From: Tom Yu Date: Thu, 11 Aug 2016 22:05:33 +0000 (-0400) Subject: Restore recursive dump functionality X-Git-Tag: krb5-1.15-beta1~84 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2029955eb70ba1a368031c4a6dbf1f554c529dd5;p=thirdparty%2Fkrb5.git Restore recursive dump functionality Use the new recursive traversal interface to restore recursive dump functionality. ticket: 8476 --- diff --git a/doc/admin/admin_commands/kdb5_util.rst b/doc/admin/admin_commands/kdb5_util.rst index f43bcf1f9d..258498f0d6 100644 --- a/doc/admin/admin_commands/kdb5_util.rst +++ b/doc/admin/admin_commands/kdb5_util.rst @@ -182,11 +182,13 @@ load_dump version 7". If filename is not specified, or is the string corruption, this option will probably retrieve more principals than the **-rev** option will. - .. note:: - The **-recurse** option currently doesn't modify the dump - functionality as described above; it does a normal dump. + .. versionchanged:: 1.15 + Release 1.15 restored the functionality of the **-recurse** + option. - .. deprecated:: 1.5 + .. versionchanged:: 1.5 + The **-recurse** option ceased working until release 1.15, + doing a normal dump instead of a recursive traversal. .. _kdb5_util_dump_end: diff --git a/src/include/kdb.h b/src/include/kdb.h index df02ec6d3c..c6dd15f46d 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -135,6 +135,7 @@ /* KDB iteration flags */ #define KRB5_DB_ITER_WRITE 0x00000001 #define KRB5_DB_ITER_REV 0x00000002 +#define KRB5_DB_ITER_RECURSE 0x00000004 /* String attribute names recognized by krb5 */ #define KRB5_KDB_SK_SESSION_ENCTYPES "session_enctypes" diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 412763874a..f7889bd234 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -1304,11 +1304,7 @@ dump_db(int argc, char **argv) } else if (!strcmp(argv[aindex], "-rev")) { iterflags |= KRB5_DB_ITER_REV; } else if (!strcmp(argv[aindex], "-recurse")) { - /* Accept this for compatibility, but do nothing since - * krb5_db_iterate doesn't support it. */ - fprintf(stderr, - _("%s: WARNING: the -recurse option is currently " - "unimplemented\n"), progname); + iterflags |= KRB5_DB_ITER_RECURSE; } else { break; } diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index d69643c720..4c4036eb47 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -968,6 +968,10 @@ static krb5_error_code curs_init(iter_curs *curs, krb5_context ctx, krb5_db2_context *dbc, krb5_flags iterflags) { + int isrecurse = iterflags & KRB5_DB_ITER_RECURSE; + unsigned int prevflag = R_PREV; + unsigned int nextflag = R_NEXT; + curs->keycopy.size = 0; curs->keycopy.data = NULL; curs->islocked = FALSE; @@ -979,12 +983,27 @@ curs_init(iter_curs *curs, krb5_context ctx, krb5_db2_context *dbc, else curs->lockmode = KRB5_LOCKMODE_SHARED; + if (isrecurse) { +#ifdef R_RNEXT + if (dbc->hashfirst) { + k5_setmsg(ctx, EINVAL, _("Recursive iteration is not supported " + "for hash databases")); + return EINVAL; + } + prevflag = R_RPREV; + nextflag = R_RNEXT; +#else + k5_setmsg(ctx, EINVAL, _("Recursive iteration not supported " + "in this version of libdb")); + return EINVAL; +#endif + } if (iterflags & KRB5_DB_ITER_REV) { curs->startflag = R_LAST; - curs->stepflag = R_PREV; + curs->stepflag = prevflag; } else { curs->startflag = R_FIRST; - curs->stepflag = R_NEXT; + curs->stepflag = nextflag; } return curs_lock(curs); }