From 1b8c72b7ef064eabb37d726e831b4618cb37d2c7 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 17 Aug 2009 19:40:48 +0000 Subject: [PATCH] Modify kadm5 initializers to accept krb5 contexts Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/cli/kadmin.c | 6 ++-- src/kadmin/dbutil/kadm5_create.c | 2 +- src/kadmin/server/ovsec_kadmd.c | 2 +- src/kadmin/testing/util/tcl_kadm5.c | 4 +-- src/lib/kadm5/admin.h | 20 ++++++++++---- src/lib/kadm5/clnt/client_init.c | 31 ++++++++++----------- src/lib/kadm5/srv/server_init.c | 38 ++++++++------------------ src/lib/kadm5/unit-test/destroy-test.c | 8 +++++- src/lib/kadm5/unit-test/handle-test.c | 2 +- src/lib/kadm5/unit-test/init-test.c | 8 +++++- src/lib/kadm5/unit-test/iter-test.c | 8 +++++- src/lib/kadm5/unit-test/randkey-test.c | 2 +- src/lib/kadm5/unit-test/setkey-test.c | 2 +- src/slave/kpropd.c | 5 ++-- 14 files changed, 75 insertions(+), 63 deletions(-) diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index fcfe4d94f..814ace35c 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -479,7 +479,7 @@ char *kadmin_startup(argc, argv) if (ccache_name) { printf("Authenticating as principal %s with existing credentials.\n", princstr); - retval = kadm5_init_with_creds(princstr, cc, + retval = kadm5_init_with_creds(context, princstr, cc, svcname, ¶ms, KADM5_STRUCT_VERSION, @@ -493,7 +493,7 @@ char *kadmin_startup(argc, argv) else printf("Authenticating as principal %s with default keytab.\n", princstr); - retval = kadm5_init_with_skey(princstr, keytab_name, + retval = kadm5_init_with_skey(context, princstr, keytab_name, svcname, ¶ms, KADM5_STRUCT_VERSION, @@ -503,7 +503,7 @@ char *kadmin_startup(argc, argv) } else { printf("Authenticating as principal %s with password.\n", princstr); - retval = kadm5_init_with_password(princstr, password, + retval = kadm5_init_with_password(context, princstr, password, svcname, ¶ms, KADM5_STRUCT_VERSION, diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index 894edf364..c2196e54b 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -106,7 +106,7 @@ int kadm5_create_magic_princs(kadm5_config_params *params, retval = krb5_klog_init(context, "admin_server", progname, 0); if (retval) return retval; - if ((retval = kadm5_init(progname, NULL, NULL, params, + if ((retval = kadm5_init(context, progname, NULL, NULL, params, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, db5util_db_args, diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index d2451f8ad..fb42c7bde 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -303,7 +303,7 @@ int main(int argc, char *argv[]) krb5_klog_init(context, "admin_server", whoami, 1); - if((ret = kadm5_init("kadmind", NULL, + if((ret = kadm5_init(context, "kadmind", NULL, NULL, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index 8de05e5e5..15ae99fdd 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -1600,13 +1600,13 @@ static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData, } } - ret = kadm5_init_with_creds(client_name, cc, service_name, + ret = kadm5_init_with_creds(context, client_name, cc, service_name, ¶ms, struct_version, api_version, NULL, &server_handle); (void) krb5_cc_close(context, cc); } else - ret = kadm5_init(client_name, pass, service_name, ¶ms, + ret = kadm5_init(context, client_name, pass, service_name, ¶ms, struct_version, api_version, NULL, &server_handle); if (ret != KADM5_OK) { diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 33e2728dc..9c98a0669 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -314,14 +314,22 @@ krb5_error_code kadm5_free_realm_params(krb5_context kcontext, krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, char *, size_t); -kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, +/* + * For all initialization functions, the caller must first initialize + * a context with kadm5_init_krb5_context which will survive as long + * as the resulting handle. The caller should free the context with + * krb5_free_context. + */ + +kadm5_ret_t kadm5_init(krb5_context context, char *client_name, + char *pass, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); -kadm5_ret_t kadm5_init_with_password(char *client_name, +kadm5_ret_t kadm5_init_with_password(krb5_context context, + char *client_name, char *pass, char *service_name, kadm5_config_params *params, @@ -329,7 +337,8 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, krb5_ui_4 api_version, char **db_args, void **server_handle); -kadm5_ret_t kadm5_init_with_skey(char *client_name, +kadm5_ret_t kadm5_init_with_skey(krb5_context context, + char *client_name, char *keytab, char *service_name, kadm5_config_params *params, @@ -337,7 +346,8 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, krb5_ui_4 api_version, char **db_args, void **server_handle); -kadm5_ret_t kadm5_init_with_creds(char *client_name, +kadm5_ret_t kadm5_init_with_creds(krb5_context context, + char *client_name, krb5_ccache cc, char *service_name, kadm5_config_params *params, diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index 4ebd1b74f..cc48a8c74 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -60,7 +60,8 @@ enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; -static kadm5_ret_t _kadm5_init_any(char *client_name, +static kadm5_ret_t _kadm5_init_any(krb5_context context, + char *client_name, enum init_type init_type, char *pass, krb5_ccache ccache_in, @@ -97,7 +98,8 @@ kadm5_rpc_auth(kadm5_server_handle_t handle, gss_cred_id_t gss_client_creds, gss_name_t gss_target); -kadm5_ret_t kadm5_init_with_creds(char *client_name, +kadm5_ret_t kadm5_init_with_creds(krb5_context context, + char *client_name, krb5_ccache ccache, char *service_name, kadm5_config_params *params, @@ -106,27 +108,27 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, char **db_args, void **server_handle) { - return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache, + return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache, service_name, params, struct_version, api_version, db_args, server_handle); } -kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, - char *service_name, +kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, + char *pass, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle) { - return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, + return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, api_version, db_args, server_handle); } -kadm5_ret_t kadm5_init(char *client_name, char *pass, +kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, @@ -134,25 +136,25 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, char **db_args, void **server_handle) { - return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, + return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, api_version, db_args, server_handle); } -kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, - char *service_name, +kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name, + char *keytab, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle) { - return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL, + return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL, service_name, params, struct_version, api_version, db_args, server_handle); } -static kadm5_ret_t _kadm5_init_any(char *client_name, +static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name, enum init_type init_type, char *pass, krb5_ccache ccache_in, @@ -207,7 +209,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, handle->lhandle->struct_version = KADM5_STRUCT_VERSION; handle->lhandle->lhandle = handle->lhandle; - krb5_init_context(&handle->context); + handle->context = context; if(client_name == NULL) { free(handle); @@ -258,7 +260,6 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, if ((code = kadm5_get_config_params(handle->context, 0, params_in, &handle->params))) { - krb5_free_context(handle->context); free(handle); return(code); } @@ -268,7 +269,6 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, KADM5_CONFIG_KADMIND_PORT) if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { - krb5_free_context(handle->context); free(handle); return KADM5_MISSING_KRB5_CONF_PARAMS; } @@ -792,7 +792,6 @@ kadm5_destroy(void *server_handle) free (handle->lhandle); kadm5_free_config_params(handle->context, &handle->params); - krb5_free_context(handle->context); handle->magic_number = 0; free(handle); diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index e41eccab2..47bc22c4d 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -90,20 +90,21 @@ static void free_db_args(kadm5_server_handle_t handle) } } -kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, - char *service_name, +kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, + char *pass, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle) { - return kadm5_init(client_name, pass, service_name, params, + return kadm5_init(context, client_name, pass, service_name, params, struct_version, api_version, db_args, server_handle); } -kadm5_ret_t kadm5_init_with_creds(char *client_name, +kadm5_ret_t kadm5_init_with_creds(krb5_context context, + char *client_name, krb5_ccache ccache, char *service_name, kadm5_config_params *params, @@ -120,14 +121,14 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && params->mkey_from_kbd) return KADM5_BAD_SERVER_PARAMS; - return kadm5_init(client_name, NULL, service_name, params, + return kadm5_init(context, client_name, NULL, service_name, params, struct_version, api_version, db_args, server_handle); } -kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, - char *service_name, +kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name, + char *keytab, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, @@ -142,12 +143,12 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && params->mkey_from_kbd) return KADM5_BAD_SERVER_PARAMS; - return kadm5_init(client_name, NULL, service_name, params, + return kadm5_init(context, client_name, NULL, service_name, params, struct_version, api_version, db_args, server_handle); } -kadm5_ret_t kadm5_init(char *client_name, char *pass, +kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, char *service_name, kadm5_config_params *params_in, krb5_ui_4 struct_version, @@ -175,12 +176,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ret; } - ret = (int) krb5int_init_context_kdc(&(handle->context)); - if (ret) { - free_db_args(handle); - free(handle); - return(ret); - } + handle->context = context; initialize_ovk_error_table(); /* initialize_adb_error_table(); */ @@ -208,7 +204,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, expect to see admin_server being set sometimes. */ #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER) if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { - krb5_free_context(handle->context); free_db_args(handle); free(handle); return KADM5_BAD_SERVER_PARAMS; @@ -218,7 +213,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, ret = kadm5_get_config_params(handle->context, 1, params_in, &handle->params); if (ret) { - krb5_free_context(handle->context); free_db_args(handle); free(handle); return(ret); @@ -236,7 +230,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, KADM5_CONFIG_IPROP_PORT) if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { - krb5_free_context(handle->context); free_db_args(handle); free(handle); return KADM5_MISSING_CONF_PARAMS; @@ -244,7 +237,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED && handle->params.iprop_enabled) { if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) { - krb5_free_context(handle->context); free_db_args(handle); free(handle); return KADM5_MISSING_CONF_PARAMS; @@ -253,7 +245,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, ret = krb5_set_default_realm(handle->context, handle->params.realm); if (ret) { - krb5_free_context(handle->context); free_db_args(handle); free(handle); return ret; @@ -262,7 +253,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); if (ret) { - krb5_free_context(handle->context); free_db_args(handle); free(handle); return(ret); @@ -271,7 +261,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if ((ret = krb5_parse_name(handle->context, client_name, &handle->current_caller))) { krb5_db_fini(handle->context); - krb5_free_context(handle->context); free_db_args(handle); free(handle); return ret; @@ -279,7 +268,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (! (handle->lhandle = malloc(sizeof(*handle)))) { krb5_db_fini(handle->context); - krb5_free_context(handle->context); free_db_args(handle); free(handle); return ENOMEM; @@ -302,7 +290,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, && handle->params.mkey_from_kbd); if (ret) { krb5_db_fini(handle->context); - krb5_free_context(handle->context); free_db_args(handle); free(handle); return ret; @@ -311,7 +298,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, ret = kdb_init_hist(handle, handle->params.realm); if (ret) { krb5_db_fini(handle->context); - krb5_free_context(handle->context); free_db_args(handle); free(handle); return ret; @@ -321,7 +307,6 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (ret) { krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); - krb5_free_context(handle->context); free_db_args(handle); free(handle); return ret; @@ -344,7 +329,6 @@ kadm5_ret_t kadm5_destroy(void *server_handle) krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); kadm5_free_config_params(handle->context, &handle->params); - krb5_free_context(handle->context); handle->magic_number = 0; free(handle->lhandle); free_db_args(handle); diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c index 26100601a..e9dd25a3c 100644 --- a/src/lib/kadm5/unit-test/destroy-test.c +++ b/src/lib/kadm5/unit-test/destroy-test.c @@ -18,9 +18,15 @@ int main() int x; void *server_handle; kadm5_server_handle_t handle; + krb5_context context; + ret = kadm5_init_krb5_context(&context); + if (ret != 0) { + com_err("test", ret, "context init"); + exit(2); + } for(x = 0; x < TEST_NUM; x++) { - ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0, + ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); if(ret != KADM5_OK) { diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c index 231d95039..b5bc82f02 100644 --- a/src/lib/kadm5/unit-test/handle-test.c +++ b/src/lib/kadm5/unit-test/handle-test.c @@ -24,7 +24,7 @@ int main(int argc, char *argv[]) kadm5_init_krb5_context(&context); - ret = kadm5_init("admin/none", "admin", KADM5_ADMIN_SERVICE, NULL, + ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); if(ret != KADM5_OK) { diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c index 8e9ec8284..8c7527cb9 100644 --- a/src/lib/kadm5/unit-test/init-test.c +++ b/src/lib/kadm5/unit-test/init-test.c @@ -10,10 +10,16 @@ int main() kadm5_ret_t ret; void *server_handle; kadm5_config_params params; + krb5_context context; memset(¶ms, 0, sizeof(params)); params.mask |= KADM5_CONFIG_NO_AUTH; - ret = kadm5_init("admin", "admin", NULL, ¶ms, + ret = kadm5_init_krb5_context(&context); + if (ret != 0) { + com_err("init-test", ret, "while initializing krb5 context"); + exit(1); + } + ret = kadm5_init(context, "admin", "admin", NULL, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); if (ret == KADM5_RPC_ERROR) diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c index 36081507b..e3e0b746a 100644 --- a/src/lib/kadm5/unit-test/iter-test.c +++ b/src/lib/kadm5/unit-test/iter-test.c @@ -8,13 +8,19 @@ int main(int argc, char **argv) void *server_handle; char **names; int count, princ, i; + krb5_context context; if (argc != 3) { fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]); exit(1); } princ = (strcmp(argv[1], "-princ") == 0); - + + ret = kadm5_init_krb5_context(&context); + if (ret != KADM5_OK) { + com_err("iter-test", ret, "while initializing context"); + exit(1); + } ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c index 12e9e2399..a9c9d9856 100644 --- a/src/lib/kadm5/unit-test/randkey-test.c +++ b/src/lib/kadm5/unit-test/randkey-test.c @@ -22,7 +22,7 @@ int main() kadm5_init_krb5_context(&context); krb5_parse_name(context, "testuser", &tprinc); - ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, NULL, + ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); if(ret != KADM5_OK) { diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c index b0dcd0e7e..27bd7b793 100644 --- a/src/lib/kadm5/unit-test/setkey-test.c +++ b/src/lib/kadm5/unit-test/setkey-test.c @@ -118,7 +118,7 @@ main(int argc, char **argv) exit(1); } - ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, + ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &handle); if (ret) { diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index cf4715ee2..41a940725 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -696,7 +696,8 @@ reinit: /* * Authentication, initialize rpcsec_gss handle etc. */ - retval = kadm5_init_with_skey(iprop_svc_princstr, srvtab, + retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr, + srvtab, master_svc_princstr, ¶ms, KADM5_STRUCT_VERSION, @@ -1021,7 +1022,7 @@ void PRS(argv) (void) memset(¶ms, 0, sizeof (params)); - retval = krb5_init_context(&kpropd_context); + retval = kadm5_init_krb5_context(&kpropd_context); if (retval) { com_err(argv[0], retval, "while initializing krb5"); exit(1); -- 2.26.2