svn rev #25026: trunk/src/ include/ include/krb5/ lib/ lib/krb5/ lib/krb5/krb/ ...

ghudson@MIT.EDU ghudson at MIT.EDU
Wed Jul 20 15:14:34 EDT 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25026
Commit By: ghudson
Log Message:
ticket: 6929

Add krb5_init_context_profile API.


Changed Files:
U   trunk/src/include/k5-int.h
U   trunk/src/include/krb5/krb5.hin
U   trunk/src/lib/krb5/krb/init_ctx.c
U   trunk/src/lib/krb5/libkrb5.exports
U   trunk/src/lib/krb5/os/init_os_ctx.c
U   trunk/src/lib/krb5_32.def
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h	2011-07-20 19:14:28 UTC (rev 25025)
+++ trunk/src/include/k5-int.h	2011-07-20 19:14:34 UTC (rev 25026)
@@ -606,7 +606,8 @@
 
 krb5_error_code krb5int_init_context_kdc(krb5_context *);
 
-krb5_error_code krb5_os_init_context(krb5_context, krb5_boolean);
+krb5_error_code krb5_os_init_context(krb5_context context, profile_t profile,
+                                     krb5_flags flags);
 
 void krb5_os_free_context(krb5_context);
 

Modified: trunk/src/include/krb5/krb5.hin
===================================================================
--- trunk/src/include/krb5/krb5.hin	2011-07-20 19:14:28 UTC (rev 25025)
+++ trunk/src/include/krb5/krb5.hin	2011-07-20 19:14:34 UTC (rev 25026)
@@ -2695,6 +2695,9 @@
  * begin "func-proto.h"
  */
 
+#define KRB5_INIT_CONTEXT_SECURE 0x1 /** Use secure context configuration */
+#define KRB5_INIT_CONTEXT_KDC    0x2 /** Use KDC configuration if available */
+
 /**
  * Create a krb5 library context.
  *
@@ -2735,6 +2738,26 @@
 krb5_init_secure_context(krb5_context *context);
 
 /**
+ * Create a krb5 library context using a specified profile.
+ *
+ * @param [in]  profile         Profile object (NULL to create default profile)
+ * @param [in]  flags           Context initialization flags
+ * @param [out] context         Library context
+ *
+ * Create a context structure, optionally using a specified profile and
+ * initialization flags.  If @a profile is NULL, the default profile will be
+ * created from config files.  If @a profile is non-null, a copy of it will be
+ * made for the new context; the caller should still clean up its copy.  Valid
+ * flag values are:
+ *
+ * @li @c KRB5_INIT_CONTEXT_SECURE Ignore environment variables
+ * @li @c KRB5_INIT_CONTEXT_KDC    Use KDC configuration if creating profile
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_context_profile(struct _profile_t *profile, krb5_flags flags,
+                          krb5_context *context);
+
+/**
  * Free a krb5 library context.
  *
  * @param [in] context          Library context

Modified: trunk/src/lib/krb5/krb/init_ctx.c
===================================================================
--- trunk/src/lib/krb5/krb/init_ctx.c	2011-07-20 19:14:28 UTC (rev 25025)
+++ trunk/src/lib/krb5/krb/init_ctx.c	2011-07-20 19:14:34 UTC (rev 25026)
@@ -72,18 +72,12 @@
 extern void krb5_win_ccdll_load(krb5_context context);
 #endif
 
-static krb5_error_code init_common (krb5_context *, krb5_boolean, krb5_boolean);
+static krb5_error_code init_common(profile_t profile, krb5_flags flags,
+                                   krb5_context *context_out);
 
 krb5_error_code KRB5_CALLCONV
 krb5_init_context(krb5_context *context)
 {
-
-    return init_common (context, FALSE, FALSE);
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_init_secure_context(krb5_context *context)
-{
     /*
      * This is rather silly, but should improve our chances of
      * retaining the krb5_brand array in the final linked library,
@@ -95,19 +89,26 @@
      * If someday we grow an API to actually return the string, we can
      * get rid of this silliness.
      */
-    int my_false = (krb5_brand[0] == 0);
+    int my_zero = (krb5_brand[0] == 0);
 
-    return init_common(context, TRUE, my_false);
+    return krb5_init_context_profile(NULL, my_zero, context);
 }
 
+krb5_error_code KRB5_CALLCONV
+krb5_init_secure_context(krb5_context *context)
+{
+    return krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_SECURE, context);
+}
+
 krb5_error_code
 krb5int_init_context_kdc(krb5_context *context)
 {
-    return init_common (context, FALSE, TRUE);
+    return krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, context);
 }
 
-static krb5_error_code
-init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
+krb5_error_code
+krb5_init_context_profile(profile_t profile, krb5_flags flags,
+                          krb5_context *context_out)
 {
     krb5_context ctx = 0;
     krb5_error_code retval;
@@ -145,7 +146,7 @@
      * The context being NULL is ok.
      */
     krb5_win_ccdll_load(ctx);
-
+p
     /*
      * krb5_vercheck() is defined in win_glue.c, and this is
      * where we handle the timebomb and version server checks.
@@ -155,16 +156,16 @@
         return retval;
 #endif
 
-    *context = 0;
+    *context_out = NULL;
 
     ctx = calloc(1, sizeof(struct _krb5_context));
     if (!ctx)
         return ENOMEM;
     ctx->magic = KV5M_CONTEXT;
 
-    ctx->profile_secure = secure;
+    ctx->profile_secure = (flags & KRB5_INIT_CONTEXT_SECURE) != 0;
 
-    if ((retval = krb5_os_init_context(ctx, kdc)))
+    if ((retval = krb5_os_init_context(ctx, profile, flags)) != 0)
         goto cleanup;
 
     retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
@@ -254,10 +255,10 @@
     ctx->udp_pref_limit = -1;
     ctx->trace_callback = NULL;
 #ifndef DISABLE_TRACING
-    if (!secure)
+    if (!ctx->profile_secure)
         krb5int_init_trace(ctx);
 #endif
-    *context = ctx;
+    *context_out = ctx;
     return 0;
 
 cleanup:

Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports	2011-07-20 19:14:28 UTC (rev 25025)
+++ trunk/src/lib/krb5/libkrb5.exports	2011-07-20 19:14:34 UTC (rev 25026)
@@ -385,6 +385,7 @@
 krb5_get_time_offsets
 krb5_get_validated_creds
 krb5_init_context
+krb5_init_context_profile
 krb5_init_creds_free
 krb5_init_creds_get
 krb5_init_creds_get_creds

Modified: trunk/src/lib/krb5/os/init_os_ctx.c
===================================================================
--- trunk/src/lib/krb5/os/init_os_ctx.c	2011-07-20 19:14:28 UTC (rev 25025)
+++ trunk/src/lib/krb5/os/init_os_ctx.c	2011-07-20 19:14:34 UTC (rev 25026)
@@ -358,7 +358,7 @@
 }
 
 krb5_error_code
-krb5_os_init_context(krb5_context ctx, krb5_boolean kdc)
+krb5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags)
 {
     krb5_os_context os_ctx;
     krb5_error_code    retval = 0;
@@ -378,7 +378,11 @@
     PLUGIN_DIR_INIT(&ctx->libkrb5_plugins);
     ctx->preauth_context = NULL;
 
-    retval = os_init_paths(ctx, kdc);
+    /* Use the profile we were handed, or create one from config files. */
+    if (profile)
+        retval = profile_copy(profile, &ctx->profile);
+    else
+        retval = os_init_paths(ctx, (flags & KRB5_INIT_CONTEXT_KDC) != 0);
     if (retval)
         return retval;
 

Modified: trunk/src/lib/krb5_32.def
===================================================================
--- trunk/src/lib/krb5_32.def	2011-07-20 19:14:28 UTC (rev 25025)
+++ trunk/src/lib/krb5_32.def	2011-07-20 19:14:34 UTC (rev 25026)
@@ -409,3 +409,4 @@
 ; new in 1.10
 	krb5_sname_match				@384
 	k5_kt_get_principal				@385 ; PRIVATE GSSAPI
+	krb5_init_context				@386

More information about the cvs-krb5 mailing list