krb5.git/src/lib/krb5/ccache, branch kinit-c MIT Kerberos patches Include file ccache name in error messages 2014-12-15T22:33:46+00:00 Nicolas Williams nico@cryptonector.com 2014-10-30T00:42:49+00:00 98b55e86d7ec8b0a3b9b9f9b415ffdf78f4fd2e8 When a FILE ccache method returns an error, append the filename to the standard message for the code. Remove code to set extended messages in helper functions as they would just be overwritten. Also change the interpretation of errno values. Treat ENAMETOOLONG as KRB5_FCC_NOFILE instead of KRB5_FCC_INTERNAL, since it has an external cause and a name that long can't be opened by normal means. Treat EROFS as KRB5_FCC_PERM. Treat ENOTDIR and ELOOP as KRB5_FCC_NOFILE instead of KRB5_FCC_PERM as both errors imply that the full pathname doesn't exist. Treat EBUSY and ETXTBSY as KRB5_CC_IO instead of KRB5_FCC_PERM as they indicate a conflict rather than a permission issue. [ghudson@mit.edu: renamed set_error to set_errmsg_filename; removed now-inoperative code to set extended messages in helper functions; trimmed changes to interpret_errno; clarified and shortened commit message] ticket: 8052 (new) 
When a FILE ccache method returns an error, append the filename to the
standard message for the code.  Remove code to set extended messages
in helper functions as they would just be overwritten.

Also change the interpretation of errno values.  Treat ENAMETOOLONG as
KRB5_FCC_NOFILE instead of KRB5_FCC_INTERNAL, since it has an external
cause and a name that long can't be opened by normal means.  Treat
EROFS as KRB5_FCC_PERM.  Treat ENOTDIR and ELOOP as KRB5_FCC_NOFILE
instead of KRB5_FCC_PERM as both errors imply that the full pathname
doesn't exist.  Treat EBUSY and ETXTBSY as KRB5_CC_IO instead of
KRB5_FCC_PERM as they indicate a conflict rather than a permission
issue.

[ghudson@mit.edu: renamed set_error to set_errmsg_filename; removed
now-inoperative code to set extended messages in helper functions;
trimmed changes to interpret_errno; clarified and shortened commit
message]

ticket: 8052 (new)
Don't fdopen() in append mode in cc_file.c 2014-11-29T21:22:59+00:00 Ben Kaduk kaduk@mit.edu 2014-11-24T23:23:32+00:00 d65c504432f01eb1a03703af07356f538f16f8c6 Implementations of fdopen() are inconsistent about the state of the file offset after fdopen(., "a+") -- some position the stream at the end of the file immediately (e.g., Solaris), for both reading and writing, but others let reads occur from the beginning of the file (e.g., glibc). As it turns out, we only ever write to the file descriptor, not through stdio, so opening the file with O_APPEND and using fdopen() with "r+b" should give us sufficient append semantics, while more portably letting the stream read from the beginning of the file. This fixes the test suite on Solaris, a regression introduced by commit 6979ead5e5c24ca0ec3569eb4bef48c2e5d8a726. ticket: 8026 
Implementations of fdopen() are inconsistent about the state of
the file offset after fdopen(., "a+") -- some position the stream
at the end of the file immediately (e.g., Solaris), for both reading
and writing, but others let reads occur from the beginning of the
file (e.g., glibc).

As it turns out, we only ever write to the file descriptor, not
through stdio, so opening the file with O_APPEND and using fdopen()
with "r+b" should give us sufficient append semantics, while
more portably letting the stream read from the beginning of the file.

This fixes the test suite on Solaris, a regression introduced
by commit 6979ead5e5c24ca0ec3569eb4bef48c2e5d8a726.

ticket: 8026
Fix minor cleanup issue in file ccache 2014-11-05T19:53:59+00:00 Greg Hudson ghudson@mit.edu 2014-11-04T15:13:11+00:00 16989828e9b9137b4f3c701962d838360f895636 If we fail to open the cache file in fcc_initialize, we could wind up calling close(-1) which is harmless but incorrect. Avoid this by initializing fd and conditionalizing its cleanup. ticket: 8026 
If we fail to open the cache file in fcc_initialize, we could wind up
calling close(-1) which is harmless but incorrect.  Avoid this by
initializing fd and conditionalizing its cleanup.

ticket: 8026
Fix spurious gcc warning in cc_file.c 2014-11-03T22:32:18+00:00 Greg Hudson ghudson@mit.edu 2014-11-03T22:27:00+00:00 35ab0d013f35a9840d0fbcb8de3b194eb501199d gcc 4.6.3 (present in Ubuntu 12.04) is smart enough to look at get_size and see that it does not always assign to *size_out, but not smart enough to figure out that it always assigns to *size_out when it returns 0. As a result, it outputs two warnings which we treat as errors. Add an initial assignment to *size_out at the beginning of get_size to work around this. ticket: 8026 
gcc 4.6.3 (present in Ubuntu 12.04) is smart enough to look at
get_size and see that it does not always assign to *size_out, but not
smart enough to figure out that it always assigns to *size_out when it
returns 0.  As a result, it outputs two warnings which we treat as
errors.  Add an initial assignment to *size_out at the beginning of
get_size to work around this.

ticket: 8026
Use stdio reads, O_APPEND writes in FILE ccache 2014-11-03T17:51:44+00:00 Greg Hudson ghudson@mit.edu 2014-10-12T22:46:17+00:00 6979ead5e5c24ca0ec3569eb4bef48c2e5d8a726 Remove open file state from the cache handle, use stdio for reading, use single O_APPEND writes for writing, and use O_CLOEXEC when opening. Keep the file handle open during iteration. These changes simplify the code, fix some concurrency issues, and reduce the dependency on POSIX file locks. We still acquire file locks for compatibility with older code, and in case O_APPEND writes aren't concurrency-atomic. Helper functions change as follows: * open_cache_file yields a stdio handle, and only opens and locks. * close_cache_file takes a stdio handle. * read_header (new) reads the file header and yields a version. * invalidate_cache and fcc_lseek are no longer needed. * get_size, read_bytes, and load_bytes operate on a stdio handle. * read32, read16, load_data, load_principal, and load_cred operate on a stdio handle and version. * write_bytes, store32, store16, and store_principal are no longer needed. fcc_initialize now takes responsibility for writing the header and default client principal, using a single write. ticket: 8026 (new) 
Remove open file state from the cache handle, use stdio for reading,
use single O_APPEND writes for writing, and use O_CLOEXEC when
opening.  Keep the file handle open during iteration.  These changes
simplify the code, fix some concurrency issues, and reduce the
dependency on POSIX file locks.  We still acquire file locks for
compatibility with older code, and in case O_APPEND writes aren't
concurrency-atomic.

Helper functions change as follows:
* open_cache_file yields a stdio handle, and only opens and locks.
* close_cache_file takes a stdio handle.
* read_header (new) reads the file header and yields a version.
* invalidate_cache and fcc_lseek are no longer needed.
* get_size, read_bytes, and load_bytes operate on a stdio handle.
* read32, read16, load_data, load_principal, and load_cred operate on
  a stdio handle and version.
* write_bytes, store32, store16, and store_principal are no longer
  needed.

fcc_initialize now takes responsibility for writing the header and
default client principal, using a single write.

ticket: 8026 (new)
Remove cc_file.c global lookup table 2014-11-03T16:40:41+00:00 Greg Hudson ghudson@mit.edu 2014-10-07T00:09:27+00:00 21c6d59c9b5b08cbd2c87a96a719b0ac511cce51 The FILE ccache type maintains a global reference-counted table of handles, which is perhaps an imperfect workaround for POSIX per-process file locks. Remove this table, since we plan to maintain read fds in cursors and use O_APPEND writes to render locking less important. 
The FILE ccache type maintains a global reference-counted table of
handles, which is perhaps an imperfect workaround for POSIX
per-process file locks.  Remove this table, since we plan to maintain
read fds in cursors and use O_APPEND writes to render locking less
important.
Stop using KRB5_TC_OPENCLOSE 2014-11-03T16:40:38+00:00 Greg Hudson ghudson@mit.edu 2014-10-06T14:05:41+00:00 ec3a2e9ea2d4fdb2e00fc7b2a6bfed7feac10880 Since KRB5_TC_OPENCLOSE no longer does anything, stop setting it when we iterate over ccaches. ticket: 7804 
Since KRB5_TC_OPENCLOSE no longer does anything, stop setting it when
we iterate over ccaches.

ticket: 7804
Remove KRB5_TC_OPENCLOSE handling in FILE ccache 2014-11-03T15:52:12+00:00 Greg Hudson ghudson@mit.edu 2014-10-06T13:47:10+00:00 fe9e299521d6e2952b987d3ca29cf327b7eacdda Stop processing the KRB5_TC_OPENCLOSE flag in cc_file.c; always reopen the file instead. This will be replaced with more efficient cursor handling. Also remove some unused KRB5_TC_OPENCLOSE macros in scc.h. 
Stop processing the KRB5_TC_OPENCLOSE flag in cc_file.c; always reopen
the file instead.  This will be replaced with more efficient cursor
handling.  Also remove some unused KRB5_TC_OPENCLOSE macros in scc.h.
Avoid unneeded GetMSTGT() calls in cc_mslsa.c 2014-09-09T21:36:46+00:00 Ben Kaduk kaduk@mit.edu 2014-08-14T17:57:48+00:00 76a16d2652da483dd7bc95f24257e0f195b833f0 Both lcc_resolve() and lcc_get_principal() were using GetMSTGT() to fetch a ticket from which to obtain the client principal name of the credentials cache. However, that name is contained in the results of the the cache information query; there is no need to retrieve a full ticket of any sort to get it. Since there may sometimes be difficulties obtaining a TGT when UAC is enabled, avoid these unneeded calls. ticket: 7989 
Both lcc_resolve() and lcc_get_principal() were using GetMSTGT()
to fetch a ticket from which to obtain the client principal name
of the credentials cache.  However, that name is contained in
the results of the the cache information query; there is no need
to retrieve a full ticket of any sort to get it.  Since there
may sometimes be difficulties obtaining a TGT when UAC is enabled,
avoid these unneeded calls.

ticket: 7989
Move realm conversion into helper in cc_mslsa.c 2014-09-09T21:04:39+00:00 Ben Kaduk kaduk@mit.edu 2014-08-14T17:51:22+00:00 e2d1a3aea7789b6acc5fa963da75ea666614764c All the callers of UnicodeStringToMITPrinc() were already converting a UnicodeString into a wchar* just to pass it in as the realm. Simplify everyone's life by making the helper do the conversion. ticket: 7989 
All the callers of UnicodeStringToMITPrinc() were already converting
a UnicodeString into a wchar* just to pass it in as the realm.

Simplify everyone's life by making the helper do the conversion.

ticket: 7989