aboutsummaryrefslogtreecommitdiff
path: root/perl/Wallet/Object/Keytab.pm
diff options
context:
space:
mode:
Diffstat (limited to 'perl/Wallet/Object/Keytab.pm')
-rw-r--r--perl/Wallet/Object/Keytab.pm116
1 files changed, 56 insertions, 60 deletions
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index fd3001f..083dae6 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -40,21 +40,29 @@ sub enctypes_set {
my @trace = ($user, $host, $time);
my $name = $self->{name};
my %enctypes = map { $_ => 1 } @$enctypes;
+ my $guard = $self->{dbh}->txn_scope_guard;
eval {
- my $sql = 'select ke_enctype from keytab_enctypes where ke_name = ?';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($name);
- my (@current, $entry);
- while (defined ($entry = $sth->fetchrow_arrayref)) {
- push (@current, @$entry);
+
+ # Find all enctypes for the given keytab.
+ my %search = (ke_name => $name);
+ my @enctypes = $self->{dbh}->resultset('KeytabEnctype')
+ ->search (\%search);
+ my (@current);
+ for my $enctype_rs (@enctypes) {
+ push (@current, $enctype_rs->ke_enctype);
}
+
+ # Use the existing enctypes and the enctypes we should have to match
+ # against ones that need to be removed, and note those that already
+ # exist.
for my $enctype (@current) {
if ($enctypes{$enctype}) {
delete $enctypes{$enctype};
} else {
- $sql = 'delete from keytab_enctypes where ke_name = ? and
- ke_enctype = ?';
- $self->{dbh}->do ($sql, undef, $name, $enctype);
+ %search = (ke_name => $name,
+ ke_enctype => $enctype);
+ $self->{dbh}->resultset('KeytabEnctype')->find (\%search)
+ ->delete;
$self->log_set ('type_data enctypes', $enctype, undef, @trace);
}
}
@@ -64,21 +72,20 @@ sub enctypes_set {
# doesn't enforce integrity constraints. We do this in sorted order
# to make it easier to test.
for my $enctype (sort keys %enctypes) {
- $sql = 'select en_name from enctypes where en_name = ?';
- my $status = $self->{dbh}->selectrow_array ($sql, undef, $enctype);
- unless ($status) {
+ my %search = (en_name => $enctype);
+ my $enctype_rs = $self->{dbh}->('Enctype')->find (\%search);
+ unless (defined $enctype_rs) {
die "unknown encryption type $enctype\n";
}
- $sql = 'insert into keytab_enctypes (ke_name, ke_enctype) values
- (?, ?)';
- $self->{dbh}->do ($sql, undef, $name, $enctype);
+ my %record = (ke_name => $name,
+ ke_enctype => $enctype);
+ $self->{dbh}->resultset('Enctype')->create (\%record);
$self->log_set ('type_data enctypes', undef, $enctype, @trace);
}
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -92,19 +99,16 @@ sub enctypes_list {
my ($self) = @_;
my @enctypes;
eval {
- my $sql = 'select ke_enctype from keytab_enctypes where ke_name = ?
- order by ke_enctype';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{name});
- my $entry;
- while (defined ($entry = $sth->fetchrow_arrayref)) {
- push (@enctypes, @$entry);
+ my %search = (ke_name => $self->{name});
+ my %attrs = (order_by => 'ke_enctype');
+ my @enctypes_rs = $self->{dbh}->resultset('KeytabEnctype')
+ ->search (\%search, \%attrs);
+ for my $enctype_rs (@enctypes_rs) {
+ push (@enctypes, $enctype_rs->ke_enctype);
}
- $self->{dbh}->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return @enctypes;
@@ -132,21 +136,21 @@ sub sync_set {
$self->error ("unsupported synchronization target $target");
return;
} else {
+ my $guard = $self->{dbh}->txn_scope_guard;
eval {
- my $sql = 'select ks_target from keytab_sync where ks_name = ?';
- my $dbh = $self->{dbh};
my $name = $self->{name};
- my ($result) = $dbh->selectrow_array ($sql, undef, $name);
- if ($result) {
- my $sql = 'delete from keytab_sync where ks_name = ?';
- $self->{dbh}->do ($sql, undef, $name);
- $self->log_set ('type_data sync', $result, undef, @trace);
+ my %search = (ks_name => $name);
+ my $sync_rs = $self->dbh->resultset('KeytabSync')
+ ->search (\%search);
+ if (defined $sync_rs) {
+ my $target = $sync_rs->ks_target;
+ $sync_rs->delete;
+ $self->log_set ('type_data sync', $target, undef, @trace);
}
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
}
@@ -161,19 +165,16 @@ sub sync_list {
my ($self) = @_;
my @targets;
eval {
- my $sql = 'select ks_target from keytab_sync where ks_name = ?
- order by ks_target';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{name});
- my $target;
- while (defined ($target = $sth->fetchrow_array)) {
- push (@targets, $target);
+ my %search = (ks_name => $self->{name});
+ my %attrs = (order_by => 'ks_target');
+ my @syncs = $self->dbh->resultset('KeytabSync')->search (\%search,
+ \%attrs);
+ for my $sync_rs (@syncs) {
+ push (@targets, $sync_rs->ks_target);
}
- $self->{dbh}->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return @targets;
@@ -247,11 +248,6 @@ sub new {
my $kadmin = Wallet::Kadmin->new ();
$self->{kadmin} = $kadmin;
- # Set a callback for things to do after a fork, specifically for the MIT
- # kadmin module which forks to kadmin.
- my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
- $kadmin->fork_callback ($callback);
-
$self = $class->SUPER::new ($type, $name, $dbh);
$self->{kadmin} = $kadmin;
return $self;
@@ -271,11 +267,6 @@ sub create {
my $kadmin = Wallet::Kadmin->new ();
$self->{kadmin} = $kadmin;
- # Set a callback for things to do after a fork, specifically for the MIT
- # kadmin module which forks to kadmin.
- my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
- $kadmin->fork_callback ($callback);
-
if (not $kadmin->create ($name)) {
die $kadmin->error, "\n";
}
@@ -292,16 +283,21 @@ sub destroy {
$self->error ("cannot destroy $id: object is locked");
return;
}
+ my $dbh = $self->{dbh};
+ my $guard = $dbh->txn_scope_guard;
eval {
- my $sql = 'delete from keytab_sync where ks_name = ?';
- $self->{dbh}->do ($sql, undef, $self->{name});
- $sql = 'delete from keytab_enctypes where ke_name = ?';
- $self->{dbh}->do ($sql, undef, $self->{name});
- $self->{dbh}->commit;
+ my %search = (ks_name => $self->{name});
+ my $sync_rs = $dbh->resultset('KeytabSync')->search (\%search);
+ $sync_rs->delete_all if defined $sync_rs;
+
+ %search = (ke_name => $self->{name});
+ my $enctype_rs = $dbh->resultset('KeytabEnctype')->search (\%search);
+ $enctype_rs->delete_all if defined $enctype_rs;
+
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
my $kadmin = $self->{kadmin};
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 23:06:57 +0000