Skip Menu |
 

Subject: Support for recovering from broken rcache

--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2007-08-09 13:29:10.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2008-06-04 10:13:20.000000000 -0700
@@ -51,7 +51,6 @@
{
krb5_error_code retval;
char *rcname;
- char *sname;

rcname = (rcache_name) ? rcache_name : kdc_current_rcname;

@@ -61,23 +60,44 @@

if (!rcname)
rcname = KDCRCACHE;
- if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
- /* Recover or initialize the replay cache */
- if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
- !(retval = krb5_rc_initialize(kcontext,
- kdc_rcache,
- kcontext->clockskew))
- ) {
- /* Expunge the replay cache */
- if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
- sname = kdc_current_rcname;
- kdc_current_rcname = strdup(rcname);
- if (sname)
- free(sname);
- }
- }
+ retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
+ if (retval)
+ return retval;
+
+ /* First try to recover */
+ retval = krb5_rc_recover(kcontext, kdc_rcache);
+ if (retval) {
+ /* Either the cache is malformated or not there, lets remove
+ it first and then initialize it */
+ retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
if (retval)
- krb5_rc_close(kcontext, kdc_rcache);
+ return retval;
+ retval = krb5_rc_destroy(kcontext, kdc_rcache);
+ if (retval)
+ return retval;
+
+ /* init */
+ retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
+ if (retval)
+ return retval;
+ retval = krb5_rc_initialize(kcontext, kdc_rcache, kcontext->clockskew);
+ if (retval)
+ goto out;
+ }
+
+ /* Now that we have an open and valid rcache, expunge it */
+ retval = krb5_rc_expunge(kcontext, kdc_rcache);
+ if (retval == 0) {
+ char *sname = kdc_current_rcname;
+ kdc_current_rcname = strdup(rcname);
+ if (sname)
+ free(sname);
+ }
+
+ out:
+ if (retval) {
+ krb5_rc_close(kcontext, kdc_rcache);
+ kdc_rcache = NULL;
}
return(retval);
}
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c 2007-08-09 13:29:17.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c 2008-06-04 10:52:04.000000000 -0700
@@ -267,8 +267,18 @@
krb5_rc_dfl_destroy(krb5_context context, krb5_rcache id)
{
#ifndef NOIOSTUFF
- if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d))
- return KRB5_RC_IO;
+ struct dfl_data *t = (struct dfl_data *)id->data;
+ krb5_error_code retval;
+
+ retval = krb5_rc_io_open(context, &t->d, t->name);
+ if (retval)
+ return retval;
+ retval = krb5_rc_io_destroy(context, &t->d);
+ if (retval)
+ return retval;
+ retval = krb5_rc_io_close(context, &t->d);
+ if (retval)
+ return retval;
#endif
return krb5_rc_dfl_close(context, id);
}
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c 2007-08-09 13:29:17.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c 2008-06-04 12:56:45.000000000 -0700
@@ -425,6 +425,8 @@
strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
+ if (count != num)
+ return KRB5_RC_IO_EOF;
if (count == 0)
return KRB5_RC_IO_EOF;
return 0;
Additional patch which appears to be related
diff -Nur -x '*~' -x '*.orig' -x '*.rej' -x lha.mode1v3 -x lha.mode2v3 -x lha.pbxuser -x windows -x .DS_Store Kerberos.AEP-6.5a2.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c Kerberos.AEP-6.5a2/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c
--- Kerberos.AEP-6.5a2.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2008-07-13 13:38:42.000000000 +0100
+++ Kerberos.AEP-6.5a2/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2008-07-13 14:46:04.000000000 +0100
@@ -65,9 +65,9 @@
return retval;

/* First try to recover */
- retval = krb5_rc_recover(kcontext, kdc_rcache);
+ retval = krb5_rc_recover_or_initialize(kcontext, kdc_rcache, kcontext->clockskew);
if (retval) {
- /* Either the cache is malformated or not there, lets remove
+ /* The cache is malformated ?, lets remove
it first and then initialize it */
retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
if (retval)
From: tlyu@mit.edu
Subject: SVN Commit

In krb5_rc_io_creat(), unlink any existing rcache file before trying
to create a new rcache. This allows better recovery from corrupt
rcache files.


Commit By: tlyu



Revision: 20536
Changed Files:
_U trunk/
U trunk/src/lib/krb5/rcache/rc_io.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r20536 from trunk

r20536@cathode-dark-space: tlyu | 2008-07-17 19:40:32 -0400
ticket: 6018
target_version: 1.6.4
tags: pullup

In krb5_rc_io_creat(), unlink any existing rcache file before trying
to create a new rcache. This allows better recovery from corrupt
rcache files.




Commit By: tlyu



Revision: 20547
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/rcache/rc_io.c
Should this ticket also include the change to src/kdc/kdc_util.c or
should I open a new ticket for that change?
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6018] Support for recovering from broken rcache
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 21 Jul 2008 18:02:30 -0400
RT-Send-Cc:
"Alexandra Ellwood via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text
> Should this ticket also include the change to src/kdc/kdc_util.c or
> should I open a new ticket for that change?

The changes to src/kdc/kdc_util.c are (mostly) redundant because it
the kdc_util.c code explicitly does a krb5_rc_recover() followed by
krb5_rc_initialize() if that fails, which is almost exactly what
krb5_rc_recover_or_initialize() does.

If you would like to introduce a change to use recover_or_initialize
for stylistic reasons, feel free to open a new ticket for that.