diff options
author | Will Fiveash <will.fiveash@oracle.com> | 2009-01-30 23:55:14 +0000 |
---|---|---|
committer | Will Fiveash <will.fiveash@oracle.com> | 2009-01-30 23:55:14 +0000 |
commit | e246f7e7b2cddfca9eb744f24e50dd034247a74b (patch) | |
tree | 97ec348048dab2eec4206fa99df1e18adab77cf1 /src/plugins/kdb/db2/kdb_db2.c | |
parent | 77b1e1108ca32617fe43825748c68c575e77f010 (diff) | |
download | krb5-e246f7e7b2cddfca9eb744f24e50dd034247a74b.zip krb5-e246f7e7b2cddfca9eb744f24e50dd034247a74b.tar.gz krb5-e246f7e7b2cddfca9eb744f24e50dd034247a74b.tar.bz2 |
Master Key Migration Project
Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key. In addition
deletion of master keys is provided.
ticket: 6354
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/kdb/db2/kdb_db2.c')
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 704e47d..90c8933 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -431,6 +431,37 @@ krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key) return 0; } +krb5_error_code +krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list) +{ + krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; + + if (!k5db2_inited(context)) + return (KRB5_KDB_DBNOTINITED); + + dal_handle = context->dal_handle; + db_ctx = dal_handle->db_context; + db_ctx->db_master_key_list = key_list; + return 0; +} + +krb5_error_code +krb5_db2_db_get_mkey_list(krb5_context context, krb5_keylist_node **key_list) +{ + krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; + + if (!k5db2_inited(context)) + return (KRB5_KDB_DBNOTINITED); + + dal_handle = context->dal_handle; + db_ctx = dal_handle->db_context; + *key_list = db_ctx->db_master_key_list; + + return 0; +} + /* * Set the "name" of the current database to some alternate value. * @@ -1171,8 +1202,19 @@ krb5_db2_db_iterate_ext(krb5_context context, retval = krb5_decode_princ_contents(context, &contdata, &entries); if (retval) break; + retval = k5_mutex_unlock(krb5_db2_mutex); + if (retval) + break; retval = (*func) (func_arg, &entries); krb5_dbe_free_contents(context, &entries); + /* Note: If re-locking fails, the wrapper in db2_exp.c will + still try to unlock it again. That would be a bug. Fix + when integrating the locking better. */ + if (retval) { + (void) k5_mutex_lock(krb5_db2_mutex); + break; + } + retval = k5_mutex_lock(krb5_db2_mutex); if (retval) break; if (!recursive) { |