[27878] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Don't reopen the KDB in update_princ_encryption

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jul 31 18:57:46 2013

Date: Wed, 31 Jul 2013 18:57:37 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201307312257.r6VMvbU6016787@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/1c65092f874edc41c02f328608e2e44a93a6fb89
commit 1c65092f874edc41c02f328608e2e44a93a6fb89
Author: Greg Hudson <ghudson@mit.edu>
Date:   Wed Jul 31 18:49:13 2013 -0400

    Don't reopen the KDB in update_princ_encryption
    
    kdb5_util update_princ_encryption iterates over the KDB and writes
    modified entries.  With the DB2 back end, the first write operation
    has to upgrade the lock and reopen the DB, which resets the cursor
    state.  Take out an explicit write lock before iterating to avoid this
    step.
    
    ticket: 7684 (new)

 src/kadmin/dbutil/kdb5_mkey.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 4edacb6..0fbbb78 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -1050,6 +1050,16 @@ kdb5_update_princ_encryption(int argc, char *argv[])
         }
     }
 
+    if (!data.dry_run) {
+        /* Grab a write lock so we don't have to upgrade to a write lock and
+         * reopen the DB while iterating. */
+        retval = krb5_db_lock(util_context, KRB5_DB_LOCKMODE_EXCLUSIVE);
+        if (retval != 0 && retval != KRB5_PLUGIN_OP_NOTSUPP) {
+            com_err(progname, retval, _("trying to lock database"));
+            exit_status++;
+        }
+    }
+
     retval = krb5_db_iterate(util_context, name_pattern,
                              update_princ_encryption_1, &data);
     /* If exit_status is set, then update_princ_encryption_1 already
@@ -1058,6 +1068,8 @@ kdb5_update_princ_encryption(int argc, char *argv[])
         com_err(progname, retval, _("trying to process principal database"));
         exit_status++;
     }
+    if (!data.dry_run)
+        (void)krb5_db_unlock(util_context);
     (void) krb5_db_fini(util_context);
     if (data.dry_run) {
         printf(_("%u principals processed: %u would be updated, %u already "
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home help back first fref pref prev next nref lref last post