Make kadm5_lock() and unlock work, and add kadmin commands for them.

The libkadm5 functions hdb_open() and close around all HDB ops.  This
meant the previous implementation of kadm5_lock() and unlock would
always result in a core dump.  Now we hdb_open() for write in
kadm5_lock() and hdb_close() in kadm5_unlock(), with all kadm5_s_*()
functions now not opening nor closing the HDB when the server context
keep_open flag is set.

Also, there's now kadmin(8) lock and unlock commands.  These are there
primarily as a way to test the kadm5_lock()/unlock() operations, but
MIT's kadmin.local also has lock/unlock commands, and these can be
useful for scripting (though they require much care).

kadmin/kadmin-commands.in

@@ -459,6 +459,22 @@ command = {
 	max_args = "1"
 	help = "Check the realm (if not given, the default realm) for configuration errors."
 }
+command = {
+	name = "lock"
+	function = "lock"
+	argument = ""
+	min_args = "0"
+	max_args = "0"
+	help = "Lock the database for writing (use with care)."
+}
+command = {
+	name = "unlock"
+	function = "unlock"
+	argument = ""
+	min_args = "0"
+	max_args = "0"
+	help = "Unlock the database."
+}
 command = {
 	name = "help"
 	name = "?"

kadmin/kadmin.c

@@ -112,6 +112,18 @@ exit_kadmin (void *opt, int argc, char **argv)
     return 0;
 }
 
+int
+lock(void *opt, int argc, char **argv)
+{
+    return kadm5_lock(kadm_handle);
+}
+
+int
+unlock(void *opt, int argc, char **argv)
+{
+    return kadm5_unlock(kadm_handle);
+}
+
 static void
 usage(int ret)
 {