Ticket History #2763: file ccache should be held open while scanning for credentials

# Thu Nov 04 00:32:07 2004 raeburn (Ken Raeburn) - Ticket created

To:	krb5-bugs@mit.edu
From:	Ken Raeburn <raeburn@mit.edu>
Date:	Thu, 04 Nov 2004 00:31:21 -0500
Subject:	file ccache should be held open while scanning for credentials

Download (untitled) / with headers
text/plain 794B

I ran "kvno" under strace, and found it opened my credential cache
file for reading (and acquired and released an advisory lock, and
closed the file) 22 times.

I think it made two passes over the credentials, once looking for the
requested service and once looking for the TGT, and opening the file
anew for each credential object read. It also made at least a couple
passes reading out header info. So it looks like searching for
credentials that are at the end of the file or not present, in a
ccache of n entries, is O(n) file opens and O(n^2) reads.

Looks like krb5_get_credentials or whatever should temporarily set the
ccache flag that causes the file to be kept open.

(And, of course, it's reading each sub-object with a separate read()
call, but we knew that sucked already.)

Ken

# Thu Nov 04 01:15:52 2004 raeburn (Ken Raeburn) - Comments added

Cc:	krb5-prs@mit.edu
From:	Ken Raeburn <raeburn@MIT.EDU>
Subject:	Re: [krbdev.mit.edu #2763] file ccache should be held open while scanning for credentials
Date:	Thu, 4 Nov 2004 01:15:46 -0500
To:	rt-comment@krbdev.mit.edu
RT-Send-Cc:

Download (untitled) / with headers
text/plain 314B

Fixing this is going to require extending the ccache operations table,
because while there is a set_flags operation, there is no get_flags
operation, so saving and restoring the old flags can't be done under
the current interface. Fortunately, the struct is internal, and we'd
just be adding a new function.

# Tue Nov 16 00:05:01 2004 raeburn (Ken Raeburn) - Status changed from 'new' to 'open'

# Tue Nov 16 00:05:02 2004 raeburn (Ken Raeburn) - Given to raeburn (Ken Raeburn)

# Tue Nov 16 00:05:02 2004 raeburn (Ken Raeburn) - Correspondence added

From:	raeburn@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 1022B

Create a ccache get-flags operation.
The MSLSA and CCAPI versions are untested!

* cc_file.c (krb5_fcc_get_flags): New function.
(krb5_fcc_ops, krb5_cc_file_ops): Add it.
* cc_memory.c (krb5_mcc_get_flags): New function.
(krb5_mcc_ops): Add it.
* cc_mslsa.c (krb5_lcc_get_flags): New function.
(krb5_lcc_ops): Add it.
* ccfns.c (krb5_cc_get_flags): New function.
* ccapi/stdcc.c (krb5_stdcc_get_flags): New function.
(krb5_cc_stdcc_ops): Add it.
* ccapi/stdcc.h (krb5_stdcc_get_flags): Declare.

To generate a diff of this commit:

cvs diff -r5.147 -r5.148 krb5/src/lib/krb5/ccache/ChangeLog
cvs diff -r5.41 -r5.42 krb5/src/lib/krb5/ccache/cc_file.c
cvs diff -r5.16 -r5.17 krb5/src/lib/krb5/ccache/cc_memory.c
cvs diff -r5.33 -r5.34 krb5/src/lib/krb5/ccache/cc_mslsa.c
cvs diff -r5.4 -r5.5 krb5/src/lib/krb5/ccache/ccfns.c
cvs diff -r1.38 -r1.39 krb5/src/lib/krb5/ccache/ccapi/ChangeLog
cvs diff -r1.24 -r1.25 krb5/src/lib/krb5/ccache/ccapi/stdcc.c
cvs diff -r1.14 -r1.15 krb5/src/lib/krb5/ccache/ccapi/stdcc.h

# Tue Nov 16 00:06:37 2004 raeburn (Ken Raeburn) - Correspondence added

From:	raeburn@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 186B

* krb5.hin (krb5_cc_get_flags): Declare.

To generate a diff of this commit:

cvs diff -r1.473 -r1.474 krb5/src/include/ChangeLog
cvs diff -r1.173 -r1.174 krb5/src/include/krb5.hin

# Tue Nov 16 00:28:41 2004 raeburn (Ken Raeburn) - Correspondence added

From:	raeburn@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 458B

Now a kvno invocation will only open the ccache file a small number of
times, but there's still excessive seeking and re-reading of data
happening.

* cc_retr.c (krb5_cc_retrieve_cred_seq): Temporarily clear the
KRB5_TC_OPENCLOSE flag on the credentials cache while reading multiple entries
from it.

To generate a diff of this commit:

cvs diff -r5.148 -r5.149 krb5/src/lib/krb5/ccache/ChangeLog
cvs diff -r5.6 -r5.7 krb5/src/lib/krb5/ccache/cc_retr.c

# Tue Nov 16 01:01:11 2004 raeburn (Ken Raeburn) - Correspondence added

From:	raeburn@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 221B

* k5-int.h (struct _krb5_cc_ops): Add new function pointer field get_flags.

To generate a diff of this commit:

cvs diff -r1.474 -r1.475 krb5/src/include/ChangeLog
cvs diff -r1.167 -r1.168 krb5/src/include/k5-int.h

# Thu Dec 09 00:25:20 2004 raeburn (Ken Raeburn) - Status changed from 'open' to 'resolved'

# Thu Dec 09 00:25:20 2004 raeburn (Ken Raeburn) - Component krb5-libs added

# Tue May 23 15:18:44 2006 tlyu (Taylor Yu) - Version_Fixed 1.5 added