Skip Menu |
 

Subject: keytab iteration + search don't mix
Download (untitled) / with headers
text/plain 1.5KiB
The iteration interface in the kt_file code assumes that the file handle is kept open, and an
advisory lock is kept on the file. The get_entry interface opens and closes the file, with an
advisory lock for the duration of the call. If a get_next call is made after get_entry, it will
attempt to use a bogus file handle.

It should be possible to use get_entry while an iterator is active (in the same thread or
different threads), without losing the advisory lock. It should also be possible to use two
iterators at once.

To make things more fun, both of those interfaces open the file read-only; the add and
remove calls open it for write access. So, calling add or remove while an iterator is active
means getting write access while we've already got a read-access handle on it. And
remember, under POSIX, closing any handle on the file means releasing any advisory locks we
have on the file (not just via that handle). So the obvious workaround of using multiple
keytab objects referring to the same file will likely cause incorrect handling of the advisory
locks because of this.

Possibly add/remove should be disallowed while an iterator is active, because of the
conflicting locking requirements? Or, the iterator could be invalidated.

On the other hand, do we need to maintain the read lock while between reading entries, or is
it sufficient to use lock-read-unlock sequences? (The add action works by appending;
remove works by overwriting with a dummy value, all zeros aside from the length indicator.
So I think mixing iterators and add/remove should be safe.)
[raeburn - Wed Sep 26 14:48:42 2007]:

Show quoted text
> (The add action
> works by appending;
> remove works by overwriting with a dummy value, all zeros aside from
> the length indicator.
> So I think mixing iterators and add/remove should be safe.)

Maybe not quite so safe... In the current implementation, if one process is using an iterator,
and another is adding and deleting entries, the iterating process will see a list of entries that
matches the file content the whole time the iterator is active. If we allow additions and
removals in between iterator calls, the iteration output may not match what the actual file
content was at any point in time.

So, if we want to preserve that property, additions and removals can't happen while an
iterator is active. In different threads, we can block the add/remove call, or make it return an
error. In the single-threaded case, we would have to always return an error for add/remove
calls.
From: raeburn@mit.edu
Subject: SVN Commit
counter. In get_entry, if the file was already open, rewind it to
just after the version number, and don't close it when done. Don't
allow add or remove calls if any iterator is active.

t_keytab.c: Test mixing two iterators with get_entry calls.

Commit By: raeburn



Revision: 20109
Changed Files:
U trunk/src/lib/krb5/keytab/kt_file.c
U trunk/src/lib/krb5/keytab/t_keytab.c
From: raeburn@mit.edu
Subject: SVN Commit
Add enhanced error messages to new error return cases, explaining the
(fairly generic) errors codes.

Commit By: raeburn



Revision: 20111
Changed Files:
U trunk/src/lib/krb5/keytab/kt_file.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r20109 from trunk

r20109@cathode-dark-space: raeburn | 2007-10-09 00:03:59 -0400
ticket: 5777

kt_file.c: Support multiple iterators active simultaneously, using a
counter. In get_entry, if the file was already open, rewind it to
just after the version number, and don't close it when done. Don't
allow add or remove calls if any iterator is active.

t_keytab.c: Test mixing two iterators with get_entry calls.



Commit By: tlyu



Revision: 20170
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/keytab/kt_file.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r20111 from trunk

r20111@cathode-dark-space: raeburn | 2007-10-10 14:27:37 -0400
ticket: 5777

Add enhanced error messages to new error return cases, explaining the
(fairly generic) errors codes.



Commit By: tlyu



Revision: 20171
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/keytab/kt_file.c