Fix KDC lock persistence on error conditions

If k5db2_dbopen() returns an error, krb5_db2_lock() can return an error without unlocking the lock file. This lock will persist until krb5_db2_lock() executes successfully, preventing kadmind from making changes to the KDB. One possible trigger is running out of file descriptors. ticket: 7717 (new) version_fixed: 1.9.6
krb5 · Oct 10, 2013 · 047afa2 · 047afa2
1 parent c5a0602
commit 047afa2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
@@ -611,7 +611,7 @@ krb5_db2_lock(krb5_context context, int in_mode)
 lock_error:;
     db_ctx->db_lock_mode = 0;
     db_ctx->db_locks_held = 0;
-    krb5_db2_unlock(context);
+    krb5_lock_file(context, db_ctx->db_lf_file, KRB5_LOCKMODE_UNLOCK);
     return retval;
 }