Skip Menu |
 

From: Sam Hartman <hartmans@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: 05cbef80d53 breaks /etc/gss/mech
Date: Wed, 28 May 2014 21:41:02 -0400


If /etc/gss/mech exists but nothing matches /etc/gss/mech.d/*.conf, then
the call to blob apparently fails and /etc/gss/mech is never loaded by g_initialize.c
From: Sam Hartman <hartmans@mit.edu>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #7925] AutoReply: 05cbef80d53 breaks /etc/gss/mech
Date: Wed, 04 Jun 2014 13:05:04 -0400
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.2KiB
Here's a patch:
From 03ecfebef9594035dc152585d1827a93f58bb221 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Wed, 4 Jun 2014 12:03:19 -0400
Subject: Read /etc/gss/mech when no files in mech.d

If the call to glob fails, it's still necessary to read /etc/gss/mech
if that file exists.

ticket: 7925
---
src/lib/gssapi/mechglue/g_initialize.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index a586e1c..7fab03d 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -444,8 +444,18 @@ loadConfigFiles()
g_confLastCall = now;

globbuf.gl_offs = 1;
- if (glob(MECH_CONF_PATTERN, GLOB_DOOFFS, NULL, &globbuf) != 0)
+ if (glob(MECH_CONF_PATTERN, GLOB_DOOFFS, NULL, &globbuf) != 0) {
+ mtime = check_link_mtime(MECH_CONF, &mtime);
+ if (mtime == (time_t)-1)
+ return;
+ if (mtime > highest_mtime)
+ highest_mtime = mtime;
+ if (mtime > g_confFileModTime) {
+ loadConfigFile(MECH_CONF);
+ g_confFileModTime = highest_mtime;
+ }
return;
+ }
globbuf.gl_pathv[0] = MECH_CONF;

for (pathptr = globbuf.gl_pathv; *pathptr != NULL; pathptr++) {
Sorry for the lack of communication which led to duplicate work; I had
hoped to resolve this faster. https://github.com/krb5/krb5/pull/138 is
the expected fix; I just need to do a little manual testing on it.
From: ghudson@mit.edu
Subject: git commit

Read /etc/gss/mech if no mech.d/*.conf found

Always read /etc/gss/mech, even if globbing /etc/gss/mech.d/*.conf
doesn't work. Doing this using GLOB_DOOFFS proved error-prone, so use
a simpler approach: factor out the per-pathname handling into a helper
function load_if_changed, call it with MECH_CONF before the glob, then
pass each glob result through the helper.

https://github.com/krb5/krb5/commit/ac98187641f6943ae571606c0b6a97f236f9b60c
Author: Greg Hudson <ghudson@mit.edu>
Commit: ac98187641f6943ae571606c0b6a97f236f9b60c
Branch: master
src/lib/gssapi/mechglue/g_initialize.c | 43 ++++++++++++++++++-------------
1 files changed, 25 insertions(+), 18 deletions(-)