Don't get KDB lock in ulog_get_entries

ulog_get_entries does not access the KDB, only the ulog, so it does
not need a KDB lock; its read lock on the ulog is sufficient to
prevent logged updates from happening while it is running.  There is
no reason to serialize against unlogged KDB updates such as those
performed by the KDC, as those do not affect the ulog.

diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
index 1fd798e5f644149dd874c8bed96eafec40e55e4e..7e8514308b646166936a069ca5e6d12b82c78c5e 100644 (file)
--- a/src/lib/kdb/kdb_log.c
+++ b/src/lib/kdb/kdb_log.c
@@ -576,17 +576,6 @@ ulog_get_entries(krb5_context context, const kdb_last_t *last,
     if (ulog->kdb_state != KDB_STABLE)
         reset_header(ulog);
 
-    /*
-     * We need to lock out other processes here, such as kadmin.local, since we
-     * are looking at the last_sno and looking up updates.  So we can share
-     * with other readers.
-     */
-    retval = krb5_db_lock(context, KRB5_LOCKMODE_SHARED);
-    if (retval) {
-        (void)ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-        return retval;
-    }
-
     /* If we have the same sno and timestamp, return a nil update.  If a
      * different timestamp, the sno was reused and we need a full resync. */
     if (last->last_sno == ulog->kdb_last_sno) {
@@ -652,7 +641,6 @@ ulog_get_entries(krb5_context context, const kdb_last_t *last,
 
 cleanup:
     (void)ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-    (void)krb5_db_unlock(context);
     return retval;
 }