Add more configuration parameters, fix various bugs

Add config_file, db_name, and stash_file configuration parameters
and pass them into either libkadm5srv or the Kerberos context as
needed.

Fix the code to set the elements of the exception thrown from the
Kerberos kadmin code.  hv_stores is a better API to use here.

Use KADM5_ADMIN_SERVICE instead of a hard-coded string.

Include the Authen::Kerberos::Exception class in the
Authen::Kerberos::Kadmin class so that exceptions will stringify
and compare properly by default.

diff --git a/lib/Authen/Kerberos/Kadmin.pm b/lib/Authen/Kerberos/Kadmin.pm
index e384b2314b46b1adda97e2f38e037a864cff1d22..d780a6c4c0ce568206a108e3865542f09332110a 100644 (file)
--- a/lib/Authen/Kerberos/Kadmin.pm
+++ b/lib/Authen/Kerberos/Kadmin.pm
@@ -40,6 +40,7 @@ use warnings;
 
 use base qw(DynaLoader);
 
+use Authen::Kerberos::Exception;
 use Exporter qw(import);
 
 our $VERSION;
@@ -106,6 +107,20 @@ Supported options are:
 
 =over 4
 
+=item config_file
+
+A Kerberos configuration file to use by preference.  This configuration
+file will not replace the default system Kerberos configuration, but its
+settings will override other settings.  It may be needed to configure such
+things as password quality checking.
+
+=item db_name
+
+The name of or path to the Kerberos KDC database.  This option is only
+used if the C<server> option is set to true.  If C<server> is true and
+this option is not set, the compile-time or system-configured default will
+be used.
+
 =item password_quality
 
 If set to a true value, the password quality check configuration will be
@@ -126,6 +141,13 @@ API.  This mode opens the Kerberos KDC database directly to make changes
 instead of using the kadmin network protocol.  Currently, this option must
 be present and set to a true value.
 
+=item stash_file
+
+The path to the stash file containing the master key for the Kerberos KDC
+database.  This option is only used if the C<server> option is set to
+true.  If C<server> is true and this option is not set, the compile-time
+or system-configured default will be used.
+
 =back
 
 =back

diff --git a/lib/Authen/Kerberos/Kadmin.xs b/lib/Authen/Kerberos/Kadmin.xs
index 5a2edaf260fead394ccfd63187489bfc41886f2a..94f453d793fcce51dafdf6d6e8e9a65832e00412 100644 (file)
--- a/lib/Authen/Kerberos/Kadmin.xs
+++ b/lib/Authen/Kerberos/Kadmin.xs
@@ -30,6 +30,9 @@
  * DEALINGS IN THE SOFTWARE.
  */
 
+#include <stdlib.h>
+#include <string.h>
+
 #include <EXTERN.h>
 #include <perl.h>
 #include <XSUB.h>
@@ -69,17 +72,17 @@ kadmin_croak(krb5_context ctx, krb5_error_code code, const char *function,
     const char *message;
 
     hv = newHV();
-    (void) hv_store(hv, "code", 6, newSViv(code), 0);
+    (void) hv_stores(hv, "code", newSViv(code));
     message = krb5_get_error_message(ctx, code);
-    (void) hv_store(hv, "message", 7, newSVpv(message, 0), 0);
+    (void) hv_stores(hv, "message", newSVpv(message, 0));
     krb5_free_error_message(ctx, message);
     if (destroy)
         krb5_free_context(ctx);
     if (function != NULL)
-        (void) hv_store(hv, "function", 6, newSVpv(function, 0), 0);
+        (void) hv_stores(hv, "function", newSVpv(function, 0));
     if (CopLINE(PL_curcop)) {
-        (void) hv_store(hv, "line", 4, newSViv(CopLINE(PL_curcop)), 0);
-        (void) hv_store(hv, "file", 4, newSVpv(CopFILE(PL_curcop), 0), 0);
+        (void) hv_stores(hv, "line", newSViv(CopLINE(PL_curcop)));
+        (void) hv_stores(hv, "file", newSVpv(CopFILE(PL_curcop), 0));
     }
     rv = newRV_noinc((SV *) hv);
     sv_bless(rv, gv_stashpv("Authen::Kerberos::Exception", TRUE));
@@ -107,6 +110,8 @@ new(class, args)
     void *handle;
     Authen__Kerberos__Kadmin self;
     bool quality = FALSE;
+    const char *config_file;
+    char **files;
   CODE:
 {
     code = krb5_init_context(&ctx);
@@ -116,21 +121,49 @@ new(class, args)
     /* Parse the arguments to the function, if any. */
     memset(&params, 0, sizeof(params));
     if (args != NULL) {
+        value = hv_fetchs(args, "server", 0);
+        if (value == NULL || !SvTRUE(*value))
+            croak("server mode required in Authen::Kerberos::Kadmin::new");
+
+        /* The config file has to be set in the Kerberos context. */
+        value = hv_fetchs(args, "config_file", 0);
+        if (value != NULL) {
+            config_file = SvPV_nolen(*value);
+            code = krb5_prepend_config_files_default(config_file, &files);
+            if (code != 0)
+                kadmin_croak(ctx, code, "krb5_prepend_config_files_default",
+                             TRUE);
+            code = krb5_set_config_files(ctx, files);
+            krb5_free_config_files(files);
+            if (code != 0)
+                kadmin_croak(ctx, code, "krb5_set_config_files", TRUE);
+        }
+
+        /* Set configuration parameters used by kadm5_init. */
+        value = hv_fetchs(args, "db_name", 0);
+        if (value != NULL) {
+            params.dbname = SvPV_nolen(*value);
+            params.mask |= KADM5_CONFIG_DBNAME;
+        }
         value = hv_fetchs(args, "realm", 0);
         if (value != NULL) {
             params.realm = SvPV_nolen(*value);
-            params.mask = KADM5_CONFIG_REALM;
+            params.mask |= KADM5_CONFIG_REALM;
         }
-        value = hv_fetchs(args, "server", 0);
-        if (value == NULL || !SvTRUE(*value))
-            croak("server mode required in Authen::Kerberos::Kadmin::new");
+        value = hv_fetchs(args, "stash_file", 0);
+        if (value != NULL) {
+            params.stash_file = SvPV_nolen(*value);
+            params.mask |= KADM5_CONFIG_STASH_FILE;
+        }
+
+        /* Password quality we have to configure later. */
         value = hv_fetchs(args, "password_quality", 0);
         if (value != NULL && SvTRUE(*value))
             quality = TRUE;
     }
 
     /* Create the kadmin server handle. */
-    code = kadm5_init_with_password_ctx(ctx, "kadmin/admin", NULL, NULL,
+    code = kadm5_init_with_password_ctx(ctx, KADM5_ADMIN_SERVICE, NULL, NULL,
                                         &params,  KADM5_STRUCT_VERSION,
                                         KADM5_API_VERSION_2, &handle);
     if (code != 0)