Modify kadm5 initializers to accept krb5 contexts
authorGreg Hudson <ghudson@mit.edu>
Mon, 17 Aug 2009 19:40:48 +0000 (19:40 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 17 Aug 2009 19:40:48 +0000 (19:40 +0000)
Add krb5_context parameters to all kadm5 initialization functions.
This allows extended error information to be retrieved by the caller
when an error is returned.

ticket: 6547

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970

14 files changed:
src/kadmin/cli/kadmin.c
src/kadmin/dbutil/kadm5_create.c
src/kadmin/server/ovsec_kadmd.c
src/kadmin/testing/util/tcl_kadm5.c
src/lib/kadm5/admin.h
src/lib/kadm5/clnt/client_init.c
src/lib/kadm5/srv/server_init.c
src/lib/kadm5/unit-test/destroy-test.c
src/lib/kadm5/unit-test/handle-test.c
src/lib/kadm5/unit-test/init-test.c
src/lib/kadm5/unit-test/iter-test.c
src/lib/kadm5/unit-test/randkey-test.c
src/lib/kadm5/unit-test/setkey-test.c
src/slave/kpropd.c

index fcfe4d94fc643041fedc46964b9951b44cd32d37..814ace35cc34d120ff1427d09eedc2828ca95686 100644 (file)
@@ -479,7 +479,7 @@ char *kadmin_startup(argc, argv)
     if (ccache_name) {
        printf("Authenticating as principal %s with existing credentials.\n",
               princstr);
-       retval = kadm5_init_with_creds(princstr, cc,
+       retval = kadm5_init_with_creds(context, princstr, cc,
                                       svcname,
                                       &params,
                                       KADM5_STRUCT_VERSION,
@@ -493,7 +493,7 @@ char *kadmin_startup(argc, argv)
        else
            printf("Authenticating as principal %s with default keytab.\n",
                   princstr);
-       retval = kadm5_init_with_skey(princstr, keytab_name,
+       retval = kadm5_init_with_skey(context, princstr, keytab_name,
                                      svcname,
                                      &params,
                                      KADM5_STRUCT_VERSION,
@@ -503,7 +503,7 @@ char *kadmin_startup(argc, argv)
     } else {
        printf("Authenticating as principal %s with password.\n",
               princstr);
-       retval = kadm5_init_with_password(princstr, password,
+       retval = kadm5_init_with_password(context, princstr, password,
                                          svcname,
                                          &params,
                                          KADM5_STRUCT_VERSION,
index 894edf364005c3ec5a16a00fa4f03e5b66e8176f..c2196e54b43821587691c5d24385335be90ee0a9 100644 (file)
@@ -106,7 +106,7 @@ int kadm5_create_magic_princs(kadm5_config_params *params,
      retval = krb5_klog_init(context, "admin_server", progname, 0);
      if (retval)
          return retval;
-     if ((retval = kadm5_init(progname, NULL, NULL, params,
+     if ((retval = kadm5_init(context, progname, NULL, NULL, params,
                              KADM5_STRUCT_VERSION,
                              KADM5_API_VERSION_2,
                              db5util_db_args,
index d2451f8ad3d5e6dd4c6907843551f7e9c9595e42..fb42c7bde2bfc6a20e9581a2c7b2539f8c056bdc 100644 (file)
@@ -303,7 +303,7 @@ int main(int argc, char *argv[])
 
      krb5_klog_init(context, "admin_server", whoami, 1);
 
-     if((ret = kadm5_init("kadmind", NULL,
+     if((ret = kadm5_init(context, "kadmind", NULL,
                          NULL, &params,
                          KADM5_STRUCT_VERSION,
                          KADM5_API_VERSION_2,
index 8de05e5e5a796f54d565cc89f08b9896e5d9ddae..15ae99fdde23add5a3de717ecbbce019c696c1d6 100644 (file)
@@ -1600,13 +1600,13 @@ static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData,
               }
          }
 
-         ret = kadm5_init_with_creds(client_name, cc, service_name,
+         ret = kadm5_init_with_creds(context, client_name, cc, service_name,
                                      &params, struct_version,
                                      api_version, NULL, &server_handle); 
          
          (void) krb5_cc_close(context, cc);
      } else
-         ret = kadm5_init(client_name, pass, service_name, &params,
+         ret = kadm5_init(context, client_name, pass, service_name, &params,
                           struct_version, api_version, NULL, &server_handle);
 
      if (ret != KADM5_OK) {
index 33e2728dc0ba506f5f7735c9306a44ff59c65eaf..9c98a0669cc14e1b23ac24fa1db8a4660e311cf8 100644 (file)
@@ -314,14 +314,22 @@ krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
 krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
                                             char *, size_t);
 
-kadm5_ret_t    kadm5_init(char *client_name, char *pass,
-                         char *service_name,
+/*
+ * For all initialization functions, the caller must first initialize
+ * a context with kadm5_init_krb5_context which will survive as long
+ * as the resulting handle.  The caller should free the context with
+ * krb5_free_context.
+ */
+
+kadm5_ret_t    kadm5_init(krb5_context context, char *client_name,
+                         char *pass, char *service_name,
                          kadm5_config_params *params,
                          krb5_ui_4 struct_version,
                          krb5_ui_4 api_version,
                          char **db_args,
                          void **server_handle);
-kadm5_ret_t    kadm5_init_with_password(char *client_name,
+kadm5_ret_t    kadm5_init_with_password(krb5_context context,
+                                       char *client_name,
                                        char *pass, 
                                        char *service_name,
                                        kadm5_config_params *params,
@@ -329,7 +337,8 @@ kadm5_ret_t    kadm5_init_with_password(char *client_name,
                                        krb5_ui_4 api_version,
                                        char **db_args,
                                        void **server_handle);
-kadm5_ret_t    kadm5_init_with_skey(char *client_name,
+kadm5_ret_t    kadm5_init_with_skey(krb5_context context,
+                                   char *client_name,
                                    char *keytab,
                                    char *service_name,
                                    kadm5_config_params *params,
@@ -337,7 +346,8 @@ kadm5_ret_t    kadm5_init_with_skey(char *client_name,
                                    krb5_ui_4 api_version,
                                    char **db_args,
                                    void **server_handle);
-kadm5_ret_t    kadm5_init_with_creds(char *client_name,
+kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
+                                    char *client_name,
                                     krb5_ccache cc,
                                     char *service_name,
                                     kadm5_config_params *params,
index 4ebd1b74f122f80de8eef943cad719544ad7f82a..cc48a8c7462e37cb44ac1e2555d81a84b65819aa 100644 (file)
@@ -60,7 +60,8 @@
 
 enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS };
 
-static kadm5_ret_t _kadm5_init_any(char *client_name,
+static kadm5_ret_t _kadm5_init_any(krb5_context context,
+                                  char *client_name,
                                   enum init_type init_type,
                                   char *pass,
                                   krb5_ccache ccache_in,
@@ -97,7 +98,8 @@ kadm5_rpc_auth(kadm5_server_handle_t handle,
               gss_cred_id_t gss_client_creds,
               gss_name_t gss_target);
 
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
+kadm5_ret_t kadm5_init_with_creds(krb5_context context,
+                                 char *client_name,
                                  krb5_ccache ccache,
                                  char *service_name,
                                  kadm5_config_params *params,
@@ -106,27 +108,27 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
                                  char **db_args,
                                  void **server_handle)
 {
-     return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache,
+     return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache,
                            service_name, params,
                            struct_version, api_version, db_args,
                            server_handle);
 }
 
 
-kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
-                                    char *service_name,
+kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
+                                    char *pass, char *service_name,
                                     kadm5_config_params *params,
                                     krb5_ui_4 struct_version,
                                     krb5_ui_4 api_version,
                                     char **db_args,
                                     void **server_handle)
 {
-     return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
+     return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
                            service_name, params, struct_version,
                            api_version, db_args, server_handle);
 }
 
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
+kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
                       char *service_name, 
                       kadm5_config_params *params,
                       krb5_ui_4 struct_version,
@@ -134,25 +136,25 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                       char **db_args,
                       void **server_handle)
 {
-     return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
+     return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
                            service_name, params, struct_version,
                            api_version, db_args, server_handle);
 }
 
-kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
-                                char *service_name,
+kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
+                                char *keytab, char *service_name,
                                 kadm5_config_params *params,
                                 krb5_ui_4 struct_version,
                                 krb5_ui_4 api_version,
                                 char **db_args,
                                 void **server_handle)
 {
-     return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL,
+     return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL,
                            service_name, params, struct_version,
                            api_version, db_args, server_handle);
 }
 
-static kadm5_ret_t _kadm5_init_any(char *client_name,
+static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name,
                                   enum init_type init_type,
                                   char *pass,
                                   krb5_ccache ccache_in,
@@ -207,7 +209,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
      handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
      handle->lhandle->lhandle = handle->lhandle;
 
-     krb5_init_context(&handle->context);
+     handle->context = context;
 
      if(client_name == NULL) {
        free(handle);
@@ -258,7 +260,6 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
 
      if ((code = kadm5_get_config_params(handle->context, 0,
                                         params_in, &handle->params))) {
-         krb5_free_context(handle->context);
          free(handle);
          return(code);
      }
@@ -268,7 +269,6 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
                         KADM5_CONFIG_KADMIND_PORT) 
 
      if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-         krb5_free_context(handle->context);
          free(handle);
          return KADM5_MISSING_KRB5_CONF_PARAMS;
      }
@@ -792,7 +792,6 @@ kadm5_destroy(void *server_handle)
           free (handle->lhandle);
 
      kadm5_free_config_params(handle->context, &handle->params);
-     krb5_free_context(handle->context);
 
      handle->magic_number = 0;
      free(handle);
index e41eccab26e15648773b9657f62857bd2d87763e..47bc22c4d6f6642df1642bb868749902ed5e319a 100644 (file)
@@ -90,20 +90,21 @@ static void free_db_args(kadm5_server_handle_t handle)
     }
 }
 
-kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
-                                    char *service_name,
+kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
+                                    char *pass, char *service_name,
                                     kadm5_config_params *params,
                                     krb5_ui_4 struct_version,
                                     krb5_ui_4 api_version,
                                     char **db_args,
                                     void **server_handle)
 {
-     return kadm5_init(client_name, pass, service_name, params,
+    return kadm5_init(context, client_name, pass, service_name, params,
                       struct_version, api_version, db_args,
                       server_handle);
 }
 
-kadm5_ret_t kadm5_init_with_creds(char *client_name,
+kadm5_ret_t kadm5_init_with_creds(krb5_context context,
+                                 char *client_name,
                                  krb5_ccache ccache,
                                  char *service_name,
                                  kadm5_config_params *params,
@@ -120,14 +121,14 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
      if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
         params->mkey_from_kbd)
          return KADM5_BAD_SERVER_PARAMS;
-     return kadm5_init(client_name, NULL, service_name, params,
+     return kadm5_init(context, client_name, NULL, service_name, params,
                       struct_version, api_version, db_args,
                       server_handle);
 }
 
 
-kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
-                                char *service_name,
+kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
+                                char *keytab, char *service_name,
                                 kadm5_config_params *params,
                                 krb5_ui_4 struct_version,
                                 krb5_ui_4 api_version,
@@ -142,12 +143,12 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
      if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
         params->mkey_from_kbd)
          return KADM5_BAD_SERVER_PARAMS;
-     return kadm5_init(client_name, NULL, service_name, params,
+     return kadm5_init(context, client_name, NULL, service_name, params,
                       struct_version, api_version, db_args,
                       server_handle);
 }
 
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
+kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
                       char *service_name,
                       kadm5_config_params *params_in,
                       krb5_ui_4 struct_version,
@@ -175,12 +176,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
        return ret;
     }
 
-    ret = (int) krb5int_init_context_kdc(&(handle->context));
-    if (ret) {
-        free_db_args(handle);
-        free(handle);
-        return(ret);
-    }
+    handle->context = context;
 
     initialize_ovk_error_table();
 /*     initialize_adb_error_table(); */
@@ -208,7 +204,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
         expect to see admin_server being set sometimes.  */
 #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
      if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
-         krb5_free_context(handle->context);
          free_db_args(handle);
          free(handle);
          return KADM5_BAD_SERVER_PARAMS;
@@ -218,7 +213,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
      ret = kadm5_get_config_params(handle->context, 1, params_in,
                                       &handle->params);
      if (ret) {
-         krb5_free_context(handle->context);
          free_db_args(handle);
          free(handle);
          return(ret);
@@ -236,7 +230,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                         KADM5_CONFIG_IPROP_PORT)
 
      if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-         krb5_free_context(handle->context);
          free_db_args(handle);
          free(handle);
          return KADM5_MISSING_CONF_PARAMS;
@@ -244,7 +237,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
      if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED
         && handle->params.iprop_enabled) {
         if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) {
-            krb5_free_context(handle->context);
             free_db_args(handle);
             free(handle);
             return KADM5_MISSING_CONF_PARAMS;
@@ -253,7 +245,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
 
      ret = krb5_set_default_realm(handle->context, handle->params.realm);
      if (ret) {
-         krb5_free_context(handle->context);
          free_db_args(handle);
          free(handle);
          return ret;
@@ -262,7 +253,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     ret = krb5_db_open(handle->context, db_args,
                       KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
     if (ret) {
-        krb5_free_context(handle->context);
         free_db_args(handle);
         free(handle);
         return(ret);
@@ -271,7 +261,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     if ((ret = krb5_parse_name(handle->context, client_name,
                               &handle->current_caller))) {
         krb5_db_fini(handle->context);
-        krb5_free_context(handle->context);
         free_db_args(handle);
         free(handle);
         return ret;
@@ -279,7 +268,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
 
     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
         krb5_db_fini(handle->context);
-        krb5_free_context(handle->context);
         free_db_args(handle);
         free(handle);
         return ENOMEM;
@@ -302,7 +290,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                          && handle->params.mkey_from_kbd);
     if (ret) {
        krb5_db_fini(handle->context);
-       krb5_free_context(handle->context);
        free_db_args(handle);
        free(handle);
        return ret;
@@ -311,7 +298,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     ret = kdb_init_hist(handle, handle->params.realm);
     if (ret) {
         krb5_db_fini(handle->context);
-        krb5_free_context(handle->context);
         free_db_args(handle);
         free(handle);
         return ret;
@@ -321,7 +307,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     if (ret) {
         krb5_db_fini(handle->context);
         krb5_free_principal(handle->context, handle->current_caller);
-        krb5_free_context(handle->context);
         free_db_args(handle);
         free(handle);
         return ret;
@@ -344,7 +329,6 @@ kadm5_ret_t kadm5_destroy(void *server_handle)
     krb5_db_fini(handle->context);
     krb5_free_principal(handle->context, handle->current_caller);
     kadm5_free_config_params(handle->context, &handle->params);
-    krb5_free_context(handle->context);
     handle->magic_number = 0;
     free(handle->lhandle);
     free_db_args(handle);
index 26100601a47792986a735fb313fd2dbc3e08221e..e9dd25a3ca9b3066ec9f3801b3a03122c86ed048 100644 (file)
@@ -18,9 +18,15 @@ int main()
      int    x;
      void *server_handle;
      kadm5_server_handle_t handle;
+     krb5_context context;
 
+     ret = kadm5_init_krb5_context(&context);
+     if (ret != 0) {
+        com_err("test", ret, "context init");
+        exit(2);
+     }
      for(x = 0; x < TEST_NUM; x++) {
-       ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+       ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0,
                         KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                         &server_handle);
        if(ret != KADM5_OK) {
index 231d950393c4052b4de955b3f66927563c22e1b2..b5bc82f02cf857050cb9972741c0bb2d72b738e9 100644 (file)
@@ -24,7 +24,7 @@ int main(int argc, char *argv[])
 
     kadm5_init_krb5_context(&context);
      
-    ret = kadm5_init("admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
+    ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                     &server_handle);
     if(ret != KADM5_OK) {
index 8e9ec82841a2ef056874d8336b47133594c27504..8c7527cb938b04d01637ff3dbc55104f88b1e0c9 100644 (file)
@@ -10,10 +10,16 @@ int main()
      kadm5_ret_t ret;
      void *server_handle;
      kadm5_config_params params;
+     krb5_context context;
 
      memset(&params, 0, sizeof(params));
      params.mask |= KADM5_CONFIG_NO_AUTH;
-     ret = kadm5_init("admin", "admin", NULL, &params,
+     ret = kadm5_init_krb5_context(&context);
+     if (ret != 0) {
+        com_err("init-test", ret, "while initializing krb5 context");
+        exit(1);
+     }
+     ret = kadm5_init(context, "admin", "admin", NULL, &params,
                      KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                      &server_handle);
      if (ret == KADM5_RPC_ERROR)
index 36081507b93e690220250a02384d909e3b6535e9..e3e0b746ab0156497f23fc80d4938139eff2b919 100644 (file)
@@ -8,13 +8,19 @@ int main(int argc, char **argv)
      void *server_handle;
      char **names;
      int count, princ, i;
+     krb5_context context;
 
      if (argc != 3) {
          fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]);
          exit(1);
      }
      princ = (strcmp(argv[1], "-princ") == 0);
-     
+
+     ret = kadm5_init_krb5_context(&context);
+     if (ret != KADM5_OK) {
+        com_err("iter-test", ret, "while initializing context");
+        exit(1);
+     }
      ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
                      KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                      &server_handle);
index 12e9e239908119b6f0c55d97ad89f5cfbaaba31d..a9c9d9856ca4d35bb24ea64897a598fb2f0952bd 100644 (file)
@@ -22,7 +22,7 @@ int main()
      kadm5_init_krb5_context(&context);
 
      krb5_parse_name(context, "testuser", &tprinc);
-     ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+     ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
                      KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                      &server_handle);
      if(ret != KADM5_OK) {
index b0dcd0e7e215c534cdfbdd20244b8b69115f732c..27bd7b793aeaa518971176841a593df6d1d1f343 100644 (file)
@@ -118,7 +118,7 @@ main(int argc, char **argv)
        exit(1);
   }
 
-  ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
+  ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
                   KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                   &handle);
   if (ret) {
index cf4715ee24782682eff7e33452e04385cab1f11b..41a940725b61043121a396d463fad4a372362d6a 100644 (file)
@@ -696,7 +696,8 @@ reinit:
        /*
         * Authentication, initialize rpcsec_gss handle etc.
         */
-       retval = kadm5_init_with_skey(iprop_svc_princstr, srvtab,
+       retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr,
+                                     srvtab,
                                      master_svc_princstr,
                                      &params,
                                      KADM5_STRUCT_VERSION,
@@ -1021,7 +1022,7 @@ void PRS(argv)
 
        (void) memset(&params, 0, sizeof (params));
 
-       retval = krb5_init_context(&kpropd_context);
+       retval = kadm5_init_krb5_context(&kpropd_context);
        if (retval) {
                com_err(argv[0], retval, "while initializing krb5");
                exit(1);