issue with 1.6 and kdb5_util load, requesting help
Will Fiveash
William.Fiveash at sun.com
Thu Mar 22 14:53:17 EDT 2007
On Tue, Mar 20, 2007 at 03:08:08PM -0500, Will Fiveash wrote:
> On Tue, Mar 20, 2007 at 02:52:55PM -0500, Will Fiveash wrote:
> > While doing some testing I noticed that the kdb5_util load command is
> > broken when using the db2 KDB plugin and the KDB does not exist. The
> > problem appears to be that in the process of doing a load
> > krb5_db2_db_rename() is called which in turn calls krb5_db2_db_init().
> > In krb5_db2_db_init() there is this logic:
> >
> > if ((db_ctx->db_lf_file = open(filename, O_RDWR, 0666)) < 0) {
> > if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
> > retval = errno;
> > goto err_out;
> > }
> > }
> >
> > which is trying to open the principal.ok lock-file. If this doesn't
> > exist then this causes a fatal error. Thoughts on how to address this
> > are appreciated.
>
> BTW, I notice that in an older version of krb5_db2_db_rename() instead
> of calling krb5_db2_db_init() there is:
>
> db_ctx->db_lf_file = open(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
> if (db_ctx->db_lf_file < 0) {
> retval = errno;
> goto errout;
> }
>
> db_ctx->db_inited = 1;
>
> So it creates the lock-file and sets db_inited. Is it reasonable to
> modify the 1.6 krb5_db2_db_init() interface to take a flag to indicate
> the lock-file may need to be created?
I thought of another solution (see attached). Still hacky but it works
in the case I mentioned above. I do wonder why osa_adb_rename_db() is
not being used to rename the policy part of the db2 KDB. I tried not to
change the code too much so I didn't check this out thoroughly.
Thoughts?
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
-------------- next part --------------
------- usr/src/lib/krb5/plugins/kdb/db2/kdb_db2.c -------
--- - Thu Mar 22 12:52:24 2007
+++ usr/src/lib/krb5/plugins/kdb/db2/kdb_db2.c Thu Mar 22 12:52:24 2007
=================================
@@ -1773,11 +1773,23 @@
* will fail otherwise.
*/
- db = k5db2_dbopen(db_ctx, to, O_RDWR|O_CREAT, 0600, 0);
- if (db == NULL) {
+ {
+ struct stat statbuf;
+
+ if (stat(to, &statbuf) == -1) {
+ if (errno == ENOENT) {
+ retval = krb5_db2_db_create(context, to,
+ KRB5_KDB_CREATE_BTREE);
+ if (retval)
+ goto errout;
+ }
+ else {
+ /*
+ * XXX assuming we should bail if there is some other stat error
+ */
retval = errno;
goto errout;
}
- else
- (*db->close)(db);
+ }
+ }
/*
* Set the database to the target, so that other processes sharing
@@ -1810,17 +1822,4 @@
}
- db_ctx->db_lf_name = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT);
- if (db_ctx->db_lf_name == NULL) {
- retval = ENOMEM;
- goto errout;
- }
- db_ctx->db_lf_file = open(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
- if (db_ctx->db_lf_file < 0) {
- retval = errno;
- goto errout;
- }
-
- db_ctx->db_inited = 1;
-
retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time);
if (retval)
-------------- next part --------------
krb5_error_code
krb5_db2_db_rename(context, from, to)
krb5_context context;
char *from;
char *to;
{
DB *db;
char *fromok;
krb5_error_code retval;
krb5_db2_context *s_context, *db_ctx;
kdb5_dal_handle *dal_handle = context->db_context;
s_context = dal_handle->db_context;
dal_handle->db_context = NULL;
if ((retval = k5db2_init_context(context)))
return retval;
db_ctx = (krb5_db2_context *) dal_handle->db_context;
/*
* Create the database if it does not already exist; the
* files must exist because krb5_db2_db_lock, called below,
* will fail otherwise.
*/
{
struct stat statbuf;
if (stat(to, &statbuf) == -1) {
if (errno == ENOENT) {
retval = krb5_db2_db_create(context, to,
KRB5_KDB_CREATE_BTREE);
if (retval)
goto errout;
}
else {
/*
* XXX assuming we should bail if there is some other stat error
*/
retval = errno;
goto errout;
}
}
}
/*
* Set the database to the target, so that other processes sharing
* the target will stop their activity, and notice the new database.
*/
retval = krb5_db2_db_set_name(context, to, 0);
if (retval)
goto errout;
retval = krb5_db2_db_init(context);
if (retval)
goto errout;
{
/* Ugly brute force hack.
Should be going through nice friendly helper routines for
this, but it's a mess of jumbled so-called interfaces right
now. */
char policy[2048], new_policy[2048];
assert (strlen(db_ctx->db_name) < 2000);
sprintf(policy, "%s.kadm5", db_ctx->db_name);
sprintf(new_policy, "%s~.kadm5", db_ctx->db_name);
if (0 != rename(new_policy, policy)) {
retval = errno;
goto errout;
}
strcat(new_policy, ".lock");
(void) unlink(new_policy);
}
retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time);
if (retval)
goto errout;
fromok = gen_dbsuffix(from, KDB2_LOCK_EXT);
if (fromok == NULL) {
retval = ENOMEM;
goto errout;
}
if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
goto errfromok;
if ((retval = krb5_db2_db_start_update(context)))
goto errfromok;
if (rename(from, to)) {
retval = errno;
goto errfromok;
}
if (unlink(fromok)) {
retval = errno;
goto errfromok;
}
retval = krb5_db2_db_end_update(context);
errfromok:
free_dbsuffix(fromok);
errout:
if (dal_handle->db_context) {
if (db_ctx->db_lf_file >= 0) {
krb5_db2_db_unlock(context);
close(db_ctx->db_lf_file);
}
k5db2_clear_context((krb5_db2_context *) dal_handle->db_context);
free(dal_handle->db_context);
}
dal_handle->db_context = s_context;
(void) krb5_db2_db_unlock(context); /* unlock saved context db */
return retval;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070322/f00b5557/attachment.bin
More information about the krbdev
mailing list