Fold kadm5 internal policy functions into callers

kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire.  Now that
policy_refcnt is no longer used, we don't need the separation.

Bump the library soname since this is technically an ABI change.

src/lib/kadm5/admin.h

@@ -454,29 +454,11 @@ kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
 kadm5_ret_t    kadm5_create_policy(void *server_handle,
                                    kadm5_policy_ent_t ent,
                                    long mask);
-/*
- * kadm5_create_policy_internal is not part of the supported,
- * exposed API.  It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from kadm5_create_policy.
- */
-kadm5_ret_t    kadm5_create_policy_internal(void *server_handle,
-                                            kadm5_policy_ent_t
-                                            entry, long mask);
 kadm5_ret_t    kadm5_delete_policy(void *server_handle,
                                    kadm5_policy_t policy);
 kadm5_ret_t    kadm5_modify_policy(void *server_handle,
                                    kadm5_policy_ent_t ent,
                                    long mask);
-/*
- * kadm5_modify_policy_internal is not part of the supported,
- * exposed API.  It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from kadm5_modify_policy.
- */
-kadm5_ret_t    kadm5_modify_policy_internal(void *server_handle,
-                                            kadm5_policy_ent_t
-                                            entry, long mask);
 kadm5_ret_t    kadm5_get_policy(void *server_handle,
                                 kadm5_policy_t policy,
                                 kadm5_policy_ent_t ent);

src/lib/kadm5/clnt/Makefile.in

@@ -4,7 +4,7 @@ LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
 DEFS=
 
 LIBBASE=kadm5clnt_mit
-LIBMAJOR=8
+LIBMAJOR=9
 LIBMINOR=0
 STOBJLISTS=../OBJS.ST OBJS.ST
 SHLIB_EXPDEPS=\

src/lib/kadm5/srv/Makefile.in

@@ -10,7 +10,7 @@ DEFS=
 ##DOSLIBNAME = libkadm5srv.lib
 
 LIBBASE=kadm5srv_mit
-LIBMAJOR=8
+LIBMAJOR=9
 LIBMINOR=0
 STOBJLISTS=../OBJS.ST OBJS.ST
 

src/lib/kadm5/srv/libkadm5srv_mit.exports

@@ -13,7 +13,6 @@ kadm5_chpass_principal
 kadm5_chpass_principal_3
 kadm5_chpass_principal_util
 kadm5_create_policy
-kadm5_create_policy_internal
 kadm5_create_principal
 kadm5_create_principal_3
 kadm5_decrypt_key
@@ -43,7 +42,6 @@ kadm5_init_with_password
 kadm5_init_with_skey
 kadm5_lock
 kadm5_modify_policy
-kadm5_modify_policy_internal
 kadm5_modify_principal
 kadm5_purgekeys
 kadm5_randkey_principal

src/lib/kadm5/srv/svr_policy.c

@@ -17,41 +17,6 @@
 #define MAX_PW_CLASSES  5
 #define MIN_PW_LENGTH   1
 
-/*
- * Function: kadm5_create_policy
- *
- * Purpose: Create Policies in the policy DB.
- *
- * Arguments:
- *      entry   (input) The policy entry to be written out to the DB.
- *      mask    (input) Specifies which fields in entry are to ge written out
- *                      and which get default values.
- *      <return value> 0 if successful otherwise an error code is returned.
- *
- * Requires:
- *      Entry must be a valid principal entry, and mask have a valid value.
- *
- * Effects:
- *      Verifies that mask does not specify that the refcount should
- *      be set as part of the creation, and calls
- *      kadm5_create_policy_internal.  If the refcount *is*
- *      specified, returns KADM5_BAD_MASK.
- */
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
-                    kadm5_policy_ent_t entry, long mask)
-{
-    CHECK_HANDLE(server_handle);
-
-    krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
-
-    if (mask & KADM5_REF_COUNT)
-        return KADM5_BAD_MASK;
-    else
-        return kadm5_create_policy_internal(server_handle, entry, mask);
-}
-
 /* Validate allowed_keysalts. */
 static kadm5_ret_t
 validate_allowed_keysalts(const char *allowed_keysalts)
@@ -71,7 +36,7 @@ validate_allowed_keysalts(const char *allowed_keysalts)
 }
 
 /*
- * Function: kadm5_create_policy_internal
+ * Function: kadm5_create_policy
  *
  * Purpose: Create Policies in the policy DB.
  *
@@ -91,8 +56,7 @@ validate_allowed_keysalts(const char *allowed_keysalts)
  */
 
 kadm5_ret_t
-kadm5_create_policy_internal(void *server_handle,
-                             kadm5_policy_ent_t entry, long mask)
+kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
 {
     kadm5_server_handle_t handle = server_handle;
     osa_policy_ent_rec  pent;
@@ -101,6 +65,8 @@ kadm5_create_policy_internal(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_clear_error_message(handle->context);
+
     if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
         return EINVAL;
     if(strlen(entry->policy) == 0)
@@ -233,20 +199,6 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
     return (ret == 0) ? KADM5_OK : ret;
 }
 
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
-                    kadm5_policy_ent_t entry, long mask)
-{
-    CHECK_HANDLE(server_handle);
-
-    krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
-
-    if (mask & KADM5_REF_COUNT)
-        return KADM5_BAD_MASK;
-    else
-        return kadm5_modify_policy_internal(server_handle, entry, mask);
-}
-
 /* Allocate and form a TL data list of a desired size. */
 static int
 alloc_tl_data(krb5_int16 n_tl_data, krb5_tl_data **tldp)
@@ -291,8 +243,7 @@ copy_tl_data(krb5_int16 n_tl_data, krb5_tl_data *tl_data,
 }
 
 kadm5_ret_t
-kadm5_modify_policy_internal(void *server_handle,
-                             kadm5_policy_ent_t entry, long mask)
+kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
 {
     kadm5_server_handle_t    handle = server_handle;
     krb5_tl_data            *tl;
@@ -302,6 +253,8 @@ kadm5_modify_policy_internal(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_clear_error_message(handle->context);
+
     if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
         return EINVAL;
     if(strlen(entry->policy) == 0)

src/lib/kadm5/unit-test/api.2/crte-policy.exp

@@ -88,35 +88,6 @@ proc test3 {} {
 }
 test3
 
-# Description: (4) Fails for mask with REF_COUNT bit set.
-test "create-policy 4"
-proc test4 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-           [delete_policy "$test/a"])} {
-            error_and_restart "$test: couldn't delete policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
-		server_handle
-    }]} {
-	perror "$test: unexpected failure in init"
-	return
-    }
-    one_line_fail_test [format {
-	kadm5_create_policy $server_handle [simple_policy "%s/a"] \
-		{KADM5_POLICY KADM5_REF_COUNT}
-    } $test] "BAD_MASK"
-    if { ! [cmd {kadm5_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test4
-
 # Description: (5) Fails for invalid policy name.
 # 01/24/94: pshuang: untried.
 test "create-policy 5"

src/lib/kadm5/unit-test/api.2/mod-policy.exp

@@ -31,34 +31,6 @@ proc test2 {} {
 }
 if {$RPC} { test2 }
 
-test "modify-policy 4"
-proc test4 {} {
-    global test
-
-    if {! ([policy_exists "$test/a"] ||
-	   [create_policy "$test/a"])} {
-            error_and_restart "$test: couldn't create policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
-		server_handle
-    }]} {
-	perror "$test: unexpected failure in init"
-	return
-    }
-    one_line_fail_test [format {
-	kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
-		{KADM5_REF_COUNT}
-    } $test] "BAD_MASK"
-    if { ! [cmd {kadm5_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test4
-
 test "modify-policy 8"
 proc test8 {} {
     global test

src/lib/kadm5/unit-test/api.current/crte-policy.exp

@@ -88,35 +88,6 @@ proc test3 {} {
 }
 test3
 
-# Description: (4) Fails for mask with REF_COUNT bit set.
-test "create-policy 4"
-proc test4 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-           [delete_policy "$test/a"])} {
-            error_and_restart "$test: couldn't delete policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-		server_handle
-    }]} {
-	perror "$test: unexpected failure in init"
-	return
-    }
-    one_line_fail_test [format {
-	kadm5_create_policy $server_handle [simple_policy "%s/a"] \
-		{KADM5_POLICY KADM5_REF_COUNT}
-    } $test] "BAD_MASK"
-    if { ! [cmd {kadm5_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test4
-
 # Description: (5) Fails for invalid policy name.
 # 01/24/94: pshuang: untried.
 test "create-policy 5"

src/lib/kadm5/unit-test/api.current/mod-policy.exp

@@ -31,34 +31,6 @@ proc test2 {} {
 }
 if {$RPC} { test2 }
 
-test "modify-policy 4"
-proc test4 {} {
-    global test
-
-    if {! ([policy_exists "$test/a"] ||
-	   [create_policy "$test/a"])} {
-            error_and_restart "$test: couldn't create policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-		server_handle
-    }]} {
-	perror "$test: unexpected failure in init"
-	return
-    }
-    one_line_fail_test [format {
-	kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
-		{KADM5_REF_COUNT}
-    } $test] "BAD_MASK"
-    if { ! [cmd {kadm5_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test4
-
 test "modify-policy 8"
 proc test8 {} {
     global test