Do not recover log in kadm5_get_principal()

lib/kadm5/get_s.c

@@ -123,31 +123,26 @@ kadm5_s_get_principal(void *server_handle,
     kadm5_server_context *context = server_handle;
     kadm5_ret_t ret;
     hdb_entry_ex ent;
-    int hdb_is_rw = 1;
 
     memset(&ent, 0, sizeof(ent));
     memset(out, 0, sizeof(*out));
 
     if (!context->keep_open) {
-	ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-        if (ret == EPERM || ret == EACCES) {
-            ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
-            hdb_is_rw = 0;
-        }
+        ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
 	if (ret)
 	    return ret;
     }
 
     /*
-     * Attempt to recover the log.  This will generally fail on slaves,
-     * and we can't tell if we're on a slave here.
+     * We may want to attempt to recover the log on read operations, but we
+     * because the HDB/log lock order is reversed on slaves, in order to avoid
+     * lock contention from kadm5srv apps we need to make sure that the the HDB
+     * open for read-write is optimistic and attempts only a non-blocking lock,
+     * and if it doesn't get it then it should fallback to read-only.  But we
+     * don't have that option in the hdb_open() interface at this time.
      *
-     * Perhaps we could set a flag in the kadm5_server_context to
-     * indicate whether a read has been done without recovering the log,
-     * in which case we could fail any subsequent writes.
+     * For now we won't attempt to recover the log.
      */
-    if (hdb_is_rw && kadm5_log_init_nb(context) == 0)
-        (void) kadm5_log_end(context);
 
     ret = context->db->hdb_fetch_kvno(context->context, context->db, princ,
 				      HDB_F_DECRYPT|HDB_F_ALL_KVNOS|