From: Tom Yu Date: Sat, 2 Aug 2014 18:20:33 +0000 (-0400) Subject: Add flag word to KDB iteration APIs X-Git-Tag: krb5-1.13-alpha1~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab009b8568d9b64b7e992ecdb98114e895b4a7ff;p=thirdparty%2Fkrb5.git Add flag word to KDB iteration APIs ticket: 7977 (new) subject: Enable unlocked KDB iteration --- diff --git a/src/include/kdb.h b/src/include/kdb.h index 69817bcb87..e89c7aa0c3 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -69,7 +69,7 @@ /* This version will be incremented when incompatible changes are made to the * KDB API, and will be kept in sync with the libkdb major version. */ -#define KRB5_KDB_API_VERSION 7 +#define KRB5_KDB_API_VERSION 8 /* Salt types */ #define KRB5_KDB_SALTTYPE_NORMAL 0 @@ -131,6 +131,10 @@ #define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \ KRB5_KDB_FLAG_CONSTRAINED_DELEGATION ) +/* KDB iteration flags */ +#define KRB5_DB_ITER_WRITE 0x00000001 +#define KRB5_DB_ITER_REV 0x00000002 + /* String attribute names recognized by krb5 */ #define KRB5_KDB_SK_SESSION_ENCTYPES "session_enctypes" @@ -380,7 +384,7 @@ krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, krb5_error_code krb5_db_iterate ( krb5_context kcontext, char *match_entry, int (*func) (krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg ); + krb5_pointer func_arg, krb5_flags iterflags ); krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, @@ -1016,7 +1020,7 @@ typedef struct _kdb_vftabl { krb5_error_code (*iterate)(krb5_context kcontext, char *match_entry, int (*func)(krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg); + krb5_pointer func_arg, krb5_flags iterflags); /* * Optional: Create a password policy entry. Return an error if the policy diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 9f5d26aa8f..06942de683 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -1420,7 +1420,7 @@ dump_db(int argc, char **argv) if (dump->header[strlen(dump->header)-1] != '\n') fputc('\n', args.ofile); - ret = krb5_db_iterate(util_context, NULL, dump_iterator, &args); + ret = krb5_db_iterate(util_context, NULL, dump_iterator, &args, 0); if (ret) { com_err(progname, ret, _("performing %s dump"), dump->name); goto error; diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index bc10b44ffc..aefde7b673 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -1033,7 +1033,7 @@ kdb5_update_princ_encryption(int argc, char *argv[]) } retval = krb5_db_iterate(util_context, name_pattern, - update_princ_encryption_1, &data); + update_princ_encryption_1, &data, 0); /* If exit_status is set, then update_princ_encryption_1 already printed a message. */ if (retval != 0 && exit_status == 0) { @@ -1209,7 +1209,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) if ((retval = krb5_db_iterate(util_context, NULL, find_mkvnos_in_use, - (krb5_pointer) &args))) { + (krb5_pointer) &args, 0))) { com_err(progname, retval, _("while finding master keys in use")); exit_status++; goto cleanup_return; diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index f99bf5855e..b9664f4ce5 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -437,7 +437,7 @@ kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry, id.func = iter_fct; id.data = data; - ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id); + ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id, 0); if (ret) return(ret); diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in index 4390cb67c0..b6b6ddfd26 100644 --- a/src/lib/kdb/Makefile.in +++ b/src/lib/kdb/Makefile.in @@ -5,7 +5,7 @@ LOCALINCLUDES= -I. # Keep LIBMAJOR in sync with KRB5_KDB_API_VERSION in include/kdb.h. LIBBASE=kdb5 -LIBMAJOR=7 +LIBMAJOR=8 LIBMINOR=0 LIBINITFUNC=kdb_init_lock_list LIBFINIFUNC=kdb_fini_lock_list diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 7c82399b78..6864af5c46 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -950,7 +950,7 @@ krb5_db_delete_principal(krb5_context kcontext, krb5_principal search_for) krb5_error_code krb5_db_iterate(krb5_context kcontext, char *match_entry, int (*func)(krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg) + krb5_pointer func_arg, krb5_flags iterflags) { krb5_error_code status = 0; kdb_vftabl *v; @@ -960,7 +960,7 @@ krb5_db_iterate(krb5_context kcontext, char *match_entry, return status; if (v->iterate == NULL) return KRB5_PLUGIN_OP_NOTSUPP; - return v->iterate(kcontext, match_entry, func, func_arg); + return v->iterate(kcontext, match_entry, func, func_arg, iterflags); } /* Return a read only pointer alias to mkey list. Do not free this! */ diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index c2bad73787..529b94390f 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -135,8 +135,8 @@ WRAP_K (krb5_db2_iterate, (krb5_context ctx, char *s, krb5_error_code (*f) (krb5_pointer, krb5_db_entry *), - krb5_pointer p), - (ctx, s, f, p)); + krb5_pointer p, krb5_flags flags), + (ctx, s, f, p, flags)); WRAP_K (krb5_db2_create_policy, (krb5_context context, osa_policy_ent_t entry), diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index b2c449f5b3..f4e945884d 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -928,7 +928,7 @@ typedef krb5_error_code (*ctx_iterate_cb)(krb5_pointer, krb5_db_entry *); static krb5_error_code ctx_iterate(krb5_context context, krb5_db2_context *dbc, - ctx_iterate_cb func, krb5_pointer func_arg) + ctx_iterate_cb func, krb5_pointer func_arg, krb5_flags iterflags) { DBT key, contents; krb5_data contdata; @@ -969,12 +969,12 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, krb5_error_code krb5_db2_iterate(krb5_context context, char *match_expr, ctx_iterate_cb func, - krb5_pointer func_arg) + krb5_pointer func_arg, krb5_flags iterflags) { if (!inited(context)) return KRB5_KDB_DBNOTINITED; return ctx_iterate(context, context->dal_handle->db_context, func, - func_arg); + func_arg, iterflags); } krb5_boolean @@ -1257,7 +1257,7 @@ ctx_merge_nra(krb5_context context, krb5_db2_context *dbc_temp, nra.kcontext = context; nra.db_context = dbc_real; - return ctx_iterate(context, dbc_temp, krb5_db2_merge_nra_iterator, &nra); + return ctx_iterate(context, dbc_temp, krb5_db2_merge_nra_iterator, &nra, 0); } /* diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h index df4818afd7..3fb775ddbf 100644 --- a/src/plugins/kdb/db2/kdb_db2.h +++ b/src/plugins/kdb/db2/kdb_db2.h @@ -60,7 +60,7 @@ krb5_error_code krb5_db2_put_principal(krb5_context, krb5_db_entry *, krb5_error_code krb5_db2_iterate(krb5_context, char *, krb5_error_code (*)(krb5_pointer, krb5_db_entry *), - krb5_pointer); + krb5_pointer, krb5_flags); krb5_error_code krb5_db2_set_nonblocking(krb5_context, krb5_boolean, krb5_boolean *); krb5_boolean krb5_db2_set_lockmode(krb5_context, krb5_boolean); diff --git a/src/plugins/kdb/hdb/kdb_hdb.c b/src/plugins/kdb/hdb/kdb_hdb.c index a001ee3163..2a274d5e48 100644 --- a/src/plugins/kdb/hdb/kdb_hdb.c +++ b/src/plugins/kdb/hdb/kdb_hdb.c @@ -888,7 +888,7 @@ static krb5_error_code kh_db_iterate(krb5_context context, char *match_entry, int (*func)(krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg) + krb5_pointer func_arg, krb5_flags iterflags) { krb5_error_code code; kh_db_context *kh = KH_DB_CONTEXT(context); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index af0eaf1ce5..b562970333 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -131,7 +131,7 @@ krb5_ldap_free_principal(krb5_context kcontext, krb5_db_entry *entry) krb5_error_code krb5_ldap_iterate(krb5_context context, char *match_expr, krb5_error_code (*func)(krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg) + krb5_pointer func_arg, krb5_flags iterflags) { krb5_db_entry entry; krb5_principal principal; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h index d3392c07ae..4c51e79e7e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h @@ -109,7 +109,7 @@ krb5_ldap_free_principal(krb5_context, krb5_db_entry *); krb5_error_code krb5_ldap_iterate(krb5_context, char *, krb5_error_code (*)(krb5_pointer, krb5_db_entry *), - krb5_pointer/*, int */); + krb5_pointer, krb5_flags); void krb5_dbe_free_contents(krb5_context, krb5_db_entry *); diff --git a/src/tests/kdbtest.c b/src/tests/kdbtest.c index d21126558c..7c1d5158d9 100644 --- a/src/tests/kdbtest.c +++ b/src/tests/kdbtest.c @@ -388,7 +388,7 @@ main() /* Exercise principal iteration code. */ count = 0; - CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count)); + CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count, 0)); CHECK_COND(count == 1); CHECK(krb5_db_fini(ctx));