{
krb5_error_code status = 0;
kdb_vftabl *v;
+ int ulog_locked = 0;
status = get_vftabl(kcontext, &v);
if (status)
return status;
if (v->create_policy == NULL)
return KRB5_PLUGIN_OP_NOTSUPP;
- return v->create_policy(kcontext, policy);
+
+ if (logging(kcontext)) {
+ status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
+ if (status != 0)
+ return status;
+ ulog_locked = 1;
+ }
+
+ status = v->create_policy(kcontext, policy);
+ /* iprop does not support policy mods; force full resync. */
+ if (!status && ulog_locked)
+ ulog_init_header(kcontext);
+
+ if (ulog_locked)
+ ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
+ return status;
}
krb5_error_code
{
krb5_error_code status = 0;
kdb_vftabl *v;
+ int ulog_locked = 0;
status = get_vftabl(kcontext, &v);
if (status)
return status;
if (v->put_policy == NULL)
return KRB5_PLUGIN_OP_NOTSUPP;
- return v->put_policy(kcontext, policy);
+
+ if (logging(kcontext)) {
+ status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
+ if (status)
+ return status;
+ ulog_locked = 1;
+ }
+
+ status = v->put_policy(kcontext, policy);
+ /* iprop does not support policy mods; force full resync. */
+ if (!status && ulog_locked)
+ ulog_init_header(kcontext);
+
+ if (ulog_locked)
+ ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
+ return status;
}
krb5_error_code
{
krb5_error_code status = 0;
kdb_vftabl *v;
+ int ulog_locked = 0;
status = get_vftabl(kcontext, &v);
if (status)
return status;
if (v->delete_policy == NULL)
return KRB5_PLUGIN_OP_NOTSUPP;
- return v->delete_policy(kcontext, policy);
+
+ if (logging(kcontext)) {
+ status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
+ if (status)
+ return status;
+ ulog_locked = 1;
+ }
+
+ status = v->delete_policy(kcontext, policy);
+ /* iprop does not support policy mods; force full resync. */
+ if (!status && ulog_locked)
+ ulog_init_header(kcontext);
+
+ if (ulog_locked)
+ ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
+ return status;
}
void
if 'Attributes:\n' not in out:
fail('Slave has different state from master')
+# Create a policy and check that it propagates via full resync.
+realm.run_kadminl('addpol -minclasses 2 testpol')
+check_serial(realm, 'None')
+kpropd.send_signal(signal.SIGUSR1)
+wait_for_prop(kpropd, True)
+check_serial(realm, 'None', slave)
+out = realm.run_kadminl('getpol testpol', slave)
+if 'Minimum number of password character classes: 2' not in out:
+ fail('Slave does not have policy from master')
+
+# Modify the policy and test that it also propagates via full resync.
+realm.run_kadminl('modpol -minlength 17 testpol')
+check_serial(realm, 'None')
+kpropd.send_signal(signal.SIGUSR1)
+wait_for_prop(kpropd, True)
+check_serial(realm, 'None', slave)
+out = realm.run_kadminl('getpol testpol', slave)
+if 'Minimum password length: 17' not in out:
+ fail('Slave does not have policy change from master')
+
+# Delete the policy and test that it propagates via full resync.
+realm.run_kadminl('delpol -force testpol')
+check_serial(realm, 'None')
+kpropd.send_signal(signal.SIGUSR1)
+wait_for_prop(kpropd, True)
+check_serial(realm, 'None', slave)
+out = realm.run_kadminl('getpol testpol', slave)
+if 'Policy does not exist' not in out:
+ fail('Slave did not get policy deletion from master')
+
# Reset the ulog on the master side to force a full resync to all slaves.
# XXX Note that we only have one slave in this test, so we can't really
# test this.
projects / thirdparty / krb5.git / commitdiff
