Avoid peeking into server handle in kadmind

setup_loop() does not need to peer into the server handle for network parameters, as kadmind makes its own call to kadm5_get_config_params() in main(). Use kadmind's copy of the parameters instead.
krb5 · Apr 23, 2018 · 90a1569 · 90a1569
1 parent 047d664
commit 90a1569
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 17 deletions.
diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in
@@ -4,7 +4,7 @@ KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
 
 LOCALINCLUDES = -I$(top_srcdir)/lib/gssapi/generic \
 	-I$(top_srcdir)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic \
-	-I$(BUILDTOP)/lib/gssapi/krb5 -I$(top_srcdir)/lib/kadm5/srv
+	-I$(BUILDTOP)/lib/gssapi/krb5
 
 PROG = kadmind
 OBJS = auth.o auth_acl.o auth_self.o kadm_rpc_svc.o server_stubs.o \

diff --git a/src/kadmin/server/deps b/src/kadmin/server/deps
@@ -83,9 +83,8 @@ $(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
 $(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
   $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(COM_ERR_DEPS) \

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
@@ -54,7 +54,6 @@
 #include <adm_proto.h>
 #include "kdb_kt.h"  /* for krb5_ktkdb_set_context */
 #include <string.h>
-#include "kadm5/server_internal.h" /* XXX for kadm5_server_handle_t */
 #include <kdb_log.h>
 
 #include "misc.h"
@@ -137,11 +136,10 @@ write_pid_file(const char *pid_file)
 /* Set up the main loop.  If proponly is set, don't set up ports for kpasswd or
  * kadmin.  May set *ctx_out even on error. */
 static krb5_error_code
-setup_loop(int proponly, verto_ctx **ctx_out)
+setup_loop(kadm5_config_params *params, int proponly, verto_ctx **ctx_out)
 {
     krb5_error_code ret;
     verto_ctx *ctx;
-    kadm5_server_handle_t handle = global_server_handle;
 
     *ctx_out = ctx = loop_init(VERTO_EV_TYPE_SIGNAL);
     if (ctx == NULL)
@@ -150,24 +148,23 @@ setup_loop(int proponly, verto_ctx **ctx_out)
     if (ret)
         return ret;
     if (!proponly) {
-        ret = loop_add_udp_address(handle->params.kpasswd_port,
-                                   handle->params.kpasswd_listen);
+        ret = loop_add_udp_address(params->kpasswd_port,
+                                   params->kpasswd_listen);
         if (ret)
             return ret;
-        ret = loop_add_tcp_address(handle->params.kpasswd_port,
-                                   handle->params.kpasswd_listen);
+        ret = loop_add_tcp_address(params->kpasswd_port,
+                                   params->kpasswd_listen);
         if (ret)
             return ret;
-        ret = loop_add_rpc_service(handle->params.kadmind_port,
-                                   handle->params.kadmind_listen,
+        ret = loop_add_rpc_service(params->kadmind_port,
+                                   params->kadmind_listen,
                                    KADM, KADMVERS, kadm_1);
         if (ret)
             return ret;
     }
 #ifndef DISABLE_IPROP
-    if (handle->params.iprop_enabled) {
-        ret = loop_add_rpc_service(handle->params.iprop_port,
-                                   handle->params.iprop_listen,
+    if (params->iprop_enabled) {
+        ret = loop_add_rpc_service(params->iprop_port, params->iprop_listen,
                                    KRB5_IPROP_PROG, KRB5_IPROP_VERS,
                                    krb5_iprop_prog_1);
         if (ret)
@@ -472,7 +469,7 @@ main(int argc, char *argv[])
     if (!(params.mask & KADM5_CONFIG_ACL_FILE))
         fail_to_start(0, _("Missing required ACL file configuration"));
 
-    ret = setup_loop(proponly, &vctx);
+    ret = setup_loop(&params, proponly, &vctx);
     if (ret)
         fail_to_start(ret, _("initializing network"));