diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-07-15 03:12:57 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-07-15 03:12:57 +0000 |
| commit | f800e51b28c1fd8c1cf44906cb2984f68e5a6446 (patch) | |
| tree | cc29a120c8a9ea55b857a1205bb7751b3ef81bb6 | |
| parent | 4a7ac71054f74dea5dad7d94640862705d0cb582 (diff) | |
| download | krb5-f800e51b28c1fd8c1cf44906cb2984f68e5a6446.tar.gz krb5-f800e51b28c1fd8c1cf44906cb2984f68e5a6446.tar.xz krb5-f800e51b28c1fd8c1cf44906cb2984f68e5a6446.zip | |
Add refresh_config to the DAL with a corresponding libkdb5 API,
replacing the REFRESH_POLICY method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/kdb.h | 15 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 4 | ||||
| -rw-r--r-- | src/lib/kdb/kdb5.c | 12 | ||||
| -rw-r--r-- | src/lib/kdb/libkdb5.exports | 1 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/db2_exp.c | 1 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_exp.c | 1 |
6 files changed, 25 insertions, 9 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index 977867b496..b09c4a3c3d 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -323,7 +323,6 @@ extern char *krb5_mkey_pwd_prompt2; #define KRB5_DB_LOCKMODE_PERMANENT 0x0008 /* db_invoke methods */ -#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070 #define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080 typedef struct _kdb_check_allowed_to_delegate_req { @@ -619,6 +618,8 @@ void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, krb5_db_entry *client, krb5_db_entry *server, krb5_timestamp authtime, krb5_error_code error_code); +void krb5_db_refresh_config(krb5_context kcontext); + krb5_error_code krb5_db_invoke ( krb5_context kcontext, unsigned int method, const krb5_data *req, @@ -755,7 +756,7 @@ krb5_dbe_free_tl_data(krb5_context, krb5_tl_data *); * DAL. It is passed to init_library to allow KDB modules to detect when * they are being loaded by an incompatible version of the KDC. */ -#define KRB5_KDB_DAL_VERSION 20100713 +#define KRB5_KDB_DAL_VERSION 20100714 /* * A krb5_context can hold one database object. Modules should use @@ -1277,14 +1278,16 @@ typedef struct _kdb_vftabl { /* Note: there is currently no method for auditing TGS requests. */ /* + * Optional: This method informs the module of a request to reload + * configuration or other state (that is, the KDC received a SIGHUP). + */ + void (*refresh_config)(krb5_context kcontext); + + /* * Optional: Perform an operation on input data req with output stored in * rep. Return KRB5_PLUGIN_OP_NOTSUPP if the module does not implement the * method. Defined methods are: * - * KRB5_KDB_METHOD_REFRESH_POLICY: req and rep are NULL. Informs the - * module that the KDC received a request to reload configuration - * (that is, a SIGHUP). - * * KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE: req contains a * kdb_check_allowed_to_delegate_req structure. Perform a policy check * on server being allowed to obtain tickets from client to proxy. diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 97df9f7fcb..c0b22ce691 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -2688,7 +2688,5 @@ void reset_for_hangup() int k; for (k = 0; k < kdc_numrealms; k++) - krb5_db_invoke(kdc_realmlist[k]->realm_context, - KRB5_KDB_METHOD_REFRESH_POLICY, - NULL, NULL); + krb5_db_refresh_config(kdc_realmlist[k]->realm_context); } diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 38f26e6785..8118872c5b 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -2317,6 +2317,18 @@ krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, v->audit_as_req(kcontext, request, client, server, authtime, error_code); } +void +krb5_db_refresh_config(krb5_context kcontext) +{ + krb5_error_code status; + kdb_vftabl *v; + + status = get_vftabl(kcontext, &v); + if (status || v->refresh_config == NULL) + return; + v->refresh_config(kcontext); +} + krb5_error_code krb5_db_invoke(krb5_context kcontext, unsigned int method, diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index 530b471905..1d7ab7b399 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -24,6 +24,7 @@ krb5_db_invoke krb5_db_iterate krb5_db_lock krb5_db_put_principal +krb5_db_refresh_config krb5_db_set_context krb5_db_set_mkey_list krb5_db_setup_mkey_name diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index da4cecd7f1..24c62a434c 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -258,5 +258,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = { /* check_policy_as */ wrap_krb5_db2_check_policy_as, 0, /* audit_as_req */ wrap_krb5_db2_audit_as_req, + 0, /* invoke */ wrap_krb5_db2_invoke }; diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c index 3bd6c67501..76786fca4b 100644 --- a/src/plugins/kdb/ldap/ldap_exp.c +++ b/src/plugins/kdb/ldap/ldap_exp.c @@ -87,6 +87,7 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = { /* check_policy_as */ krb5_ldap_check_policy_as, /* check_policy_tgs */ NULL, /* audit_as_req */ krb5_ldap_audit_as_req, + /* refresh_config */ NULL, /* invoke */ krb5_ldap_invoke, }; |