[1957] in Moira Commits
/svn/moira r4096 - trunk/moira/incremental/afs
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Sat Feb 2 23:00:51 2013
Date: Sat, 2 Feb 2013 23:00:44 -0500
From: Garry Zacheiss <zacheiss@MIT.EDU>
Message-Id: <201302030400.r1340i0U014802@drugstore.mit.edu>
To: moira-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: zacheiss
Date: 2013-02-02 23:00:44 -0500 (Sat, 02 Feb 2013)
New Revision: 4096
Modified:
trunk/moira/incremental/afs/afs.c
Log:
Make sure we always have a krb5_context. If we're in the middle of a callback, punt before we call krb5_524_conv_principal() on the member we're processing.
Modified: trunk/moira/incremental/afs/afs.c
===================================================================
--- trunk/moira/incremental/afs/afs.c 2013-01-31 22:03:00 UTC (rev 4095)
+++ trunk/moira/incremental/afs/afs.c 2013-02-03 04:00:44 UTC (rev 4096)
@@ -587,20 +587,47 @@
char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
char canon_member[MAX_K_NAME_SZ];
+ memset(name, 0, sizeof(name));
+ memset(inst, 0, sizeof(inst));
+ memset(realm, 0, sizeof(realm));
+
+ code = krb5_init_context(&context);
+ if (code)
+ goto out;
+
/* The following KERBEROS code allows for the use of entities
* user@foreign_cell.
*/
if (!local_realm)
{
- code = krb5_init_context(&context);
- if (code)
- goto out;
-
code = krb5_get_default_realm(context, &local_realm);
if (code)
goto out;
}
+ /* Cannot risk doing another query during a callback */
+
+ /* We could do this simply for type USER, but eventually this may
+ * also dynamically add KERBEROS types to the prdb, and we will need
+ * to do a query to look up the uid of the null-instance user */
+
+ if (mr_connections)
+ {
+ m = malloc(sizeof(struct member));
+ if (!m)
+ {
+ critical_alert(whoami, "incremental", "Out of memory");
+ exit(1);
+ }
+ m->op = op;
+ strcpy(m->list, group);
+ strcpy(m->type, type);
+ strcpy(m->member, member);
+ m->next = member_head;
+ member_head = m;
+ return;
+ }
+
if (!strcmp(type, "KERBEROS"))
{
/* AFS still uses a v4-style namespace, so convert. */
@@ -622,27 +649,6 @@
else if (strcmp(type, "USER"))
return; /* invalid type */
- /* Cannot risk doing another query during a callback */
- /* We could do this simply for type USER, but eventually this may also
- * dynamically add KERBEROS types to the prdb, and we will need to do
- * a query to look up the uid of the null-instance user */
- if (mr_connections)
- {
- m = malloc(sizeof(struct member));
- if (!m)
- {
- critical_alert(whoami, "incremental", "Out of memory");
- exit(1);
- }
- m->op = op;
- strcpy(m->list, group);
- strcpy(m->type, type);
- strcpy(m->member, member);
- m->next = member_head;
- member_head = m;
- return;
- }
-
strcpy(buf, "system:");
strcat(buf, group);
com_err(whoami, 0, "%s %s %s group %s", (op ? "Adding" : "Removing"), member,
