From 58d72035f18b7510f1ad0ade3ac1b46a4c5bf430 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico103@gmail.com>
Date: Thu, 14 Jul 2011 17:35:28 -0500
Subject: [PATCH] Added kadm5_lock() and unlock.

---
 lib/hdb/db.c            | 22 +++++++++++++++++++++-
 lib/hdb/db3.c           | 22 +++++++++++++++++++++-
 lib/hdb/hdb-mitdb.c     | 22 +++++++++++++++++++++-
 lib/hdb/hdb.h           |  2 ++
 lib/hdb/hdb_locl.h      |  2 ++
 lib/kadm5/ad.c          | 14 ++++++++++++++
 lib/kadm5/common_glue.c | 13 +++++++++++++
 lib/kadm5/context_s.c   | 18 ++++++++++++++++++
 lib/kadm5/init_c.c      | 14 ++++++++++++++
 lib/kadm5/private.h     |  2 ++
 10 files changed, 128 insertions(+), 3 deletions(-)

diff --git a/lib/hdb/db.c b/lib/hdb/db.c
index 69940edf8..40479cdaf 100644
--- a/lib/hdb/db.c
+++ b/lib/hdb/db.c
@@ -65,12 +65,24 @@ DB_lock(krb5_context context, HDB *db, int operation)
 {
     DB *d = (DB*)db->hdb_db;
     int fd = (*d->fd)(d);
+    krb5_error_code ret;
+
+    if (db->lock_count > 0) {
+	assert( db->lock_type == HDB_WLOCK );
+	db->lock_count++;
+	return 0;
+    }
+
     if(fd < 0) {
 	krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
 			       "Can't lock database: %s", db->hdb_name);
 	return HDB_ERR_CANT_LOCK_DB;
     }
-    return hdb_lock(fd, operation);
+    ret = hdb_lock(fd, operation);
+    if (ret)
+	return ret;
+    db->lock_count++;
+    return 0;
 }
 
 static krb5_error_code
@@ -78,6 +90,14 @@ DB_unlock(krb5_context context, HDB *db)
 {
     DB *d = (DB*)db->hdb_db;
     int fd = (*d->fd)(d);
+
+    if (db->lock_count > 1) {
+	db->lock_count--;
+	return 0;
+    }
+    assert( db->lock_count == 1 );
+    db->lock_count--;
+
     if(fd < 0) {
 	krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
 			       "Can't unlock database: %s", db->hdb_name);
diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c
index 58f892ff6..be2f80c09 100644
--- a/lib/hdb/db3.c
+++ b/lib/hdb/db3.c
@@ -75,9 +75,21 @@ DB_lock(krb5_context context, HDB *db, int operation)
 {
     DB *d = (DB*)db->hdb_db;
     int fd;
+    krb5_error_code ret;
+
+    if (db->lock_count > 0) {
+	assert( db->lock_type == HDB_WLOCK );
+	db->lock_count++;
+	return 0;
+    }
+
     if ((*d->fd)(d, &fd))
 	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_lock(fd, operation);
+    ret = hdb_lock(fd, operation);
+    if (ret)
+	return ret;
+    db->lock_count++;
+    return 0;
 }
 
 static krb5_error_code
@@ -85,6 +97,14 @@ DB_unlock(krb5_context context, HDB *db)
 {
     DB *d = (DB*)db->hdb_db;
     int fd;
+
+    if (db->lock_count > 1) {
+	db->lock_count--;
+	return 0;
+    }
+    assert( db->lock_count == 1 );
+    db->lock_count--;
+
     if ((*d->fd)(d, &fd))
 	return HDB_ERR_CANT_LOCK_DB;
     return hdb_unlock(fd);
diff --git a/lib/hdb/hdb-mitdb.c b/lib/hdb/hdb-mitdb.c
index 06da62be2..12fbda640 100644
--- a/lib/hdb/hdb-mitdb.c
+++ b/lib/hdb/hdb-mitdb.c
@@ -648,12 +648,24 @@ mdb_lock(krb5_context context, HDB *db, int operation)
 {
     DB *d = (DB*)db->hdb_db;
     int fd = (*d->fd)(d);
+    krb5_error_code ret;
+
+    if (db->lock_count > 0) {
+	assert( db->lock_type == HDB_WLOCK );
+	db->lock_count++;
+	return 0;
+    }
+
     if(fd < 0) {
 	krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
 			       "Can't lock database: %s", db->hdb_name);
 	return HDB_ERR_CANT_LOCK_DB;
     }
-    return hdb_lock(fd, operation);
+    ret = hdb_lock(fd, operation);
+    if (ret)
+	return ret;
+    db->lock_count++;
+    return 0;
 }
 
 static krb5_error_code
@@ -661,6 +673,14 @@ mdb_unlock(krb5_context context, HDB *db)
 {
     DB *d = (DB*)db->hdb_db;
     int fd = (*d->fd)(d);
+
+    if (db->lock_count > 1) {
+        db->lock_count--;
+        return 0;
+    }
+    assert( db->lock_count == 1 );
+    db->lock_count--;
+
     if(fd < 0) {
 	krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
 			       "Can't unlock database: %s", db->hdb_name);
diff --git a/lib/hdb/hdb.h b/lib/hdb/hdb.h
index e82c5c51e..b8e6b8a47 100644
--- a/lib/hdb/hdb.h
+++ b/lib/hdb/hdb.h
@@ -103,6 +103,8 @@ typedef struct HDB{
     hdb_master_key hdb_master_key;
     int hdb_openp;
     int hdb_capability_flags;
+    int lock_count;
+    int lock_type;
     /**
      * Open (or create) the a Kerberos database.
      *
diff --git a/lib/hdb/hdb_locl.h b/lib/hdb/hdb_locl.h
index e896b5802..58ca95bc4 100644
--- a/lib/hdb/hdb_locl.h
+++ b/lib/hdb/hdb_locl.h
@@ -36,6 +36,8 @@
 #ifndef __HDB_LOCL_H__
 #define __HDB_LOCL_H__
 
+#include <assert.h>
+
 #include <config.h>
 
 #include <stdio.h>
diff --git a/lib/kadm5/ad.c b/lib/kadm5/ad.c
index 4b54a36bd..6a82fdce5 100644
--- a/lib/kadm5/ad.c
+++ b/lib/kadm5/ad.c
@@ -1333,6 +1333,18 @@ kadm5_ad_chpass_principal_with_key(void *server_handle,
     return KADM5_RPC_ERROR;
 }
 
+static kadm5_ret_t
+kadm5_ad_lock(void *server_handle)
+{
+    return ENOTSUP;
+}
+
+static kadm5_ret_t
+kadm5_ad_unlock(void *server_handle)
+{
+    return ENOTSUP;
+}
+
 static void
 set_funcs(kadm5_ad_context *c)
 {
@@ -1349,6 +1361,8 @@ set_funcs(kadm5_ad_context *c)
     SET(c, modify_principal);
     SET(c, randkey_principal);
     SET(c, rename_principal);
+    SET(c, lock);
+    SET(c, unlock);
 }
 
 kadm5_ret_t
diff --git a/lib/kadm5/common_glue.c b/lib/kadm5/common_glue.c
index ffe8972bb..e07e8da25 100644
--- a/lib/kadm5/common_glue.c
+++ b/lib/kadm5/common_glue.c
@@ -325,3 +325,16 @@ out:
     kadm5_free_principal_ent(server_handle, &princ_ent);
     return ret;
 }
+
+
+kadm5_ret_t
+kadm5_lock(void *server_handle)
+{
+    return __CALL(lock, (server_handle));
+}
+
+kadm5_ret_t
+kadm5_unlock(void *server_handle)
+{
+    return __CALL(unlock, (server_handle));
+}
diff --git a/lib/kadm5/context_s.c b/lib/kadm5/context_s.c
index e121a4899..8cd58b1a8 100644
--- a/lib/kadm5/context_s.c
+++ b/lib/kadm5/context_s.c
@@ -35,6 +35,22 @@
 
 RCSID("$Id$");
 
+static kadm5_ret_t
+kadm5_s_lock(void *server_handle)
+{
+    kadm5_server_context *context = server_handle;
+
+    return context->db->hdb_lock(context->context, context->db, HDB_WLOCK);
+}
+
+static kadm5_ret_t
+kadm5_s_unlock(void *server_handle)
+{
+    kadm5_server_context *context = server_handle;
+
+    return context->db->hdb_unlock(context->context, context->db);
+}
+
 static void
 set_funcs(kadm5_server_context *c)
 {
@@ -51,6 +67,8 @@ set_funcs(kadm5_server_context *c)
     SET(c, modify_principal);
     SET(c, randkey_principal);
     SET(c, rename_principal);
+    SET(c, lock);
+    SET(c, unlock);
 }
 
 #ifndef NO_UNIX_SOCKETS
diff --git a/lib/kadm5/init_c.c b/lib/kadm5/init_c.c
index 1623ed1a9..f21cd32e6 100644
--- a/lib/kadm5/init_c.c
+++ b/lib/kadm5/init_c.c
@@ -45,6 +45,18 @@
 
 RCSID("$Id$");
 
+static kadm5_ret_t
+kadm5_c_lock(void *server_handle)
+{
+    return ENOTSUP;
+}
+
+static kadm5_ret_t
+kadm5_c_unlock(void *server_handle)
+{
+    return ENOTSUP;
+}
+
 static void
 set_funcs(kadm5_client_context *c)
 {
@@ -61,6 +73,8 @@ set_funcs(kadm5_client_context *c)
     SET(c, modify_principal);
     SET(c, randkey_principal);
     SET(c, rename_principal);
+    SET(c, lock);
+    SET(c, unlock);
 }
 
 kadm5_ret_t
diff --git a/lib/kadm5/private.h b/lib/kadm5/private.h
index 171d99d89..b937b5120 100644
--- a/lib/kadm5/private.h
+++ b/lib/kadm5/private.h
@@ -54,6 +54,8 @@ struct kadm_func {
     kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
     kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal,
 					      int, krb5_key_data *);
+    kadm5_ret_t (*lock) (void *);
+    kadm5_ret_t (*unlock) (void *);
 };
 
 /* XXX should be integrated */