svn rev #24187: trunk/src/ include/ kdc/ lib/kdb/ plugins/kdb/db2/ plugins/kdb/ldap/

ghudson@MIT.EDU ghudson at MIT.EDU
Wed Jul 14 23:12:57 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24187
Commit By: ghudson
Log Message:
ticket: 6749
status: open

Add refresh_config to the DAL with a corresponding libkdb5 API,
replacing the REFRESH_POLICY method of db_invoke.



Changed Files:
U   trunk/src/include/kdb.h
U   trunk/src/kdc/kdc_util.c
U   trunk/src/lib/kdb/kdb5.c
U   trunk/src/lib/kdb/libkdb5.exports
U   trunk/src/plugins/kdb/db2/db2_exp.c
U   trunk/src/plugins/kdb/ldap/ldap_exp.c
Modified: trunk/src/include/kdb.h
===================================================================
--- trunk/src/include/kdb.h	2010-07-13 16:09:01 UTC (rev 24186)
+++ trunk/src/include/kdb.h	2010-07-15 03:12:57 UTC (rev 24187)
@@ -323,7 +323,6 @@
 #define KRB5_DB_LOCKMODE_PERMANENT    0x0008
 
 /* db_invoke methods */
-#define KRB5_KDB_METHOD_REFRESH_POLICY                  0x00000070
 #define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE       0x00000080
 
 typedef struct _kdb_check_allowed_to_delegate_req {
@@ -619,6 +618,8 @@
                           krb5_db_entry *client, krb5_db_entry *server,
                           krb5_timestamp authtime, krb5_error_code error_code);
 
+void krb5_db_refresh_config(krb5_context kcontext);
+
 krb5_error_code krb5_db_invoke ( krb5_context kcontext,
                                  unsigned int method,
                                  const krb5_data *req,
@@ -755,7 +756,7 @@
  * DAL.  It is passed to init_library to allow KDB modules to detect when
  * they are being loaded by an incompatible version of the KDC.
  */
-#define KRB5_KDB_DAL_VERSION 20100713
+#define KRB5_KDB_DAL_VERSION 20100714
 
 /*
  * A krb5_context can hold one database object.  Modules should use
@@ -1277,14 +1278,16 @@
     /* Note: there is currently no method for auditing TGS requests. */
 
     /*
+     * Optional: This method informs the module of a request to reload
+     * configuration or other state (that is, the KDC received a SIGHUP).
+     */
+    void (*refresh_config)(krb5_context kcontext);
+
+    /*
      * Optional: Perform an operation on input data req with output stored in
      * rep.  Return KRB5_PLUGIN_OP_NOTSUPP if the module does not implement the
      * method.  Defined methods are:
      *
-     * KRB5_KDB_METHOD_REFRESH_POLICY: req and rep are NULL.  Informs the
-     *     module that the KDC received a request to reload configuration
-     *     (that is, a SIGHUP).
-     *
      * KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE: req contains a
      *     kdb_check_allowed_to_delegate_req structure.  Perform a policy check
      *     on server being allowed to obtain tickets from client to proxy.

Modified: trunk/src/kdc/kdc_util.c
===================================================================
--- trunk/src/kdc/kdc_util.c	2010-07-13 16:09:01 UTC (rev 24186)
+++ trunk/src/kdc/kdc_util.c	2010-07-15 03:12:57 UTC (rev 24187)
@@ -2688,7 +2688,5 @@
     int k;
 
     for (k = 0; k < kdc_numrealms; k++)
-        krb5_db_invoke(kdc_realmlist[k]->realm_context,
-                       KRB5_KDB_METHOD_REFRESH_POLICY,
-                       NULL, NULL);
+        krb5_db_refresh_config(kdc_realmlist[k]->realm_context);
 }

Modified: trunk/src/lib/kdb/kdb5.c
===================================================================
--- trunk/src/lib/kdb/kdb5.c	2010-07-13 16:09:01 UTC (rev 24186)
+++ trunk/src/lib/kdb/kdb5.c	2010-07-15 03:12:57 UTC (rev 24187)
@@ -2317,6 +2317,18 @@
     v->audit_as_req(kcontext, request, client, server, authtime, error_code);
 }
 
+void
+krb5_db_refresh_config(krb5_context kcontext)
+{
+    krb5_error_code status;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status || v->refresh_config == NULL)
+        return;
+    v->refresh_config(kcontext);
+}
+
 krb5_error_code
 krb5_db_invoke(krb5_context kcontext,
                unsigned int method,

Modified: trunk/src/lib/kdb/libkdb5.exports
===================================================================
--- trunk/src/lib/kdb/libkdb5.exports	2010-07-13 16:09:01 UTC (rev 24186)
+++ trunk/src/lib/kdb/libkdb5.exports	2010-07-15 03:12:57 UTC (rev 24187)
@@ -24,6 +24,7 @@
 krb5_db_iterate
 krb5_db_lock
 krb5_db_put_principal
+krb5_db_refresh_config
 krb5_db_set_context
 krb5_db_set_mkey_list
 krb5_db_setup_mkey_name

Modified: trunk/src/plugins/kdb/db2/db2_exp.c
===================================================================
--- trunk/src/plugins/kdb/db2/db2_exp.c	2010-07-13 16:09:01 UTC (rev 24186)
+++ trunk/src/plugins/kdb/db2/db2_exp.c	2010-07-15 03:12:57 UTC (rev 24187)
@@ -258,5 +258,6 @@
     /* check_policy_as */               wrap_krb5_db2_check_policy_as,
     0,
     /* audit_as_req */                  wrap_krb5_db2_audit_as_req,
+    0,
     /* invoke */                        wrap_krb5_db2_invoke
 };

Modified: trunk/src/plugins/kdb/ldap/ldap_exp.c
===================================================================
--- trunk/src/plugins/kdb/ldap/ldap_exp.c	2010-07-13 16:09:01 UTC (rev 24186)
+++ trunk/src/plugins/kdb/ldap/ldap_exp.c	2010-07-15 03:12:57 UTC (rev 24187)
@@ -87,6 +87,7 @@
     /* check_policy_as */                   krb5_ldap_check_policy_as,
     /* check_policy_tgs */                  NULL,
     /* audit_as_req */                      krb5_ldap_audit_as_req,
+    /* refresh_config */                    NULL,
     /* invoke */                            krb5_ldap_invoke,
 
 };

More information about the cvs-krb5 mailing list