* lib/kadm5/alt_prof.c (kadm5_get_config_params): Replace filename and

envvar arguments with a flag indicating whether KDC config data should
be used.  Prototype and all callers changed.
(krb5_read_realm_params): Delete config file and env var arguments.
Prototype and all callers changed.

* lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out.
(struct _kadm5_config_params): Delete field PROFILE.
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it.
(kadm5_free_config_params): Don't free it.
* kadmin/testing/tcl/util.t: Remove profile data from config params.
* kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted
KADM5_CONFIG_PROFILE entry.
(parse_config_params): Changed to require 20 parameters instead of 21.
* lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted.

* lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from
the library and add the caller-indicated config file to the front of the list.

* lib/kadm5/clnt/client_init.c (kadm5_init_krb5_context): New function.
* lib/kadm5/clnt/libkadm5clnt.exports: Export it.
* lib/kadm5/srv/server_init.c: Include k5-int.h, osconf.h, gssapiP_krb5.h.
(kadm5_init_krb5_context): New function.
* lib/kadm5/srv/libkadm5srv.exports: Export it.
* lib/kadm5/srv/Makefile.in (LOCAL_INCLUDES): Add gssapi directories.
* lib/kadm5/admin.h (kadm5_init_krb5_context): Declare it.
* kadmin/dbutil/kdb5_destroy.c (kdb5_destroy): Call kadm5_init_krb5_context
instead of krb5_init_context.
* kadmin/dbutil/dump.c (load_db): Likewise.
* kadmin/dbutil/kdb5_util.c (main): Likewise.
* kadmin/dbutil/kadm5_create.c (kadm5_create): Likewise.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Likewise.
* kadmin/dbutil/loadv4.c (load_v4db): Likewise.
* kadmin/server/ovsec_kadmd.c (main): Likewise.
* kadmin/cli/kadmin.c (kadmin_startup): Likewise.
* kadmin/testing/util/tcl_ovsec_kadm.c (tcl_ovsec_kadm_init): Likewise.
* lib/kadm5/unit-test/lock-test.c (main): Likewise.
* lib/kadm5/unit-test/handle-test.c (main): Likewise.
* lib/kadm5/unit-test/randkey-test.c (main): Likewise.
* lib/kadm5/unit-test/setkey-test.c (main): Likewise.
* lib/kadm5/chpass_util.c (_kadm5_chpass_principal_util): Likewise.
* lib/kadm5/kadm_rpc_xdr.c (xdr_krb5_principal): Likewise.

* lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function.
(os_init_paths): Add new argument KDC; call add_kdc_config_file if true.
* lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function.
(init_common): Add new argument KDC, passed to krb5_os_init_context.
* lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc.
* k5-int.h (krb5_os_init_context): Update decl.
* lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc.
* krb524/krb524d.c (main): Likewise.
* lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for
$KRB5_KDC_PROFILE file not present.

* lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so
as not to confuse Emacs indentation support.

* lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New
variables.
(krb5_gss_init_context, krb5_gss_use_kdc_context): New functions.
* lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare.
(krb5_gss_init_context, krb5_gss_use_kdc_context): Declare.
(krb5_init_context): Define as macro to invoke krb5_gss_init_context for now.
* lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex.
(gssint_lib_fini): Destroy it.
* lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context.

* lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files
specify an admin server, since we now look at krb5.conf as well.
* lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server
params.

* plugins/kdb/db2/adb_openclose.c (osa_adb_init_db): Use
krb5int_init_context_kdc instead of krb5_init_context.
* kdc/rtest.c (main): Likewise.
* kdc/fakeka.c (main): Likewise.
* kdc/main.c (main, init_realm): Likewise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18009 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/include/adm_proto.h b/src/include/adm_proto.h
index 65b116bc4a2909c7b181c711d336886f94d578e0..2202ae72ba94c3fa716b3bf359d72e5f55820d16 100644 (file)
--- a/src/include/adm_proto.h
+++ b/src/include/adm_proto.h
@@ -85,8 +85,6 @@ krb5_error_code krb5_aprof_get_int32
 krb5_error_code krb5_aprof_finish (krb5_pointer);
 
 krb5_error_code krb5_read_realm_params (krb5_context,
-                                       char *,
-                                       char *,
                                        char *,
                                        krb5_realm_params **);
 krb5_error_code krb5_free_realm_params (krb5_context,

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index eaf99322f0d60eb5696c5e5d7a90ec811aaac881..da7c3ae09c23f950df80f27132aa7fab0e0dfe23 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -503,7 +503,7 @@ krb5_error_code krb5_sync_disk_file (krb5_context, FILE *fp);
 
 krb5_error_code krb5int_get_fq_local_hostname (char *, size_t);
 
-krb5_error_code krb5_os_init_context (krb5_context);
+krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
 
 void krb5_os_free_context (krb5_context);
 

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index b24b98ed1382ed5cc6ba925563af75139f663d3b..0b134201560e08df473fde66bfc15c3516968980 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -205,16 +205,15 @@ char *kadmin_startup(argc, argv)
 
     memset((char *) &params, 0, sizeof(params));
     
-    retval = krb5_init_context(&context);
-
     if (strcmp (whoami, "kadmin.local") == 0)
        set_com_err_hook(extended_com_err_fn);
 
+    retval = kadm5_init_krb5_context(&context);
     if (retval) {
         com_err(whoami, retval, "while initializing krb5 library");
         exit(1);
     }
-                    
+
     while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
        switch (optchar) {
        case 'x':

diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index 058dd544054f8a0cdb7c8bfe2577b07f3466ee2d..2ce811d0b5a9e053968044938e51a3c521e23e4d 100644 (file)
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -2158,7 +2158,7 @@ load_db(argc, argv)
     /*
      * Initialize the Kerberos context and error tables.
      */
-    if ((kret = krb5_init_context(&kcontext))) {
+    if ((kret = kadm5_init_krb5_context(&kcontext))) {
        fprintf(stderr, ctx_err_fmt, programname);
        free(dbname_tmp);
        exit_status++;
@@ -2242,7 +2242,7 @@ load_db(argc, argv)
         newparams.mask |= KADM5_CONFIG_DBNAME;
         newparams.dbname = dbname_tmp;
 
-        if ((kret = kadm5_get_config_params(kcontext, NULL, NULL,
+        if ((kret = kadm5_get_config_params(kcontext, 1,
                                             &newparams, &newparams))) {
              com_err(argv[0], kret,
                      "while retreiving new configuration parameters");

diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index fe68a02122f79b327d685b73f72c3500c2bdf913..878300a6def5b5b849edd4b768a8e516b4c34ab8 100644 (file)
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -73,14 +73,14 @@ int kadm5_create(kadm5_config_params *params)
 
      kadm5_config_params lparams;
 
-     if ((retval = krb5_init_context(&context)))
+     if ((retval = kadm5_init_krb5_context(&context)))
          exit(ERR);
 
      /*
       * The lock file has to exist before calling kadm5_init, but
       * params->admin_lockfile may not be set yet...
       */
-     if ((retval = kadm5_get_config_params(context, NULL, NULL,
+     if ((retval = kadm5_get_config_params(context, 1,
                                           params, &lparams))) {
          com_err(progname, retval, "while looking up the Kerberos configuration");
          return 1;

diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c
index 2f5f376cd7fe29cef475bc1c060562a888be8865..22b75eef68dd1a6a87c00462da0be86ef4398e23 100644 (file)
--- a/src/kadmin/dbutil/kdb5_destroy.c
+++ b/src/kadmin/dbutil/kdb5_destroy.c
@@ -57,7 +57,7 @@ kdb5_destroy(argc, argv)
     krb5_context context;
     int force = 0;
 
-    retval1 = krb5_init_context(&context);
+    retval1 = kadm5_init_krb5_context(&context);
     if( retval1 )
     {
        com_err(argv[0], retval1, "while initializing krb5_context");

diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c
index 884fa045c8ba6fb8d004deff365698e8e95ac7cc..7e8fd3e8b04285a27fb6d08e023a8f8eb08300ed 100644 (file)
--- a/src/kadmin/dbutil/kdb5_stash.c
+++ b/src/kadmin/dbutil/kdb5_stash.c
@@ -85,7 +85,7 @@ kdb5_stash(argc, argv)
     if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;
 
-    retval = krb5_init_context(&context);
+    retval = kadm5_init_krb5_context(&context);
     if( retval )
     {
        com_err(argv[0], retval, "while initializing krb5_context");

diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index 0b1a4d0eba2d10026560a27e7a870607c8a8ac41..0e308e54ecb9e310f47a500b3e3911cdc2925538 100644 (file)
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -166,8 +166,9 @@ int main(argc, argv)
     int cmd_argc;
     krb5_error_code retval;
 
-    retval = krb5_init_context(&util_context);
     set_com_err_hook(extended_com_err_fn);
+
+    retval = kadm5_init_krb5_context(&util_context);
     if (retval) {
            com_err (progname, retval, "while initializing Kerberos code");
            exit(1);
@@ -284,7 +285,7 @@ int main(argc, argv)
        util_context->default_realm = temp;
     }
 
-    retval = kadm5_get_config_params(util_context, NULL, NULL,
+    retval = kadm5_get_config_params(util_context, 1,
                                     &global_params, &global_params);
     if (retval) {
         com_err(argv[0], retval, "while retreiving configuration parameters");

diff --git a/src/kadmin/dbutil/loadv4.c b/src/kadmin/dbutil/loadv4.c
index 672db584bbe72a1d4c0ffa26bfd4ce27d2957f47..6149e81d89f9fc9c87ff17aadac0fea31a89ac66 100644 (file)
--- a/src/kadmin/dbutil/loadv4.c
+++ b/src/kadmin/dbutil/loadv4.c
@@ -180,7 +180,7 @@ load_v4db(argc, argv)
     krb5_int32 crflags = KRB5_KDB_CREATE_BTREE;
     krb5_data seed;
 
-    retval = krb5_init_context(&context);
+    retval = kadm5_init_krb5_context(&context);
     if (retval) {
        fprintf(stderr, "%s: Could not initialize krb5 context.\n", PROGNAME);
        return;

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 6950ff1a7fb940f089b0ff0b491f4cd197f72bcc..6ebe3ee76fdac78ef3e83fcee8a02f7ae959987b 100644 (file)
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -229,7 +229,7 @@ int main(int argc, char *argv[])
             display_status("str_to_oid", major_status, minor_status);
             exit(1);
      }
-     
+
      names[0].name = names[1].name = names[2].name = names[3].name = NULL;
      names[0].type = names[1].type = names[2].type = names[3].type =
             nt_krb5_name_oid;
@@ -293,7 +293,7 @@ int main(int argc, char *argv[])
      if (argc != 0)
          usage();
 
-     if ((ret = krb5_init_context(&context))) {
+     if ((ret = kadm5_init_krb5_context(&context))) {
          fprintf(stderr, "%s: %s while initializing context, aborting\n",
                  whoami, error_message(ret));
          exit(1);
@@ -301,11 +301,11 @@ int main(int argc, char *argv[])
 
      krb5_klog_init(context, "admin_server", whoami, 1);
 
-
      krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
           ret = krb5_c_random_os_entropy(context, 1, NULL);
          if(ret) {
-           krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
+           krb5_klog_syslog(LOG_ERR,
+                            "Error getting random seed: %s, aborting",
                             krb5_get_error_message (context, ret));
            exit(1);
          }
@@ -330,7 +330,7 @@ int main(int argc, char *argv[])
         free(db_args), db_args=NULL;
      }
      
-     if ((ret = kadm5_get_config_params(context, NULL, NULL, &params,
+     if ((ret = kadm5_get_config_params(context, 1, &params,
                                        &params))) {
          const char *e_txt = krb5_get_error_message (context, ret);
          krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting",

diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
index 9fe7ec1245ba96a55a1542620c3a2f40c4b10728..c2648d6c67e7ef9bc06284a08491038990ca233e 100644 (file)
--- a/src/kadmin/testing/proto/krb5.conf.proto
+++ b/src/kadmin/testing/proto/krb5.conf.proto
@@ -7,7 +7,6 @@
        __REALM__ = {
                kdc = __KDCHOST__:1750
                admin_server = __KDCHOST__:1751
-# THIS SHOULD BE IN KDC.CONF INSTEAD!
                database_module = foobar_db2_module_blah
        }
 

diff --git a/src/kadmin/testing/tcl/util.t b/src/kadmin/testing/tcl/util.t
index f4688aeee35249e3b5533a1f51893e63562d45ed..0e39061f7763e1d726b0ed7b91de55055262f87d 100644 (file)
--- a/src/kadmin/testing/tcl/util.t
+++ b/src/kadmin/testing/tcl/util.t
@@ -15,42 +15,41 @@ proc config_params {masks values} {
        error "config_params: length of mask and values differ"
     }
 
-    set params [list $masks 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 {}]
+    set params [list $masks 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 {}]
     for {set i 0} {$i < [llength $masks]} {incr i} {
        set mask [lindex $masks $i]
        set value [lindex $values $i]
        switch -glob -- $mask {
            "KADM5_CONFIG_REALM" {set params [lreplace $params 1 1 $value]}
-           "KADM5_CONFIG_PROFILE" {set params [lreplace $params 2 2 $value]}
            "KADM5_CONFIG_KADMIND_PORT" {
-               set params [lreplace $params 3 3 $value]}
+               set params [lreplace $params 2 2 $value]}
            "KADM5_CONFIG_ADMIN_SERVER" {
-               set params [lreplace $params 4 4 $value]}
-           "KADM5_CONFIG_DBNAME" {set params [lreplace $params 5 5 $value]}
-           "KADM5_CONFIG_ADBNAME" {set params [lreplace $params 6 6 $value]}
+               set params [lreplace $params 3 3 $value]}
+           "KADM5_CONFIG_DBNAME" {set params [lreplace $params 4 4 $value]}
+           "KADM5_CONFIG_ADBNAME" {set params [lreplace $params 5 5 $value]}
            "KADM5_CONFIG_ADB_LOCKFILE" {
-               set params [lreplace $params 7 7 $value]}
+               set params [lreplace $params 6 6 $value]}
            "KADM5_CONFIG_ADMIN_KEYTAB" {
-               set params [lreplace $params 8 8 $value]}
-           "KADM5_CONFIG_ACL_FILE" {set params [lreplace $params 9 9 $value]}
+               set params [lreplace $params 7 7 $value]}
+           "KADM5_CONFIG_ACL_FILE" {set params [lreplace $params 8 8 $value]}
            "KADM5_CONFIG_DICT_FILE" {
-               set params [lreplace $params 10 10 $value]}
+               set params [lreplace $params 9 9 $value]}
            "KADM5_CONFIG_MKEY_FROM_KBD" {
-               set params [lreplace $params 11 11 $value]}
+               set params [lreplace $params 10 10 $value]}
            "KADM5_CONFIG_STASH_FILE" {
-               set params [lreplace $params 12 12 $value]}
+               set params [lreplace $params 11 11 $value]}
            "KADM5_CONFIG_MKEY_NAME" {
-               set params [lreplace $params 13 13 $value]}
-           "KADM5_CONFIG_ENCTYPE" {set params [lreplace $params 14 14 $value]}
+               set params [lreplace $params 12 12 $value]}
+           "KADM5_CONFIG_ENCTYPE" {set params [lreplace $params 13 13 $value]}
            "KADM5_CONFIG_MAX_LIFE" {
-               set params [lreplace $params 15 15 $value]}
+               set params [lreplace $params 14 14 $value]}
            "KADM5_CONFIG_MAX_RLIFE" {
-               set params [lreplace $params 16 16 $value]}
+               set params [lreplace $params 15 15 $value]}
            "KADM5_CONFIG_EXPIRATION" {
-               set params [lreplace $params 17 17 $value]}
-           "KADM5_CONFIG_FLAGS" {set params [lreplace $params 18 18 $value]}
+               set params [lreplace $params 16 16 $value]}
+           "KADM5_CONFIG_FLAGS" {set params [lreplace $params 17 17 $value]}
            "KADM5_CONFIG_ENCTYPES" {
-               set params [lreplace $params 19 20 [llength $value] $value]}
+               set params [lreplace $params 18 19 [llength $value] $value]}
            "*" {error "config_params: unknown mask $mask"}
        }
     }

diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c
index e177d7b7d98148d0db5a1a98d5b47546e42c55f7..fb6466db2f18ed3015ee21004b97255b5dd11acc 100644 (file)
--- a/src/kadmin/testing/util/tcl_kadm5.c
+++ b/src/kadmin/testing/util/tcl_kadm5.c
@@ -87,7 +87,6 @@ static struct flagval config_mask_flags[] = {
      {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE},
      {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME},
      {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE},
-     {"KADM5_CONFIG_PROFILE", KADM5_CONFIG_PROFILE},
      {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE},
      {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT},
      {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES},
@@ -994,9 +993,9 @@ static int parse_config_params(Tcl_Interp *interp, char *list,
          return retcode;
      }
 
-     if (argc != 21) {
+     if (argc != 20) {
          sprintf(interp->result,
-                 "wrong # args in config params structure (%d should be 21)", 
+                 "wrong # args in config params structure (%d should be 20)", 
                  argc);
          retcode = TCL_ERROR;
          goto finished;
@@ -1015,114 +1014,109 @@ static int parse_config_params(Tcl_Interp *interp, char *list,
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[2], &params->profile)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing profile name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     if ((retcode = Tcl_GetInt(interp, argv[3], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[2], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing kadmind_port");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->kadmind_port = tmp;
-     if ((retcode = parse_str(interp, argv[4], &params->admin_server))
+     if ((retcode = parse_str(interp, argv[3], &params->admin_server))
         != TCL_OK) { 
          Tcl_AppendElement(interp, "while parsing profile name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[5], &params->dbname)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[4], &params->dbname)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing profile name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[6], &params->admin_dbname)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[5], &params->admin_dbname)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing admin_dbname name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[7], &params->admin_lockfile)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[6], &params->admin_lockfile)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing admin_lockfile name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[8], &params->admin_keytab)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[7], &params->admin_keytab)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing admin_keytab name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[9], &params->acl_file)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[8], &params->acl_file)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing acl_file name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[10], &params->dict_file)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[9], &params->dict_file)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing dict_file name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = Tcl_GetInt(interp, argv[11], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[10], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing mkey_from_kbd");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->mkey_from_kbd = tmp;
-     if ((retcode = parse_str(interp, argv[12], &params->stash_file)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[11], &params->stash_file)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing stash_file name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = parse_str(interp, argv[13], &params->mkey_name)) != TCL_OK) {
+     if ((retcode = parse_str(interp, argv[12], &params->mkey_name)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing mkey_name name");
          retcode = TCL_ERROR;
          goto finished;
      }
-     if ((retcode = Tcl_GetInt(interp, argv[14], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[13], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing enctype");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->enctype = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[15], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[14], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing max_life");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->max_life = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[16], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[15], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing max_rlife");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->max_rlife = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[17], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[16], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing expiration");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->expiration = tmp;
-     if ((retcode = parse_krb5_flags(interp, argv[18], &tmp))
+     if ((retcode = parse_krb5_flags(interp, argv[17], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing flags");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->flags = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[19], &tmp))
+     if ((retcode = Tcl_GetInt(interp, argv[18], &tmp))
         != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing num_keysalts");
          retcode = TCL_ERROR;
          goto finished;
      }
      params->num_keysalts = tmp;
-     if ((retcode = parse_keysalts(interp, argv[20], &params->keysalts,
+     if ((retcode = parse_keysalts(interp, argv[19], &params->keysalts,
                                   params->num_keysalts)) != TCL_OK) {
          Tcl_AppendElement(interp, "while parsing keysalts");
          retcode = TCL_ERROR;
@@ -1578,7 +1572,7 @@ static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData,
 
      argv++, argc--;
 
-     krb5_init_context(&context);
+     kadm5_init_krb5_context(&context);
 
      if (argc != 7) {
          Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);

diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c
index c64657d753ef0922858252efbef8897d0c5b969f..7e04f04e9cdc6b98cde88f5cb9c800ec3a9b9051 100644 (file)
--- a/src/kadmin/testing/util/tcl_ovsec_kadm.c
+++ b/src/kadmin/testing/util/tcl_ovsec_kadm.c
@@ -1018,7 +1018,7 @@ static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp,
 
      argv++, argc--;
 
-     krb5_init_context(&context);
+     kadm5_init_krb5_context(&context);
 
      if (argc != 7) {
          Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);

diff --git a/src/kdc/fakeka.c b/src/kdc/fakeka.c
index 5d098dc5c05914342e9539a05f9248883e457f44..7a6adf535fff2f8be4285b4ceca0f891bc9f293b 100644 (file)
--- a/src/kdc/fakeka.c
+++ b/src/kdc/fakeka.c
@@ -1239,7 +1239,7 @@ char **argv;
      * Initialize kerberos stuff and kadm5 stuff.
      */
 
-    if ((code = krb5_init_context(&context))) {
+    if ((code = krb5int_init_context_kdc(&context))) {
        com_err(argv[0], code, "while initializing Kerberos");
        exit(1);
     }
@@ -1261,7 +1261,7 @@ char **argv;
        exit(1);
     }
 
-    if ((code = kadm5_get_config_params(context, NULL, NULL, NULL,
+    if ((code = kadm5_get_config_params(context, 1, NULL,
                                        &realm_params))) {
        com_err(argv[0], code, "while getting realm parameters");
        exit(1);

diff --git a/src/kdc/main.c b/src/kdc/main.c
index 7bdc96033ffc30f5b9d8765e2c6d5a6f8ea35a7e..c9b62a843a71cdbfaebe440bbefd4e6f90219e07 100644 (file)
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -162,7 +162,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm,
     }
        
     rdp->realm_name = realm;
-    kret = krb5_init_context(&rdp->realm_context);
+    kret = krb5int_init_context_kdc(&rdp->realm_context);
     if (kret) {
        com_err(progname, kret, "while getting context for realm %s",
                realm);
@@ -170,7 +170,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm,
     }
 
     kret = krb5_read_realm_params(rdp->realm_context, rdp->realm_name,
-                                 (char *) NULL, (char *) NULL, &rparams);
+                                 &rparams);
     if (kret) {
        com_err(progname, kret, "while reading realm parameters");
        goto whoops;
@@ -693,7 +693,7 @@ int main(int argc, char **argv)
      * reporting.  The per-realm operations use the "realm_context"
      * associated with each realm.
      */
-    retval = krb5_init_context(&kcontext);
+    retval = krb5int_init_context_kdc(&kcontext);
     if (retval) {
            com_err(argv[0], retval, "while initializing krb5");
            exit(1);

diff --git a/src/kdc/rtest.c b/src/kdc/rtest.c
index d63e92fcfe4dccaab4253c1b08130e1981f1418d..87f4a9652e20d3a4be7ae51ffc05d20989b8213c 100644 (file)
--- a/src/kdc/rtest.c
+++ b/src/kdc/rtest.c
@@ -73,7 +73,7 @@ main(int argc, char **argv)
 
 
        /* Get a context */
-       kret = krb5_init_context(&kdc_realm.realm_context);
+       kret = krb5int_init_context_kdc(&kdc_realm.realm_context);
        if (kret) {
          com_err(argv[0], kret, "while getting krb5 context");
          exit(2);

diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c
index df50b4ad5ebfec292c84fdbdccc3c89e958adb99..599d5bc2dc20ad67ece8ac8d93714dba4f41e2ea 100644 (file)
--- a/src/krb524/krb524d.c
+++ b/src/krb524/krb524d.c
@@ -129,7 +129,7 @@ int main(argc, argv)
 
      whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
 
-     retval = krb5_init_context(&context);
+     retval = krb5int_init_context_kdc(&context);
      if (retval) {
             com_err(whoami, retval, "while initializing krb5");
             exit(1);

diff --git a/src/lib/gssapi/gss_libinit.c b/src/lib/gssapi/gss_libinit.c
index 5561b53986d3b42ab08732763ddcdad0c7066d52..f16359497a5291222ad3989607290392aadbb245 100644 (file)
--- a/src/lib/gssapi/gss_libinit.c
+++ b/src/lib/gssapi/gss_libinit.c
@@ -33,6 +33,9 @@ int gssint_lib_init(void)
     if (err)
        return err;
     err = k5_key_register(K5_KEY_GSS_KRB5_CCACHE_NAME, free);
+    if (err)
+       return err;
+    err = k5_mutex_finish_init(&kg_kdc_flag_mutex);
     if (err)
        return err;
     return k5_mutex_finish_init(&kg_vdb.mutex);
@@ -56,6 +59,7 @@ void gssint_lib_fini(void)
     k5_key_delete(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME);
     k5_key_delete(K5_KEY_GSS_KRB5_CCACHE_NAME);
     k5_mutex_destroy(&kg_vdb.mutex);
+    k5_mutex_destroy(&kg_kdc_flag_mutex);
     k5_mutex_destroy(&gssint_krb5_keytab_lock);
 }
 

diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 7d7599c61016178a8aa137e73757a61220973823..071ff3f978972e543c72a8adf4aa4ac6783b4a7c 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -631,4 +631,10 @@ OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
                                      int *conf_state, int *qop_state, 
                                      int toktype);
 
+extern k5_mutex_t kg_kdc_flag_mutex;
+krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
+#define krb5_init_context(C) krb5_gss_init_context(C)
+
+krb5_error_code krb5_gss_use_kdc_context(void);
+
 #endif /* _GSSAPIP_KRB5_H_ */

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 91d81fb44fc45567a3ac0e7f86e247e6e6a065db..23b18d09014b956710017da2273cf84abdd6987c 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -966,3 +966,43 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 
    return(major_status);
 }
+
+k5_mutex_t kg_kdc_flag_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+static int kdc_flag = 0;
+
+krb5_error_code
+krb5_gss_init_context (krb5_context *ctxp)
+{
+    krb5_error_code err;
+    int is_kdc;
+
+    err = gssint_initialize_library();
+    if (err)
+       return err;
+    err = k5_mutex_lock(&kg_kdc_flag_mutex);
+    if (err)
+       return err;
+    is_kdc = kdc_flag;
+    k5_mutex_unlock(&kg_kdc_flag_mutex);
+    if (is_kdc)
+       return krb5int_init_context_kdc(ctxp);
+    else
+#undef krb5_init_context
+       return krb5_init_context(ctxp);
+}
+
+krb5_error_code
+krb5_gss_use_kdc_context()
+{
+    krb5_error_code err;
+
+    err = gssint_initialize_library();
+    if (err)
+       return err;
+    err = k5_mutex_lock(&kg_kdc_flag_mutex);
+    if (err)
+       return err;
+    kdc_flag = 1;
+    k5_mutex_unlock(&kg_kdc_flag_mutex);
+    return 0;
+}

diff --git a/src/lib/gssapi/libgssapi_krb5.exports b/src/lib/gssapi/libgssapi_krb5.exports
index 46a52d16871fec486b62838cb84487fda235e1db..f67967137c58ac10fab0b198a1218ee85f277623 100644 (file)
--- a/src/lib/gssapi/libgssapi_krb5.exports
+++ b/src/lib/gssapi/libgssapi_krb5.exports
@@ -106,3 +106,4 @@ krb5_gss_verify
 krb5_gss_verify_mic
 krb5_gss_wrap
 krb5_gss_wrap_size_limit
+krb5_gss_use_kdc_context

diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index f184ea43f8acf6e19433690adef3fe04b70a133c..6f0da7935ae9b0dc069e063a80f7772ae6f75184 100644 (file)
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -112,7 +112,7 @@ typedef long                kadm5_ret_t;
 #define KADM5_CONFIG_ENCTYPE           0x000200
 #define KADM5_CONFIG_ADBNAME           0x000400
 #define KADM5_CONFIG_ADB_LOCKFILE      0x000800
-#define KADM5_CONFIG_PROFILE           0x001000
+/*#define KADM5_CONFIG_PROFILE         0x001000*/
 #define KADM5_CONFIG_ACL_FILE          0x002000
 #define KADM5_CONFIG_KADMIND_PORT      0x004000
 #define KADM5_CONFIG_ENCTYPES          0x008000
@@ -208,7 +208,6 @@ typedef struct _kadm5_policy_ent_t {
 typedef struct _kadm5_config_params {
      long              mask;
      char *            realm;
-     char *            profile;
      int               kadmind_port;
      int               kpasswd_port;
 
@@ -274,7 +273,7 @@ typedef struct __krb5_realm_params {
 
 #if USE_KADM5_API_VERSION > 1
 krb5_error_code kadm5_get_config_params(krb5_context context,
-                                       char *kdcprofile, char *kdcenv,
+                                       int use_kdc_config,
                                        kadm5_config_params *params_in,
                                        kadm5_config_params *params_out);
 
@@ -480,6 +479,8 @@ kadm5_ret_t    kadm5_free_key_data(void *server_handle,
 kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names, 
                                    int count);
 
+krb5_error_code kadm5_init_krb5_context (krb5_context *);
+
 #if USE_KADM5_API_VERSION == 1
 /*
  * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time

diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index bb87f8881eb7fedb77e2d09d4005d0974065b50e..5567b0c244d5f9152344158337532b08d1b957a8 100644 (file)
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -66,30 +66,50 @@ krb5_aprof_init(fname, envname, acontextp)
     krb5_pointer       *acontextp;
 {
     krb5_error_code    kret;
-    const_profile_filespec_t   namelist[2];
     profile_t          profile;
-    
-    namelist[1] = (profile_filespec_t) NULL;
-    profile = (profile_t) NULL;
-    if (envname) {
-       if ((namelist[0] = getenv(envname))) {
-           kret = profile_init(namelist, &profile);
-           if (kret)
-               return kret;
-           *acontextp = (krb5_pointer) profile;
-           return 0;
-       }
+    const char *kdc_config;
+    size_t krb5_config_len, kdc_config_len;
+    char *profile_path;
+    char **filenames;
+    int i;
+
+    kret = krb5_get_default_config_files (&filenames);
+    if (kret)
+       return kret;
+    krb5_config_len = 0;
+    for (i = 0; filenames[i] != NULL; i++)
+       krb5_config_len += strlen(filenames[i]) + 1;
+    if (i > 0)
+       krb5_config_len--;
+    if (envname == NULL
+       || (kdc_config = getenv(envname)) == NULL)
+       kdc_config = fname;
+    if (kdc_config == NULL)
+       kdc_config_len = 0;
+    else
+       kdc_config_len = strlen(kdc_config);
+    profile_path = malloc(2 + krb5_config_len + kdc_config_len);
+    if (profile_path == NULL) {
+       krb5_free_config_files(filenames);
+       return errno;
     }
+    if (kdc_config_len)
+       strcpy(profile_path, kdc_config);
+    else
+       profile_path[0] = 0;
+    if (krb5_config_len)
+       for (i = 0; filenames[i] != NULL; i++) {
+           if (kdc_config_len || i)
+               strcat(profile_path, ":");
+           strcat(profile_path, filenames[i]);
+       }
+    krb5_free_config_files(filenames);
     profile = (profile_t) NULL;
-    if (fname) {
-       kret = profile_init_path(fname, &profile);
-       if (kret == ENOENT) {
-           profile = 0;
-       } else if (kret)
-           return kret;
-       *acontextp = (krb5_pointer) profile;
-       return 0;
-    }
+    kret = profile_init_path(profile_path, &profile);
+    free(profile_path);
+    if (kret)
+       return kret;
+    *acontextp = profile;
     return 0;
 }
 
@@ -349,11 +369,10 @@ krb5_aprof_finish(acontext)
  * in params_in for which the mask is set will be re-assigned to newly copied
  * versions, overwriting the old pointer value.
  */
-krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
+krb5_error_code kadm5_get_config_params(context, use_kdc_config,
                                        params_in, params_out)
    krb5_context                context;
-   char                        *kdcprofile;
-   char                        *kdcenv;
+   int                 use_kdc_config;
    kadm5_config_params *params_in, *params_out;
 {
     char               *filename;
@@ -384,22 +403,20 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
         params.realm = lrealm;
         params.mask |= KADM5_CONFIG_REALM;
     }
-    if (params_in->mask & KADM5_CONFIG_PROFILE) {
-        filename = params.profile = strdup(params_in->profile);
-        if (params.profile)
-             params.mask |= KADM5_CONFIG_PROFILE;
-        envname = NULL;
+    /*
+     * XXX These defaults should to work on both client and
+     * server.  kadm5_get_config_params can be implemented as a
+     * wrapper function in each library that provides correct
+     * defaults for NULL values.
+     */
+    if (use_kdc_config) {
+       filename = DEFAULT_KDC_PROFILE;
+       envname = KDC_PROFILE_ENV;
     } else {
-        /*
-         * XXX These defaults should to work on both client and
-         * server.  kadm5_get_config_params can be implemented as a
-         * wrapper function in each library that provides correct
-         * defaults for NULL values.
-         */
-        filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;
-        envname = (kdcenv) ? kdcenv : KDC_PROFILE_ENV;
-        if (context->profile_secure == TRUE) envname = 0;
+       filename = DEFAULT_PROFILE_PATH;
+       envname = "KRB5_CONFIG";
     }
+    if (context->profile_secure == TRUE) envname = 0;
 
     kret = krb5_aprof_init(filename, envname, &aprofile);
     if (kret)
@@ -594,7 +611,7 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
         params.mask |= KADM5_CONFIG_STASH_FILE;
         params.stash_file = svalue;
     }
-    
+
     /* Get the value for maximum ticket lifetime. */
     hierarchy[2] = "max_life";
     if (params_in->mask & KADM5_CONFIG_MAX_LIFE) {
@@ -739,8 +756,6 @@ kadm5_free_config_params(context, params)
     kadm5_config_params        *params;
 {
     if (params) {
-       if (params->profile)
-           krb5_xfree(params->profile);
        if (params->dbname)
            krb5_xfree(params->dbname);
        if (params->mkey_name)
@@ -783,8 +798,7 @@ kadm5_get_admin_service_name(krb5_context ctx,
 
     params_in.mask |= KADM5_CONFIG_REALM;
     params_in.realm = realm_in;
-    ret = kadm5_get_config_params(ctx, DEFAULT_PROFILE_PATH,
-                                 "KRB5_CONFIG", &params_in, &params_out);
+    ret = kadm5_get_config_params(ctx, 0, &params_in, &params_out);
     if (ret)
        return ret;
 
@@ -820,11 +834,9 @@ err_params:
  *                               alternate profile.
  */
 krb5_error_code
-krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp)
+krb5_read_realm_params(kcontext, realm, rparamp)
     krb5_context       kcontext;
     char               *realm;
-    char               *kdcprofile;
-    char               *kdcenv;
     krb5_realm_params  **rparamp;
 {
     char               *filename;
@@ -838,6 +850,9 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp)
     krb5_boolean       bvalue;
     krb5_deltat                dtvalue;
 
+    char               *kdcprofile = 0;
+    char               *kdcenv = 0;
+
     krb5_error_code    kret;
 
     filename = (kdcprofile) ? kdcprofile : DEFAULT_KDC_PROFILE;

diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c
index 678af3fb39d2d88c96a7690e983fef78c34c81ed..dc6ebb61b3d2ae5d1fcc98e6dccf53787cce032b 100644 (file)
--- a/src/lib/kadm5/chpass_util.c
+++ b/src/lib/kadm5/chpass_util.c
@@ -80,7 +80,7 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
   } else { /* read the password */
     krb5_context context;
 
-    if ((code = (int) krb5_init_context(&context)) == 0) {
+    if ((code = (int) kadm5_init_krb5_context(&context)) == 0) {
       pwsize = sizeof(buffer);
       code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT,
                                KADM5_PW_SECOND_PROMPT,

diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
index a93aeaa45edceaf83af523b9f2d40e89d7cf0f61..26a7304d9d6bbaf591fe5638f7ab5aed18162b15 100644 (file)
--- a/src/lib/kadm5/clnt/client_init.c
+++ b/src/lib/kadm5/clnt/client_init.c
@@ -256,11 +256,8 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
          return KADM5_BAD_CLIENT_PARAMS;
      }
                        
-     if ((code = kadm5_get_config_params(handle->context,
-                                       DEFAULT_PROFILE_PATH,
-                                       "KRB5_CONFIG",
-                                       params_in,
-                                       &handle->params))) {
+     if ((code = kadm5_get_config_params(handle->context, 0,
+                                        params_in, &handle->params))) {
          krb5_free_context(handle->context);
          free(handle);
          return(code);
@@ -748,3 +745,8 @@ int _kadm5_check_handle(void *handle)
      CHECK_HANDLE(handle);
      return 0;
 }
+
+krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
+{
+    return krb5_init_context(ctx);
+}

diff --git a/src/lib/kadm5/clnt/libkadm5clnt.exports b/src/lib/kadm5/clnt/libkadm5clnt.exports
index cb169c4108c4493bee1c73ebb9e1a9bed6faf936..f7f873e29273d2958ae246d1bf7744deece9e0d7 100644 (file)
--- a/src/lib/kadm5/clnt/libkadm5clnt.exports
+++ b/src/lib/kadm5/clnt/libkadm5clnt.exports
@@ -24,6 +24,7 @@ kadm5_get_principal
 kadm5_get_principals
 kadm5_get_privs
 kadm5_init
+kadm5_init_krb5_context
 kadm5_init_with_creds
 kadm5_init_with_password
 kadm5_init_with_skey

diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index aa2363c3d098a863527aca02ed6951e25b1a7669..d760ff14d10f9e0bd3aaf94d94840854ac98d54a 100644 (file)
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -962,7 +962,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp)
        ok, and the other solutions are even uglier */
 
     if (!context &&
-       krb5_init_context(&context))
+       kadm5_init_krb5_context(&context))
        return(FALSE);
 
     switch(xdrs->x_op) {

diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
index e82b052645166914b5fe9ebfef6a8fcdb7b7fb49..311e837223717f7c13fcfdb39c0348ad94fc4c76 100644 (file)
--- a/src/lib/kadm5/srv/Makefile.in
+++ b/src/lib/kadm5/srv/Makefile.in
@@ -2,7 +2,9 @@ thisconfigdir=./..
 myfulldir=lib/kadm5/srv
 mydir=srv
 BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
+LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5 \
+       -I$(SRCTOP)/lib/gssapi/krb5 -I$(SRCTOP)/lib/gssapi/generic \
+       -I$(BUILDTOP)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic
 DEFINES = @HESIOD_DEFS@
 DEFS=
 

diff --git a/src/lib/kadm5/srv/libkadm5srv.exports b/src/lib/kadm5/srv/libkadm5srv.exports
index 2bc56b0266f7af613ac51294965a83b17926e182..96a3e40839dc3a94e021d6337cc832471733c7c3 100644 (file)
--- a/src/lib/kadm5/srv/libkadm5srv.exports
+++ b/src/lib/kadm5/srv/libkadm5srv.exports
@@ -38,6 +38,7 @@ kadm5_get_principal
 kadm5_get_principals
 kadm5_get_privs
 kadm5_init
+kadm5_init_krb5_context
 kadm5_init_with_creds
 kadm5_init_with_password
 kadm5_init_with_skey

diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
index 106d3185d6396c359d8ffd917734bba61e501571..6b1330f7185bb14bb052786f2e42deeba718781e 100644 (file)
--- a/src/lib/kadm5/srv/server_init.c
+++ b/src/lib/kadm5/srv/server_init.c
@@ -13,9 +13,11 @@ static char *rcsid = "$Header$";
 #include <stdlib.h>
 #include <errno.h>
 #include <com_err.h>
+#include "k5-int.h"            /* needed for gssapiP_krb5.h */
 #include <kadm5/admin.h>
 #include <krb5.h>
 #include "server_internal.h"
+#include "osconf.h"
 
 /*
  * Function check_handle
@@ -178,7 +180,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
        return ret;
     }
 
-    ret = (int) krb5_init_context(&(handle->context));
+    ret = (int) krb5int_init_context_kdc(&(handle->context));
     if (ret) {
         free_db_args(handle);
         free(handle);
@@ -217,6 +219,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
          params_in = &params_local;
      }
 
+#if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can
+        expect to see admin_server being set sometimes.  */
 #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
      if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
          krb5_free_context(handle->context);
@@ -224,9 +228,9 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
          free(handle);
          return KADM5_BAD_SERVER_PARAMS;
      }
+#endif
 
-     ret = kadm5_get_config_params(handle->context, (char *) NULL,
-                                      (char *) NULL, params_in,
+     ret = kadm5_get_config_params(handle->context, 1, params_in,
                                       &handle->params);
      if (ret) {
          krb5_free_context(handle->context);
@@ -422,3 +426,17 @@ int _kadm5_check_handle(void *handle)
      CHECK_HANDLE(handle);
      return 0;
 }
+
+#include "gssapiP_krb5.h"
+krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
+{
+    static int first_time = 1;
+    if (first_time) {
+       krb5_error_code err;
+       err = krb5_gss_use_kdc_context();
+       if (err)
+           return err;
+       first_time = 0;
+    }
+    return krb5int_init_context_kdc(ctx);
+}

diff --git a/src/lib/kadm5/unit-test/api.2/init-v2.exp b/src/lib/kadm5/unit-test/api.2/init-v2.exp
index 8d78794ba61b1a9e0345dcd40951fd3b0bbc7789..ae1384727c14a6100cac2a2db736f9f310b638bd 100644 (file)
--- a/src/lib/kadm5/unit-test/api.2/init-v2.exp
+++ b/src/lib/kadm5/unit-test/api.2/init-v2.exp
@@ -3,22 +3,6 @@ load_lib lib.t
 api_exit
 api_start
 
-test "init 100"
-proc test100 {} {
-    global test
-
-    # We used to check for ENOENT, but kadm5_get_config_params no
-    # longer fails if it cannot find the file---it just provides
-    # defaults instead.... XXX will fail on srv test!
-    one_line_fail_test {
-       kadm5_init admin admin $KADM5_ADMIN_SERVICE \
-               [config_params {KADM5_CONFIG_PROFILE} /does-not-exist] \
-               $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
-               server_handle
-    } "MISSING_KRB5_CONF_PARAMS"
-}
-if {$RPC} test100
-
 if ![info exists RESOLVE] {
     set RESOLVE [findfile $objdir/../../../tests/resolve/resolve]
 }
@@ -310,19 +294,6 @@ proc test109 {} {
 }
 if {! $RPC} test109
 
-test "init 114"
-proc test114 {} {
-    global test
-
-    one_line_fail_test {
-       kadm5_init admin admin $KADM5_ADMIN_SERVICE \
-               [config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \
-               $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
-               server_handle
-    } "BAD_SERVER_PARAMS"
-}
-if {! $RPC} test114
-
 test "init 115"
 proc test115 {} {
     global test
@@ -643,6 +614,6 @@ proc test154 {} {
 
     api_exit; lib_start_api
 }
-if {! $RPC} test154
+if {0 && ! $RPC} test154
 
 return ""

diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c
index 6743e6e8e1054e3bf203ad5709ed0f6d7f246d0f..3f723851d7b1aa71d0541dd3cd1e3e74230233df 100644 (file)
--- a/src/lib/kadm5/unit-test/handle-test.c
+++ b/src/lib/kadm5/unit-test/handle-test.c
@@ -22,7 +22,7 @@ int main(int argc, char *argv[])
      krb5_context      context;
 
 
-    krb5_init_context(&context);
+    kadm5_init_krb5_context(&context);
      
     ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0,
                          OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL,

diff --git a/src/lib/kadm5/unit-test/lock-test.c b/src/lib/kadm5/unit-test/lock-test.c
index 3b6edd6d8ba9ed27a9e8324f24621440c2a3900d..38ad3cdb7e9493f3bb0dcd71f2d8889ef04cbabe 100644 (file)
--- a/src/lib/kadm5/unit-test/lock-test.c
+++ b/src/lib/kadm5/unit-test/lock-test.c
@@ -28,15 +28,14 @@ int main(int argc, char **argv)
 
      whoami = argv[0];
 
-     kret = krb5_init_context(&context);
+     kret = kadm5_init_krb5_context(&context);
      if (kret) {
         com_err(whoami, kret, "while initializing krb5");
         exit(1);
      }
 
      params.mask = 0;
-     ret = kadm5_get_config_params(context, NULL, NULL, &params,
-                                  &params);
+     ret = kadm5_get_config_params(context, 1, &params, &params);
      if (ret) {
          com_err(whoami, ret, "while retrieving configuration parameters");
          exit(1);

diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c
index 5722302de2b6fc05c71dfa6a974fdf165fa01e69..0145df326e29841e3d9a09c99248b1f240379f5a 100644 (file)
--- a/src/lib/kadm5/unit-test/randkey-test.c
+++ b/src/lib/kadm5/unit-test/randkey-test.c
@@ -18,7 +18,7 @@ int main()
 
      int    x, i;
 
-     krb5_init_context(&context);
+     kadm5_init_krb5_context(&context);
 
      krb5_parse_name(context, "testuser", &tprinc);
      ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,

diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
index eafa039e5613442a5172ad734cb0f25bca53a784..865fc14b787245d8769771026b4c7d9806a5c8b7 100644 (file)
--- a/src/lib/kadm5/unit-test/setkey-test.c
+++ b/src/lib/kadm5/unit-test/setkey-test.c
@@ -85,7 +85,7 @@ main(int argc, char **argv)
    */
 
   memset((char *) &context, 0, sizeof(context));
-  krb5_init_context(&context);
+  kadm5_init_krb5_context(&context);
 
   ret = krb5_parse_name(context, principal, &princ);
   if (ret) {

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 03e7ba0e3d669ba3c5c754765b1bd7260899e832..4eb0f51f383b4ab87f198cbc0e888ae03d99588c 100644 (file)
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -166,10 +166,11 @@ krb5_def_store_mkey(context, keyfile, mname, key, master_pwd)
     if (!(kf = fopen(keyfile, "w")))
 #endif
     {
+       int e = errno;
 #if HAVE_UMASK
        (void) umask(oumask);
 #endif
-       return errno;
+       return e;
     }
     enctype = key->enctype;
     if ((fwrite((krb5_pointer) &enctype,

diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 82cc4f1cdd3f1669f89b21ada1c26e6efef285d2..9b90f71210ae3bb3a7a9e35870ca199e53264f5a 100644 (file)
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -79,13 +79,13 @@ extern krb5_error_code krb5_vercheck();
 extern void krb5_win_ccdll_load(krb5_context context);
 #endif
 
-static krb5_error_code init_common (krb5_context *, krb5_boolean);
+static krb5_error_code init_common (krb5_context *, krb5_boolean, krb5_boolean);
 
 krb5_error_code KRB5_CALLCONV
 krb5_init_context(krb5_context *context)
 {
 
-       return init_common (context, FALSE);
+       return init_common (context, FALSE, FALSE);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -94,11 +94,17 @@ krb5_init_secure_context(krb5_context *context)
 
         /* This is to make gcc -Wall happy */
         if(0) krb5_brand[0] = krb5_brand[0];
-       return init_common (context, TRUE);
+       return init_common (context, TRUE, FALSE);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5int_init_context_kdc(krb5_context *context)
+{
+    return init_common (context, FALSE, TRUE);
 }
 
 static krb5_error_code
-init_common (krb5_context *context, krb5_boolean secure)
+init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
 {
        krb5_context ctx = 0;
        krb5_error_code retval;
@@ -170,7 +176,7 @@ init_common (krb5_context *context, krb5_boolean secure)
               sizeof(krb5_enctype) * ctx->tgs_ktype_count);
        ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;
 
-       if ((retval = krb5_os_init_context(ctx)))
+       if ((retval = krb5_os_init_context(ctx, kdc)))
                goto cleanup;
 
        /* initialize the prng (not well, but passable) */

diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index afd7846f780bd8ff57ed43f673257ef2ba354d0d..b2fd14e575478641634bcdc46c1764d2312fed2b 100644 (file)
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -730,3 +730,4 @@ krb5_vset_error_message
 krb5_get_error_message
 krb5_free_error_message
 krb5_clear_error_message
+krb5int_init_context_kdc

diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 8660389402972382665881fc1c14bbf4c3acdae1..d26743ac69ce636690eb356c76360049bc653ce0 100644 (file)
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -242,11 +242,11 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
 #ifdef USE_LOGIN_LIBRARY
     /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably
         trying to authenticate to a fileserver for the user's homedir. */
-    if (secure || !__KLAllowHomeDirectoryAccess ()) {
-#else
-    if (secure) {
+    if (!__KLAllowHomeDirectoryAccess ())
+       secure = 1;
 #endif
-            filepath = DEFAULT_SECURE_PROFILE_PATH;
+    if (secure) {
+       filepath = DEFAULT_SECURE_PROFILE_PATH;
     } else { 
         filepath = getenv("KRB5_CONFIG");
         if (!filepath) filepath = DEFAULT_PROFILE_PATH;
@@ -288,12 +288,42 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     return 0;
 }
 
+static krb5_error_code
+add_kdc_config_file(profile_filespec_t **pfiles)
+{
+    char *file;
+    size_t count;
+    profile_filespec_t *newfiles;
+
+    file = getenv(KDC_PROFILE_ENV);
+    if (file == NULL)
+       file = DEFAULT_KDC_PROFILE;
+
+    for (count = 0; (*pfiles)[count]; count++)
+       ;
+    count += 2;
+    newfiles = malloc(count * sizeof(*newfiles));
+    if (newfiles == NULL)
+       return errno;
+    memcpy(newfiles + 1, *pfiles, (count-1) * sizeof(*newfiles));
+    newfiles[0] = strdup(file);
+    if (newfiles[0] == NULL) {
+       int e = errno;
+       free(newfiles);
+       return e;
+    }
+    free(*pfiles);
+    *pfiles = newfiles;
+    return 0;
+}
 
-/* Set the profile paths in the context. If secure is set to TRUE then 
-   do not include user paths (from environment variables, etc.)
-*/
+
+/* Set the profile paths in the context.  If secure is set to TRUE
+   then do not include user paths (from environment variables, etc).
+   If kdc is TRUE, include kdc.conf from whereever we expect to find
+   it.  */
 static krb5_error_code
-os_init_paths(krb5_context ctx)
+os_init_paths(krb5_context ctx, krb5_boolean kdc)
 {
     krb5_error_code    retval = 0;
     profile_filespec_t *files = 0;
@@ -305,6 +335,9 @@ os_init_paths(krb5_context ctx)
 
     retval = os_get_default_config_files(&files, secure);
 
+    if (retval == 0)
+       retval = add_kdc_config_file(&files);
+
     if (!retval) {
         retval = profile_init((const_profile_filespec_t *) files,
                              &ctx->profile);
@@ -339,7 +372,7 @@ os_init_paths(krb5_context ctx)
 }
 
 krb5_error_code
-krb5_os_init_context(krb5_context ctx)
+krb5_os_init_context(krb5_context ctx, krb5_boolean kdc)
 {
        krb5_os_context os_ctx;
        krb5_error_code retval = 0;
@@ -358,7 +391,7 @@ krb5_os_init_context(krb5_context ctx)
        ctx->vtbl = 0;
        PLUGIN_DIR_INIT(&ctx->libkrb5_plugins);
 
-       retval = os_init_paths(ctx);
+       retval = os_init_paths(ctx, kdc);
        /*
         * If there's an error in the profile, return an error.  Just
         * ignoring the error is a Bad Thing (tm).
@@ -455,7 +488,7 @@ krb5_secure_config_files(krb5_context ctx)
        }
 
        ctx->profile_secure = TRUE;
-       retval = os_init_paths(ctx);
+       retval = os_init_paths(ctx, FALSE);
        if (retval)
                return retval;
 

diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
index 97ce1123b256f3b0dcf1bc6fdd3a44d8fe94df7c..ce963e0dab0c699a36f0fc3bc21a20f7ac05f572 100644 (file)
--- a/src/plugins/kdb/db2/adb_openclose.c
+++ b/src/plugins/kdb/db2/adb_openclose.c
@@ -188,7 +188,7 @@ krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
 
      /* now initialize lockp->lockinfo if necessary */
      if (lockp->lockinfo.lockfile == NULL) {
-         if ((code = krb5_init_context(&lockp->lockinfo.context))) {
+         if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
               free(db);
               return((krb5_error_code) code);
          }