_any(char *client_name,
+static kadm5_ret_t _kadm5_init_any(krb5_context context,
+ char *client_name,
enum init_type init_type,
char *pass,
krb5_ccache ccache_in,
gss_cred_id_t gss_client_creds,
gss_name_t gss_target);
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
+kadm5_ret_t kadm5_init_with_creds(krb5_context context,
+ char *client_name,
krb5_ccache ccache,
char *service_name,
kadm5_config_params *params,
char **db_args,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache,
+ return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache,
service_name, params,
struct_version, api_version, db_args,
server_handle);
}
-kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
- char *service_name,
+kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
+ char *pass, char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
+ return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
service_name, params, struct_version,
api_version, db_args, server_handle);
}
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
+kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
char **db_args,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
+ return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
service_name, params, struct_version,
api_version, db_args, server_handle);
}
-kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
- char *service_name,
+kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
+ char *keytab, char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle)
{
- return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL,
+ return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL,
service_name, params, struct_version,
api_version, db_args, server_handle);
}
-static kadm5_ret_t _kadm5_init_any(char *client_name,
+static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name,
enum init_type init_type,
char *pass,
krb5_ccache ccache_in,
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
- krb5_init_context(&handle->context);
+ handle->context = context;
if(client_name == NULL) {
free(handle);
if ((code = kadm5_get_config_params(handle->context, 0,
params_in, &handle->params))) {
- krb5_free_context(handle->context);
free(handle);
return(code);
}
KADM5_CONFIG_KADMIND_PORT)
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
- krb5_free_context(handle->context);
free(handle);
return KADM5_MISSING_KRB5_CONF_PARAMS;
}
free (handle->lhandle);
kadm5_free_config_params(handle->context, &handle->params);
- krb5_free_context(handle->context);
handle->magic_number = 0;
free(handle);
}
}
-kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
- char *service_name,
+kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
+ char *pass, char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle)
{
- return kadm5_init(client_name, pass, service_name, params,
+ return kadm5_init(context, client_name, pass, service_name, params,
struct_version, api_version, db_args,
server_handle);
}
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
+kadm5_ret_t kadm5_init_with_creds(krb5_context context,
+ char *client_name,
krb5_ccache ccache,
char *service_name,
kadm5_config_params *params,
if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
params->mkey_from_kbd)
return KADM5_BAD_SERVER_PARAMS;
- return kadm5_init(client_name, NULL, service_name, params,
+ return kadm5_init(context, client_name, NULL, service_name, params,
struct_version, api_version, db_args,
server_handle);
}
-kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
- char *service_name,
+kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
+ char *keytab, char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
params->mkey_from_kbd)
return KADM5_BAD_SERVER_PARAMS;
- return kadm5_init(client_name, NULL, service_name, params,
+ return kadm5_init(context, client_name, NULL, service_name, params,
struct_version, api_version, db_args,
server_handle);
}
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
+kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
char *service_name,
kadm5_config_params *params_in,
krb5_ui_4 struct_version,
return ret;
}
- ret = (int) krb5int_init_context_kdc(&(handle->context));
- if (ret) {
- free_db_args(handle);
- free(handle);
- return(ret);
- }
+ handle->context = context;
initialize_ovk_error_table();
/* initialize_adb_error_table(); */
expect to see admin_server being set sometimes. */
#define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return KADM5_BAD_SERVER_PARAMS;
ret = kadm5_get_config_params(handle->context, 1, params_in,
&handle->params);
if (ret) {
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return(ret);
KADM5_CONFIG_IPROP_PORT)
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return KADM5_MISSING_CONF_PARAMS;
if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED
&& handle->params.iprop_enabled) {
if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) {
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return KADM5_MISSING_CONF_PARAMS;
ret = krb5_set_default_realm(handle->context, handle->params.realm);
if (ret) {
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return ret;
ret = krb5_db_open(handle->context, db_args,
KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
if (ret) {
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return(ret);
if ((ret = krb5_parse_name(handle->context, client_name,
&handle->current_caller))) {
krb5_db_fini(handle->context);
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return ret;
if (! (handle->lhandle = malloc(sizeof(*handle)))) {
krb5_db_fini(handle->context);
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return ENOMEM;
&& handle->params.mkey_from_kbd);
if (ret) {
krb5_db_fini(handle->context);
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return ret;
ret = kdb_init_hist(handle, handle->params.realm);
if (ret) {
krb5_db_fini(handle->context);
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return ret;
if (ret) {
krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
- krb5_free_context(handle->context);
free_db_args(handle);
free(handle);
return ret;
krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
kadm5_free_config_params(handle->context, &handle->params);
- krb5_free_context(handle->context);
handle->magic_number = 0;
free(handle->lhandle);
free_db_args(handle);
int x;
void *server_handle;
kadm5_server_handle_t handle;
+ krb5_context context;
+ ret = kadm5_init_krb5_context(&context);
+ if (ret != 0) {
+ com_err("test", ret, "context init");
+ exit(2);
+ }
for(x = 0; x < TEST_NUM; x++) {
- ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+ ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
&server_handle);
if(ret != KADM5_OK) {
kadm5_init_krb5_context(&context);
- ret = kadm5_init("admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
+ ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
&server_handle);
if(ret != KADM5_OK) {
kadm5_ret_t ret;
void *server_handle;
kadm5_config_params params;
+ krb5_context context;
memset(¶ms, 0, sizeof(params));
params.mask |= KADM5_CONFIG_NO_AUTH;
- ret = kadm5_init("admin", "admin", NULL, ¶ms,
+ ret = kadm5_init_krb5_context(&context);
+ if (ret != 0) {
+ com_err("init-test", ret, "while initializing krb5 context");
+ exit(1);
+ }
+ ret = kadm5_init(context, "admin", "admin", NULL, ¶ms,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
&server_handle);
if (ret == KADM5_RPC_ERROR)
void *server_handle;
char **names;
int count, princ, i;
+ krb5_context context;
if (argc != 3) {
fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]);
exit(1);
}
princ = (strcmp(argv[1], "-princ") == 0);
-
+
+ ret = kadm5_init_krb5_context(&context);
+ if (ret != KADM5_OK) {
+ com_err("iter-test", ret, "while initializing context");
+ exit(1);
+ }
ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
&server_handle);
kadm5_init_krb5_context(&context);
krb5_parse_name(context, "testuser", &tprinc);
- ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+ ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
&server_handle);
if(ret != KADM5_OK) {
exit(1);
}
- ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
+ ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
&handle);
if (ret) {
/*
* Authentication, initialize rpcsec_gss handle etc.
*/
- retval = kadm5_init_with_skey(iprop_svc_princstr, srvtab,
+ retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr,
+ srvtab,
master_svc_princstr,
¶ms,
KADM5_STRUCT_VERSION,
(void) memset(¶ms, 0, sizeof (params));
- retval = krb5_init_context(&kpropd_context);
+ retval = kadm5_init_krb5_context(&kpropd_context);
if (retval) {
com_err(argv[0], retval, "while initializing krb5");
exit(1);