Skip Menu |
 

Date: Sat, 02 Nov 2013 22:03:31 -0400
From: Richard Basch <basch@alum.mit.edu>
Subject: krb5-1.11: Bug fix: iprop
To: krb5-bugs@mit.edu

I believe this patch applies to all 1.11.x releases, but certainly manifested itself quite spectacularly with my iprop fixes to allow tree replication.

 

Anyway, it is possible for a principal deletion event to be applied via ulog_replay but not fully applied to the ulog (probably because of a lock failure). Subsequently, when kpropd attempts to re-apply the missing updates, it may re-attempt a deletion event and fail (add/modify events work, but deletions can fail). The following patch fixes this…

 

https://github.com/rbasch/krb5/commit/cdd7b8c6bebbab29f1dedab40982b9d16720311e

There is no locking in ulog_finish_update_slave(), so I can't come up
with any obvious sequence of events which would result in a delete being
replayed twice.

So if we do try to replay a delete operation and the principal isn't
present, I'm not certain whether the right action is to ignore it
(because the principal is already in the desired state of not existing)
or force a full dump (because something is clearly wrong with the state
of the slave DB) as we appear to do now.
Date: Sun, 17 Nov 2013 09:36:27 -0500
From: Richard Basch <basch@alum.mit.edu>
Subject: RE: krb5-1.11: Bug fix: iprop
To: "'Richard Basch'" <basch@alum.mit.edu>, krb5-bugs@mit.edu

Actually, it doesn’t impact the current 1.11 because if this condition occurs, the ulog last_sno will be set to 0, forcing a full resync on the next attempt.

 

From: Richard Basch [mailto:basch@alum.mit.edu]
Sent: Saturday, November 02, 2013 10:04 PM
To: 'krb5-bugs@mit.edu'
Subject: krb5-1.11: Bug fix: iprop

 

I believe this patch applies to all 1.11.x releases, but certainly manifested itself quite spectacularly with my iprop fixes to allow tree replication.

 

Anyway, it is possible for a principal deletion event to be applied via ulog_replay but not fully applied to the ulog (probably because of a lock failure). Subsequently, when kpropd attempts to re-apply the missing updates, it may re-attempt a deletion event and fail (add/modify events work, but deletions can fail). The following patch fixes this…

 

https://github.com/rbasch/krb5/commit/cdd7b8c6bebbab29f1dedab40982b9d16720311e