krb5.git/src/kadmin/dbutil, branch master Unnamed repository; edit this file 'description' to name the repository. In kdb5_util dump, only lock DB for iprop dumps 2014-02-26T21:33:32+00:00 Greg Hudson ghudson@mit.edu 2014-02-23T16:28:44+00:00 a2ac57b0ec230efed06fabc2d55db1fcbc6f7ea3 Revert #7384, as there are no longer policy refcounts. For iprop dumps we want to make sure that the reported serial number matches the DB state (although we could perhaps relax that requirement with enough analysis), but for non-iprop dumps we don't need any transactional guarantees. Also use the correct constant name for the locking mode (the numeric value is the same, fortunately), and only unlock the database if we successfully locked it. ticket: 7869 (new) 
Revert #7384, as there are no longer policy refcounts.  For iprop
dumps we want to make sure that the reported serial number matches the
DB state (although we could perhaps relax that requirement with enough
analysis), but for non-iprop dumps we don't need any transactional
guarantees.

Also use the correct constant name for the locking mode (the numeric
value is the same, fortunately), and only unlock the database if we
successfully locked it.

ticket: 7869 (new)
Simplify ulog_map 2014-02-21T01:42:47+00:00 Greg Hudson ghudson@mit.edu 2014-01-24T21:52:47+00:00 6a4a4b7b5e3265e4a811a9fd72c2534e6c5f5fd4 Get rid of the caller parameter. The kproplog semantics (without -R) for mapping the ulog are simple and almost completely different from other users of the ulog, so implement them as a static helper in kproplog. With hierarchical iprop, kpropd will need the same semantics as FKCOMMAND and FKADMIND, which were already identical. Get rid of the db_args parameter, since ulog_map no longer opens the database after #7552. Remove an inoperative lseek() call when creating a new ulog file. Rename ulog_filesize to filesize and compute it from scratch each time we use it, for easier analysis. If kdb_hmagic is zero, init the ulog header but don't skip the rest of the function; it's possible that we need to expand the ulog file. Remove an unneeded conditional before calling extend_file_to for an existing ulog. ticket: 7855 
Get rid of the caller parameter.  The kproplog semantics (without -R)
for mapping the ulog are simple and almost completely different from
other users of the ulog, so implement them as a static helper in
kproplog.  With hierarchical iprop, kpropd will need the same
semantics as FKCOMMAND and FKADMIND, which were already identical.

Get rid of the db_args parameter, since ulog_map no longer opens the
database after #7552.

Remove an inoperative lseek() call when creating a new ulog file.
Rename ulog_filesize to filesize and compute it from scratch each time
we use it, for easier analysis.  If kdb_hmagic is zero, init the ulog
header but don't skip the rest of the function; it's possible that we
need to expand the ulog file.  Remove an unneeded conditional before
calling extend_file_to for an existing ulog.

ticket: 7855
Lock around more ulog operations 2014-02-20T20:55:49+00:00 Greg Hudson ghudson@mit.edu 2014-01-23T16:34:52+00:00 71d028f1054deb186807e7c8048218b82b478422 Always lock the ulog when accessing it. We can currently get away with some laxness on iprop slaves because they are mostly synchronous, but hierarchical iprop will allow master and slave operations to take place concurrently, requiring more strict locking. Add new functions ulog_get_last and ulog_set_last, which access the ulog header with locking, and use them in kdb5_util and kpropd. Add locking to ulog_replay and ulog_init_header. ulog_lock and ulog_sync_header are no longer used outside of kdb_log.c after these changes, so make them static functions and remove the ulog_ prefix. Add an unlock_ulog function for clarity. 
Always lock the ulog when accessing it.  We can currently get away
with some laxness on iprop slaves because they are mostly synchronous,
but hierarchical iprop will allow master and slave operations to take
place concurrently, requiring more strict locking.

Add new functions ulog_get_last and ulog_set_last, which access the
ulog header with locking, and use them in kdb5_util and kpropd.  Add
locking to ulog_replay and ulog_init_header.

ulog_lock and ulog_sync_header are no longer used outside of kdb_log.c
after these changes, so make them static functions and remove the
ulog_ prefix.  Add an unlock_ulog function for clarity.
Factor out ulog serial number status check 2014-02-20T20:55:48+00:00 Greg Hudson ghudson@mit.edu 2014-01-20T23:46:52+00:00 d1f9aa3737b2b3e62b5c5ed488d6112b7ce8a5ad Add a new function ulog_get_sno_status, which checks a serial number and timestamp against the ulog for currency. Use it in kdb5_util dump and in ulog_get_entries. Adjust parse_iprop_header's contract in dump.c to better match the ulog_get_sno_status contract. This change causes some minor behavior differences. kadmind will check for an empty ulog unless the last serial number matches exactly, and will never set lastentry when returning UPDATE_FULL_RESYNC_NEEDED (which was pointless). kdb5_util dump will recognize a dump file as current if it exactly matches the last serial number, even if the ulog is empty; it will be more robust in the presence of non-monotonic clocks; and it will properly lock around the ulog access. 
Add a new function ulog_get_sno_status, which checks a serial number
and timestamp against the ulog for currency.  Use it in kdb5_util dump
and in ulog_get_entries.  Adjust parse_iprop_header's contract in
dump.c to better match the ulog_get_sno_status contract.

This change causes some minor behavior differences.  kadmind will
check for an empty ulog unless the last serial number matches exactly,
and will never set lastentry when returning UPDATE_FULL_RESYNC_NEEDED
(which was pointless).  kdb5_util dump will recognize a dump file as
current if it exactly matches the last serial number, even if the ulog
is empty; it will be more robust in the presence of non-monotonic
clocks; and it will properly lock around the ulog access.
In kdb5_util load, init ulog closer to promote 2014-02-05T05:21:30+00:00 Greg Hudson ghudson@mit.edu 2014-01-23T15:51:21+00:00 1c0507df449ded505f54383387032db2723bd871 Always map the ulog with FKCOMMAND, not FKLOAD which reinitializes the ulog. Don't reinitialize the ulog until just before calling krb5_db_promote(). Get rid of FKLOAD since it isn't needed any more; we can just call ulog_init_header() manually. 
Always map the ulog with FKCOMMAND, not FKLOAD which reinitializes the
ulog.  Don't reinitialize the ulog until just before calling
krb5_db_promote().  Get rid of FKLOAD since it isn't needed any more;
we can just call ulog_init_header() manually.
Remove kdb5_util load iprop safety net 2014-01-30T23:33:10+00:00 Greg Hudson ghudson@mit.edu 2014-01-24T04:49:34+00:00 1116f25224207f051af22858c60ccfbe114aa96c Revert the safety net added #7370. As written it only applied to the master KDC, where a normal load sometimes makes sense. Even on a slave, there are edge cases where it can make sense to do a normal load. ticket: 7850 (new) 
Revert the safety net added #7370.  As written it only applied to the
master KDC, where a normal load sometimes makes sense.  Even on a
slave, there are edge cases where it can make sense to do a normal
load.

ticket: 7850 (new)
Make salt defaulting work for keysalts 2014-01-06T22:17:02+00:00 Tom Yu tlyu@mit.edu 2014-01-06T22:17:02+00:00 cc26d29b8087e31d0ea1aca6bde45f8935e8b744 Make krb5_string_to_keysalts() default to only ":" as a key:salt separator character. Change most of its callers to pass NULL so they get the default separators. Adapted from a patch proposed by Jon Looney. ticket: 884 
Make krb5_string_to_keysalts() default to only ":" as a key:salt
separator character.  Change most of its callers to pass NULL so they
get the default separators.

Adapted from a patch proposed by Jon Looney.

ticket: 884
Clean up the code to eliminate some clang warnings 2013-11-04T18:51:17+00:00 Ben Kaduk kaduk@mit.edu 2013-10-30T18:51:12+00:00 3a8eaa43045fb242739ad9729bb66f915be209b9 In ure.c, though k is a short, the literal 1 is of type 'int', and so the operation 'k + 1' is performed at the (32-bit) width of int, and therefore the "%d" format string is correct. In accept_sec_context.c, the 'length' field of krb5_data is an unsigned type, so checking for a negative value has no effect. In net-server.c, the helper routine rtm_type_name() is only used in code that is disabled with #if 0 conditionals; make the definition also disabled in the same way to avoid warnings of an unused function. In kdc_authdata.c, equality checks in double parentheses elicit a warning from clang. The double-parentheses idiom is normally used to indicate that an assignment is being performed, but the value of the assignment is also to be used as the value for the conditional. Since assignment and equality checking differ only by a single character, clang considers this worthy of a warning. Since the extra set of parentheses is redundant and against style, it is correct to remove them. In several places (sim_server.c, dump.c, kdb5_destroy.c, ovsec_kadmd.c), there are declarations of extern variables relating to getopt() functionality that are now unused in the code. Remove these unused variables. 
In ure.c, though k is a short, the literal 1 is of type 'int', and
so the operation 'k + 1' is performed at the (32-bit) width of int,
and therefore the "%d" format string is correct.

In accept_sec_context.c, the 'length' field of krb5_data is an
unsigned type, so checking for a negative value has no effect.

In net-server.c, the helper routine rtm_type_name() is only used
in code that is disabled with #if 0 conditionals; make the
definition also disabled in the same way to avoid warnings of an
unused function.

In kdc_authdata.c, equality checks in double parentheses elicit
a warning from clang.  The double-parentheses idiom is normally used
to indicate that an assignment is being performed, but the value of
the assignment is also to be used as the value for the conditional.
Since assignment and equality checking differ only by a single
character, clang considers this worthy of a warning.  Since the extra
set of parentheses is redundant and against style, it is correct to
remove them.

In several places (sim_server.c, dump.c, kdb5_destroy.c,
ovsec_kadmd.c), there are declarations of extern variables relating
to getopt() functionality that are now unused in the code.  Remove
these unused variables.
Use retval, not errno, when stashing master keys 2013-11-04T18:33:02+00:00 Ben Kaduk kaduk@mit.edu 2013-11-04T18:09:13+00:00 51b5cef8387da33c2a61e5ebbf69a8702eece1d5 The krb5_db_store_master_key{,_list} functions return a krb5_error_code, and do not necessarily set errno on failure. Use the correct variable while reporting errors with com_err(). 
The krb5_db_store_master_key{,_list} functions return a
krb5_error_code, and do not necessarily set errno on failure.
Use the correct variable while reporting errors with com_err().
Simplify kdb5_list_mkeys actkvno list retrieval 2013-10-25T15:36:12+00:00 Greg Hudson ghudson@mit.edu 2013-10-24T17:16:54+00:00 0db3c9a631feaf32420d03b76e1d720d64a707a9 After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty list and cannot return KRB5_KDB_NOACTMASTERKEY. 
After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty
list and cannot return KRB5_KDB_NOACTMASTERKEY.