Ticket History #3925: krb5_get_profile should reflect profile in the supplied context

Currently krb5_get_profile creates a new profile object by looking anew
at the environment variables and checking the existence of all of the
files; on the other hand, it uses the "secure" flag in the supplied
profile to decide whether to use environment variables or just the
compiled-in paths.

If the environment variables have changed, or a config file created that
was not present before, the resulting profile will not match the one in
the supplied context.

If the supplied context uses kdc.conf as well as krb5.conf, this will
not be reflected in the new profile, because that flag is not preserved.

I think krb5_get_profile should probably use exactly the same set of
files as in the profile in the supplied context. In fact, peeking
through the abstraction, it should probably just build a new list
containing the same pointers to the per-file data, and let the profile
library locking arbitrate accesses between threads.

Fix krb5_get_profile to create a new profile duplicating the list of
files from the one in the provided context, instead of constructing
and checking the file list from scratch. Uses a new function in the
profile library, not put into the public API yet.

* util/profile/prof_init.c (profile_copy): New function.
* util/profile/prof_int.h (profile_copy): Declare it.
* lib/krb5/os/Makefile.in (LOCALINCLUDES): Look in the profile source dir.
* lib/krb5/os/init_os_ctx.c (krb5_get_profile): Replace all the previous code
with a call to profile_copy.

Commit By: raeburn



Revision: 18209
Changed Files:
U trunk/src/lib/krb5/os/Makefile.in
U trunk/src/lib/krb5/os/init_os_ctx.c
U trunk/src/util/profile/prof_init.c
U trunk/src/util/profile/prof_int.h