summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2014-02-23 11:28:44 -0500
committerGreg Hudson <ghudson@mit.edu>2014-02-26 16:33:32 -0500
commita2ac57b0ec230efed06fabc2d55db1fcbc6f7ea3 (patch)
tree1595b4129694428309bfce47a1831452db1075a5
parent1041af9f85e4be342339475cf5c8878fef1de10d (diff)
downloadkrb5-a2ac57b0ec230efed06fabc2d55db1fcbc6f7ea3.zip
krb5-a2ac57b0ec230efed06fabc2d55db1fcbc6f7ea3.tar.gz
krb5-a2ac57b0ec230efed06fabc2d55db1fcbc6f7ea3.tar.xz
In kdb5_util dump, only lock DB for iprop dumps
Revert #7384, as there are no longer policy refcounts. For iprop dumps we want to make sure that the reported serial number matches the DB state (although we could perhaps relax that requirement with enough analysis), but for non-iprop dumps we don't need any transactional guarantees. Also use the correct constant name for the locking mode (the numeric value is the same, fortunately), and only unlock the database if we successfully locked it. ticket: 7869 (new)
-rw-r--r--src/kadmin/dbutil/dump.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index d28a9cd..acdb679 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -1230,7 +1230,7 @@ dump_db(int argc, char **argv)
kdb_log_context *log_ctx;
unsigned int ipropx_version = IPROPX_VERSION_0;
krb5_kvno kt_kvno;
- krb5_boolean conditional = FALSE;
+ krb5_boolean conditional = FALSE, db_locked = FALSE;
kdb_last_t last;
/* Parse the arguments. */
@@ -1396,15 +1396,16 @@ dump_db(int argc, char **argv)
args.dump = dump;
fprintf(args.ofile, "%s", dump->header);
- /* We grab the lock twice (once again in the iterator call), but that's ok
- * since krb5_db_lock handles recursive locks. */
- ret = krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED);
- if (ret != 0 && ret != KRB5_PLUGIN_OP_NOTSUPP) {
- fprintf(stderr, _("%s: Couldn't grab lock\n"), progname);
- goto error;
- }
-
if (dump_sno) {
+ /* Make sure the dump reflects the serial number we're recording. */
+ ret = krb5_db_lock(util_context, KRB5_DB_LOCKMODE_SHARED);
+ if (ret == 0) {
+ db_locked = TRUE;
+ } else if (ret != KRB5_PLUGIN_OP_NOTSUPP) {
+ fprintf(stderr, _("%s: Couldn't grab lock\n"), progname);
+ goto error;
+ }
+
ret = ulog_get_last(util_context, &last);
if (ret) {
com_err(progname, ret, _("while reading update log header"));
@@ -1442,7 +1443,8 @@ dump_db(int argc, char **argv)
return;
error:
- krb5_db_unlock(util_context);
+ if (db_locked)
+ krb5_db_unlock(util_context);
if (tmpofile != NULL)
unlink(tmpofile);
free(tmpofile);