From ecb9c348dd3e82aa8e68a466d89150dc0df3d46c Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 9 Jan 2013 02:07:05 -0500 Subject: Fold kadm5 internal policy functions into callers kadm5_create_policy and kadm5_modify_policy had _internal variants in libkadm5srv (but not libkadm5clnt) which only existed to protect the policy_refcnt field from modification over the wire. Now that policy_refcnt is no longer used, we don't need the separation. Bump the library soname since this is technically an ABI change. --- src/lib/kadm5/admin.h | 18 ------- src/lib/kadm5/clnt/Makefile.in | 2 +- src/lib/kadm5/srv/Makefile.in | 2 +- src/lib/kadm5/srv/libkadm5srv_mit.exports | 2 - src/lib/kadm5/srv/svr_policy.c | 61 +++------------------- src/lib/kadm5/unit-test/api.2/crte-policy.exp | 29 ---------- src/lib/kadm5/unit-test/api.2/mod-policy.exp | 28 ---------- .../kadm5/unit-test/api.current/crte-policy.exp | 29 ---------- src/lib/kadm5/unit-test/api.current/mod-policy.exp | 28 ---------- 9 files changed, 9 insertions(+), 190 deletions(-) (limited to 'src') diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 6c2efbc..fd8d654 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -454,29 +454,11 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, kadm5_ret_t kadm5_create_policy(void *server_handle, kadm5_policy_ent_t ent, long mask); -/* - * kadm5_create_policy_internal is not part of the supported, - * exposed API. It is available only in the server library, and you - * shouldn't use it unless you know why it's there and how it's - * different from kadm5_create_policy. - */ -kadm5_ret_t kadm5_create_policy_internal(void *server_handle, - kadm5_policy_ent_t - entry, long mask); kadm5_ret_t kadm5_delete_policy(void *server_handle, kadm5_policy_t policy); kadm5_ret_t kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t ent, long mask); -/* - * kadm5_modify_policy_internal is not part of the supported, - * exposed API. It is available only in the server library, and you - * shouldn't use it unless you know why it's there and how it's - * different from kadm5_modify_policy. - */ -kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, - kadm5_policy_ent_t - entry, long mask); kadm5_ret_t kadm5_get_policy(void *server_handle, kadm5_policy_t policy, kadm5_policy_ent_t ent); diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in index 73597a2..3588a86 100644 --- a/src/lib/kadm5/clnt/Makefile.in +++ b/src/lib/kadm5/clnt/Makefile.in @@ -4,7 +4,7 @@ LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5 DEFS= LIBBASE=kadm5clnt_mit -LIBMAJOR=8 +LIBMAJOR=9 LIBMINOR=0 STOBJLISTS=../OBJS.ST OBJS.ST SHLIB_EXPDEPS=\ diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in index 429acdd..ccf9ec3 100644 --- a/src/lib/kadm5/srv/Makefile.in +++ b/src/lib/kadm5/srv/Makefile.in @@ -10,7 +10,7 @@ DEFS= ##DOSLIBNAME = libkadm5srv.lib LIBBASE=kadm5srv_mit -LIBMAJOR=8 +LIBMAJOR=9 LIBMINOR=0 STOBJLISTS=../OBJS.ST OBJS.ST diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports index e661f30..358b9c6 100644 --- a/src/lib/kadm5/srv/libkadm5srv_mit.exports +++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports @@ -13,7 +13,6 @@ kadm5_chpass_principal kadm5_chpass_principal_3 kadm5_chpass_principal_util kadm5_create_policy -kadm5_create_policy_internal kadm5_create_principal kadm5_create_principal_3 kadm5_decrypt_key @@ -43,7 +42,6 @@ kadm5_init_with_password kadm5_init_with_skey kadm5_lock kadm5_modify_policy -kadm5_modify_policy_internal kadm5_modify_principal kadm5_purgekeys kadm5_randkey_principal diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 69d2fea..1f794e4 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -17,41 +17,6 @@ #define MAX_PW_CLASSES 5 #define MIN_PW_LENGTH 1 -/* - * Function: kadm5_create_policy - * - * Purpose: Create Policies in the policy DB. - * - * Arguments: - * entry (input) The policy entry to be written out to the DB. - * mask (input) Specifies which fields in entry are to ge written out - * and which get default values. - * 0 if successful otherwise an error code is returned. - * - * Requires: - * Entry must be a valid principal entry, and mask have a valid value. - * - * Effects: - * Verifies that mask does not specify that the refcount should - * be set as part of the creation, and calls - * kadm5_create_policy_internal. If the refcount *is* - * specified, returns KADM5_BAD_MASK. - */ - -kadm5_ret_t -kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t entry, long mask) -{ - CHECK_HANDLE(server_handle); - - krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); - - if (mask & KADM5_REF_COUNT) - return KADM5_BAD_MASK; - else - return kadm5_create_policy_internal(server_handle, entry, mask); -} - /* Validate allowed_keysalts. */ static kadm5_ret_t validate_allowed_keysalts(const char *allowed_keysalts) @@ -71,7 +36,7 @@ validate_allowed_keysalts(const char *allowed_keysalts) } /* - * Function: kadm5_create_policy_internal + * Function: kadm5_create_policy * * Purpose: Create Policies in the policy DB. * @@ -91,8 +56,7 @@ validate_allowed_keysalts(const char *allowed_keysalts) */ kadm5_ret_t -kadm5_create_policy_internal(void *server_handle, - kadm5_policy_ent_t entry, long mask) +kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask) { kadm5_server_handle_t handle = server_handle; osa_policy_ent_rec pent; @@ -101,6 +65,8 @@ kadm5_create_policy_internal(void *server_handle, CHECK_HANDLE(server_handle); + krb5_clear_error_message(handle->context); + if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL)) return EINVAL; if(strlen(entry->policy) == 0) @@ -233,20 +199,6 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) return (ret == 0) ? KADM5_OK : ret; } -kadm5_ret_t -kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t entry, long mask) -{ - CHECK_HANDLE(server_handle); - - krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); - - if (mask & KADM5_REF_COUNT) - return KADM5_BAD_MASK; - else - return kadm5_modify_policy_internal(server_handle, entry, mask); -} - /* Allocate and form a TL data list of a desired size. */ static int alloc_tl_data(krb5_int16 n_tl_data, krb5_tl_data **tldp) @@ -291,8 +243,7 @@ copy_tl_data(krb5_int16 n_tl_data, krb5_tl_data *tl_data, } kadm5_ret_t -kadm5_modify_policy_internal(void *server_handle, - kadm5_policy_ent_t entry, long mask) +kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t entry, long mask) { kadm5_server_handle_t handle = server_handle; krb5_tl_data *tl; @@ -302,6 +253,8 @@ kadm5_modify_policy_internal(void *server_handle, CHECK_HANDLE(server_handle); + krb5_clear_error_message(handle->context); + if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL)) return EINVAL; if(strlen(entry->policy) == 0) diff --git a/src/lib/kadm5/unit-test/api.2/crte-policy.exp b/src/lib/kadm5/unit-test/api.2/crte-policy.exp index 2c42cb4..4902ea5 100644 --- a/src/lib/kadm5/unit-test/api.2/crte-policy.exp +++ b/src/lib/kadm5/unit-test/api.2/crte-policy.exp @@ -88,35 +88,6 @@ proc test3 {} { } test3 -# Description: (4) Fails for mask with REF_COUNT bit set. -test "create-policy 4" -proc test4 {} { - global test - - if {! (( ! [policy_exists "$test/a"]) || - [delete_policy "$test/a"])} { - error_and_restart "$test: couldn't delete policy \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_create_policy $server_handle [simple_policy "%s/a"] \ - {KADM5_POLICY KADM5_REF_COUNT} - } $test] "BAD_MASK" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test4 - # Description: (5) Fails for invalid policy name. # 01/24/94: pshuang: untried. test "create-policy 5" diff --git a/src/lib/kadm5/unit-test/api.2/mod-policy.exp b/src/lib/kadm5/unit-test/api.2/mod-policy.exp index 2cc1686..904edca 100644 --- a/src/lib/kadm5/unit-test/api.2/mod-policy.exp +++ b/src/lib/kadm5/unit-test/api.2/mod-policy.exp @@ -31,34 +31,6 @@ proc test2 {} { } if {$RPC} { test2 } -test "modify-policy 4" -proc test4 {} { - global test - - if {! ([policy_exists "$test/a"] || - [create_policy "$test/a"])} { - error_and_restart "$test: couldn't create policy \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ - {KADM5_REF_COUNT} - } $test] "BAD_MASK" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test4 - test "modify-policy 8" proc test8 {} { global test diff --git a/src/lib/kadm5/unit-test/api.current/crte-policy.exp b/src/lib/kadm5/unit-test/api.current/crte-policy.exp index 017bc31..7e1eda6 100644 --- a/src/lib/kadm5/unit-test/api.current/crte-policy.exp +++ b/src/lib/kadm5/unit-test/api.current/crte-policy.exp @@ -88,35 +88,6 @@ proc test3 {} { } test3 -# Description: (4) Fails for mask with REF_COUNT bit set. -test "create-policy 4" -proc test4 {} { - global test - - if {! (( ! [policy_exists "$test/a"]) || - [delete_policy "$test/a"])} { - error_and_restart "$test: couldn't delete policy \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_create_policy $server_handle [simple_policy "%s/a"] \ - {KADM5_POLICY KADM5_REF_COUNT} - } $test] "BAD_MASK" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test4 - # Description: (5) Fails for invalid policy name. # 01/24/94: pshuang: untried. test "create-policy 5" diff --git a/src/lib/kadm5/unit-test/api.current/mod-policy.exp b/src/lib/kadm5/unit-test/api.current/mod-policy.exp index 599e7d3..1bf00b5 100644 --- a/src/lib/kadm5/unit-test/api.current/mod-policy.exp +++ b/src/lib/kadm5/unit-test/api.current/mod-policy.exp @@ -31,34 +31,6 @@ proc test2 {} { } if {$RPC} { test2 } -test "modify-policy 4" -proc test4 {} { - global test - - if {! ([policy_exists "$test/a"] || - [create_policy "$test/a"])} { - error_and_restart "$test: couldn't create policy \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ - {KADM5_REF_COUNT} - } $test] "BAD_MASK" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test4 - test "modify-policy 8" proc test8 {} { global test -- cgit v1.1