[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ticket cache file

To: heimdal-discuss@sics.se, Harald Barth <haba@kth.se>
Subject: Re: Ticket cache file
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Date: Wed, 26 Mar 2008 06:24:33 -0400
Cc: lha@kth.se
In-Reply-To: <20080326.083409.155072000.haba@habanero.pdc.kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <20080325.185832.245970866.haba@habanero.pdc.kth.se> <AA4FB671-0D23-41B7-A3DD-A40FF5DCAECD@kth.se> <20080326.083409.155072000.haba@habanero.pdc.kth.se>
Reply-To: heimdal-discuss@sics.se, "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

On Mar 26, 2008, at 3:34 , Harald Barth wrote:
>
>> FILE credential cache implements locking. However I just noticed  
>> that destroy doesn't implement locking, just fixed that.
>
> So either that code does not work as expected or we have to find
> what else it is that garbles our users ticket files from time to time.

The code I see attempts to fcntl() lock 0 bytes at offset 0.  This is  
translated to lock all bytes of the file; some OSes may treat this as  
a whole-file lock a la flock() (cf. Darwin/Mac OS X) but this is not  
reliable.  If the OS does not promote it to a whole-file lock,  
multiple processes attempting to extend the file will not encounter  
locks, as I read this.

I would suggest locking with len 2GB-1 in this case; POSIX compliant  
systems should permit this.  (Of course this probably needs to be  
verified, but I have no idea what to do if it fails and there is no  
flock() or locking() to fall back to.

> Btw, the library is not very robust when encountering a ccache file
> containing a garbled service ticket in the middle. The right way would
> be to just reissue the service ticket from the still intact tgt at the

Without caching it afterward, I hope (which probably requires a  
"ccache invalid" state) --- otherwise if the ccache is garbled, this  
will just make things worse.

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH

References:
- Ticket cache file
  - From: Harald Barth <haba@kth.se>
- Re: Ticket cache file
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Ticket cache file
  - From: Harald Barth <haba@kth.se>

Prev by Date: Re: Ticket cache file
Next by Date: Re: Ticket cache file
Prev by thread: Re: Ticket cache file
Next by thread: libraries only build?
Index(es):
- Date
- Thread