From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 23 Apr 2018 19:16:37 +0000 (-0400)
Subject: Avoid peeking into server handle in kadmind
X-Git-Tag: krb5-1.17-beta1~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90a15695a684fe56c065f39cdbe65c2b3650aa3d;p=thirdparty%2Fkrb5.git

Avoid peeking into server handle in kadmind

setup_loop() does not need to peer into the server handle for network
parameters, as kadmind makes its own call to kadm5_get_config_params()
in main().  Use kadmind's copy of the parameters instead.
---

diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in
index 16d5cc54aa..1e262f681c 100644
--- a/src/kadmin/server/Makefile.in
+++ b/src/kadmin/server/Makefile.in
@@ -4,7 +4,7 @@ KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
 
 LOCALINCLUDES = -I$(top_srcdir)/lib/gssapi/generic \
 	-I$(top_srcdir)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic \
-	-I$(BUILDTOP)/lib/gssapi/krb5 -I$(top_srcdir)/lib/kadm5/srv
+	-I$(BUILDTOP)/lib/gssapi/krb5
 
 PROG = kadmind
 OBJS = auth.o auth_acl.o auth_self.o kadm_rpc_svc.o server_stubs.o \
diff --git a/src/kadmin/server/deps b/src/kadmin/server/deps
index 99aef7500e..335123a7dd 100644
--- a/src/kadmin/server/deps
+++ b/src/kadmin/server/deps
@@ -83,9 +83,8 @@ $(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
 $(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
   $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(COM_ERR_DEPS) \
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 0a28b23846..3d578ca392 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -54,7 +54,6 @@
 #include <adm_proto.h>
 #include "kdb_kt.h"  /* for krb5_ktkdb_set_context */
 #include <string.h>
-#include "kadm5/server_internal.h" /* XXX for kadm5_server_handle_t */
 #include <kdb_log.h>
 
 #include "misc.h"
@@ -137,11 +136,10 @@ write_pid_file(const char *pid_file)
 /* Set up the main loop.  If proponly is set, don't set up ports for kpasswd or
  * kadmin.  May set *ctx_out even on error. */
 static krb5_error_code
-setup_loop(int proponly, verto_ctx **ctx_out)
+setup_loop(kadm5_config_params *params, int proponly, verto_ctx **ctx_out)
 {
     krb5_error_code ret;
     verto_ctx *ctx;
-    kadm5_server_handle_t handle = global_server_handle;
 
     *ctx_out = ctx = loop_init(VERTO_EV_TYPE_SIGNAL);
     if (ctx == NULL)
@@ -150,24 +148,23 @@ setup_loop(int proponly, verto_ctx **ctx_out)
     if (ret)
         return ret;
     if (!proponly) {
-        ret = loop_add_udp_address(handle->params.kpasswd_port,
-                                   handle->params.kpasswd_listen);
+        ret = loop_add_udp_address(params->kpasswd_port,
+                                   params->kpasswd_listen);
         if (ret)
             return ret;
-        ret = loop_add_tcp_address(handle->params.kpasswd_port,
-                                   handle->params.kpasswd_listen);
+        ret = loop_add_tcp_address(params->kpasswd_port,
+                                   params->kpasswd_listen);
         if (ret)
             return ret;
-        ret = loop_add_rpc_service(handle->params.kadmind_port,
-                                   handle->params.kadmind_listen,
+        ret = loop_add_rpc_service(params->kadmind_port,
+                                   params->kadmind_listen,
                                    KADM, KADMVERS, kadm_1);
         if (ret)
             return ret;
     }
 #ifndef DISABLE_IPROP
-    if (handle->params.iprop_enabled) {
-        ret = loop_add_rpc_service(handle->params.iprop_port,
-                                   handle->params.iprop_listen,
+    if (params->iprop_enabled) {
+        ret = loop_add_rpc_service(params->iprop_port, params->iprop_listen,
                                    KRB5_IPROP_PROG, KRB5_IPROP_VERS,
                                    krb5_iprop_prog_1);
         if (ret)
@@ -472,7 +469,7 @@ main(int argc, char *argv[])
     if (!(params.mask & KADM5_CONFIG_ACL_FILE))
         fail_to_start(0, _("Missing required ACL file configuration"));
 
-    ret = setup_loop(proponly, &vctx);
+    ret = setup_loop(&params, proponly, &vctx);
     if (ret)
         fail_to_start(ret, _("initializing network"));