Skip to content

Commit

Permalink
secgsi: revert part of the patch w/ new sutcache
Browse files Browse the repository at this point in the history 
Use stack for proper cleaning of invalidated CRLs and CAs.
Possible fix for #631.
  • Loading branch information
@gganis @simonmichal
gganis authored and simonmichal committed Dec 11, 2017
1 parent 2b05acd commit 2752b60
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 8 deletions.
23 changes: 16 additions & 7 deletions src/XrdSecgsi/XrdSecProtocolgsi.cc
View file
Expand Up @@ -180,6 +180,10 @@ XrdSutCache XrdSecProtocolgsi::cacheAuthzFun; // Entities filled by AuthzFun (d
// Services
XrdOucGMap *XrdSecProtocolgsi::servGMap = 0; // Grid map service
//
// CA and CRL stacks
GSIStack<XrdCryptoX509Chain> XrdSecProtocolgsi::stackCA; // Stack of CA in use
GSIStack<XrdCryptoX509Crl> XrdSecProtocolgsi::stackCRL; // Stack of CRL in use
//
// GMAP control vars
time_t XrdSecProtocolgsi::lastGMAPCheck = -1; // Time of last check
XrdSysMutex XrdSecProtocolgsi::mutexGMAP; // Mutex to control GMAP reloads
Expand Down Expand Up @@ -4271,26 +4275,29 @@ int XrdSecProtocolgsi::GetCA(const char *cahash,
// If invalid we fail
if (cent->status == kCE_inactive) {
// Cleanup and remove existing invalid entries
if (chain) delete chain;
if (crl) delete crl;
if (chain) stackCA.Del(chain);
if (crl) stackCRL.Del(crl);
PRINT("unable to get a valid entry from cache for " << tag);
return -1;
}

// Check if we are done
if (rdlock) {
// Save chain
chain = (X509Chain *)(cent->buf1.buf);
if (hs) hs->Chain = chain;
stackCA.Add(chain);
// Save crl
if (crl && hs) hs->Crl = crl;
// Done
if (crl) {
if (hs) hs->Crl = crl;
// Add to the stack for proper cleaning of invalidated CRLs
stackCRL.Add(crl);
}
return 0;
}

// Cleanup and remove existing invalid entries
if (chain) delete chain;
if (crl) delete crl;
if (chain) stackCA.Del(chain);
if (crl) stackCRL.Del(crl);

chain = 0;
crl = 0;
Expand Down Expand Up @@ -4344,9 +4351,11 @@ int XrdSecProtocolgsi::GetCA(const char *cahash,
// Add to the cache
cent->buf1.buf = (char *)(chain);
cent->buf1.len = 0; // Just a flag
stackCA.Add(chain);
if (crl) {
cent->buf2.buf = (char *)(crl);
cent->buf2.len = 0; // Just a flag
stackCRL.Add(crl);
}
cent->mtime = timestamp;
cent->status = kCE_ok;
Expand Down
32 changes: 31 additions & 1 deletion src/XrdSecgsi/XrdSecProtocolgsi.hh
View file
Expand Up @@ -234,6 +234,27 @@ typedef struct {
int bits;
} ProxyIn_t;

template<class T>
class GSIStack {
public:
void Add(T *t) {
char k[40]; snprintf(k, 40, "%p", t);
mtx.Lock();
if (!stack.Find(k)) stack.Add(k, t, 0, Hash_count); // We need an additional count
stack.Add(k, t, 0, Hash_count);
mtx.UnLock();
}
void Del(T *t) {
char k[40]; snprintf(k, 40, "%p", t);
mtx.Lock();
if (stack.Find(k)) stack.Del(k, Hash_count);
mtx.UnLock();
}
private:
XrdSysMutex mtx;
XrdOucHash<T> stack;
};

/******************************************************************************/
/* X r d S e c P r o t o c o l g s i C l a s s */
/******************************************************************************/
Expand Down Expand Up @@ -338,6 +359,10 @@ private:
// Services
static XrdOucGMap *servGMap; // Grid mapping service
//
// CA and CRL stacks
static GSIStack<XrdCryptoX509Chain> stackCA; // Stack of CA in use
static GSIStack<XrdCryptoX509Crl> stackCRL; // Stack of CRL in use
//
// GMAP control vars
static time_t lastGMAPCheck; // time of last check on GMAP
static XrdSysMutex mutexGMAP; // mutex to control GMAP reloads
Expand Down Expand Up @@ -486,7 +511,12 @@ public:
if (Chain) Chain->Cleanup(1);
SafeDelete(Chain);
}
Crl = 0;
if (Crl) {
// This decreases the counter and actually deletes the object only
// when no instance is using it
XrdSecProtocolgsi::stackCRL.Del(Crl);
Crl = 0;
}
// The proxy chain is owned by the proxy cache; invalid proxies are
// detected (and eventually removed) by QueryProxy
PxyChain = 0;
Expand Down

0 comments on commit 2752b60

Please sign in to comment.