[krbdev.mit.edu #6018] Support for recovering from broken rcache
Alexandra Ellwood via RT
rt-comment at krbdev.mit.edu
Mon Jul 7 16:03:02 EDT 2008
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2007-08-09 13:29:10.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2008-06-04 10:13:20.000000000 -0700
@@ -51,7 +51,6 @@
{
krb5_error_code retval;
char *rcname;
- char *sname;
rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
@@ -61,23 +60,44 @@
if (!rcname)
rcname = KDCRCACHE;
- if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
- /* Recover or initialize the replay cache */
- if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
- !(retval = krb5_rc_initialize(kcontext,
- kdc_rcache,
- kcontext->clockskew))
- ) {
- /* Expunge the replay cache */
- if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
- sname = kdc_current_rcname;
- kdc_current_rcname = strdup(rcname);
- if (sname)
- free(sname);
- }
- }
+ retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
+ if (retval)
+ return retval;
+
+ /* First try to recover */
+ retval = krb5_rc_recover(kcontext, kdc_rcache);
+ if (retval) {
+ /* Either the cache is malformated or not there, lets remove
+ it first and then initialize it */
+ retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
if (retval)
- krb5_rc_close(kcontext, kdc_rcache);
+ return retval;
+ retval = krb5_rc_destroy(kcontext, kdc_rcache);
+ if (retval)
+ return retval;
+
+ /* init */
+ retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
+ if (retval)
+ return retval;
+ retval = krb5_rc_initialize(kcontext, kdc_rcache, kcontext->clockskew);
+ if (retval)
+ goto out;
+ }
+
+ /* Now that we have an open and valid rcache, expunge it */
+ retval = krb5_rc_expunge(kcontext, kdc_rcache);
+ if (retval == 0) {
+ char *sname = kdc_current_rcname;
+ kdc_current_rcname = strdup(rcname);
+ if (sname)
+ free(sname);
+ }
+
+ out:
+ if (retval) {
+ krb5_rc_close(kcontext, kdc_rcache);
+ kdc_rcache = NULL;
}
return(retval);
}
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c 2007-08-09 13:29:17.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c 2008-06-04 10:52:04.000000000 -0700
@@ -267,8 +267,18 @@
krb5_rc_dfl_destroy(krb5_context context, krb5_rcache id)
{
#ifndef NOIOSTUFF
- if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d))
- return KRB5_RC_IO;
+ struct dfl_data *t = (struct dfl_data *)id->data;
+ krb5_error_code retval;
+
+ retval = krb5_rc_io_open(context, &t->d, t->name);
+ if (retval)
+ return retval;
+ retval = krb5_rc_io_destroy(context, &t->d);
+ if (retval)
+ return retval;
+ retval = krb5_rc_io_close(context, &t->d);
+ if (retval)
+ return retval;
#endif
return krb5_rc_dfl_close(context, id);
}
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c 2007-08-09 13:29:17.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c 2008-06-04 12:56:45.000000000 -0700
@@ -425,6 +425,8 @@
strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
+ if (count != num)
+ return KRB5_RC_IO_EOF;
if (count == 0)
return KRB5_RC_IO_EOF;
return 0;
More information about the krb5-bugs
mailing list