Ken Raeburn [Sat, 7 Aug 2004 15:52:52 +0000 (15:52 +0000)]
* configure.in: Look for sched.h and sched_yield.
* k5-thread.h: Only include sched.h if it's available.
(MAYBE_SCHED_YIELD): Only use sched_yield if sched.h and sched_yield are
available; if weak references are supported and sched_yield isn't available by
default, check for it at run time.
Ken Raeburn [Thu, 5 Aug 2004 07:42:46 +0000 (07:42 +0000)]
* k5-thread.h [HAVE_PTHREAD]: Include sched.h if DEBUG_THREADS_SLOW is defined.
(MAYBE_SCHED_YIELD) [HAVE_PTHREAD]: Define, to call sched_yield or not,
depending on DEBUG_THREADS_SLOW.
(k5_os_mutex_lock, k5_os_mutex_unlock) [HAVE_PTHREAD]: Use MAYBE_SCHED_YIELD.
(DEBUG_THREADS_SLOW): Define.
Ken Raeburn [Wed, 4 Aug 2004 06:58:17 +0000 (06:58 +0000)]
* rc-int.h (struct _krb5_rc_ops): Add new member, recover_or_init.
* rc_dfl.c (krb5_rc_dfl_init_locked): New function, with most of the content of
old krb5_rc_dfl_init.
(krb5_rc_dfl_init): Call it.
(krb5_rc_dfl_recover_or_init): New function.
* rc_dfl.h (krb5_rc_dfl_recover_or_init): Declare.
* rcdef.c (krb5_rc_dfl_ops): Initialize new field.
* rc_none.c (krb5_rc_none_recover_or_init): New macro.
(krb5_rc_none_ops): Initialize new field.
* rcfns.c (krb5_rc_recover_or_initialize): New function.
Ken Raeburn [Fri, 30 Jul 2004 21:10:45 +0000 (21:10 +0000)]
Implement new replay cache type "none"
* rc_none.c: New file.
* Makefile.in (SRCS, STLIBOBJS, OBJS): Build it.
* rc-int.h (krb5_rc_none_ops): Declare.
* rc_base.c (none): New variable.
(krb5_rc_typelist_dfl): Add it into the linked list.
Ken Raeburn [Fri, 30 Jul 2004 03:55:07 +0000 (03:55 +0000)]
* gssapi_krb5.c (kg_ccache_name): Variable deleted.
(kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set
thread-specific values instead.
Ken Raeburn [Thu, 29 Jul 2004 02:26:43 +0000 (02:26 +0000)]
Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it while
frobbing the contents.
Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but
for internal use. It lets the caller supply the krb5_context instead of
creating yet another one locally, and leaves the new credential mutex locked on
a successful return so that the caller doesn't have to reacquire it. More
functions should be changed to use this internally, but it's a performance
issue; I don't think it's a correctness or thread-safety issue.
* gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex.
(krb5_gss_validate_cred_1): Declare.
* accept_sec_context.c (rd_and_store_for_creds): Initialize mutex.
* acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex.
* add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call
krb5_gss_validate_cred_1. Make sure the mutex is locked.
* copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source
credential.
* init_sec_context.c (get_credentials, new_connection): Check that the mutex is
locked.
(mutual_auth): Delete unused credential argument.
(krb5_gss_init_sec_context): Lock the mutex.
* inq_cred.c (krb5_gss_inquire_cred): Lock the mutex.
* rel_cred.c (krb5_gss_release_cred): Destroy the mutex.
* set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex.
* val_cred.c (krb5_gss_validate_cred_1): New function.
(krb5_gss_validate_cred): Use it.
Ken Raeburn [Thu, 29 Jul 2004 01:50:02 +0000 (01:50 +0000)]
* set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returned
by kg_get_ccache_name. Simplify some calls using a temporary error code
variable.
Ken Raeburn [Wed, 28 Jul 2004 23:38:54 +0000 (23:38 +0000)]
* k5-thread.h [HAVE_PRAGMA_WEAK_REF]: Declare the pthread mutex functions as
weak.
(USE_PTHREAD_LOCK_ONLY_IF_LOADED): Define if pthread_mutex_lock isn't available
by default.
Ken Raeburn [Fri, 23 Jul 2004 15:29:53 +0000 (15:29 +0000)]
Add a mutex to protect the per-process fake-getaddrinfo data cache.
Currently it gets locked while a name lookup is in progress, which is not very
efficient. That should be changed, after the code is fixed up so that the
cache works on other platforms.
* include/fake-addrinfo.h: Include k5-thread.h.
(struct fac): Add a mutex.
(plant_face, find_face): Check that mutex is already locked.
(krb5int_lock_fac, krb5int_unlock_fac): Declare.
(fai_add_hosts_by_name): Use them to lock and unlock the mutex.
* util/support/fake-addrinfo.c (krb5int_fac): Initialize the mutex.
(krb5int_init_fac, krb5int_fini_fac): New functions; finish initializing or
destroy the mutex.
(krb5int_lock_fac, krb5int_unlock_fac): New functions; lock the mutex after
calling krb5int_call_thread_support_init, or unlock it.
* util/support/threads.c (krb5int_call_thread_support_init): New function.
(krb5int_init_fac, krb5int_fini_fac): Declare.
(krb5int_thread_support_init, krb5int_thread_support_fini): Call them.
Ken Raeburn [Fri, 16 Jul 2004 21:12:30 +0000 (21:12 +0000)]
* fake-addrinfo.h: Don't include netdb.h, since port-sockets.h already does.
* port-sockets.h: Define _XOPEN_SOURCE_EXTENDED around inclusion of netdb.h if
it's not defined and not Windows, as fake-addrinfo.h used to do; otherwise just
include it normally.
* k5-int.h: define for WIN32 the macro krb5int_zap_data to
utilize the Win32 API SecureZeroMemory which is guaranteed
by Microsoft not to be optimized out by the compiler.
Both memset and ZeroMemory will be optimized out by the
compiler when possible.
Ken Raeburn [Thu, 15 Jul 2004 01:00:54 +0000 (01:00 +0000)]
Get rid of the global krb5 context used by the GSSAPI Kerberos mechanism. I
*think* I've gotten all the places where a ccache or keytab name that's been
stored gets applied to whichever context needs it.
* gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling
kg_get_context.
(kg_get_ccache_name): Use a locally created krb5 context instead of calling
kg_get_context.
(kg_get_context): Deleted.
* acquire_cred.c (acquire_init_cred): Pass current context.
(krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling
kg_get_context.
* add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name.
* init_sec_context.c (krb5_gss_init_sec_context): Likewise.
* gssapiP_krb5.h (kg_sync_ccache_name): Update prototype.
(kg_get_context): Delete declaration.
Ken Raeburn [Wed, 14 Jul 2004 01:40:52 +0000 (01:40 +0000)]
* acquire_cred.c: Include gss_libinit.h.
(gssint_krb5_keytab_lock): New mutex.
(krb5_gss_register_acceptor_identity, acquire_accept_cred): Lock the mutex
while manipulating krb5_gss_keytab.
Ken Raeburn [Wed, 14 Jul 2004 01:33:35 +0000 (01:33 +0000)]
* k5-platform.h (k5_call_init_function) [DELAY_INITIALIZER] [__GNUC__]: Use a
statement expression so any line number info printed by assertion failures is
useful.
Ken Raeburn [Wed, 14 Jul 2004 00:15:23 +0000 (00:15 +0000)]
* k5-thread.h (k5_os_mutex_init, k5_os_mutex_destroy): If
USE_PTHREAD_LOCK_ONLY_IF_LOADED is defined, use pthread_mutex_init and _destroy
only if pthread support is loaded.
Ken Raeburn [Sun, 11 Jul 2004 06:53:32 +0000 (06:53 +0000)]
* configure.in: Check krb5_cv_inet6_with_dinet6 as well as krb5_cv_inet6 when
deciding whether to test for in6addr_any. If gcc is in use, suppress pedantic
warnings about "inline".
Ken Raeburn [Sun, 11 Jul 2004 06:05:24 +0000 (06:05 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Use PTHREAD_CFLAGS and PTHREAD_LIBS when
checking for pthread_mutexattr_setrobust_np availability with thread support
enabled.
Ken Raeburn [Fri, 9 Jul 2004 23:50:35 +0000 (23:50 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Always include the thread library on
Tru64 UNIX.
(KRB5_AC_CHECK_INET6): If the first test fails, try adding -DINET6 and test
again; if it works, define INET6 for the build.
Ken Raeburn [Fri, 9 Jul 2004 17:44:13 +0000 (17:44 +0000)]
* kdb_db2.c (krb5_db2_db_get_principal): Rename local variable "try"
to "trynum" because some systems (*cough*Tru64*cough*) turn on some
exception handling support when thread support is enabled.
kfw-fixed.nsi: Add registry keys to allow KFW executables to access the
krb5.ini and other config files in the %WINDIR% directory
instead of the per-user WINDOWS directory created in the
user's profile
* cc_mslsa.c: When obtaining a TGT from the MSLSA, do not ignore the
cache when the requested enctype is the NULL enctype. This means to
accept any enctype.
* kfw-fixed.nsi: Microsoft did not place the AllowTGTSessionKey in
the same location within the registry on the XP client platform as
they did on the 2000 SP4 and 2003 Servers. Modify the installer to
set both locations.
Ken Raeburn [Wed, 7 Jul 2004 06:17:28 +0000 (06:17 +0000)]
* k5-thread.h [! HAVE_PTHREAD_H]: Don't explicitly disable thread support when
pthread.h is missing.
(k5_os_mutex, K5_OS_MUTEX_PARTIAL_INITIALIZER, k5_os_mutex_finish_init,
k5_os_mutex_init, k5_os_mutex_destroy, k5_os_mutex_lock, k5_os_mutex_unlock,
k5_os_mutex_assert_unlocked, k5_os_mutex_assert_locked) [_WIN32]: Define
Windows versions; still not enabled by default.
Ken Raeburn [Wed, 7 Jul 2004 00:34:49 +0000 (00:34 +0000)]
* k5-thread.h: Use K5_THREAD_H for multiple inclusion protection.
(k5_debug_mutex_stats, k5_mutex_init_stats, k5_mutex_finish_init_stats,
K5_MUTEX_STATS_INIT): Add some dummy support for recording statistics on how
long mutexes are held, etc. Incomplete implementation started, but code not
enabled.
(k5_mutex_t): Add statistics field.
(K5_MUTEX_PARTIAL_INITIALIZER, k5_mutex_init_1, k5_mutex_init): Initialize it.
Ken Raeburn [Fri, 2 Jul 2004 22:16:56 +0000 (22:16 +0000)]
* k5-thread.h: Restructured mutex code.
(k5_debug_loc): New type, may contain file/line info if DEBUG_THREADS_LOC is
defined.
(k5_os_nothread_*): Dummy implementation of mutex lock for a single-threded
process. Uses a flag and assert() if DEBUG_THREADS is defined, does nothing
interesting otherwise.
(k5_os_mutex*, k5_once*): General implementations, with dummy or POSIX or
POSIX-if-loaded-otherwise-dummy variants.
(k5_mutex_*): Combine OS-specific mutex implementation with optional file/line
tracking, and provide a place to instrument for other debugging or performance
data.
Ken Raeburn [Thu, 1 Jul 2004 01:22:47 +0000 (01:22 +0000)]
* k5-thread.h (K5_MUTEX_DEBUG_INITIALIZER): Use current file and line.
(k5_mutex_debug_finish_init, k5_mutex_debug_init, k5_mutex_debug_destroy): Save
current file and line.
(k5_mutex_debug_lock): Verify that the lock was unlocked before, and set the
state to locked.
(k5_mutex_debug_unlock): Verify that the mutex was locked before, and set the
state to unlocked.
(k5_debug_assert_locked, k5_debug_assert_unlocked): Use
k5_mutex_debug_check_init instead of checking initialized==1.
Ken Raeburn [Wed, 30 Jun 2004 23:24:42 +0000 (23:24 +0000)]
Thread-safety for file-based credentials caches
* cc_file.c (krb5_fcc_data): Added a mutex.
(krb5_fcc_read*, krb5_fcc_write, krb5_fcc_store_*, krb5_fcc_open_file,
krb5_fcc_skip_header, krb5_fcc_skip_principal): Verify that the mutex is
locked.
(MAYBE_OPEN): Verify that the mutex is locked; unlock it if returning an error.
(krb5_fcc_initialize, krb5_fcc_start_seq_get, krb5_fcc_get_principal,
krb5_fcc_store, krb5_fcc_set_flags): Lock and unlock the mutex.
(krb5_fcc_close): Likewise. Destroy the mutex when done.
(krb5_fcc_destroy): Merge stdio and non-stdio versions a little more. Destroy
the mutex when done.
(krb5_fcc_resolve): Initialize and lock the mutex.
(krb5_fcc_next_cred): Lock and unlock the mutex. Merge the stdio and non-stdio
branches a little more.
Ken Raeburn [Wed, 30 Jun 2004 21:21:56 +0000 (21:21 +0000)]
* k5-thread.h (k5_debug_assert_locked, k5_debug_assert_unlocked): New macros.
(k5_assert_locked, k5_assert_unlocked): New macros, may or may not call the
debug macros.