krb5 commit: Don't flush libkrb5 context profiles
ghudson at mit.edu
ghudson at mit.edu
Tue Apr 23 17:43:54 EDT 2024
https://github.com/krb5/krb5/commit/0a3acc20564e82ba33741248cf25ca4d085d777f
commit 0a3acc20564e82ba33741248cf25ca4d085d777f
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Apr 3 14:20:53 2024 -0400
Don't flush libkrb5 context profiles
The profile library has two deconstructors, profile_release() and
profile_abandon(). profile_release() flushes in-memory changes to
backing files, while profile_abandon() does not. If a krb5_context
profile contains in-memory changes, they were copied from a profile
supplied to krb5_init_context_profile(), and the caller can decide
whether to flush them.
As profile_copy() is now a public function, remove the include of
prof_int.h and the associated LOCALINCLUDES setting in Makefile.in.
ticket: 9121 (new)
.gitignore | 1 +
src/lib/krb5/os/Makefile.in | 16 ++++++---
src/lib/krb5/os/deps | 14 ++++++--
src/lib/krb5/os/init_os_ctx.c | 5 ++-
src/lib/krb5/os/t_ctxprf.c | 79 +++++++++++++++++++++++++++++++++++++++++++
src/lib/krb5/os/t_ctxprf.py | 15 ++++++++
6 files changed, 120 insertions(+), 10 deletions(-)
diff --git a/.gitignore b/.gitignore
index 00e42adf0..bfbf45ab6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -358,6 +358,7 @@ local.properties
/src/lib/krb5/krb/t_sname_match
/src/lib/krb5/krb/t_valid_times
+/src/lib/krb5/os/t_ctxprf
/src/lib/krb5/os/t_expand_path
/src/lib/krb5/os/t_locate_kdc
/src/lib/krb5/os/t_std_conf
diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in
index f523a5ac8..e84b5b747 100644
--- a/src/lib/krb5/os/Makefile.in
+++ b/src/lib/krb5/os/Makefile.in
@@ -2,7 +2,6 @@ mydir=lib$(S)krb5$(S)os
BUILDTOP=$(REL)..$(S)..$(S)..
DEFINES=-DLIBDIR=\"$(KRB5_LIBDIR)\" -DBINDIR=\"$(CLIENT_BINDIR)\" \
-DSBINDIR=\"$(ADMIN_BINDIR)\"
-LOCALINCLUDES= -I$(top_srcdir)/util/profile
# Like RUN_TEST, but use td_krb5.conf from this directory.
RUN_TEST_LOCAL_CONF=$(RUN_SETUP) KRB5_CONFIG=$(srcdir)/td_krb5.conf LC_ALL=C \
@@ -154,7 +153,8 @@ SRCS= \
$(srcdir)/write_msg.c
EXTRADEPSRCS = \
- t_expand_path.c t_gifconf.c t_locate_kdc.c t_std_conf.c t_trace.c
+ t_ctxprf.c t_expand_path.c t_gifconf.c t_locate_kdc.c t_std_conf.c \
+ t_trace.c
##DOS##LIBOBJS = $(OBJS)
@@ -164,7 +164,7 @@ clean-unix:: clean-libobjs
shared:
mkdir shared
-TEST_PROGS= t_std_conf t_locate_kdc t_trace t_expand_path
+TEST_PROGS= t_std_conf t_locate_kdc t_trace t_expand_path t_ctxprf
T_STD_CONF_OBJS= t_std_conf.o
@@ -190,6 +190,9 @@ t_trace: $(T_TRACE_OBJS) $(KRB5_BASE_DEPLIBS)
t_expand_path: t_expand_path.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_expand_path.o $(KRB5_BASE_LIBS)
+t_ctxprf: t_ctxprf.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ t_ctxprf.o $(KRB5_BASE_LIBS)
+
LCLINT=lclint
LCLINTOPTS= -warnposix \
-usedef +charintliteral +ignoresigns -predboolint +boolint \
@@ -200,7 +203,7 @@ lclint-localaddr: localaddr.c
-DTEST $(srcdir)/localaddr.c
check-unix: check-unix-stdconf check-unix-locate check-unix-trace \
- check-unix-expand check-unix-uri
+ check-unix-expand check-unix-uri check-unix-ctxprf
check-unix-stdconf: t_std_conf
$(RUN_TEST_LOCAL_CONF) ./t_std_conf -d -s NEW.DEFAULT.REALM -d \
@@ -259,9 +262,12 @@ check-unix-expand: t_expand_path
'the %{animal}%{s} on the %{place}%{s}' \
'the frogs on the pads'
+check-unix-ctxprf: t_ctxprf
+ $(RUNPYTEST) $(srcdir)/t_ctxprf.py $(PYTESTFLAGS)
+
clean:
$(RM) $(TEST_PROGS) test.out t_std_conf.o t_locate_kdc.o t_trace.o
- $(RM) t_expand_path.o
+ $(RM) t_expand_path.o t_ctxprf.o
@libobj_frag@
diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps
index aed7792a7..9add6eca9 100644
--- a/src/lib/krb5/os/deps
+++ b/src/lib/krb5/os/deps
@@ -211,8 +211,7 @@ init_os_ctx.so init_os_ctx.po $(OUTPRE)init_os_ctx.$(OBJEXT): \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- $(top_srcdir)/util/profile/prof_int.h init_os_ctx.c \
- os-proto.h
+ init_os_ctx.c os-proto.h
krbfileio.so krbfileio.po $(OUTPRE)krbfileio.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -519,6 +518,17 @@ write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h os-proto.h write_msg.c
+t_ctxprf.so t_ctxprf.po $(OUTPRE)t_ctxprf.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h os-proto.h t_ctxprf.c
t_expand_path.so t_expand_path.po $(OUTPRE)t_expand_path.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 2be266f17..c35007888 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -29,7 +29,6 @@
#include "k5-int.h"
#include "os-proto.h"
#include "../krb/int-proto.h"
-#include "prof_int.h" /* XXX for profile_copy, not public yet */
#if defined(_WIN32)
#include <winsock.h>
@@ -468,7 +467,7 @@ krb5_set_config_files(krb5_context ctx, const char **filenames)
return retval;
if (ctx->profile)
- profile_release(ctx->profile);
+ profile_abandon(ctx->profile);
ctx->profile = profile;
return 0;
@@ -503,7 +502,7 @@ k5_os_free_context(krb5_context ctx)
os_ctx->magic = 0;
if (ctx->profile) {
- profile_release(ctx->profile);
+ profile_abandon(ctx->profile);
ctx->profile = 0;
}
diff --git a/src/lib/krb5/os/t_ctxprf.c b/src/lib/krb5/os/t_ctxprf.c
new file mode 100644
index 000000000..c804d4896
--- /dev/null
+++ b/src/lib/krb5/os/t_ctxprf.c
@@ -0,0 +1,79 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_ctxprf.c - krb5_init_context_profile() test */
+/*
+ * Copyright (C) 2024 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program tests the use of krb5_init_context_profile() with a modified
+ * profile object. If run with the single argument "empty", we create and
+ * modifiemodify an empty profile; otherwise, we retrieve and modify the
+ * profile for a normally created libkrb5 context. In both cases, we set a
+ * realm KDC value in the profile and use k5_locate_kdc() to verify that the
+ * setting is reflected in a libkrb5 context created using the modified
+ * profile.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+static void
+check(long code)
+{
+ assert(code == 0);
+}
+
+int
+main(int argc, char **argv)
+{
+ profile_t p;
+ krb5_context ctx;
+ const char *names[] = { "realms", "KRBTEST.COM", "kdc", NULL };
+ krb5_data realm = string2data("KRBTEST.COM");
+ struct serverlist sl;
+
+ if (argc > 1 && strcmp(argv[1], "empty") == 0) {
+ check(profile_init(NULL, &p));
+ } else {
+ check(krb5_init_context(&ctx));
+ check(krb5_get_profile(ctx, &p));
+ krb5_free_context(ctx);
+ profile_clear_relation(p, names);
+ }
+ check(profile_add_relation(p, names, "ctx.prf.test"));
+
+ check(krb5_init_context_profile(p, 0, &ctx));
+ check(k5_locate_kdc(ctx, &realm, &sl, FALSE, FALSE));
+ assert(sl.nservers == 1);
+ assert(strcmp(sl.servers[0].hostname, "ctx.prf.test") == 0);
+
+ profile_abandon(p);
+ k5_free_serverlist(&sl);
+ krb5_free_context(ctx);
+}
diff --git a/src/lib/krb5/os/t_ctxprf.py b/src/lib/krb5/os/t_ctxprf.py
new file mode 100644
index 000000000..1f3cc720d
--- /dev/null
+++ b/src/lib/krb5/os/t_ctxprf.py
@@ -0,0 +1,15 @@
+from k5test import *
+
+realm = K5Realm(create_kdb=False)
+
+mark('initially empty profile')
+realm.run(['./t_ctxprf', 'empty'])
+
+mark('modified single-file profile')
+realm.run(['./t_ctxprf'])
+with open(os.path.join(realm.testdir, 'krb5.conf')) as f:
+ contents = f.read()
+ if 'ctx.prf.test' in contents:
+ fail('profile changes unexpectedly flushed')
+
+success('krb5_init_context_profile() tests')
More information about the cvs-krb5
mailing list