From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 22 Dec 2007 03:12:50 +0000 (+0000)
Subject: Wrap krb5_db_get_principal function with get_principal (which will
X-Git-Tag: krb5-1.7-alpha1~756
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8787ba66c68dd2388b712ada600f2689c13c401c;p=krb5.git

Wrap krb5_db_get_principal function with get_principal (which will
eventually release the global lock and reacquire it) and
get_principal_locked (which will retain the global lock), and change
callers to use the wrappers, so we can simplify some ugliness at the call
sites.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20195 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index afc7d5210..4c2a09b95 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -1,7 +1,7 @@
 /*
  * kdc/do_as_req.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -118,8 +118,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     limit_string(sname);
     
     c_nprincs = 1;
-    if ((errcode = krb5_db_get_principal(kdc_context, request->client,
-					 &client, &c_nprincs, &more))) {
+    if ((errcode = get_principal(kdc_context, request->client,
+				 &client, &c_nprincs, &more))) {
 	status = "LOOKING_UP_CLIENT";
 	c_nprincs = 0;
 	goto errout;
@@ -139,8 +139,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     }
     
     s_nprincs = 1;
-    if ((errcode = krb5_db_get_principal(kdc_context, request->server, &server,
-					 &s_nprincs, &more))) {
+    if ((errcode = get_principal(kdc_context, request->server, &server,
+				 &s_nprincs, &more))) {
 	status = "LOOKING_UP_SERVER";
 	goto errout;
     }
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index ef1fab01f..0b263d0dc 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -150,8 +150,8 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
        header? */
 
     nprincs = 1;
-    if ((errcode = krb5_db_get_principal(kdc_context, request->server, &server,
-					&nprincs, &more))) {
+    if ((errcode = get_principal(kdc_context, request->server, &server,
+				 &nprincs, &more))) {
 	status = "LOOKING_UP_SERVER";
 	nprincs = 0;
 	goto cleanup;
@@ -796,7 +796,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
 	tmp = *krb5_princ_realm(kdc_context, *pl2);
 	krb5_princ_set_realm(kdc_context, *pl2, 
 			     krb5_princ_realm(kdc_context, tgs_server));
-	retval = krb5_db_get_principal(kdc_context, *pl2, server, nprincs, more);
+	retval = get_principal(kdc_context, *pl2, server, nprincs, more);
 	krb5_princ_set_realm(kdc_context, *pl2, &tmp);
 	if (retval) {
 	    *nprincs = 0;
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 13a450e43..67764b22e 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1,7 +1,7 @@
 /*
  * kdc/kdc_preauth.c
  *
- * Copyright 1995, 2003 by the Massachusetts Institute of Technology.
+ * Copyright 1995, 2003, 2007 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -1892,7 +1892,7 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request,
 	krb5_princ_component(kdc_context,newp,probeslot)->length = 
 	  strlen(sam_ptr->name);
 	npr = 1;
-	retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more);
+	retval = get_principal(kdc_context, newp, &assoc, &npr, &more);
 	if(!retval && npr) {
 	  sc.sam_type = sam_ptr->sam_type;
 	  break;
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 82154d6cd..869eb1896 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -384,9 +384,9 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno)
 
     nprincs = 1;
 
-    if ((retval = krb5_db_get_principal(kdc_context, ticket->server,
-					&server, &nprincs,
-					&more))) {
+    if ((retval = get_principal(kdc_context, ticket->server,
+				&server, &nprincs,
+				&more))) {
 	return(retval);
     }
     if (more) {
@@ -1578,3 +1578,24 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep)
     strcat(s, "}");
     return;
 }
+
+krb5_error_code
+get_principal_locked (krb5_context kcontext,
+		      krb5_const_principal search_for,
+		      krb5_db_entry *entries, int *nentries,
+		      krb5_boolean *more)
+{
+    return krb5_db_get_principal (kcontext, search_for, entries, nentries,
+				  more);
+}
+
+krb5_error_code
+get_principal (krb5_context kcontext,
+	       krb5_const_principal search_for,
+	       krb5_db_entry *entries, int *nentries, krb5_boolean *more)
+{
+    /* Eventually this will be used to manage locking while looking up
+       principals in the database.  */
+    return get_principal_locked (kcontext, search_for, entries, nentries,
+				 more);
+}
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index 61dc5672b..e3982254c 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -1,7 +1,7 @@
 /*
  * kdc/kdc_util.h
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -168,6 +168,17 @@ krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
 void kdc_insert_lookaside (krb5_data *, krb5_data *);
 void kdc_free_lookaside(krb5_context);
 
+/* kdc_util.c */
+krb5_error_code
+get_principal_locked (krb5_context kcontext,
+		      krb5_const_principal search_for,
+		      krb5_db_entry *entries, int *nentries,
+		      krb5_boolean *more);
+krb5_error_code
+get_principal (krb5_context kcontext,
+	       krb5_const_principal search_for,
+	       krb5_db_entry *entries, int *nentries, krb5_boolean *more);
+
 #define isflagset(flagfield, flag) (flagfield & (flag))
 #define setflag(flagfield, flag) (flagfield |= (flag))
 #define clear(flagfield, flag) (flagfield &= ~(flag))
diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c
index 2d4f815b7..189cf7396 100644
--- a/src/kdc/kerberos_v4.c
+++ b/src/kdc/kerberos_v4.c
@@ -441,8 +441,10 @@ kerb_get_principal(char *name, char *inst, /* could have wild cards */
 					  local_realm, &search)))
 	return(0);
 
-    if ((retval = krb5_db_get_principal(kdc_context, search, &entries, 
-					&nprinc, &more5))) {
+    /* The krb4 support in the KDC is not thread-safe yet, so maintain
+       the global lock until that gets fixed.  */
+    if ((retval = get_principal_locked(kdc_context, search, &entries, 
+				       &nprinc, &more5))) {
         krb5_free_principal(kdc_context, search);
         return(0);
     }