libkadm5 should allow persistent locks

libkadm5 should have a way to persistently lock the databases to avoid
wasting time on closing and reopening.  These patches implement
persistent exclusive locks for local access only.

ticket: new
target_version: 1.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14914 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 63 insertions, 0 deletions

diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog
index 322b5159a1..3b468f1631 100644
--- a/src/kadmin/cli/ChangeLog
+++ b/src/kadmin/cli/ChangeLog
@@ -1,3 +1,13 @@
+2002-10-08  Tom Yu  <tlyu@mit.edu>
+
+	* kadmin.c (quit): Release exclusive lock, if acquired.
+	(kadmin_lock, kadmin_unlock): New functions to call kadm5_lock and
+	kadm5_unlock.
+
+	* kadmin.h: Add kadmin_lock and kadmin_unlock.
+
+	* kadmin_ct.ct: Add lock and unlock commands.
+
 2002-08-29  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in: Revert $(S)=>/ change, for Windows support.
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index b3308797a7..72dc594b86 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -93,6 +93,8 @@ void *handle = NULL;
 krb5_context context;
 char *ccache_name = NULL;
 
+int locked = 0;
+
 static void usage()
 {
     fprintf(stderr,
@@ -465,6 +467,17 @@ char *kadmin_startup(argc, argv)
 
 int quit()
 {
+    kadm5_ret_t retval;
+
+    if (locked) {
+	retval = kadm5_unlock(handle);
+	if (retval) {
+	    com_err("quit", retval, "while unlocking locked database");
+	    return 1;
+	}
+	locked = 0;
+    }
+
      kadm5_destroy(handle);
      if (ccache_name != NULL) {
 	  fprintf(stderr,
@@ -477,6 +490,38 @@ int quit()
      return 0;
 }
 
+void kadmin_lock(argc, argv)
+    int argc;
+    char *argv[];
+{
+    kadm5_ret_t retval;
+
+    if (locked)
+	return;
+    retval = kadm5_lock(handle);
+    if (retval) {
+	com_err("lock", retval, "");
+	return;
+    }
+    locked = 1;
+}
+
+void kadmin_unlock(argc, argv)
+    int argc;
+    char *argv[];
+{
+    kadm5_ret_t retval;
+
+    if (!locked)
+	return;
+    retval = kadm5_lock(handle);
+    if (retval) {
+	com_err("unlock", retval, "");
+	return;
+    }
+    locked = 0;
+}
+
 void kadmin_delprinc(argc, argv)
     int argc;
     char *argv[];
diff --git a/src/kadmin/cli/kadmin.h b/src/kadmin/cli/kadmin.h
index 4255e0c7ec..4e6e8185f2 100644
--- a/src/kadmin/cli/kadmin.h
+++ b/src/kadmin/cli/kadmin.h
@@ -33,6 +33,8 @@
 /* It would be nice if ss produced a header file we could reference */
 extern char *kadmin_startup(int argc, char *argv[]);
 extern int quit (void);
+extern void kadmin_lock(int argc, char *argv[]);
+extern void kadmin_unlock(int argc, char *argv[]);
 extern void kadmin_delprinc(int argc, char *argv[]);
 extern void kadmin_cpw(int argc, char *argv[]);
 extern void kadmin_addprinc(int argc, char *argv[]);
diff --git a/src/kadmin/cli/kadmin_ct.ct b/src/kadmin/cli/kadmin_ct.ct
index 9ecef0da70..05a4efb840 100644
--- a/src/kadmin/cli/kadmin_ct.ct
+++ b/src/kadmin/cli/kadmin_ct.ct
@@ -68,6 +68,12 @@ request kadmin_keytab_add, "Add entry(s) to a keytab",
 request kadmin_keytab_remove, "Remove entry(s) from a keytab",
 	ktremove, ktrem;
 
+request kadmin_lock, "Lock database exclusively (use with extreme caution!)",
+	lock;
+
+request kadmin_unlock, "Release exclusive database lock",
+	unlock;
+
 # list_requests is generic -- unrelated to Kerberos
 request	ss_list_requests, "List available requests.",
 	list_requests, lr, "?";