krb5 commit: Get rid of krb5_read_realm_params
Greg Hudson
ghudson at MIT.EDU
Wed Jan 16 11:39:36 EST 2013
https://github.com/krb5/krb5/commit/1078f5bf8049ab95322e7daf37c06f94623cdb74
commit 1078f5bf8049ab95322e7daf37c06f94623cdb74
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Jan 16 11:38:55 2013 -0500
Get rid of krb5_read_realm_params
Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure. Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.
src/include/adm_proto.h | 9 --
src/kdc/main.c | 125 ++++++++++++------------
src/lib/kadm5/admin.h | 33 ------
src/lib/kadm5/alt_prof.c | 143 ---------------------------
src/lib/kadm5/clnt/libkadm5clnt_mit.exports | 2 -
src/lib/kadm5/srv/libkadm5srv_mit.exports | 2 -
6 files changed, 63 insertions(+), 251 deletions(-)
diff --git a/src/include/adm_proto.h b/src/include/adm_proto.h
index daca5a1..3758f5f 100644
--- a/src/include/adm_proto.h
+++ b/src/include/adm_proto.h
@@ -37,11 +37,6 @@ typedef struct _krb5_db_entry krb5_db_entry;
/* Ditto for admin.h */
-#if !defined(__KADM5_ADMIN_H__)
-struct ___krb5_realm_params;
-typedef struct ___krb5_realm_params krb5_realm_params;
-#endif /* KRB5_ADM_H__ */
-
#ifndef KRB5_KDB5__
struct ___krb5_key_salt_tuple;
typedef struct ___krb5_key_salt_tuple krb5_key_salt_tuple;
@@ -76,10 +71,6 @@ krb5_error_code krb5_aprof_get_int32(krb5_pointer, const char **,
krb5_boolean, krb5_int32 *);
krb5_error_code krb5_aprof_finish(krb5_pointer);
-krb5_error_code krb5_read_realm_params(krb5_context, char *,
- krb5_realm_params **);
-krb5_error_code krb5_free_realm_params(krb5_context, krb5_realm_params *);
-
/* str_conv.c */
krb5_error_code krb5_string_to_flags(char *, const char *, const char *,
krb5_flags *);
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 26d3907..2f08df6 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -200,15 +200,16 @@ combine(const char *val1, const char *val2, char **val_out)
* realm data and we should be all set to begin operation for that realm.
*/
static krb5_error_code
-init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
+init_realm(kdc_realm_t *rdp, krb5_pointer aprof, char *realm, char *def_mpname,
krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports,
krb5_boolean def_manual, krb5_boolean def_restrict_anon,
char **db_args, char *no_referral, char *hostbased)
{
krb5_error_code kret;
krb5_boolean manual;
- krb5_realm_params *rparams;
int kdb_open_flags;
+ char *svalue = NULL;
+ const char *hierarchy[4];
krb5_kvno mkvno = IGNORE_VNO;
memset(rdp, 0, sizeof(kdc_realm_t));
@@ -216,6 +217,9 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
kret = EINVAL;
goto whoops;
}
+ hierarchy[0] = KRB5_CONF_REALMS;
+ hierarchy[1] = realm;
+ hierarchy[3] = NULL;
rdp->realm_name = strdup(realm);
if (rdp->realm_name == NULL) {
@@ -230,95 +234,90 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
if (time_offset != 0)
(void)krb5_set_time_offsets(rdp->realm_context, time_offset, 0);
- kret = krb5_read_realm_params(rdp->realm_context, rdp->realm_name,
- &rparams);
- if (kret) {
- kdc_err(rdp->realm_context, kret, _("while reading realm parameters"));
- goto whoops;
- }
-
/* Handle master key name */
- if (rparams && rparams->realm_mkey_name)
- rdp->realm_mpname = strdup(rparams->realm_mkey_name);
- else
+ hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME;
+ if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_mpname)) {
rdp->realm_mpname = (def_mpname) ? strdup(def_mpname) :
strdup(KRB5_KDB_M_NAME);
+ }
if (!rdp->realm_mpname) {
kret = ENOMEM;
goto whoops;
}
/* Handle KDC ports */
- if (rparams && rparams->realm_kdc_ports)
- rdp->realm_ports = strdup(rparams->realm_kdc_ports);
- else
+ hierarchy[2] = KRB5_CONF_KDC_PORTS;
+ if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_ports))
rdp->realm_ports = strdup(def_udp_ports);
if (!rdp->realm_ports) {
kret = ENOMEM;
goto whoops;
}
- if (rparams && rparams->realm_kdc_tcp_ports)
- rdp->realm_tcp_ports = strdup(rparams->realm_kdc_tcp_ports);
- else
+ hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS;
+ if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_tcp_ports))
rdp->realm_tcp_ports = strdup(def_tcp_ports);
if (!rdp->realm_tcp_ports) {
kret = ENOMEM;
goto whoops;
}
/* Handle stash file */
- if (rparams && rparams->realm_stash_file) {
- rdp->realm_stash = strdup(rparams->realm_stash_file);
- if (!rdp->realm_stash) {
- kret = ENOMEM;
- goto whoops;
- }
- manual = FALSE;
- } else
+ hierarchy[2] = KRB5_CONF_KEY_STASH_FILE;
+ if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_stash))
manual = def_manual;
-
- if (rparams && rparams->realm_restrict_anon_valid)
- rdp->realm_restrict_anon = rparams->realm_restrict_anon;
else
+ manual = FALSE;
+
+ hierarchy[2] = KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT;
+ if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
+ &rdp->realm_restrict_anon))
rdp->realm_restrict_anon = def_restrict_anon;
/* Handle master key type */
- if (rparams && rparams->realm_enctype_valid)
- rdp->realm_mkey.enctype = (krb5_enctype) rparams->realm_enctype;
- else
+ hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
+ if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &svalue) ||
+ krb5_string_to_enctype(svalue, &rdp->realm_mkey.enctype))
rdp->realm_mkey.enctype = manual ? def_enctype : ENCTYPE_UNKNOWN;
+ free(svalue);
+ svalue = NULL;
/* Handle reject-bad-transit flag */
- if (rparams && rparams->realm_reject_bad_transit_valid)
- rdp->realm_reject_bad_transit = rparams->realm_reject_bad_transit;
- else
- rdp->realm_reject_bad_transit = 1;
+ hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT;
+ if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
+ &rdp->realm_reject_bad_transit))
+ rdp->realm_reject_bad_transit = TRUE;
/* Handle assume des-cbc-crc is supported for session keys */
- if (rparams && rparams->realm_assume_des_crc_sess_valid)
- rdp->realm_assume_des_crc_sess = rparams->realm_assume_des_crc_sess;
- else
- rdp->realm_assume_des_crc_sess = 1;
+ hierarchy[2] = KRB5_CONF_ASSUME_DES_CRC_SESSION;
+ if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
+ &rdp->realm_assume_des_crc_sess))
+ rdp->realm_assume_des_crc_sess = TRUE;
/* Handle ticket maximum life */
- rdp->realm_maxlife = (rparams && rparams->realm_max_life_valid) ?
- rparams->realm_max_life : KRB5_KDB_MAX_LIFE;
+ hierarchy[2] = KRB5_CONF_MAX_LIFE;
+ if (krb5_aprof_get_deltat(aprof, hierarchy, TRUE, &rdp->realm_maxlife))
+ rdp->realm_maxlife = KRB5_KDB_MAX_LIFE;
/* Handle ticket renewable maximum life */
- rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ?
- rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE;
+ hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE;
+ if (krb5_aprof_get_deltat(aprof, hierarchy, TRUE, &rdp->realm_maxrlife))
+ rdp->realm_maxrlife = KRB5_KDB_MAX_RLIFE;
/* Handle KDC referrals */
- kret = combine(no_referral, rparams->realm_no_referral,
- &rdp->realm_no_referral);
+ hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL;
+ (void)krb5_aprof_get_string_all(aprof, hierarchy, &svalue);
+ kret = combine(no_referral, svalue, &rdp->realm_no_referral);
if (kret)
goto whoops;
+ free(svalue);
+ svalue = NULL;
- kret = combine(hostbased, rparams->realm_hostbased, &rdp->realm_hostbased);
+ hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES;
+ (void)krb5_aprof_get_string_all(aprof, hierarchy, &svalue);
+ kret = combine(hostbased, svalue, &rdp->realm_hostbased);
if (kret)
goto whoops;
-
- if (rparams)
- krb5_free_realm_params(rdp->realm_context, rparams);
+ free(svalue);
+ svalue = NULL;
/*
* We've got our parameters, now go and setup our realm context.
@@ -616,7 +615,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
krb5_boolean def_restrict_anon;
char *default_udp_ports = 0;
char *default_tcp_ports = 0;
- krb5_pointer aprof;
+ krb5_pointer aprof = NULL;
const char *hierarchy[3];
char *no_referral = NULL;
char *hostbased = NULL;
@@ -646,8 +645,6 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES;
if (krb5_aprof_get_string_all(aprof, hierarchy, &hostbased))
hostbased = 0;
-
- krb5_aprof_finish(aprof);
}
if (default_udp_ports == 0) {
@@ -691,11 +688,12 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
case 'r': /* realm name for db */
if (!find_realm_data(&shandle, optarg, (krb5_ui_4) strlen(optarg))) {
if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
- if ((retval = init_realm(rdatap, optarg, mkey_name,
- menctype, default_udp_ports,
- default_tcp_ports, manual,
- def_restrict_anon, db_args,
- no_referral, hostbased))) {
+ retval = init_realm(rdatap, aprof, optarg, mkey_name,
+ menctype, default_udp_ports,
+ default_tcp_ports, manual,
+ def_restrict_anon, db_args,
+ no_referral, hostbased);
+ if (retval) {
fprintf(stderr, _("%s: cannot initialize realm %s - "
"see log file for details\n"),
argv[0], optarg);
@@ -808,10 +806,11 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
exit(1);
}
if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
- if ((retval = init_realm(rdatap, lrealm, mkey_name, menctype,
- default_udp_ports, default_tcp_ports,
- manual, def_restrict_anon, db_args,
- no_referral, hostbased))) {
+ retval = init_realm(rdatap, aprof, lrealm, mkey_name, menctype,
+ default_udp_ports, default_tcp_ports, manual,
+ def_restrict_anon, db_args, no_referral,
+ hostbased);
+ if (retval) {
fprintf(stderr, _("%s: cannot initialize realm %s - see log "
"file for details\n"), argv[0], lrealm);
exit(1);
@@ -834,6 +833,8 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
free(hostbased);
if (no_referral)
free(no_referral);
+ if (aprof)
+ krb5_aprof_finish(aprof);
return;
}
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index 47102cd..189ca45 100644
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -278,36 +278,6 @@ typedef struct _kadm5_config_params {
int iprop_resync_timeout;
} kadm5_config_params;
-/***********************************************************************
- * This is the old krb5_realm_read_params, which I mutated into
- * kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
- * still uses.
- ***********************************************************************/
-
-/*
- * Data structure returned by krb5_read_realm_params()
- */
-typedef struct __krb5_realm_params {
- char * realm_mkey_name;
- char * realm_stash_file;
- char * realm_kdc_ports;
- char * realm_kdc_tcp_ports;
- char * realm_hostbased;
- char * realm_no_referral;
- krb5_enctype realm_enctype;
- krb5_deltat realm_max_life;
- krb5_deltat realm_max_rlife;
- unsigned int realm_reject_bad_transit:1;
- unsigned int realm_restrict_anon:1;
- unsigned int realm_enctype_valid:1;
- unsigned int realm_max_life_valid:1;
- unsigned int realm_max_rlife_valid:1;
- unsigned int realm_reject_bad_transit_valid:1;
- unsigned int realm_restrict_anon_valid:1;
- unsigned int realm_assume_des_crc_sess:1;
- unsigned int realm_assume_des_crc_sess_valid:1;
-} krb5_realm_params;
-
/*
* functions
*/
@@ -320,9 +290,6 @@ krb5_error_code kadm5_get_config_params(krb5_context context,
krb5_error_code kadm5_free_config_params(krb5_context context,
kadm5_config_params *params);
-krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
- kadm5_config_params *params);
-
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
char *, size_t);
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index 075e077..07158fc 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -869,146 +869,3 @@ err_params:
kadm5_free_config_params(ctx, ¶ms_out);
return ret;
}
-
-/***********************************************************************
- * This is the old krb5_realm_read_params, which I mutated into
- * kadm5_get_config_params but which old KDC code still uses.
- ***********************************************************************/
-
-/*
- * krb5_read_realm_params() - Read per-realm parameters from KDC alternate
- * profile.
- */
-krb5_error_code
-krb5_read_realm_params(krb5_context context, char *realm,
- krb5_realm_params **rparamp)
-{
- char *envname, *lrealm, *svalue;
- char *no_referral = NULL, *hostbased = NULL;
- krb5_pointer aprofile = NULL;
- krb5_realm_params *rparams = NULL;
- const char *hierarchy[4];
- krb5_boolean bvalue;
- krb5_deltat dtvalue;
- krb5_error_code ret;
-
- if (realm != NULL) {
- lrealm = strdup(realm);
- } else {
- ret = krb5_get_default_realm(context, &lrealm);
- if (ret)
- goto cleanup;
- }
-
- envname = context->profile_secure ? NULL : KDC_PROFILE_ENV;
- ret = krb5_aprof_init(DEFAULT_KDC_PROFILE, envname, &aprofile);
- if (ret)
- goto cleanup;
-
- rparams = calloc(1, sizeof(krb5_realm_params));
- if (rparams == NULL) {
- ret = ENOMEM;
- goto cleanup;
- }
-
- /* Set up the hierarchy so we can query multiple realm variables. */
- hierarchy[0] = KRB5_CONF_REALMS;
- hierarchy[1] = lrealm;
- hierarchy[3] = NULL;
-
- /* Get the value for the KDC port list */
- hierarchy[2] = KRB5_CONF_KDC_PORTS;
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_kdc_ports = svalue;
- hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS;
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_kdc_tcp_ports = svalue;
-
- /* Get the value for the master key name */
- hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME;
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_mkey_name = svalue;
-
- /* Get the value for the master key type */
- hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
- if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype))
- rparams->realm_enctype_valid = 1;
- free(svalue);
- }
-
- /* Get the value for the stashfile */
- hierarchy[2] = KRB5_CONF_KEY_STASH_FILE;
- if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
- rparams->realm_stash_file = svalue;
-
- /* Get the value for maximum ticket lifetime. */
- hierarchy[2] = KRB5_CONF_MAX_LIFE;
- if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
- rparams->realm_max_life = dtvalue;
- rparams->realm_max_life_valid = 1;
- }
-
- /* Get the value for maximum renewable ticket lifetime. */
- hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE;
- if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
- rparams->realm_max_rlife = dtvalue;
- rparams->realm_max_rlife_valid = 1;
- }
-
- hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT;
- if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
- rparams->realm_reject_bad_transit = bvalue;
- rparams->realm_reject_bad_transit_valid = 1;
- }
-
- hierarchy[2] = KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT;
- if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
- rparams->realm_restrict_anon = bvalue;
- rparams->realm_restrict_anon_valid = 1;
- }
-
- hierarchy[2] = KRB5_CONF_ASSUME_DES_CRC_SESSION;
- if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
- rparams->realm_assume_des_crc_sess = bvalue;
- rparams->realm_assume_des_crc_sess_valid = 1;
- }
-
- hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL;
- if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_referral))
- rparams->realm_no_referral = no_referral;
-
- hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES;
- if (!krb5_aprof_get_string_all(aprofile, hierarchy, &hostbased))
- rparams->realm_hostbased = hostbased;
-
-cleanup:
- if (aprofile)
- krb5_aprof_finish(aprofile);
- free(lrealm);
- if (ret) {
- if (rparams)
- krb5_free_realm_params(context, rparams);
- rparams = 0;
- }
- *rparamp = rparams;
- return ret;
-}
-
-/*
- * krb5_free_realm_params() - Free data allocated by above.
- */
-krb5_error_code
-krb5_free_realm_params(krb5_context context, krb5_realm_params *rparams)
-{
- if (rparams == NULL)
- return 0;
- free(rparams->realm_mkey_name);
- free(rparams->realm_stash_file);
- free(rparams->realm_kdc_ports);
- free(rparams->realm_kdc_tcp_ports);
- free(rparams->realm_no_referral);
- free(rparams->realm_hostbased);
- free(rparams);
- return 0;
-}
diff --git a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
index 4732766..f6f93b9 100644
--- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
+++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
@@ -52,7 +52,6 @@ krb5_aprof_getvals
krb5_aprof_init
krb5_flags_to_string
krb5_free_key_data_contents
-krb5_free_realm_params
krb5_input_flag_to_string
krb5_keysalt_is_present
krb5_keysalt_iterate
@@ -60,7 +59,6 @@ krb5_klog_close
krb5_klog_init
krb5_klog_reopen
krb5_klog_syslog
-krb5_read_realm_params
krb5_string_to_flags
krb5_string_to_keysalts
xdr_chpass3_arg
diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports
index 0788ac1..07d447a 100644
--- a/src/lib/kadm5/srv/libkadm5srv_mit.exports
+++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports
@@ -69,7 +69,6 @@ krb5_aprof_init
krb5_copy_key_data_contents
krb5_flags_to_string
krb5_free_key_data_contents
-krb5_free_realm_params
krb5_input_flag_to_string
krb5_keysalt_is_present
krb5_keysalt_iterate
@@ -77,7 +76,6 @@ krb5_klog_close
krb5_klog_init
krb5_klog_reopen
krb5_klog_syslog
-krb5_read_realm_params
krb5_string_to_flags
krb5_string_to_keysalts
master_db
More information about the cvs-krb5
mailing list