]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0cc00db)
Use write lock flag for update_princ_encryption
authorTom Yu <tlyu@mit.edu>
Sat, 2 Aug 2014 18:20:33 +0000 (14:20 -0400)
committerTom Yu <tlyu@mit.edu>
Sat, 2 Aug 2014 18:20:33 +0000 (14:20 -0400)
In kdb5_util update_princ_encryption, instead of getting a write lock
on the KDB surrounding the call to krb5_db_iterate(), use the
iterflags parameter of krb5_db_iterate() to request that it obtain a
write lock around the iteration.

ticket: 7977

src/kadmin/dbutil/kdb5_mkey.c patch | blob | blame | history

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index aefde7b673584b8f5cf63f4fd6ebf745afb5d2bc..9088d5f012e28dd631388c2f0daf08e61abc225f 100644 (file)
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -912,6 +912,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
     char *regexp = NULL;
     krb5_keyblock *act_mkey;
     krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
+    krb5_flags iterflags;
 
     while ((optchar = getopt(argc, argv, "fnv")) != -1) {
         switch (optchar) {
@@ -1025,23 +1026,17 @@ kdb5_update_princ_encryption(int argc, char *argv[])
     if (!data.dry_run) {
         /* Grab a write lock so we don't have to upgrade to a write lock and
          * reopen the DB while iterating. */
-        retval = krb5_db_lock(util_context, KRB5_DB_LOCKMODE_EXCLUSIVE);
-        if (retval != 0 && retval != KRB5_PLUGIN_OP_NOTSUPP) {
-            com_err(progname, retval, _("trying to lock database"));
-            exit_status++;
-        }
+        iterflags = KRB5_DB_ITER_WRITE;
     }
 
     retval = krb5_db_iterate(util_context, name_pattern,
-                             update_princ_encryption_1, &data, 0);
+                             update_princ_encryption_1, &data, iterflags);
     /* If exit_status is set, then update_princ_encryption_1 already
        printed a message.  */
     if (retval != 0 && exit_status == 0) {
         com_err(progname, retval, _("trying to process principal database"));
         exit_status++;
     }
-    if (!data.dry_run)
-        (void)krb5_db_unlock(util_context);
     (void) krb5_db_fini(util_context);
     if (data.dry_run) {
         printf(_("%u principals processed: %u would be updated, %u already "
Mirror of https://github.com/krb5/krb5.git