kadmin: Fix re-entrance in iterations

Any callback of kadm5_iter_principals() that wants to call other kadm5
functions (such as kadm5_get_principal()) needs to do so on a different
kadm5 handle than the one used for kadm5_iter_principals().

kadmin/ext.c

@@ -40,6 +40,7 @@ struct ext_keytab_data {
     int random_key_flag;
     size_t nkstuple;
     krb5_key_salt_tuple *kstuple;
+    void *kadm_handle;
 };
 
 static int
@@ -59,7 +60,7 @@ do_ext_keytab(krb5_principal principal, void *data)
     if (!e->random_key_flag)
         mask |= KADM5_KVNO | KADM5_KEY_DATA;
 
-    ret = kadm5_get_principal(kadm_handle, principal, &princ, mask);
+    ret = kadm5_get_principal(e->kadm_handle, principal, &princ, mask);
     if (ret)
 	return ret;
 
@@ -112,7 +113,7 @@ do_ext_keytab(krb5_principal principal, void *data)
             n_k++;
 	}
     } else if (e->random_key_flag) {
-        ret = kadm5_randkey_principal_3(kadm_handle, principal, e->keep,
+        ret = kadm5_randkey_principal_3(e->kadm_handle, principal, e->keep,
                                         e->nkstuple, e->kstuple, &k, &n_k);
 	if (ret)
 	    goto out;
@@ -140,7 +141,7 @@ do_ext_keytab(krb5_principal principal, void *data)
     }
 
   out:
-    kadm5_free_principal_ent(kadm_handle, &princ);
+    kadm5_free_principal_ent(e->kadm_handle, &princ);
     if (k) {
         for (i = 0; i < n_k; i++)
             memset(k[i].keyvalue.data, 0, k[i].keyvalue.length);
@@ -159,6 +160,9 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
     const char *enctypes;
     size_t i;
 
+    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
+    if (ret)
+        krb5_err(context, 1, ret, "Could not duplicate kadmin connection");
     data.random_key_flag = opt->random_key_flag;
     data.keep = 1;
     i = 0;
@@ -209,6 +213,7 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
 	    break;
     }
 
+    kadm5_destroy(data.kadm_handle);
     krb5_kt_close(context, data.keytab);
     free(data.kstuple);
     return ret != 0;