Add refresh_config to the DAL with a corresponding libkdb5 API,

replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
krb5 · Jul 15, 2010 · f800e51 · f800e51
1 parent 4a7ac71
commit f800e51
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 9 deletions.
diff --git a/src/include/kdb.h b/src/include/kdb.h
@@ -323,7 +323,6 @@ extern char *krb5_mkey_pwd_prompt2;
 #define KRB5_DB_LOCKMODE_PERMANENT    0x0008
 
 /* db_invoke methods */
-#define KRB5_KDB_METHOD_REFRESH_POLICY                  0x00000070
 #define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE       0x00000080
 
 typedef struct _kdb_check_allowed_to_delegate_req {
@@ -619,6 +618,8 @@ void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
                           krb5_db_entry *client, krb5_db_entry *server,
                           krb5_timestamp authtime, krb5_error_code error_code);
 
+void krb5_db_refresh_config(krb5_context kcontext);
+
 krb5_error_code krb5_db_invoke ( krb5_context kcontext,
                                  unsigned int method,
                                  const krb5_data *req,
@@ -755,7 +756,7 @@ krb5_dbe_free_tl_data(krb5_context, krb5_tl_data *);
  * DAL.  It is passed to init_library to allow KDB modules to detect when
  * they are being loaded by an incompatible version of the KDC.
  */
-#define KRB5_KDB_DAL_VERSION 20100713
+#define KRB5_KDB_DAL_VERSION 20100714
 
 /*
  * A krb5_context can hold one database object.  Modules should use
@@ -1276,15 +1277,17 @@ typedef struct _kdb_vftabl {
 
     /* Note: there is currently no method for auditing TGS requests. */
 
+    /*
+     * Optional: This method informs the module of a request to reload
+     * configuration or other state (that is, the KDC received a SIGHUP).
+     */
+    void (*refresh_config)(krb5_context kcontext);
+
     /*
      * Optional: Perform an operation on input data req with output stored in
      * rep.  Return KRB5_PLUGIN_OP_NOTSUPP if the module does not implement the
      * method.  Defined methods are:
      *
-     * KRB5_KDB_METHOD_REFRESH_POLICY: req and rep are NULL.  Informs the
-     *     module that the KDC received a request to reload configuration
-     *     (that is, a SIGHUP).
-     *
      * KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE: req contains a
      *     kdb_check_allowed_to_delegate_req structure.  Perform a policy check
      *     on server being allowed to obtain tickets from client to proxy.

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
@@ -2688,7 +2688,5 @@ void reset_for_hangup()
     int k;
 
     for (k = 0; k < kdc_numrealms; k++)
-        krb5_db_invoke(kdc_realmlist[k]->realm_context,
-                       KRB5_KDB_METHOD_REFRESH_POLICY,
-                       NULL, NULL);
+        krb5_db_refresh_config(kdc_realmlist[k]->realm_context);
 }
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
@@ -2317,6 +2317,18 @@ krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
     v->audit_as_req(kcontext, request, client, server, authtime, error_code);
 }
 
+void
+krb5_db_refresh_config(krb5_context kcontext)
+{
+    krb5_error_code status;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status || v->refresh_config == NULL)
+        return;
+    v->refresh_config(kcontext);
+}
+
 krb5_error_code
 krb5_db_invoke(krb5_context kcontext,
                unsigned int method,

diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports
@@ -24,6 +24,7 @@ krb5_db_invoke
 krb5_db_iterate
 krb5_db_lock
 krb5_db_put_principal
+krb5_db_refresh_config
 krb5_db_set_context
 krb5_db_set_mkey_list
 krb5_db_setup_mkey_name

diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c
@@ -258,5 +258,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
     /* check_policy_as */               wrap_krb5_db2_check_policy_as,
     0,
     /* audit_as_req */                  wrap_krb5_db2_audit_as_req,
+    0,
     /* invoke */                        wrap_krb5_db2_invoke
 };
diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c
@@ -87,6 +87,7 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = {
     /* check_policy_as */                   krb5_ldap_check_policy_as,
     /* check_policy_tgs */                  NULL,
     /* audit_as_req */                      krb5_ldap_audit_as_req,
+    /* refresh_config */                    NULL,
     /* invoke */                            krb5_ldap_invoke,
 
 };