Skip Menu |
 

Date: Tue, 25 Sep 2012 16:20:46 -0500
Subject: kpropd handling of full resyncs is racy
From: Nico Williams <nico@cryptonector.com>
To: krb5-bugs@mit.edu
When kadmind tells kpropd that it needs a full resync kpropd then
asks for the resync then sets up the listener. This can be racy,
particularly if we should make kadmind share a single global iprop
dumps for full resyncs. The whole thing looks very brittle, so a
redesign of how kpropd handles full resyncs seems to be in order

E.g., https://github.com/nicowilliams/krb5/commit/7e2cfd5c10918e286cfa4dc85dcffd0f75f9cb67
From: ghudson@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 1.4KiB

Improve kpropd behavior in iprop mode

- Make kpropd in iprop mode fork a child to listen for kprops from the
master. The child writes progress and outcome reports to the parent
for each kprop. This fixes a race between asking for a full resync
and setting up a listener socket for it.

- Add runonce (-t) for kpropd do_standalone() too.

- Add a new iprop parameter: iprop_resync_timeout. kpropd will keep
asking for incremental updates while waiting for a full resync to
finish, and will re-request a full resync if kadmind continues to
indicate that one is needed after this timeout passes since the
previous full resync was requested.

- Allow polling intervals less than 10 seconds.

[ghudson@mit.edu: split out debug output changes; note polling interval
change in commit message]

https://github.com/krb5/krb5/commit/f1c85fbb0ab9e62b2790647b2681aec4d5fa4585
Author: Nicolas Williams <nico@cryptonector.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: f1c85fbb0ab9e62b2790647b2681aec4d5fa4585
Branch: master
doc/rst_source/krb_admins/conf_files/kdc_conf.rst | 6 +
doc/rst_source/krb_admins/database.rst | 1 +
src/include/k5-int.h | 1 +
src/lib/kadm5/admin.h | 2 +
src/lib/kadm5/alt_prof.c | 4 +
src/slave/kpropd.c | 396 +++++++++------------
6 files changed, 188 insertions(+), 222 deletions(-)