[krbdev.mit.edu #6937] concurrency issue between krb5_cc_retrieve_cred and krb5_cc_store_cred

Arlene Berry via RT rt-comment at krbdev.mit.edu
Fri Jul 22 19:48:18 EDT 2011 

#include <krb5.h>
#include <stdio.h>
#include <termios.h>
#include <memory.h>
#include <stdint.h>
#include <pthread.h>

struct retrieve_info
{
	krb5_context context;
	krb5_ccache cache;
	krb5_creds *search;
};


void *retrieve_routine(void *info)
{
	struct retrieve_info *thread_info = (struct retrieve_info *)info;
	krb5_creds retr_creds;
	int loop;

	for (loop = 0; loop < 1000; loop++)
	{
		if (krb5_cc_retrieve_cred(thread_info->context, thread_info->cache, KRB5_TC_SUPPORTED_KTYPES, thread_info->search, &retr_creds) < 0)

		{
			printf("An error occurred while searching for the creds\n");
			return NULL;
		}

		printf("got back creds %d\n", loop);

		krb5_free_cred_contents(thread_info->context, &retr_creds);
	}

	return NULL;

}

int main(int argc, const char *argv[])
{
	krb5_error_code error;
	char password[100];
	krb5_context context;
	krb5_creds creds;
	krb5_principal principal;
	struct termios old, new;
	krb5_ccache cache;
	krb5_get_init_creds_opt opts;
	int loop;
	struct retrieve_info thread_info;
	pthread_t retrieve_thread;

	tcgetattr(fileno(stdin), &old);
	memcpy(&new, &old, sizeof(old));
	new.c_lflag &= ~(ECHO); tcsetattr(fileno(stdin), TCSANOW, &new);

	printf("Enter password for %s:\n", argv[1]);
	fgets(password, sizeof(password), stdin);
	password[strlen(password) - 1] = 0;
	tcsetattr(fileno(stdin), TCSANOW, &old);

	error = krb5_init_context(&context);
	if (error)
		goto error;
	error = krb5_parse_name(context, argv[1], &principal);
	if (error)
		goto error;

	krb5_get_init_creds_opt_init(&opts);

	if (krb5_get_init_creds_password(context,
				&creds,
				principal,
				password,
				NULL,
				NULL,
				0,
				NULL,
				&opts) < 0)
	{
		goto error;
	}

	if (krb5_cc_default(context, &cache))
		goto error;

	if (krb5_cc_initialize(context, cache, principal))
		goto error;
	if (krb5_cc_store_cred(context, cache, &creds))
		goto error;


	thread_info.context = context;
	thread_info.cache = cache;
	thread_info.search = &creds;
	if (pthread_create(&retrieve_thread, NULL, retrieve_routine, &thread_info) != 0)
	{
		goto error;
	}

	for (loop = 0; loop < 1000; loop++)
	{
		error = krb5_cc_store_cred(context, cache, &creds);
		if (error < 0)
		{
			printf("Failed to write creds %d\n", error);
			goto error;
		}
		printf("Wrote creds %d\n", loop);
	}

	if (pthread_join(retrieve_thread, NULL) < 0)
	{
		goto error;
	}

	return 0;

error:
	printf("Error occurred\n");
	return 1;
}

More information about the krb5-bugs mailing list