10 feb 2007 kl. 04.03 skrev Michael B Allen:
And what if you do not change uids?
This is a real error that I ecountered in my application. Apache
workers
all run as 'nobody' and do not change uids. Once the
default_cc_name is
set for an httpd worker process all subsequent authentications by that
worker will use the old ccache and init_sec_context will fail to find
the desired cred.
I also think its a real problem, sorry if that didn't come across.
Lets try express this is code instead of words since I can't get
across what I
the code to do.
Love
--- cache.c 13 Sep 2006 03:35:19 +1000 1.82
+++ cache.c 10 Feb 2007 08:02:45 +1100
@@ -382,6 +382,45 @@
}
/*
+ * Detect if enviroment changed and will require a update to the
+ * default credential cache name.
+ */
+
+static HEIMDAL_MUTEX cc_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static unsigned cc_uid;
+static const char *cc_env;
+
+/* XXX will getenv return same value or should we make a copy */
+
+static int
+cc_env_changed_p(void)
+{
+ int update = 0;
+ const char *s;
+ HEIMDAL_MUTEX_lock(&cc_mutex);
+ s = getenv("KRB5CCNAME");
+ if (cc_env == NULL) {
+ update = 1;
+ goto out;
+ }
+ if (s && s != cc_env) {
+ update = 1;
+ goto out;
+ }
+ if (cc_uid != (unsigned)getuid()) {
+ update = 1;
+ goto out;
+ }
+out:
+ if (update) {
+ cc_env = s;
+ cc_uid = (unsigned)getuid();
+ }
+ HEIMDAL_MUTEX_unlock(&cc_mutex);
+ return update;
+}
+
+/*
* Return a pointer to a context static string containing the default
* ccache name.
*/
@@ -389,7 +428,7 @@
const char* KRB5_LIB_FUNCTION
krb5_cc_default_name(krb5_context context)
{
- if (context->default_cc_name == NULL)
+ if (context->default_cc_name == NULL || cc_env_changed_p())
krb5_cc_set_default_name(context, NULL);
return context->default_cc_name;
