[11766] in Kerberos-V5-bugs
[krbdev.mit.edu #6814] Improve kdb5_util load locking and recovery
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Nov 1 13:45:05 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6814@krbdev.mit.edu>
Message-ID: <rt-6814-33406.8.91915651130788@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6814'":;"'AdminCc of krbdev.mit.edu Ticket #6814'":;@MIT.EDU
Date: Mon, 1 Nov 2010 13:45:01 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
If a kdb5_util load (without -update) operation aborts, it leaves behind
a partially constructed temporary DB. Future load operations will fail
with "kdb5_util load: File exists.", after krb5_db2_create() gets a
successful result from check_openable().
We want kdb5_util load to discard remnant temporary DBs from failed load
operations, but we want to make sure that two load operations don't
happen concurrently. The current locking is inadequate for this; the
temporary DB is locked after it is created and unlocked before it is
promoted.
To fix this, we need atomic DAL operations for create-and-lock-temp-DB
and for promote-and-unlock-temp-DB. Since temporary DB operations are
the sole property of kdb5_util load, we do not need new interfaces; we
can modify the contracts of the existing interfaces (krb5_db_create with
the "temporary" db_arg, and krb5_db_promote).
Only the DB2 back end supports non-update kdb5_util loads, so the scope
of code modifications should be limited to kadmin/db_util/load.c,
plugins/kdb/db2/kdb_db2.c, and include/kdb.h (comments only).
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
