krb5 commit: Fold kadm5 internal policy functions into callers
Greg Hudson
ghudson at MIT.EDU
Wed Jan 9 15:41:49 EST 2013
https://github.com/krb5/krb5/commit/ecb9c348dd3e82aa8e68a466d89150dc0df3d46c
commit ecb9c348dd3e82aa8e68a466d89150dc0df3d46c
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Jan 9 02:07:05 2013 -0500
Fold kadm5 internal policy functions into callers
kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire. Now that
policy_refcnt is no longer used, we don't need the separation.
Bump the library soname since this is technically an ABI change.
src/lib/kadm5/admin.h | 18 ------
src/lib/kadm5/clnt/Makefile.in | 2 +-
src/lib/kadm5/srv/Makefile.in | 2 +-
src/lib/kadm5/srv/libkadm5srv_mit.exports | 2 -
src/lib/kadm5/srv/svr_policy.c | 61 ++-----------------
src/lib/kadm5/unit-test/api.2/crte-policy.exp | 29 ---------
src/lib/kadm5/unit-test/api.2/mod-policy.exp | 28 ---------
.../kadm5/unit-test/api.current/crte-policy.exp | 29 ---------
src/lib/kadm5/unit-test/api.current/mod-policy.exp | 28 ---------
9 files changed, 9 insertions(+), 190 deletions(-)
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index 6c2efbc..fd8d654 100644
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -454,29 +454,11 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
kadm5_ret_t kadm5_create_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
-/*
- * kadm5_create_policy_internal is not part of the supported,
- * exposed API. It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from kadm5_create_policy.
- */
-kadm5_ret_t kadm5_create_policy_internal(void *server_handle,
- kadm5_policy_ent_t
- entry, long mask);
kadm5_ret_t kadm5_delete_policy(void *server_handle,
kadm5_policy_t policy);
kadm5_ret_t kadm5_modify_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
-/*
- * kadm5_modify_policy_internal is not part of the supported,
- * exposed API. It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from kadm5_modify_policy.
- */
-kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
- kadm5_policy_ent_t
- entry, long mask);
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t ent);
diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in
index 73597a2..3588a86 100644
--- a/src/lib/kadm5/clnt/Makefile.in
+++ b/src/lib/kadm5/clnt/Makefile.in
@@ -4,7 +4,7 @@ LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
DEFS=
LIBBASE=kadm5clnt_mit
-LIBMAJOR=8
+LIBMAJOR=9
LIBMINOR=0
STOBJLISTS=../OBJS.ST OBJS.ST
SHLIB_EXPDEPS=\
diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
index 429acdd..ccf9ec3 100644
--- a/src/lib/kadm5/srv/Makefile.in
+++ b/src/lib/kadm5/srv/Makefile.in
@@ -10,7 +10,7 @@ DEFS=
##DOSLIBNAME = libkadm5srv.lib
LIBBASE=kadm5srv_mit
-LIBMAJOR=8
+LIBMAJOR=9
LIBMINOR=0
STOBJLISTS=../OBJS.ST OBJS.ST
diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports
index e661f30..358b9c6 100644
--- a/src/lib/kadm5/srv/libkadm5srv_mit.exports
+++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports
@@ -13,7 +13,6 @@ kadm5_chpass_principal
kadm5_chpass_principal_3
kadm5_chpass_principal_util
kadm5_create_policy
-kadm5_create_policy_internal
kadm5_create_principal
kadm5_create_principal_3
kadm5_decrypt_key
@@ -43,7 +42,6 @@ kadm5_init_with_password
kadm5_init_with_skey
kadm5_lock
kadm5_modify_policy
-kadm5_modify_policy_internal
kadm5_modify_principal
kadm5_purgekeys
kadm5_randkey_principal
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index 69d2fea..1f794e4 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -17,41 +17,6 @@
#define MAX_PW_CLASSES 5
#define MIN_PW_LENGTH 1
-/*
- * Function: kadm5_create_policy
- *
- * Purpose: Create Policies in the policy DB.
- *
- * Arguments:
- * entry (input) The policy entry to be written out to the DB.
- * mask (input) Specifies which fields in entry are to ge written out
- * and which get default values.
- * <return value> 0 if successful otherwise an error code is returned.
- *
- * Requires:
- * Entry must be a valid principal entry, and mask have a valid value.
- *
- * Effects:
- * Verifies that mask does not specify that the refcount should
- * be set as part of the creation, and calls
- * kadm5_create_policy_internal. If the refcount *is*
- * specified, returns KADM5_BAD_MASK.
- */
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
- kadm5_policy_ent_t entry, long mask)
-{
- CHECK_HANDLE(server_handle);
-
- krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
-
- if (mask & KADM5_REF_COUNT)
- return KADM5_BAD_MASK;
- else
- return kadm5_create_policy_internal(server_handle, entry, mask);
-}
-
/* Validate allowed_keysalts. */
static kadm5_ret_t
validate_allowed_keysalts(const char *allowed_keysalts)
@@ -71,7 +36,7 @@ validate_allowed_keysalts(const char *allowed_keysalts)
}
/*
- * Function: kadm5_create_policy_internal
+ * Function: kadm5_create_policy
*
* Purpose: Create Policies in the policy DB.
*
@@ -91,8 +56,7 @@ validate_allowed_keysalts(const char *allowed_keysalts)
*/
kadm5_ret_t
-kadm5_create_policy_internal(void *server_handle,
- kadm5_policy_ent_t entry, long mask)
+kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
{
kadm5_server_handle_t handle = server_handle;
osa_policy_ent_rec pent;
@@ -101,6 +65,8 @@ kadm5_create_policy_internal(void *server_handle,
CHECK_HANDLE(server_handle);
+ krb5_clear_error_message(handle->context);
+
if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
return EINVAL;
if(strlen(entry->policy) == 0)
@@ -233,20 +199,6 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
return (ret == 0) ? KADM5_OK : ret;
}
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
- kadm5_policy_ent_t entry, long mask)
-{
- CHECK_HANDLE(server_handle);
-
- krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
-
- if (mask & KADM5_REF_COUNT)
- return KADM5_BAD_MASK;
- else
- return kadm5_modify_policy_internal(server_handle, entry, mask);
-}
-
/* Allocate and form a TL data list of a desired size. */
static int
alloc_tl_data(krb5_int16 n_tl_data, krb5_tl_data **tldp)
@@ -291,8 +243,7 @@ copy_tl_data(krb5_int16 n_tl_data, krb5_tl_data *tl_data,
}
kadm5_ret_t
-kadm5_modify_policy_internal(void *server_handle,
- kadm5_policy_ent_t entry, long mask)
+kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
{
kadm5_server_handle_t handle = server_handle;
krb5_tl_data *tl;
@@ -302,6 +253,8 @@ kadm5_modify_policy_internal(void *server_handle,
CHECK_HANDLE(server_handle);
+ krb5_clear_error_message(handle->context);
+
if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
return EINVAL;
if(strlen(entry->policy) == 0)
diff --git a/src/lib/kadm5/unit-test/api.2/crte-policy.exp b/src/lib/kadm5/unit-test/api.2/crte-policy.exp
index 2c42cb4..4902ea5 100644
--- a/src/lib/kadm5/unit-test/api.2/crte-policy.exp
+++ b/src/lib/kadm5/unit-test/api.2/crte-policy.exp
@@ -88,35 +88,6 @@ proc test3 {} {
}
test3
-# Description: (4) Fails for mask with REF_COUNT bit set.
-test "create-policy 4"
-proc test4 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_REF_COUNT}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
# Description: (5) Fails for invalid policy name.
# 01/24/94: pshuang: untried.
test "create-policy 5"
diff --git a/src/lib/kadm5/unit-test/api.2/mod-policy.exp b/src/lib/kadm5/unit-test/api.2/mod-policy.exp
index 2cc1686..904edca 100644
--- a/src/lib/kadm5/unit-test/api.2/mod-policy.exp
+++ b/src/lib/kadm5/unit-test/api.2/mod-policy.exp
@@ -31,34 +31,6 @@ proc test2 {} {
}
if {$RPC} { test2 }
-test "modify-policy 4"
-proc test4 {} {
- global test
-
- if {! ([policy_exists "$test/a"] ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_REF_COUNT}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
test "modify-policy 8"
proc test8 {} {
global test
diff --git a/src/lib/kadm5/unit-test/api.current/crte-policy.exp b/src/lib/kadm5/unit-test/api.current/crte-policy.exp
index 017bc31..7e1eda6 100644
--- a/src/lib/kadm5/unit-test/api.current/crte-policy.exp
+++ b/src/lib/kadm5/unit-test/api.current/crte-policy.exp
@@ -88,35 +88,6 @@ proc test3 {} {
}
test3
-# Description: (4) Fails for mask with REF_COUNT bit set.
-test "create-policy 4"
-proc test4 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_REF_COUNT}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
# Description: (5) Fails for invalid policy name.
# 01/24/94: pshuang: untried.
test "create-policy 5"
diff --git a/src/lib/kadm5/unit-test/api.current/mod-policy.exp b/src/lib/kadm5/unit-test/api.current/mod-policy.exp
index 599e7d3..1bf00b5 100644
--- a/src/lib/kadm5/unit-test/api.current/mod-policy.exp
+++ b/src/lib/kadm5/unit-test/api.current/mod-policy.exp
@@ -31,34 +31,6 @@ proc test2 {} {
}
if {$RPC} { test2 }
-test "modify-policy 4"
-proc test4 {} {
- global test
-
- if {! ([policy_exists "$test/a"] ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_REF_COUNT}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
test "modify-policy 8"
proc test8 {} {
global test
More information about the cvs-krb5
mailing list