rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- pull up proposed patch for creating previously-not-there lock files for

Browse Source 
kdb databases when 'kdb5_util' is called to 'load' (#551764)
This commit is contained in:
Nalin Dahyabhai 2010-01-05 22:55:55 +00:00
parent 65631fa1bb
commit b199476767
2 changed files with 119 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
krb5-1.7-create_on_load.patch Normal file
View File

@ -0,0 +1,115 @@
Modify the kdb_db2 backend so that an attempt to "load" a database will
successfully create it if it didn't already exist. The internal promotion
code appears to be built for this to happen, but doesn't always ensure
that lock files are in place before it attempts to lock them. We add
modified interfaces which allow O_CREAT to be passed in and applied in the
right paths, and change the function which promotes a temporary database
to a "real" database to do so. Other code paths shouldn't be affected.
diff -up krb5-1.7/src/plugins/kdb/db2/adb_openclose.c krb5-1.7/src/plugins/kdb/db2/adb_openclose.c
--- krb5-1.7/src/plugins/kdb/db2/adb_openclose.c 2010-01-05 17:31:01.000000000 -0500
+++ krb5-1.7/src/plugins/kdb/db2/adb_openclose.c 2010-01-05 17:42:11.000000000 -0500
@@ -110,8 +110,8 @@ krb5_error_code osa_adb_rename_db(char *
return 0;
}
-krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
- char *lockfilename, int magic)
+krb5_error_code osa_adb_init_db_flags(osa_adb_db_t *dbp, char *filename,
+ char *lockfilename, int magic, int flags)
{
osa_adb_db_t db;
static struct _locklist *locklist = NULL;
@@ -198,7 +198,9 @@ krb5_error_code osa_adb_init_db(osa_adb_
* POSIX systems
*/
lockp->lockinfo.filename = strdup(lockfilename);
- if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) {
+ if ((((flags & O_CREAT) == 0) ||
+ ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "w+")) == NULL)) &&
+ ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL)) {
/*
* maybe someone took away write permission so we could only
* get shared locks?
@@ -226,6 +228,12 @@ krb5_error_code osa_adb_init_db(osa_adb_
return OSA_ADB_OK;
}
+krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
+ char *lockfilename, int magic)
+{
+ return osa_adb_init_db_flags(dbp, filename, lockfilename, magic, 0);
+}
+
krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic)
{
if (db->magic != magic)
diff -up krb5-1.7/src/plugins/kdb/db2/kdb_db2.c krb5-1.7/src/plugins/kdb/db2/kdb_db2.c
--- krb5-1.7/src/plugins/kdb/db2/kdb_db2.c 2010-01-05 15:49:47.000000000 -0500
+++ krb5-1.7/src/plugins/kdb/db2/kdb_db2.c 2010-01-05 17:45:33.000000000 -0500
@@ -298,8 +298,8 @@ krb5_db2_db_set_hashfirst(krb5_context c
* initialization for data base routines.
*/
-krb5_error_code
-krb5_db2_db_init(krb5_context context)
+static krb5_error_code
+krb5_db2_db_init_flags(krb5_context context, int flags)
{
char *filename = NULL;
krb5_db2_context *db_ctx;
@@ -327,7 +327,7 @@ krb5_db2_db_init(krb5_context context)
* should be opened read/write so that write locking can work with
* POSIX systems
*/
- if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDWR, 0666)) < 0) {
+ if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDWR | (flags & O_CREAT), 0666)) < 0) {
if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDONLY, 0666)) < 0) {
retval = errno;
goto err_out;
@@ -345,8 +345,9 @@ krb5_db2_db_init(krb5_context context)
snprintf(policy_lock_name, sizeof(policy_lock_name),
"%s.lock", policy_db_name);
- if ((retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name,
- policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)))
+ if ((retval = osa_adb_init_db_flags(&db_ctx->policy_db, policy_db_name,
+ policy_lock_name,
+ OSA_ADB_POLICY_DB_MAGIC, flags)))
{
goto err_out;
}
@@ -358,6 +359,12 @@ krb5_db2_db_init(krb5_context context)
return (retval);
}
+krb5_error_code
+krb5_db2_db_init(krb5_context context)
+{
+ return krb5_db2_db_init_flags(context, 0);
+}
+
/*
* gracefully shut down database--must be called by ANY program that does
* a krb5_db2_db_init
@@ -1760,7 +1767,7 @@ krb5_db2_db_rename(context, from, to)
if (retval)
goto errout;
- retval = krb5_db2_db_init(context);
+ retval = krb5_db2_db_init_flags(context, O_CREAT);
if (retval)
goto errout;
diff -up krb5-1.7/src/plugins/kdb/db2/policy_db.h krb5-1.7/src/plugins/kdb/db2/policy_db.h
--- krb5-1.7/src/plugins/kdb/db2/policy_db.h 2010-01-05 17:24:44.000000000 -0500
+++ krb5-1.7/src/plugins/kdb/db2/policy_db.h 2010-01-05 17:30:46.000000000 -0500
@@ -75,6 +75,8 @@ krb5_error_code osa_adb_rename_db(char
char *fileto, char *lockto, int magic);
krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
char *lockfile, int magic);
+krb5_error_code osa_adb_init_db_flags(osa_adb_db_t *dbp, char *filename,
+ char *lockfile, int magic, int flags);
krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic);
krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode);
krb5_error_code osa_adb_release_lock(osa_adb_db_t db);

4
krb5.spec
View File

@ -81,6 +81,7 @@ Patch89: krb5-1.7-largefile.patch
Patch90: krb5-1.7-openssl-1.0.patch
Patch91: krb5-1.7-spnego-deleg.patch
Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
Patch93: krb5-1.7-create_on_load.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -219,6 +220,8 @@ certificate.
%changelog
* Tue Jan 5 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-16
- use %%global instead of %%define
- pull up proposed patch for creating previously-not-there lock files for
kdb databases when 'kdb5_util' is called to 'load' (#551764)
* Mon Jan 4 2010 Dennis Gregorovic <dgregor@redhat.com>
- fix conditional for future RHEL
@ -1532,6 +1535,7 @@ popd
%patch90 -p0 -b .openssl-1.0
%patch91 -p0 -b .spnego-deleg
%patch92 -p1 -b .2009-003
%patch93 -p1 -b .create_on_load
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex