krb5 commit: Reorder dump.c
Greg Hudson
ghudson at MIT.EDU
Wed Feb 6 15:31:30 EST 2013
https://github.com/krb5/krb5/commit/8085307245cb798bd2b750f27345cf4ece4e9bfa
commit 8085307245cb798bd2b750f27345cf4ece4e9bfa
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Feb 5 00:31:23 2013 -0500
Reorder dump.c
Without changing anything (except to make a few internal functions
static), reorder dump.c to bottom-up order so that forward function
declarations aren't needed.
src/kadmin/dbutil/dump.c | 952 ++++++++++++++++++++++------------------------
1 files changed, 462 insertions(+), 490 deletions(-)
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index 247c923..18f2592 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -71,44 +71,9 @@ static int recursive;
#define FLAG_UPDATE 0x2 /* processing an update */
#define FLAG_OMIT_NRA 0x4 /* avoid dumping non-replicated attrs */
-struct dump_args {
- char *programname;
- FILE *ofile;
- krb5_context kcontext;
- char **names;
- int nnames;
- int flags;
-};
-
-static krb5_error_code dump_k5beta6_iterator_ext (krb5_pointer,
- krb5_db_entry *,
- int);
-static krb5_error_code dump_k5beta7_princ (krb5_pointer,
- krb5_db_entry *);
-static krb5_error_code dump_k5beta7_princ_ext (krb5_pointer,
- krb5_db_entry *,
- int);
-static krb5_error_code dump_k5beta7_princ_withpolicy
-(krb5_pointer, krb5_db_entry *);
-static krb5_error_code dump_ov_princ (krb5_pointer,
- krb5_db_entry *);
-static void dump_k5beta7_policy (void *, osa_policy_ent_t);
-static void dump_r1_8_policy (void *, osa_policy_ent_t);
-static void dump_r1_11_policy (void *, osa_policy_ent_t);
-
typedef krb5_error_code (*dump_func)(krb5_pointer,
krb5_db_entry *);
-static int process_k5beta6_record (char *, krb5_context,
- FILE *, int, int *);
-static int process_k5beta7_record (char *, krb5_context,
- FILE *, int, int *);
-static int process_r1_8_record (char *, krb5_context,
- FILE *, int, int *);
-static int process_r1_11_record (char *, krb5_context,
- FILE *, int, int *);
-static int process_ov_record (char *, krb5_context,
- FILE *, int, int *);
typedef krb5_error_code (*load_func)(char *, krb5_context,
FILE *, int, int *);
@@ -123,76 +88,13 @@ typedef struct _dump_version {
load_func load_record;
} dump_version;
-dump_version beta7_version = {
- "Kerberos version 5",
- "kdb5_util load_dump version 4\n",
- 0,
- 0,
- 0,
- dump_k5beta7_princ,
- dump_k5beta7_policy,
- process_k5beta7_record,
-};
-dump_version iprop_version = {
- "Kerberos iprop version",
- "iprop",
- 0,
- 1,
- 0,
- dump_k5beta7_princ_withpolicy,
- dump_k5beta7_policy,
- process_k5beta7_record,
-};
-dump_version ov_version = {
- "OpenV*Secure V1.0",
- "OpenV*Secure V1.0\t",
- 1,
- 0,
- 0,
- dump_ov_princ,
- dump_k5beta7_policy,
- process_ov_record
-};
-
-dump_version r1_3_version = {
- "Kerberos version 5 release 1.3",
- "kdb5_util load_dump version 5\n",
- 0,
- 0,
- 0,
- dump_k5beta7_princ_withpolicy,
- dump_k5beta7_policy,
- process_k5beta7_record,
-};
-dump_version r1_8_version = {
- "Kerberos version 5 release 1.8",
- "kdb5_util load_dump version 6\n",
- 0,
- 0,
- 0,
- dump_k5beta7_princ_withpolicy,
- dump_r1_8_policy,
- process_r1_8_record,
-};
-dump_version r1_11_version = {
- "Kerberos version 5 release 1.11",
- "kdb5_util load_dump version 7\n",
- 0,
- 0,
- 0,
- dump_k5beta7_princ_withpolicy,
- dump_r1_11_policy,
- process_r1_11_record,
-};
-dump_version ipropx_1_version = {
- "Kerberos iprop extensible version",
- "ipropx",
- 0,
- 1,
- 1,
- dump_k5beta7_princ_withpolicy,
- dump_r1_11_policy,
- process_r1_11_record,
+struct dump_args {
+ char *programname;
+ FILE *ofile;
+ krb5_context kcontext;
+ char **names;
+ int nnames;
+ int flags;
};
/* External data */
@@ -371,88 +273,6 @@ finish_ofile(char *ofile, char **tmpname)
*tmpname = NULL;
}
-/*
- * Read the dump header. Returns 1 on success, 0 if the file is not a
- * recognized iprop dump format.
- */
-static int
-parse_iprop_header(char *buf, dump_version **dv, uint32_t *last_sno,
- uint32_t *last_seconds, uint32_t *last_useconds)
-{
- char head[128];
- int nread;
- uint32_t u[4];
- uint32_t *up = &u[0];
-
- nread = sscanf(buf, "%127s %u %u %u %u", head, &u[0], &u[1], &u[2], &u[3]);
- if (nread < 1)
- return 0;
-
- if (!strcmp(head, ipropx_1_version.header)) {
- if (nread != 5)
- return 0;
- if (u[0] == IPROPX_VERSION_0)
- *dv = &iprop_version;
- else if (u[0] == IPROPX_VERSION_1)
- *dv = &ipropx_1_version;
- else {
- fprintf(stderr, _("%s: Unknown iprop dump version %d\n"),
- progname, u[0]);
- return 0;
- }
- up = &u[1];
- } else if (!strcmp(head, iprop_version.header)) {
- if (nread != 4)
- return 0;
- *dv = &iprop_version;
- } else {
- fprintf(stderr, "Invalid iprop header\n");
- return 0;
- }
-
- *last_sno = *(up++);
- *last_seconds = *(up++);
- *last_useconds = *(up++);
- return 1;
-}
-
-/*
- * Return 1 if the {sno, timestamp} in an existing dump file is in the
- * ulog, else return 0.
- */
-static int
-current_dump_sno_in_ulog(char *ifile, kdb_hlog_t *ulog)
-{
- dump_version *junk;
- uint32_t last_sno, last_seconds, last_useconds;
- char buf[BUFSIZ];
- FILE *f;
-
- if (ulog->kdb_last_sno == 0)
- return 0; /* nothing in ulog */
-
- f = fopen(ifile, "r");
- if (f == NULL)
- return 0; /* aliasing other errors to ENOENT here is OK */
-
- if (fgets(buf, sizeof(buf), f) == NULL)
- return errno ? -1 : 0;
- fclose(f);
-
- if (!parse_iprop_header(buf, &junk, &last_sno, &last_seconds,
- &last_useconds))
- return 0;
-
- if (ulog->kdb_first_sno > last_sno ||
- ulog->kdb_first_time.seconds > last_seconds ||
- (ulog->kdb_first_time.seconds == last_seconds &&
- ulog->kdb_first_time.useconds > last_useconds))
- return 0;
-
- return 1;
-}
-
-
/* Create the .dump_ok file. */
static int
prep_ok_file(krb5_context context, char *file_name, int *fd)
@@ -790,17 +610,6 @@ dump_k5beta6_iterator_ext(ptr, entry, kadm)
return(retval);
}
-/*
- * dump_k5beta7_iterator() - Output a dump record in krb5b7 format.
- */
-static krb5_error_code
-dump_k5beta7_princ(ptr, entry)
- krb5_pointer ptr;
- krb5_db_entry *entry;
-{
- return dump_k5beta7_princ_ext(ptr, entry, 0);
-}
-
static krb5_error_code
dump_k5beta7_princ_ext(ptr, entry, kadm)
krb5_pointer ptr;
@@ -844,6 +653,17 @@ dump_k5beta7_princ_ext(ptr, entry, kadm)
return retval;
}
+/*
+ * dump_k5beta7_iterator() - Output a dump record in krb5b7 format.
+ */
+static krb5_error_code
+dump_k5beta7_princ(ptr, entry)
+ krb5_pointer ptr;
+ krb5_db_entry *entry;
+{
+ return dump_k5beta7_princ_ext(ptr, entry, 0);
+}
+
static krb5_error_code
dump_k5beta7_princ_withpolicy(ptr, entry)
krb5_pointer ptr;
@@ -852,7 +672,7 @@ dump_k5beta7_princ_withpolicy(ptr, entry)
return dump_k5beta7_princ_ext(ptr, entry, 1);
}
-void dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
+static void dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
{
struct dump_args *arg;
@@ -862,7 +682,7 @@ void dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
entry->pw_min_classes, entry->pw_history_num, 0);
}
-void dump_r1_8_policy(void *data, osa_policy_ent_t entry)
+static void dump_r1_8_policy(void *data, osa_policy_ent_t entry)
{
struct dump_args *arg;
@@ -875,7 +695,7 @@ void dump_r1_8_policy(void *data, osa_policy_ent_t entry)
entry->pw_lockout_duration);
}
-void
+static void
dump_r1_11_policy(void *data, osa_policy_ent_t entry)
{
struct dump_args *arg;
@@ -1006,298 +826,32 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
}
/*
- * usage is:
- * dump_db [-b7] [-ov] [-r13] [-r18] [-verbose] [-mkey_convert]
- * [-new_mkey_file mkey_file] [-rev] [-recurse]
- * [filename [principals...]]
+ * Read a string of bytes while counting the number of lines passed.
*/
-void
-dump_db(argc, argv)
- int argc;
- char **argv;
+static int
+read_string(f, buf, len, lp)
+ FILE *f;
+ char *buf;
+ int len;
+ int *lp;
{
- FILE *f;
- struct dump_args arglist;
- char *ofile;
- char *tmpofile = NULL;
- krb5_error_code kret, retval;
- dump_version *dump;
- int aindex;
- int conditional = 0;
- int ok_fd = -1;
- char *new_mkey_file = 0;
- bool_t dump_sno = FALSE;
- kdb_log_context *log_ctx;
- unsigned int ipropx_version = IPROPX_VERSION_0;
+ int c;
+ int i, retval;
- /*
- * Parse the arguments.
- */
- ofile = (char *) NULL;
- dump = &r1_11_version;
- arglist.flags = 0;
- new_mkey_file = 0;
- mkey_convert = 0;
- backwards = 0;
- recursive = 0;
- log_ctx = util_context->kdblog_context;
-
- /*
- * Parse the qualifiers.
- */
- for (aindex = 1; aindex < argc; aindex++) {
- if (!strcmp(argv[aindex], b7option))
- dump = &beta7_version;
- else if (!strcmp(argv[aindex], ovoption))
- dump = &ov_version;
- else if (!strcmp(argv[aindex], r13option))
- dump = &r1_3_version;
- else if (!strcmp(argv[aindex], r18option))
- dump = &r1_8_version;
- else if (!strncmp(argv[aindex], ipropoption, sizeof(ipropoption) - 1)) {
- if (log_ctx && log_ctx->iproprole) {
- /* Note: ipropx_version is the maximum version acceptable */
- ipropx_version = atoi(argv[aindex] + sizeof(ipropoption) - 1);
- dump = ipropx_version ? &ipropx_1_version : &iprop_version;
- /*
- * dump_sno is used to indicate if the serial
- * # should be populated in the output
- * file to be used later by iprop for updating
- * the slave's update log when loading
- */
- dump_sno = TRUE;
- /*
- * FLAG_OMIT_NRA is set to indicate that non-replicated
- * attributes should be omitted.
- */
- arglist.flags |= FLAG_OMIT_NRA;
- } else {
- fprintf(stderr, _("Iprop not enabled\n"));
- goto error;
- }
- } else if (!strcmp(argv[aindex], conditionaloption))
- conditional = 1;
- else if (!strcmp(argv[aindex], verboseoption))
- arglist.flags |= FLAG_VERBOSE;
- else if (!strcmp(argv[aindex], "-mkey_convert"))
- mkey_convert = 1;
- else if (!strcmp(argv[aindex], "-new_mkey_file")) {
- new_mkey_file = argv[++aindex];
- mkey_convert = 1;
- } else if (!strcmp(argv[aindex], "-rev"))
- backwards = 1;
- else if (!strcmp(argv[aindex], "-recurse"))
- recursive = 1;
- else
- break;
- }
-
- arglist.names = (char **) NULL;
- arglist.nnames = 0;
- if (aindex < argc) {
- ofile = argv[aindex];
- aindex++;
- if (aindex < argc) {
- arglist.names = &argv[aindex];
- arglist.nnames = argc - aindex;
- }
- }
-
- /*
- * If a conditional ipropx dump we check if the existing dump is
- * good enough.
- */
- if (ofile != NULL && conditional) {
- if (!dump->iprop) {
- com_err(progname, 0,
- _("Conditional dump is an undocumented option for "
- "use only for iprop dumps"));
- goto error;
- }
- if (current_dump_sno_in_ulog(ofile, log_ctx->ulog))
- return;
- }
-
- /*
- * Make sure the database is open. The policy database only has
- * to be opened if we try a dump that uses it.
- */
- if (!dbactive) {
- com_err(progname, 0, _("Database not currently opened!"));
- goto error;
- }
-
- /*
- * If we're doing a master key conversion, set up for it.
- */
- if (mkey_convert) {
- if (!valid_master_key) {
- /* TRUE here means read the keyboard, but only once */
- retval = krb5_db_fetch_mkey(util_context,
- master_princ,
- master_keyblock.enctype,
- TRUE, FALSE,
- (char *) NULL,
- NULL, NULL,
- &master_keyblock);
- if (retval) {
- com_err(progname, retval, _("while reading master key"));
- exit(1);
- }
- retval = krb5_db_fetch_mkey_list(util_context, master_princ,
- &master_keyblock);
- if (retval) {
- com_err(progname, retval, _("while verifying master key"));
- exit(1);
- }
- }
- new_master_keyblock.enctype = global_params.enctype;
- if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
- new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
-
- if (new_mkey_file) {
- krb5_kvno kt_kvno;
-
- if (global_params.mask & KADM5_CONFIG_KVNO)
- kt_kvno = global_params.kvno;
- else
- kt_kvno = IGNORE_VNO;
-
- if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
- new_master_keyblock.enctype,
- FALSE,
- FALSE,
- new_mkey_file,
- &kt_kvno,
- NULL,
- &new_master_keyblock))) {
- com_err(progname, retval, _("while reading new master key"));
- exit(1);
- }
- } else {
- printf(_("Please enter new master key....\n"));
- if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
- new_master_keyblock.enctype,
- TRUE,
- TRUE,
- NULL, NULL, NULL,
- &new_master_keyblock))) {
- com_err(progname, retval, _("while reading new master key"));
- exit(1);
- }
- }
- /*
- * get new master key vno that will be used to protect princs, used
- * later on.
- */
- new_mkvno = get_next_kvno(util_context, master_entry);
- }
-
- kret = 0;
-
- if (ofile && strcmp(ofile, "-")) {
- /*
- * Discourage accidental dumping to filenames beginning with '-'.
- */
- if (ofile[0] == '-')
- usage();
- if (!prep_ok_file(util_context, ofile, &ok_fd))
- return; /* prep_ok_file() bumps exit_status */
- f = create_ofile(ofile, &tmpofile);
- if (f == NULL) {
- fprintf(stderr, ofopen_error,
- progname, ofile, error_message(errno));
- goto error;
- }
- } else {
- f = stdout;
- }
- if (f && !(kret)) {
- arglist.programname = progname;
- arglist.ofile = f;
- arglist.kcontext = util_context;
- fprintf(arglist.ofile, "%s", dump->header);
-
- /*
- * We grab the lock twice (once again in the iterator call),
- * but that's ok since the lock func handles incr locks held.
- */
- kret = krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED);
- if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
- fprintf(stderr,
- _("%s: Couldn't grab lock\n"), progname);
- goto error;
- }
-
- if (dump_sno) {
- if (ipropx_version)
- fprintf(f, " %u", IPROPX_VERSION);
- fprintf(f, " %u", log_ctx->ulog->kdb_last_sno);
- fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds);
- fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds);
- }
-
- if (dump->header[strlen(dump->header)-1] != '\n')
- fputc('\n', arglist.ofile);
-
- if ((kret = krb5_db_iterate(util_context,
- NULL,
- dump->dump_princ,
- (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
- fprintf(stderr, dumprec_err,
- progname, dump->name, error_message(kret));
- goto error;
- }
- if (dump->dump_policy &&
- (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
- &arglist))) {
- fprintf(stderr, dumprec_err, progname, dump->name,
- error_message(kret));
- goto error;
- }
- if (ofile && f != stdout) {
- fclose(f);
- finish_ofile(ofile, &tmpofile);
- update_ok_file(util_context, ok_fd);
- }
- return;
- }
-
-error:
- krb5_db_unlock(util_context);
- if (tmpofile != NULL)
- unlink(tmpofile);
- free(tmpofile);
- exit_status++;
-}
-
-/*
- * Read a string of bytes while counting the number of lines passed.
- */
-static int
-read_string(f, buf, len, lp)
- FILE *f;
- char *buf;
- int len;
- int *lp;
-{
- int c;
- int i, retval;
-
- retval = 0;
- for (i=0; i<len; i++) {
- c = fgetc(f);
- if (c < 0) {
- retval = 1;
- break;
- }
- if (c == '\n')
- (*lp)++;
- buf[i] = (char) c;
- }
- buf[len] = '\0';
- return(retval);
-}
+ retval = 0;
+ for (i=0; i<len; i++) {
+ c = fgetc(f);
+ if (c < 0) {
+ retval = 1;
+ break;
+ }
+ if (c == '\n')
+ (*lp)++;
+ buf[i] = (char) c;
+ }
+ buf[len] = '\0';
+ return(retval);
+}
/*
* Read a string of two character representations of bytes.
@@ -2028,6 +1582,424 @@ process_r1_11_record(char *fname, krb5_context kcontext, FILE *filep,
return 0;
}
+dump_version beta7_version = {
+ "Kerberos version 5",
+ "kdb5_util load_dump version 4\n",
+ 0,
+ 0,
+ 0,
+ dump_k5beta7_princ,
+ dump_k5beta7_policy,
+ process_k5beta7_record,
+};
+dump_version ov_version = {
+ "OpenV*Secure V1.0",
+ "OpenV*Secure V1.0\t",
+ 1,
+ 0,
+ 0,
+ dump_ov_princ,
+ dump_k5beta7_policy,
+ process_ov_record
+};
+dump_version r1_3_version = {
+ "Kerberos version 5 release 1.3",
+ "kdb5_util load_dump version 5\n",
+ 0,
+ 0,
+ 0,
+ dump_k5beta7_princ_withpolicy,
+ dump_k5beta7_policy,
+ process_k5beta7_record,
+};
+dump_version r1_8_version = {
+ "Kerberos version 5 release 1.8",
+ "kdb5_util load_dump version 6\n",
+ 0,
+ 0,
+ 0,
+ dump_k5beta7_princ_withpolicy,
+ dump_r1_8_policy,
+ process_r1_8_record,
+};
+dump_version r1_11_version = {
+ "Kerberos version 5 release 1.11",
+ "kdb5_util load_dump version 7\n",
+ 0,
+ 0,
+ 0,
+ dump_k5beta7_princ_withpolicy,
+ dump_r1_11_policy,
+ process_r1_11_record,
+};
+dump_version iprop_version = {
+ "Kerberos iprop version",
+ "iprop",
+ 0,
+ 1,
+ 0,
+ dump_k5beta7_princ_withpolicy,
+ dump_k5beta7_policy,
+ process_k5beta7_record,
+};
+dump_version ipropx_1_version = {
+ "Kerberos iprop extensible version",
+ "ipropx",
+ 0,
+ 1,
+ 1,
+ dump_k5beta7_princ_withpolicy,
+ dump_r1_11_policy,
+ process_r1_11_record,
+};
+
+/*
+ * Read the dump header. Returns 1 on success, 0 if the file is not a
+ * recognized iprop dump format.
+ */
+static int
+parse_iprop_header(char *buf, dump_version **dv, uint32_t *last_sno,
+ uint32_t *last_seconds, uint32_t *last_useconds)
+{
+ char head[128];
+ int nread;
+ uint32_t u[4];
+ uint32_t *up = &u[0];
+
+ nread = sscanf(buf, "%127s %u %u %u %u", head, &u[0], &u[1], &u[2], &u[3]);
+ if (nread < 1)
+ return 0;
+
+ if (!strcmp(head, ipropx_1_version.header)) {
+ if (nread != 5)
+ return 0;
+ if (u[0] == IPROPX_VERSION_0)
+ *dv = &iprop_version;
+ else if (u[0] == IPROPX_VERSION_1)
+ *dv = &ipropx_1_version;
+ else {
+ fprintf(stderr, _("%s: Unknown iprop dump version %d\n"),
+ progname, u[0]);
+ return 0;
+ }
+ up = &u[1];
+ } else if (!strcmp(head, iprop_version.header)) {
+ if (nread != 4)
+ return 0;
+ *dv = &iprop_version;
+ } else {
+ fprintf(stderr, "Invalid iprop header\n");
+ return 0;
+ }
+
+ *last_sno = *(up++);
+ *last_seconds = *(up++);
+ *last_useconds = *(up++);
+ return 1;
+}
+
+/*
+ * Return 1 if the {sno, timestamp} in an existing dump file is in the
+ * ulog, else return 0.
+ */
+static int
+current_dump_sno_in_ulog(char *ifile, kdb_hlog_t *ulog)
+{
+ dump_version *junk;
+ uint32_t last_sno, last_seconds, last_useconds;
+ char buf[BUFSIZ];
+ FILE *f;
+
+ if (ulog->kdb_last_sno == 0)
+ return 0; /* nothing in ulog */
+
+ f = fopen(ifile, "r");
+ if (f == NULL)
+ return 0; /* aliasing other errors to ENOENT here is OK */
+
+ if (fgets(buf, sizeof(buf), f) == NULL)
+ return errno ? -1 : 0;
+ fclose(f);
+
+ if (!parse_iprop_header(buf, &junk, &last_sno, &last_seconds,
+ &last_useconds))
+ return 0;
+
+ if (ulog->kdb_first_sno > last_sno ||
+ ulog->kdb_first_time.seconds > last_seconds ||
+ (ulog->kdb_first_time.seconds == last_seconds &&
+ ulog->kdb_first_time.useconds > last_useconds))
+ return 0;
+
+ return 1;
+}
+
+/*
+ * usage is:
+ * dump_db [-b7] [-ov] [-r13] [-r18] [-verbose] [-mkey_convert]
+ * [-new_mkey_file mkey_file] [-rev] [-recurse]
+ * [filename [principals...]]
+ */
+void
+dump_db(argc, argv)
+ int argc;
+ char **argv;
+{
+ FILE *f;
+ struct dump_args arglist;
+ char *ofile;
+ char *tmpofile = NULL;
+ krb5_error_code kret, retval;
+ dump_version *dump;
+ int aindex;
+ int conditional = 0;
+ int ok_fd = -1;
+ char *new_mkey_file = 0;
+ bool_t dump_sno = FALSE;
+ kdb_log_context *log_ctx;
+ unsigned int ipropx_version = IPROPX_VERSION_0;
+
+ /*
+ * Parse the arguments.
+ */
+ ofile = (char *) NULL;
+ dump = &r1_11_version;
+ arglist.flags = 0;
+ new_mkey_file = 0;
+ mkey_convert = 0;
+ backwards = 0;
+ recursive = 0;
+ log_ctx = util_context->kdblog_context;
+
+ /*
+ * Parse the qualifiers.
+ */
+ for (aindex = 1; aindex < argc; aindex++) {
+ if (!strcmp(argv[aindex], b7option))
+ dump = &beta7_version;
+ else if (!strcmp(argv[aindex], ovoption))
+ dump = &ov_version;
+ else if (!strcmp(argv[aindex], r13option))
+ dump = &r1_3_version;
+ else if (!strcmp(argv[aindex], r18option))
+ dump = &r1_8_version;
+ else if (!strncmp(argv[aindex], ipropoption, sizeof(ipropoption) - 1)) {
+ if (log_ctx && log_ctx->iproprole) {
+ /* Note: ipropx_version is the maximum version acceptable */
+ ipropx_version = atoi(argv[aindex] + sizeof(ipropoption) - 1);
+ dump = ipropx_version ? &ipropx_1_version : &iprop_version;
+ /*
+ * dump_sno is used to indicate if the serial
+ * # should be populated in the output
+ * file to be used later by iprop for updating
+ * the slave's update log when loading
+ */
+ dump_sno = TRUE;
+ /*
+ * FLAG_OMIT_NRA is set to indicate that non-replicated
+ * attributes should be omitted.
+ */
+ arglist.flags |= FLAG_OMIT_NRA;
+ } else {
+ fprintf(stderr, _("Iprop not enabled\n"));
+ goto error;
+ }
+ } else if (!strcmp(argv[aindex], conditionaloption))
+ conditional = 1;
+ else if (!strcmp(argv[aindex], verboseoption))
+ arglist.flags |= FLAG_VERBOSE;
+ else if (!strcmp(argv[aindex], "-mkey_convert"))
+ mkey_convert = 1;
+ else if (!strcmp(argv[aindex], "-new_mkey_file")) {
+ new_mkey_file = argv[++aindex];
+ mkey_convert = 1;
+ } else if (!strcmp(argv[aindex], "-rev"))
+ backwards = 1;
+ else if (!strcmp(argv[aindex], "-recurse"))
+ recursive = 1;
+ else
+ break;
+ }
+
+ arglist.names = (char **) NULL;
+ arglist.nnames = 0;
+ if (aindex < argc) {
+ ofile = argv[aindex];
+ aindex++;
+ if (aindex < argc) {
+ arglist.names = &argv[aindex];
+ arglist.nnames = argc - aindex;
+ }
+ }
+
+ /*
+ * If a conditional ipropx dump we check if the existing dump is
+ * good enough.
+ */
+ if (ofile != NULL && conditional) {
+ if (!dump->iprop) {
+ com_err(progname, 0,
+ _("Conditional dump is an undocumented option for "
+ "use only for iprop dumps"));
+ goto error;
+ }
+ if (current_dump_sno_in_ulog(ofile, log_ctx->ulog))
+ return;
+ }
+
+ /*
+ * Make sure the database is open. The policy database only has
+ * to be opened if we try a dump that uses it.
+ */
+ if (!dbactive) {
+ com_err(progname, 0, _("Database not currently opened!"));
+ goto error;
+ }
+
+ /*
+ * If we're doing a master key conversion, set up for it.
+ */
+ if (mkey_convert) {
+ if (!valid_master_key) {
+ /* TRUE here means read the keyboard, but only once */
+ retval = krb5_db_fetch_mkey(util_context,
+ master_princ,
+ master_keyblock.enctype,
+ TRUE, FALSE,
+ (char *) NULL,
+ NULL, NULL,
+ &master_keyblock);
+ if (retval) {
+ com_err(progname, retval, _("while reading master key"));
+ exit(1);
+ }
+ retval = krb5_db_fetch_mkey_list(util_context, master_princ,
+ &master_keyblock);
+ if (retval) {
+ com_err(progname, retval, _("while verifying master key"));
+ exit(1);
+ }
+ }
+ new_master_keyblock.enctype = global_params.enctype;
+ if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
+ new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+
+ if (new_mkey_file) {
+ krb5_kvno kt_kvno;
+
+ if (global_params.mask & KADM5_CONFIG_KVNO)
+ kt_kvno = global_params.kvno;
+ else
+ kt_kvno = IGNORE_VNO;
+
+ if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+ new_master_keyblock.enctype,
+ FALSE,
+ FALSE,
+ new_mkey_file,
+ &kt_kvno,
+ NULL,
+ &new_master_keyblock))) {
+ com_err(progname, retval, _("while reading new master key"));
+ exit(1);
+ }
+ } else {
+ printf(_("Please enter new master key....\n"));
+ if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+ new_master_keyblock.enctype,
+ TRUE,
+ TRUE,
+ NULL, NULL, NULL,
+ &new_master_keyblock))) {
+ com_err(progname, retval, _("while reading new master key"));
+ exit(1);
+ }
+ }
+ /*
+ * get new master key vno that will be used to protect princs, used
+ * later on.
+ */
+ new_mkvno = get_next_kvno(util_context, master_entry);
+ }
+
+ kret = 0;
+
+ if (ofile && strcmp(ofile, "-")) {
+ /*
+ * Discourage accidental dumping to filenames beginning with '-'.
+ */
+ if (ofile[0] == '-')
+ usage();
+ if (!prep_ok_file(util_context, ofile, &ok_fd))
+ return; /* prep_ok_file() bumps exit_status */
+ f = create_ofile(ofile, &tmpofile);
+ if (f == NULL) {
+ fprintf(stderr, ofopen_error,
+ progname, ofile, error_message(errno));
+ goto error;
+ }
+ } else {
+ f = stdout;
+ }
+ if (f && !(kret)) {
+ arglist.programname = progname;
+ arglist.ofile = f;
+ arglist.kcontext = util_context;
+ fprintf(arglist.ofile, "%s", dump->header);
+
+ /*
+ * We grab the lock twice (once again in the iterator call),
+ * but that's ok since the lock func handles incr locks held.
+ */
+ kret = krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED);
+ if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
+ fprintf(stderr,
+ _("%s: Couldn't grab lock\n"), progname);
+ goto error;
+ }
+
+ if (dump_sno) {
+ if (ipropx_version)
+ fprintf(f, " %u", IPROPX_VERSION);
+ fprintf(f, " %u", log_ctx->ulog->kdb_last_sno);
+ fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds);
+ fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds);
+ }
+
+ if (dump->header[strlen(dump->header)-1] != '\n')
+ fputc('\n', arglist.ofile);
+
+ if ((kret = krb5_db_iterate(util_context,
+ NULL,
+ dump->dump_princ,
+ (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
+ fprintf(stderr, dumprec_err,
+ progname, dump->name, error_message(kret));
+ goto error;
+ }
+ if (dump->dump_policy &&
+ (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
+ &arglist))) {
+ fprintf(stderr, dumprec_err, progname, dump->name,
+ error_message(kret));
+ goto error;
+ }
+ if (ofile && f != stdout) {
+ fclose(f);
+ finish_ofile(ofile, &tmpofile);
+ update_ok_file(util_context, ok_fd);
+ }
+ return;
+ }
+
+error:
+ krb5_db_unlock(util_context);
+ if (tmpofile != NULL)
+ unlink(tmpofile);
+ free(tmpofile);
+ exit_status++;
+}
+
/*
* restore_dump() - Restore the database from any version dump file.
*/
More information about the cvs-krb5
mailing list