krb5 commit: Load mechglue config files from /etc/gss/mech.d
Greg Hudson
ghudson at MIT.EDU
Thu May 22 18:26:30 EDT 2014
https://github.com/krb5/krb5/commit/05cbef80d53f49d30a5d0563501226dc173734d4
commit 05cbef80d53f49d30a5d0563501226dc173734d4
Author: Günther Deschner <gdeschner at redhat.com>
Date: Wed Mar 5 15:25:43 2014 +0100
Load mechglue config files from /etc/gss/mech.d
In addition to loading /etc/gss/mech, glob for *.conf files in
/etc/gss/mech.d. Load only config files which have changed since the
highest mtime we saw in the previous scan. Scan at most once per
second to avoid excessive numbers of filesystem syscalls for busy
GSSAPI applications.
[ghudson at mit.edu: rewrote commit message; style changes; added
once-per-second throttle on glob/stat calls]
ticket: 7882 (new)
src/lib/gssapi/mechglue/g_initialize.c | 65 ++++++++++++++++++++++++++-----
1 files changed, 54 insertions(+), 11 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index c6904e0..f0acf1a 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -41,6 +41,7 @@
#include <string.h>
#include <ctype.h>
#include <errno.h>
+#include <glob.h>
#define M_DEFAULT "default"
@@ -58,6 +59,7 @@
#ifndef MECH_CONF
#define MECH_CONF "/etc/gss/mech"
#endif
+#define MECH_CONF_PATTERN MECH_CONF ".d/*.conf"
/* Local functions */
static void addConfigEntry(const char *oidStr, const char *oid,
@@ -90,6 +92,7 @@ static gss_mech_info g_mechList = NULL;
static gss_mech_info g_mechListTail = NULL;
static k5_mutex_t g_mechListLock = K5_MUTEX_PARTIAL_INITIALIZER;
static time_t g_confFileModTime = (time_t)0;
+static time_t g_confLastCall = (time_t)0;
static gss_OID_set_desc g_mechSet = { 0, NULL };
static k5_mutex_t g_mechSetLock = K5_MUTEX_PARTIAL_INITIALIZER;
@@ -383,6 +386,56 @@ const gss_OID oid;
return (modOptions);
} /* gssint_get_modOptions */
+/* Return the mtime of filename or its eventual symlink target (if it is a
+ * symlink), whichever is larger. Return (time_t)-1 if lstat or stat fails. */
+static time_t
+check_link_mtime(const char *filename, time_t *mtime_out)
+{
+ struct stat st1, st2;
+
+ if (lstat(filename, &st1) != 0)
+ return (time_t)-1;
+ if (!S_ISLNK(st1.st_mode))
+ return st1.st_mtime;
+ if (stat(filename, &st2) != 0)
+ return (time_t)-1;
+ return (st1.st_mtime > st2.st_mtime) ? st1.st_mtime : st2.st_mtime;
+}
+
+/* Try to load any config files which have changed since the last call. Config
+ * files are MECH_CONF and any files matching MECH_CONF_PATTERN. */
+static void
+loadConfigFiles()
+{
+ glob_t globbuf;
+ time_t highest_mtime = 0, mtime, now;
+ char **pathptr;
+
+ /* Don't glob and stat more than once per second. */
+ if (time(&now) == (time_t)-1 || now == g_confLastCall)
+ return;
+ g_confLastCall = now;
+
+ globbuf.gl_offs = 1;
+ if (glob(MECH_CONF_PATTERN, GLOB_DOOFFS, NULL, &globbuf) != 0)
+ return;
+ globbuf.gl_pathv[0] = MECH_CONF;
+
+ for (pathptr = globbuf.gl_pathv; *pathptr != NULL; pathptr++) {
+ mtime = check_link_mtime(*pathptr, &mtime);
+ if (mtime == (time_t)-1)
+ continue;
+ if (mtime > highest_mtime)
+ highest_mtime = mtime;
+ if (mtime > g_confFileModTime)
+ loadConfigFile(*pathptr);
+ }
+ g_confFileModTime = highest_mtime;
+
+ globbuf.gl_pathv[0] = NULL;
+ globfree(&globbuf);
+}
+
/*
* determines if the mechList needs to be updated from file
* and performs the update.
@@ -401,17 +454,7 @@ updateMechList(void)
loadConfigFromRegistry(HKEY_CURRENT_USER, MECH_KEY);
loadConfigFromRegistry(HKEY_LOCAL_MACHINE, MECH_KEY);
#else /* _WIN32 */
- char *fileName;
- struct stat fileInfo;
-
- fileName = MECH_CONF;
-
- /* check if mechList needs updating */
- if (stat(fileName, &fileInfo) != 0 ||
- g_confFileModTime >= fileInfo.st_mtime)
- return;
- g_confFileModTime = fileInfo.st_mtime;
- loadConfigFile(fileName);
+ loadConfigFiles();
#endif /* !_WIN32 */
/* Load any unloaded interposer mechanisms immediately, to make sure we
More information about the cvs-krb5
mailing list