svn rev #21833: branches/mkey_migrate/src/kadmin/dbutil/
raeburn@MIT.EDU
raeburn at MIT.EDU
Thu Jan 29 18:06:32 EST 2009
http://mv.ezproxy.com.ezproxyberklee.flo.org/fisheye/changelog/krb5/?cs=21833
Commit By: raeburn
Log Message:
Support -n (dry-run) and -v (verbose) options for update_princ_encryption.
Changed Files:
U branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c
U branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M
U branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c
Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c 2009-01-29 22:36:04 UTC (rev 21832)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_mkey.c 2009-01-29 23:06:31 UTC (rev 21833)
@@ -707,6 +707,8 @@
unsigned int re_match_count;
unsigned int already_current;
unsigned int updated;
+ unsigned int dry_run : 1;
+ unsigned int verbose : 1;
#ifdef SOLARIS_REGEXPS
char *expbuf;
#endif
@@ -845,10 +847,22 @@
pname);
goto fail;
}
+ /* Line up "skip" and "update" messages for viewing. */
if (old_mkvno == new_mkvno) {
+ if (p->dry_run && p->verbose)
+ printf("would skip: %s\n", pname);
+ else if (p->verbose)
+ printf("skipping: %s\n", pname);
p->already_current++;
goto skip;
}
+ if (p->dry_run) {
+ if (p->verbose)
+ printf("would update: %s\n", pname);
+ p->updated++;
+ goto skip;
+ } else if (p->verbose)
+ printf("updating: %s\n", pname);
retval = master_key_convert (util_context, ent);
if (retval) {
com_err(progname, retval,
@@ -928,11 +942,17 @@
char *regexp = NULL;
krb5_keyblock *tmp_keyblock = NULL;
- while ((optchar = getopt(argc, argv, "f")) != -1) {
+ while ((optchar = getopt(argc, argv, "fnv")) != -1) {
switch (optchar) {
case 'f':
force = 1;
break;
+ case 'n':
+ data.dry_run = 1;
+ break;
+ case 'v':
+ data.verbose = 1;
+ break;
case '?':
case ':':
default:
@@ -980,8 +1000,7 @@
#ifdef BSD_REGEXPS
((msg = (char *) re_comp(regexp)) != NULL)
#endif
- )
- {
+ ) {
/* XXX syslog msg or regerr(regerrno) */
com_err(progname, 0, "error compiling converted regexp '%s'", regexp);
free(regexp);
@@ -1028,12 +1047,21 @@
new_master_keyblock = *tmp_keyblock;
if (!force &&
+ !data.dry_run &&
!are_you_sure("Re-encrypt all keys not using master key vno %u?",
new_mkvno)) {
printf("OK, doing nothing.\n");
exit_status++;
goto cleanup;
}
+ if (data.verbose) {
+ if (data.dry_run)
+ printf("Principals whose keys WOULD BE re-encrypted to master key vno %u:\n",
+ new_mkvno);
+ else
+ printf("Principals whose keys are being re-encrypted to master key vno %u if necessary:\n",
+ new_mkvno);
+ }
retval = krb5_db_iterate(util_context, name_pattern,
update_princ_encryption_1, &data);
@@ -1044,8 +1072,12 @@
exit_status++;
}
(void) krb5_db_fini(util_context);
- printf("%u principals processed: %u updated, %u already current\n",
- data.re_match_count, data.updated, data.already_current);
+ if (data.dry_run)
+ printf("%u principals processed: %u would be updated, %u already current\n",
+ data.re_match_count, data.updated, data.already_current);
+ else
+ printf("%u principals processed: %u updated, %u already current\n",
+ data.re_match_count, data.updated, data.already_current);
cleanup:
free(regexp);
Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M 2009-01-29 22:36:04 UTC (rev 21832)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.M 2009-01-29 23:06:31 UTC (rev 21833)
@@ -225,14 +225,26 @@
\fBlist_mkeys\fP
This option needs documentation.
.TP
-\fBupdate_princ_encryption\fP [\fB\-f\fP] [\fBprinc\-pattern\fP]
+\fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP]
Update all principal records (or only those matching the
.B princ\-pattern
glob pattern) to re-encrypt the key data using the latest version of
-the database master key, if they are encrypted using older versions.
+the database master key, if they are encrypted using older versions,
+and give a count at the end of the number of principals updated.
If the
.B \-f
option is not given, ask for confirmation before starting to make
-changes.
+changes. The
+.B \-v
+option causes each principal processed (each one matching the pattern)
+to be listed, and an indication given as to whether it needed updating
+or not.
+The
+.B \-n
+option causes the actions not to be taken, only the normal or verbose
+status messages displayed; this implies
+.B \-f
+since no database changes will be performed and thus there's little
+reason to seek confirmation.
.SH SEE ALSO
kadmin(8)
Modified: branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c
===================================================================
--- branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c 2009-01-29 22:36:04 UTC (rev 21832)
+++ branches/mkey_migrate/src/kadmin/dbutil/kdb5_util.c 2009-01-29 23:06:31 UTC (rev 21833)
@@ -98,7 +98,7 @@
"\tadd_mkey [-e etype] [-s]\n"
"\tuse_mkey kvno [time]\n"
"\tlist_mkeys\n"
- "\tupdate_princ_encryption [-f] [princ-pattern]\n"
+ "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
);
/* avoid a string length compiler warning */
fprintf(stderr,
More information about the cvs-krb5
mailing list