From f2004cdbca0cb79dc15ad3b91fc375c1dd687608 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 20 Jul 2011 19:14:34 +0000 Subject: [PATCH] Add krb5_init_context_profile API ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25026 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 3 ++- src/include/krb5/krb5.hin | 23 +++++++++++++++++++++ src/lib/krb5/krb/init_ctx.c | 39 ++++++++++++++++++----------------- src/lib/krb5/libkrb5.exports | 1 + src/lib/krb5/os/init_os_ctx.c | 8 +++++-- src/lib/krb5_32.def | 1 + 6 files changed, 53 insertions(+), 22 deletions(-) diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 76993f397..a4ac496c2 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -606,7 +606,8 @@ krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp); krb5_error_code krb5int_init_context_kdc(krb5_context *); -krb5_error_code krb5_os_init_context(krb5_context, krb5_boolean); +krb5_error_code krb5_os_init_context(krb5_context context, profile_t profile, + krb5_flags flags); void krb5_os_free_context(krb5_context); diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index c6a1ba2a4..21698fe06 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2695,6 +2695,9 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, * begin "func-proto.h" */ +#define KRB5_INIT_CONTEXT_SECURE 0x1 /** Use secure context configuration */ +#define KRB5_INIT_CONTEXT_KDC 0x2 /** Use KDC configuration if available */ + /** * Create a krb5 library context. * @@ -2734,6 +2737,26 @@ krb5_init_context(krb5_context *context); krb5_error_code KRB5_CALLCONV krb5_init_secure_context(krb5_context *context); +/** + * Create a krb5 library context using a specified profile. + * + * @param [in] profile Profile object (NULL to create default profile) + * @param [in] flags Context initialization flags + * @param [out] context Library context + * + * Create a context structure, optionally using a specified profile and + * initialization flags. If @a profile is NULL, the default profile will be + * created from config files. If @a profile is non-null, a copy of it will be + * made for the new context; the caller should still clean up its copy. Valid + * flag values are: + * + * @li @c KRB5_INIT_CONTEXT_SECURE Ignore environment variables + * @li @c KRB5_INIT_CONTEXT_KDC Use KDC configuration if creating profile + */ +krb5_error_code KRB5_CALLCONV +krb5_init_context_profile(struct _profile_t *profile, krb5_flags flags, + krb5_context *context); + /** * Free a krb5 library context. * diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index c5bac1330..048f72340 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -72,17 +72,11 @@ extern krb5_error_code krb5_vercheck(); extern void krb5_win_ccdll_load(krb5_context context); #endif -static krb5_error_code init_common (krb5_context *, krb5_boolean, krb5_boolean); +static krb5_error_code init_common(profile_t profile, krb5_flags flags, + krb5_context *context_out); krb5_error_code KRB5_CALLCONV krb5_init_context(krb5_context *context) -{ - - return init_common (context, FALSE, FALSE); -} - -krb5_error_code KRB5_CALLCONV -krb5_init_secure_context(krb5_context *context) { /* * This is rather silly, but should improve our chances of @@ -95,19 +89,26 @@ krb5_init_secure_context(krb5_context *context) * If someday we grow an API to actually return the string, we can * get rid of this silliness. */ - int my_false = (krb5_brand[0] == 0); + int my_zero = (krb5_brand[0] == 0); + + return krb5_init_context_profile(NULL, my_zero, context); +} - return init_common(context, TRUE, my_false); +krb5_error_code KRB5_CALLCONV +krb5_init_secure_context(krb5_context *context) +{ + return krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_SECURE, context); } krb5_error_code krb5int_init_context_kdc(krb5_context *context) { - return init_common (context, FALSE, TRUE); + return krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, context); } -static krb5_error_code -init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) +krb5_error_code +krb5_init_context_profile(profile_t profile, krb5_flags flags, + krb5_context *context_out) { krb5_context ctx = 0; krb5_error_code retval; @@ -145,7 +146,7 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) * The context being NULL is ok. */ krb5_win_ccdll_load(ctx); - +p /* * krb5_vercheck() is defined in win_glue.c, and this is * where we handle the timebomb and version server checks. @@ -155,16 +156,16 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) return retval; #endif - *context = 0; + *context_out = NULL; ctx = calloc(1, sizeof(struct _krb5_context)); if (!ctx) return ENOMEM; ctx->magic = KV5M_CONTEXT; - ctx->profile_secure = secure; + ctx->profile_secure = (flags & KRB5_INIT_CONTEXT_SECURE) != 0; - if ((retval = krb5_os_init_context(ctx, kdc))) + if ((retval = krb5_os_init_context(ctx, profile, flags)) != 0) goto cleanup; retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, @@ -254,10 +255,10 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) ctx->udp_pref_limit = -1; ctx->trace_callback = NULL; #ifndef DISABLE_TRACING - if (!secure) + if (!ctx->profile_secure) krb5int_init_trace(ctx); #endif - *context = ctx; + *context_out = ctx; return 0; cleanup: diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index edc4b1fc5..20bb6803d 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -385,6 +385,7 @@ krb5_get_tgs_ktypes krb5_get_time_offsets krb5_get_validated_creds krb5_init_context +krb5_init_context_profile krb5_init_creds_free krb5_init_creds_get krb5_init_creds_get_creds diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 98b8ae230..1ed1bc0df 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -358,7 +358,7 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc) } krb5_error_code -krb5_os_init_context(krb5_context ctx, krb5_boolean kdc) +krb5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags) { krb5_os_context os_ctx; krb5_error_code retval = 0; @@ -378,7 +378,11 @@ krb5_os_init_context(krb5_context ctx, krb5_boolean kdc) PLUGIN_DIR_INIT(&ctx->libkrb5_plugins); ctx->preauth_context = NULL; - retval = os_init_paths(ctx, kdc); + /* Use the profile we were handed, or create one from config files. */ + if (profile) + retval = profile_copy(profile, &ctx->profile); + else + retval = os_init_paths(ctx, (flags & KRB5_INIT_CONTEXT_KDC) != 0); if (retval) return retval; diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 032faf759..6ba6368a3 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -409,3 +409,4 @@ EXPORTS ; new in 1.10 krb5_sname_match @384 k5_kt_get_principal @385 ; PRIVATE GSSAPI + krb5_init_context @386 -- 2.26.2