svn rev #21833: branches/mkey_migrate/src/kadmin/dbutil/

raeburn@MIT.EDU raeburn at MIT.EDU
Thu Jan 29 18:06:32 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21833
Commit By: raeburn
Log Message:
Support -n (dry-run) and -v (verbose) options for update_princ_encryption.


Changed Files:
U   branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c
U   branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M
U   branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c
Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c	2009-01-29 22:36:04 UTC (rev 21832)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c	2009-01-29 23:06:31 UTC (rev 21833)
@@ -707,6 +707,8 @@
     unsigned int re_match_count;
     unsigned int already_current;
     unsigned int updated;
+    unsigned int dry_run : 1;
+    unsigned int verbose : 1;
 #ifdef SOLARIS_REGEXPS
     char *expbuf;
 #endif
@@ -845,10 +847,22 @@
                 pname);
         goto fail;
     }
+    /* Line up "skip" and "update" messages for viewing.  */
     if (old_mkvno == new_mkvno) {
+        if (p->dry_run && p->verbose)
+            printf("would skip:   %s\n", pname);
+        else if (p->verbose)
+            printf("skipping: %s\n", pname);
         p->already_current++;
         goto skip;
     }
+    if (p->dry_run) {
+        if (p->verbose)
+            printf("would update: %s\n", pname);
+        p->updated++;
+        goto skip;
+    } else if (p->verbose)
+        printf("updating: %s\n", pname);
     retval = master_key_convert (util_context, ent);
     if (retval) {
         com_err(progname, retval,
@@ -928,11 +942,17 @@
     char *regexp = NULL;
     krb5_keyblock *tmp_keyblock = NULL;
 
-    while ((optchar = getopt(argc, argv, "f")) != -1) {
+    while ((optchar = getopt(argc, argv, "fnv")) != -1) {
         switch (optchar) {
         case 'f':
             force = 1;
             break;
+        case 'n':
+            data.dry_run = 1;
+            break;
+        case 'v':
+            data.verbose = 1;
+            break;
         case '?':
         case ':':
         default:
@@ -980,8 +1000,7 @@
 #ifdef BSD_REGEXPS
         ((msg = (char *) re_comp(regexp)) != NULL)
 #endif
-        )
-    {
+        ) {
         /* XXX syslog msg or regerr(regerrno) */
         com_err(progname, 0, "error compiling converted regexp '%s'", regexp);
         free(regexp);
@@ -1028,12 +1047,21 @@
     new_master_keyblock = *tmp_keyblock;
 
     if (!force &&
+        !data.dry_run &&
         !are_you_sure("Re-encrypt all keys not using master key vno %u?",
                       new_mkvno)) {
         printf("OK, doing nothing.\n");
         exit_status++;
         goto cleanup;
     }
+    if (data.verbose) {
+        if (data.dry_run)
+            printf("Principals whose keys WOULD BE re-encrypted to master key vno %u:\n",
+                   new_mkvno);
+        else
+            printf("Principals whose keys are being re-encrypted to master key vno %u if necessary:\n",
+                   new_mkvno);
+    }
 
     retval = krb5_db_iterate(util_context, name_pattern,
                              update_princ_encryption_1, &data);
@@ -1044,8 +1072,12 @@
         exit_status++;
     }
     (void) krb5_db_fini(util_context);
-    printf("%u principals processed: %u updated, %u already current\n",
-           data.re_match_count, data.updated, data.already_current);
+    if (data.dry_run)
+        printf("%u principals processed: %u would be updated, %u already current\n",
+               data.re_match_count, data.updated, data.already_current);
+    else
+        printf("%u principals processed: %u updated, %u already current\n",
+               data.re_match_count, data.updated, data.already_current);
 
 cleanup:
     free(regexp);

Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M	2009-01-29 22:36:04 UTC (rev 21832)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M	2009-01-29 23:06:31 UTC (rev 21833)
@@ -225,14 +225,26 @@
 \fBlist_mkeys\fP
 This option needs documentation.
 .TP
-\fBupdate_princ_encryption\fP [\fB\-f\fP] [\fBprinc\-pattern\fP]
+\fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP]
 Update all principal records (or only those matching the
 .B princ\-pattern
 glob pattern) to re-encrypt the key data using the latest version of
-the database master key, if they are encrypted using older versions.
+the database master key, if they are encrypted using older versions,
+and give a count at the end of the number of principals updated.
 If the
 .B \-f
 option is not given, ask for confirmation before starting to make
-changes.
+changes.  The
+.B \-v
+option causes each principal processed (each one matching the pattern)
+to be listed, and an indication given as to whether it needed updating
+or not.
+The
+.B \-n
+option causes the actions not to be taken, only the normal or verbose
+status messages displayed; this implies
+.B \-f
+since no database changes will be performed and thus there's little
+reason to seek confirmation.
 .SH SEE ALSO
 kadmin(8)

Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c	2009-01-29 22:36:04 UTC (rev 21832)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c	2009-01-29 23:06:31 UTC (rev 21833)
@@ -98,7 +98,7 @@
 	     "\tadd_mkey [-e etype] [-s]\n"
 	     "\tuse_mkey kvno [time]\n"
 	     "\tlist_mkeys\n"
-	     "\tupdate_princ_encryption [-f] [princ-pattern]\n"
+	     "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
              );
      /* avoid a string length compiler warning */
      fprintf(stderr,

More information about the cvs-krb5 mailing list