krb5 commit: Add flag word to KDB iteration APIs
Tom Yu
tlyu at MIT.EDU
Sat Aug 2 14:24:24 EDT 2014
https://github.com/krb5/krb5/commit/ab009b8568d9b64b7e992ecdb98114e895b4a7ff
commit ab009b8568d9b64b7e992ecdb98114e895b4a7ff
Author: Tom Yu <tlyu at mit.edu>
Date: Sat Aug 2 14:20:33 2014 -0400
Add flag word to KDB iteration APIs
ticket: 7977 (new)
subject: Enable unlocked KDB iteration
src/include/kdb.h | 10 +++++++---
src/kadmin/dbutil/dump.c | 2 +-
src/kadmin/dbutil/kdb5_mkey.c | 4 ++--
src/lib/kadm5/srv/server_kdb.c | 2 +-
src/lib/kdb/Makefile.in | 2 +-
src/lib/kdb/kdb5.c | 4 ++--
src/plugins/kdb/db2/db2_exp.c | 4 ++--
src/plugins/kdb/db2/kdb_db2.c | 8 ++++----
src/plugins/kdb/db2/kdb_db2.h | 2 +-
src/plugins/kdb/hdb/kdb_hdb.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h | 2 +-
src/tests/kdbtest.c | 2 +-
13 files changed, 25 insertions(+), 21 deletions(-)
diff --git a/src/include/kdb.h b/src/include/kdb.h
index 69817bc..e89c7aa 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -69,7 +69,7 @@
/* This version will be incremented when incompatible changes are made to the
* KDB API, and will be kept in sync with the libkdb major version. */
-#define KRB5_KDB_API_VERSION 7
+#define KRB5_KDB_API_VERSION 8
/* Salt types */
#define KRB5_KDB_SALTTYPE_NORMAL 0
@@ -131,6 +131,10 @@
#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
+/* KDB iteration flags */
+#define KRB5_DB_ITER_WRITE 0x00000001
+#define KRB5_DB_ITER_REV 0x00000002
+
/* String attribute names recognized by krb5 */
#define KRB5_KDB_SK_SESSION_ENCTYPES "session_enctypes"
@@ -380,7 +384,7 @@ krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
krb5_error_code krb5_db_iterate ( krb5_context kcontext,
char *match_entry,
int (*func) (krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg );
+ krb5_pointer func_arg, krb5_flags iterflags );
krb5_error_code krb5_db_store_master_key ( krb5_context kcontext,
@@ -1016,7 +1020,7 @@ typedef struct _kdb_vftabl {
krb5_error_code (*iterate)(krb5_context kcontext,
char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg);
+ krb5_pointer func_arg, krb5_flags iterflags);
/*
* Optional: Create a password policy entry. Return an error if the policy
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index 9f5d26a..06942de 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -1420,7 +1420,7 @@ dump_db(int argc, char **argv)
if (dump->header[strlen(dump->header)-1] != '\n')
fputc('\n', args.ofile);
- ret = krb5_db_iterate(util_context, NULL, dump_iterator, &args);
+ ret = krb5_db_iterate(util_context, NULL, dump_iterator, &args, 0);
if (ret) {
com_err(progname, ret, _("performing %s dump"), dump->name);
goto error;
diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index bc10b44..aefde7b 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -1033,7 +1033,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
}
retval = krb5_db_iterate(util_context, name_pattern,
- update_princ_encryption_1, &data);
+ update_princ_encryption_1, &data, 0);
/* If exit_status is set, then update_princ_encryption_1 already
printed a message. */
if (retval != 0 && exit_status == 0) {
@@ -1209,7 +1209,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
if ((retval = krb5_db_iterate(util_context,
NULL,
find_mkvnos_in_use,
- (krb5_pointer) &args))) {
+ (krb5_pointer) &args, 0))) {
com_err(progname, retval, _("while finding master keys in use"));
exit_status++;
goto cleanup_return;
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index f99bf58..b9664f4 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -437,7 +437,7 @@ kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry,
id.func = iter_fct;
id.data = data;
- ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id);
+ ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id, 0);
if (ret)
return(ret);
diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in
index 4390cb6..b6b6ddf 100644
--- a/src/lib/kdb/Makefile.in
+++ b/src/lib/kdb/Makefile.in
@@ -5,7 +5,7 @@ LOCALINCLUDES= -I.
# Keep LIBMAJOR in sync with KRB5_KDB_API_VERSION in include/kdb.h.
LIBBASE=kdb5
-LIBMAJOR=7
+LIBMAJOR=8
LIBMINOR=0
LIBINITFUNC=kdb_init_lock_list
LIBFINIFUNC=kdb_fini_lock_list
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 7c82399..6864af5 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -950,7 +950,7 @@ krb5_db_delete_principal(krb5_context kcontext, krb5_principal search_for)
krb5_error_code
krb5_db_iterate(krb5_context kcontext, char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg)
+ krb5_pointer func_arg, krb5_flags iterflags)
{
krb5_error_code status = 0;
kdb_vftabl *v;
@@ -960,7 +960,7 @@ krb5_db_iterate(krb5_context kcontext, char *match_entry,
return status;
if (v->iterate == NULL)
return KRB5_PLUGIN_OP_NOTSUPP;
- return v->iterate(kcontext, match_entry, func, func_arg);
+ return v->iterate(kcontext, match_entry, func, func_arg, iterflags);
}
/* Return a read only pointer alias to mkey list. Do not free this! */
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c
index c2bad73..529b943 100644
--- a/src/plugins/kdb/db2/db2_exp.c
+++ b/src/plugins/kdb/db2/db2_exp.c
@@ -135,8 +135,8 @@ WRAP_K (krb5_db2_iterate,
(krb5_context ctx, char *s,
krb5_error_code (*f) (krb5_pointer,
krb5_db_entry *),
- krb5_pointer p),
- (ctx, s, f, p));
+ krb5_pointer p, krb5_flags flags),
+ (ctx, s, f, p, flags));
WRAP_K (krb5_db2_create_policy,
(krb5_context context, osa_policy_ent_t entry),
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index b2c449f..f4e9458 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -928,7 +928,7 @@ typedef krb5_error_code (*ctx_iterate_cb)(krb5_pointer, krb5_db_entry *);
static krb5_error_code
ctx_iterate(krb5_context context, krb5_db2_context *dbc,
- ctx_iterate_cb func, krb5_pointer func_arg)
+ ctx_iterate_cb func, krb5_pointer func_arg, krb5_flags iterflags)
{
DBT key, contents;
krb5_data contdata;
@@ -969,12 +969,12 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc,
krb5_error_code
krb5_db2_iterate(krb5_context context, char *match_expr, ctx_iterate_cb func,
- krb5_pointer func_arg)
+ krb5_pointer func_arg, krb5_flags iterflags)
{
if (!inited(context))
return KRB5_KDB_DBNOTINITED;
return ctx_iterate(context, context->dal_handle->db_context, func,
- func_arg);
+ func_arg, iterflags);
}
krb5_boolean
@@ -1257,7 +1257,7 @@ ctx_merge_nra(krb5_context context, krb5_db2_context *dbc_temp,
nra.kcontext = context;
nra.db_context = dbc_real;
- return ctx_iterate(context, dbc_temp, krb5_db2_merge_nra_iterator, &nra);
+ return ctx_iterate(context, dbc_temp, krb5_db2_merge_nra_iterator, &nra, 0);
}
/*
diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h
index df4818a..3fb775d 100644
--- a/src/plugins/kdb/db2/kdb_db2.h
+++ b/src/plugins/kdb/db2/kdb_db2.h
@@ -60,7 +60,7 @@ krb5_error_code krb5_db2_put_principal(krb5_context, krb5_db_entry *,
krb5_error_code krb5_db2_iterate(krb5_context, char *,
krb5_error_code (*)(krb5_pointer,
krb5_db_entry *),
- krb5_pointer);
+ krb5_pointer, krb5_flags);
krb5_error_code krb5_db2_set_nonblocking(krb5_context, krb5_boolean,
krb5_boolean *);
krb5_boolean krb5_db2_set_lockmode(krb5_context, krb5_boolean);
diff --git a/src/plugins/kdb/hdb/kdb_hdb.c b/src/plugins/kdb/hdb/kdb_hdb.c
index a001ee3..2a274d5 100644
--- a/src/plugins/kdb/hdb/kdb_hdb.c
+++ b/src/plugins/kdb/hdb/kdb_hdb.c
@@ -888,7 +888,7 @@ static krb5_error_code
kh_db_iterate(krb5_context context,
char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg)
+ krb5_pointer func_arg, krb5_flags iterflags)
{
krb5_error_code code;
kh_db_context *kh = KH_DB_CONTEXT(context);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index af0eaf1..b562970 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -131,7 +131,7 @@ krb5_ldap_free_principal(krb5_context kcontext, krb5_db_entry *entry)
krb5_error_code
krb5_ldap_iterate(krb5_context context, char *match_expr,
krb5_error_code (*func)(krb5_pointer, krb5_db_entry *),
- krb5_pointer func_arg)
+ krb5_pointer func_arg, krb5_flags iterflags)
{
krb5_db_entry entry;
krb5_principal principal;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
index d3392c0..4c51e79 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
@@ -109,7 +109,7 @@ krb5_ldap_free_principal(krb5_context, krb5_db_entry *);
krb5_error_code
krb5_ldap_iterate(krb5_context, char *,
krb5_error_code (*)(krb5_pointer, krb5_db_entry *),
- krb5_pointer/*, int */);
+ krb5_pointer, krb5_flags);
void
krb5_dbe_free_contents(krb5_context, krb5_db_entry *);
diff --git a/src/tests/kdbtest.c b/src/tests/kdbtest.c
index d211265..7c1d515 100644
--- a/src/tests/kdbtest.c
+++ b/src/tests/kdbtest.c
@@ -388,7 +388,7 @@ main()
/* Exercise principal iteration code. */
count = 0;
- CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count));
+ CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count, 0));
CHECK_COND(count == 1);
CHECK(krb5_db_fini(ctx));
More information about the cvs-krb5
mailing list