krb5 commit: Restore recursive dump functionality
Tom Yu
tlyu at mit.edu
Tue Aug 16 21:46:19 EDT 2016
https://github.com/krb5/krb5/commit/2029955eb70ba1a368031c4a6dbf1f554c529dd5
commit 2029955eb70ba1a368031c4a6dbf1f554c529dd5
Author: Tom Yu <tlyu at mit.edu>
Date: Thu Aug 11 18:05:33 2016 -0400
Restore recursive dump functionality
Use the new recursive traversal interface to restore recursive dump
functionality.
ticket: 8476
doc/admin/admin_commands/kdb5_util.rst | 10 ++++++----
src/include/kdb.h | 1 +
src/kadmin/dbutil/dump.c | 6 +-----
src/plugins/kdb/db2/kdb_db2.c | 23 +++++++++++++++++++++--
4 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/doc/admin/admin_commands/kdb5_util.rst b/doc/admin/admin_commands/kdb5_util.rst
index f43bcf1..258498f 100644
--- a/doc/admin/admin_commands/kdb5_util.rst
+++ b/doc/admin/admin_commands/kdb5_util.rst
@@ -182,11 +182,13 @@ load_dump version 7". If filename is not specified, or is the string
corruption, this option will probably retrieve more principals
than the **-rev** option will.
- .. note::
- The **-recurse** option currently doesn't modify the dump
- functionality as described above; it does a normal dump.
+ .. versionchanged:: 1.15
+ Release 1.15 restored the functionality of the **-recurse**
+ option.
- .. deprecated:: 1.5
+ .. versionchanged:: 1.5
+ The **-recurse** option ceased working until release 1.15,
+ doing a normal dump instead of a recursive traversal.
.. _kdb5_util_dump_end:
diff --git a/src/include/kdb.h b/src/include/kdb.h
index df02ec6..c6dd15f 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -135,6 +135,7 @@
/* KDB iteration flags */
#define KRB5_DB_ITER_WRITE 0x00000001
#define KRB5_DB_ITER_REV 0x00000002
+#define KRB5_DB_ITER_RECURSE 0x00000004
/* String attribute names recognized by krb5 */
#define KRB5_KDB_SK_SESSION_ENCTYPES "session_enctypes"
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index 4127638..f7889bd 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -1304,11 +1304,7 @@ dump_db(int argc, char **argv)
} else if (!strcmp(argv[aindex], "-rev")) {
iterflags |= KRB5_DB_ITER_REV;
} else if (!strcmp(argv[aindex], "-recurse")) {
- /* Accept this for compatibility, but do nothing since
- * krb5_db_iterate doesn't support it. */
- fprintf(stderr,
- _("%s: WARNING: the -recurse option is currently "
- "unimplemented\n"), progname);
+ iterflags |= KRB5_DB_ITER_RECURSE;
} else {
break;
}
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index d69643c..4c4036e 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -968,6 +968,10 @@ static krb5_error_code
curs_init(iter_curs *curs, krb5_context ctx, krb5_db2_context *dbc,
krb5_flags iterflags)
{
+ int isrecurse = iterflags & KRB5_DB_ITER_RECURSE;
+ unsigned int prevflag = R_PREV;
+ unsigned int nextflag = R_NEXT;
+
curs->keycopy.size = 0;
curs->keycopy.data = NULL;
curs->islocked = FALSE;
@@ -979,12 +983,27 @@ curs_init(iter_curs *curs, krb5_context ctx, krb5_db2_context *dbc,
else
curs->lockmode = KRB5_LOCKMODE_SHARED;
+ if (isrecurse) {
+#ifdef R_RNEXT
+ if (dbc->hashfirst) {
+ k5_setmsg(ctx, EINVAL, _("Recursive iteration is not supported "
+ "for hash databases"));
+ return EINVAL;
+ }
+ prevflag = R_RPREV;
+ nextflag = R_RNEXT;
+#else
+ k5_setmsg(ctx, EINVAL, _("Recursive iteration not supported "
+ "in this version of libdb"));
+ return EINVAL;
+#endif
+ }
if (iterflags & KRB5_DB_ITER_REV) {
curs->startflag = R_LAST;
- curs->stepflag = R_PREV;
+ curs->stepflag = prevflag;
} else {
curs->startflag = R_FIRST;
- curs->stepflag = R_NEXT;
+ curs->stepflag = nextflag;
}
return curs_lock(curs);
}
More information about the cvs-krb5
mailing list