diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2012-10-02 22:19:00 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-05 15:21:14 -0400 |
| commit | c0112c620e3c6d7467a8f72d4177664be6418263 (patch) | |
| tree | 8aa1213d3b0ac51d1f0d517138b0e6e9e2349f11 /src/kadmin | |
| parent | 969331732b62e73d1e073ff3ad87bf1774ee9fd1 (diff) | |
| download | krb5-c0112c620e3c6d7467a8f72d4177664be6418263.tar.gz krb5-c0112c620e3c6d7467a8f72d4177664be6418263.tar.xz krb5-c0112c620e3c6d7467a8f72d4177664be6418263.zip | |
Fix a minor race in kdb5_util load
If a kdb5_util load gets killed between rename()ing the new KDB file
into place and resetting the iprop ulog then the ulog can reflect the
pre-load state, which will almost certainly be incorrect.
This matters because we want to impose a timeout on full resyncs in
kpropd when iprop dictates that a full resync is needed, and the
simplest timeout scheme involves signaling the kdb5_util load process.
But also, we want no such races in general.
The fix is simple: re-initialize the ulog before renaming the new KDB
file into place, then proceed as usual. If the ulog is not properly
updated at the end of the load it will at least always result in
subsequent iprop get updates operations always indicating that a full
resync is required.
ticket: 7399
Diffstat (limited to 'src/kadmin')
| -rw-r--r-- | src/kadmin/dbutil/dump.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 63f48f3102..b15e116f37 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -2687,7 +2687,7 @@ load_db(argc, argv) if (log_ctx && log_ctx->iproprole) { load = &iprop_version; add_update = FALSE; - caller = FKPROPD; + caller = FKLOAD; } else { fprintf(stderr, _("Iprop not enabled\n")); exit_status++; |