krb5 commit: Use write lock flag for update_princ_encryption

Tom Yu tlyu at MIT.EDU
Sat Aug 2 14:24:26 EDT 2014 

https://github.com/krb5/krb5/commit/0d3db948464bf7a38afa458f2f54867d107bbb72
commit 0d3db948464bf7a38afa458f2f54867d107bbb72
Author: Tom Yu <tlyu at mit.edu>
Date:   Sat Aug 2 14:20:33 2014 -0400

    Use write lock flag for update_princ_encryption
    
    In kdb5_util update_princ_encryption, instead of getting a write lock
    on the KDB surrounding the call to krb5_db_iterate(), use the
    iterflags parameter of krb5_db_iterate() to request that it obtain a
    write lock around the iteration.
    
    ticket: 7977

 src/kadmin/dbutil/kdb5_mkey.c |   11 +++--------
 1 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index aefde7b..9088d5f 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -912,6 +912,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
     char *regexp = NULL;
     krb5_keyblock *act_mkey;
     krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
+    krb5_flags iterflags;
 
     while ((optchar = getopt(argc, argv, "fnv")) != -1) {
         switch (optchar) {
@@ -1025,23 +1026,17 @@ kdb5_update_princ_encryption(int argc, char *argv[])
     if (!data.dry_run) {
         /* Grab a write lock so we don't have to upgrade to a write lock and
          * reopen the DB while iterating. */
-        retval = krb5_db_lock(util_context, KRB5_DB_LOCKMODE_EXCLUSIVE);
-        if (retval != 0 && retval != KRB5_PLUGIN_OP_NOTSUPP) {
-            com_err(progname, retval, _("trying to lock database"));
-            exit_status++;
-        }
+        iterflags = KRB5_DB_ITER_WRITE;
     }
 
     retval = krb5_db_iterate(util_context, name_pattern,
-                             update_princ_encryption_1, &data, 0);
+                             update_princ_encryption_1, &data, iterflags);
     /* If exit_status is set, then update_princ_encryption_1 already
        printed a message.  */
     if (retval != 0 && exit_status == 0) {
         com_err(progname, retval, _("trying to process principal database"));
         exit_status++;
     }
-    if (!data.dry_run)
-        (void)krb5_db_unlock(util_context);
     (void) krb5_db_fini(util_context);
     if (data.dry_run) {
         printf(_("%u principals processed: %u would be updated, %u already "

More information about the cvs-krb5 mailing list