svn rev #24990: trunk/src/lib/kadm5/srv/

ghudson@MIT.EDU ghudson at MIT.EDU
Fri Jun 24 16:12:29 EDT 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24990
Commit By: ghudson
Log Message:
Make fewer db lookups in kadm5_create_principal_3.

By creating the password history entry earlier in the function, we can
avoid the need to look up the principal entry twice just to save a
copy of the key data.


Changed Files:
U   trunk/src/lib/kadm5/srv/svr_principal.c
Modified: trunk/src/lib/kadm5/srv/svr_principal.c
===================================================================
--- trunk/src/lib/kadm5/srv/svr_principal.c	2011-06-24 20:12:24 UTC (rev 24989)
+++ trunk/src/lib/kadm5/srv/svr_principal.c	2011-06-24 20:12:28 UTC (rev 24990)
@@ -1367,7 +1367,7 @@
     krb5_int32                  now;
     kadm5_policy_ent_rec        pol;
     osa_princ_ent_rec           adb;
-    krb5_db_entry               *kdb, *kdb_save;
+    krb5_db_entry               *kdb;
     int                         ret, ret2, last_pwd, hist_added;
     int                         have_pol = 0;
     kadm5_server_handle_t       handle = server_handle;
@@ -1398,16 +1398,19 @@
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
         return(ret);
 
-    /* we are going to need the current keys after the new keys are set */
-    if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) {
-        kdb_free_entry(handle, kdb, &adb);
-        return(ret);
-    }
-
     if ((adb.aux_attributes & KADM5_POLICY)) {
         if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol)))
             goto done;
         have_pol = 1;
+
+        /* Create a password history entry before we change kdb's key_data. */
+        ret = kdb_get_hist_key(handle, &hist_keyblock, &hist_kvno);
+        if (ret)
+            goto done;
+        ret = create_history_entry(handle->context, &hist_keyblock,
+                                   kdb->n_key_data, kdb->key_data, &hist);
+        if (ret)
+            goto done;
     }
 
     if ((ret = passwd_check(handle, password, have_pol ? &pol : NULL,
@@ -1456,17 +1459,6 @@
         }
 #endif
 
-        ret = kdb_get_hist_key(handle, &hist_keyblock, &hist_kvno);
-        if (ret)
-            goto done;
-
-        ret = create_history_entry(handle->context,
-                                   &hist_keyblock,
-                                   kdb_save->n_key_data,
-                                   kdb_save->key_data, &hist);
-        if (ret)
-            goto done;
-
         ret = check_pw_reuse(handle->context, &hist_keyblock,
                              kdb->n_key_data, kdb->key_data,
                              1, &hist);
@@ -1557,7 +1549,6 @@
     if (!hist_added && hist.key_data)
         free_history_entry(handle->context, &hist);
     kdb_free_entry(handle, kdb, &adb);
-    kdb_free_entry(handle, kdb_save, NULL);
     krb5_free_keyblock_contents(handle->context, &hist_keyblock);
 
     if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))

More information about the cvs-krb5 mailing list