[28500] in CVS-changelog-for-Kerberos-V5


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5 commit: Use write lock flag for update_princ_encryption

daemon@ATHENA.MIT.EDU (Tom Yu)
Sat Aug 2 14:24:45 2014

Date: Sat, 2 Aug 2014 14:24:26 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201408021824.s72IOQsn004814@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/0d3db948464bf7a38afa458f2f54867d107bbb72
commit 0d3db948464bf7a38afa458f2f54867d107bbb72
Author: Tom Yu <tlyu@mit.edu>
Date:   Sat Aug 2 14:20:33 2014 -0400

    Use write lock flag for update_princ_encryption
    
    In kdb5_util update_princ_encryption, instead of getting a write lock
    on the KDB surrounding the call to krb5_db_iterate(), use the
    iterflags parameter of krb5_db_iterate() to request that it obtain a
    write lock around the iteration.
    
    ticket: 7977

 src/kadmin/dbutil/kdb5_mkey.c |   11 +++--------
 1 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index aefde7b..9088d5f 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -912,6 +912,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
     char *regexp = NULL;
     krb5_keyblock *act_mkey;
     krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
+    krb5_flags iterflags;
 
     while ((optchar = getopt(argc, argv, "fnv")) != -1) {
         switch (optchar) {
@@ -1025,23 +1026,17 @@ kdb5_update_princ_encryption(int argc, char *argv[])
     if (!data.dry_run) {
         /* Grab a write lock so we don't have to upgrade to a write lock and
          * reopen the DB while iterating. */
-        retval = krb5_db_lock(util_context, KRB5_DB_LOCKMODE_EXCLUSIVE);
-        if (retval != 0 && retval != KRB5_PLUGIN_OP_NOTSUPP) {
-            com_err(progname, retval, _("trying to lock database"));
-            exit_status++;
-        }
+        iterflags = KRB5_DB_ITER_WRITE;
     }
 
     retval = krb5_db_iterate(util_context, name_pattern,
-                             update_princ_encryption_1, &data, 0);
+                             update_princ_encryption_1, &data, iterflags);
     /* If exit_status is set, then update_princ_encryption_1 already
        printed a message.  */
     if (retval != 0 && exit_status == 0) {
         com_err(progname, retval, _("trying to process principal database"));
         exit_status++;
     }
-    if (!data.dry_run)
-        (void)krb5_db_unlock(util_context);
     (void) krb5_db_fini(util_context);
     if (data.dry_run) {
         printf(_("%u principals processed: %u would be updated, %u already "
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28500] in CVS-changelog-for-Kerberos-V5

krb5 commit: Use write lock flag for update_princ_encryption

daemon@ATHENA.MIT.EDU (Tom Yu)Sat Aug 2 14:24:45 2014

daemon@ATHENA.MIT.EDU (Tom Yu)
Sat Aug 2 14:24:45 2014