Hi Russ,
I think that Kerberos library functions must all return krb5_error_code,
which should be 0 if there is no error. So:
Probably this is something to discuss with the upstream. My personal
conviction is that functions with boolean semantic, shall be boolean
valued. The function has boolean semantic, which is stressed by naming
it as past participle. This idea had its share in confusing the original
authors of the code.
Of course the boolean expression can be moved to the caller as (0 ==
krb5_db_inited(...)) or !krb5_db_inited(...) as done in keytab.c and
using an error valued function. This would beautify the API, but wreck
the semantics.
If I'm right, reverting your patch and instead changing krb5_db_inited to
the following code should also fix the problem:
It does, but it does require a code change in adb_policy_init(), which
considers krb5_db_inited() as boolean valued - and KADM5_OK=0 is false!
Could you try that and see if I'm right?
See patch attached. It does work as well -- and modifies fewer files.
KADM5_OK is from a different set than the KRB5_KDB_ errors (and defined
in a different include), so I did not use that value.
BTW: Do you know, why kadm5_flush() is implemented by closing and
re-opening the database. This creates lots of entirely useless overhead,
if a real db is at the backend. And even for plain files POSIX flush()
should as reliable.
Regards,
- lars.
Index: krb5-1.6.dfsg.4~beta1/src/lib/kadm5/srv/server_misc.c
===================================================================
--- krb5-1.6.dfsg.4~beta1.orig/src/lib/kadm5/srv/server_misc.c 2009-01-11
02:00:25.000000000 +0100
+++ krb5-1.6.dfsg.4~beta1/src/lib/kadm5/srv/server_misc.c 2009-01-11
02:21:20.000000000 +0100
@@ -22,7 +22,7 @@
adb_policy_init(kadm5_server_handle_t handle)
{
/* now policy is initialized as part of database. No seperate call needed
*/
- if( krb5_db_inited( handle->context ) )
+ if( 0 == krb5_db_inited( handle->context ) )
return KADM5_OK;
return krb5_db_open( handle->context, NULL,
Index: krb5-1.6.dfsg.4~beta1/src/lib/kdb/kdb5.c
===================================================================
--- krb5-1.6.dfsg.4~beta1.orig/src/lib/kdb/kdb5.c 2009-01-11
02:09:34.000000000 +0100
+++ krb5-1.6.dfsg.4~beta1/src/lib/kdb/kdb5.c 2009-01-11 02:19:30.000000000
+0100
@@ -642,8 +642,16 @@
krb5_error_code
krb5_db_inited(krb5_context kcontext)
{
- return !(kcontext && kcontext->db_context &&
- ((kdb5_dal_handle *) kcontext->db_context)->db_context);
+ if (kcontext && kcontext->db_context &&
+ ((kdb5_dal_handle *) kcontext->db_context)->db_context)
+ /* there is no symbol KRB5_KDB_OK, so we return 0,
+ i.e. krb5_db_inited() is false - has no errors -, if
+ the db is initialized correctly
+ */
+ return(0);
+
+ /* Error not initialized otherwise */
+ return KRB5_KDB_DBNOTINITED;
}
krb5_error_code
