From 79897c032b5eb33fe45eb11fad4fab754a1d9acc Mon Sep 17 00:00:00 2001
From: =?utf8?q?Michal=20Voc=C5=AF?= <michal@ruk.cuni.cz>
Date: Tue, 4 Mar 2008 11:49:16 +0000
Subject: [PATCH] better credentials renewal handling, fixes #34116

---
 org.glite.lb.logger/src/interlogd.c  | 25 +------------------------
 org.glite.lb.logger/src/recover.c    |  6 ++++++
 org.glite.lb.logger/src/send_event.c | 33 ++++++++++++++++-----------------
 3 files changed, 23 insertions(+), 41 deletions(-)

diff --git a/org.glite.lb.logger/src/interlogd.c b/org.glite.lb.logger/src/interlogd.c
index 9991e08..0ee2bde 100644
--- a/org.glite.lb.logger/src/interlogd.c
+++ b/org.glite.lb.logger/src/interlogd.c
@@ -36,7 +36,6 @@ int TIMEOUT = DEFAULT_TIMEOUT;
 
 cred_handle_t *cred_handle = NULL;
 pthread_mutex_t cred_handle_lock = PTHREAD_MUTEX_INITIALIZER;
-pthread_key_t cred_handle_key;
 
 time_t key_mtime = 0, cert_mtime = 0;
 
@@ -255,24 +254,6 @@ void handle_signal(int num) {
 }
 
 
-/* this is called when thread exists */
-void cred_handle_destroy(void *handle) {
-	cred_handle_t *h = (cred_handle_t*)handle;
-	if(!h)
-		return;
-	il_log(LOG_DEBUG, "Thread exiting, releasing credentials.\n");
-	if(pthread_mutex_lock(&cred_handle_lock) < 0)
-		abort();
-	if(--(h->counter) == 0) {
-		edg_wll_gss_release_cred(&h->creds, NULL);
-		free(h);
-		il_log(LOG_DEBUG, "Freed credentials, not used anymore.\n");
-	}
-	if(pthread_mutex_unlock(&cred_handle_lock) < 0) 
-		abort();
-}
-
-
 int
 main (int argc, char **argv)
 {
@@ -334,11 +315,7 @@ main (int argc, char **argv)
 	  il_log(LOG_DEBUG, "  using lazy mode when closing connections, timeout %d\n",
 		 default_close_timeout);
 
-  /* initialize credential key and get credentials */
-  /* IMPORTANT: no other threads may run at the time, the key initialization 
-     has to be done exactly once */
-  if(pthread_key_create(&cred_handle_key, cred_handle_destroy) != 0)
-	  abort();
+  /* get credentials */
   if (CAcert_dir)
      setenv("X509_CERT_DIR", CAcert_dir, 1);
   edg_wll_gss_watch_creds(cert_file,&cert_mtime);
diff --git a/org.glite.lb.logger/src/recover.c b/org.glite.lb.logger/src/recover.c
index 928efe1..18fc3b4 100644
--- a/org.glite.lb.logger/src/recover.c
+++ b/org.glite.lb.logger/src/recover.c
@@ -42,6 +42,12 @@ recover_thread(void *q)
 			if (new_creds != NULL) {
 				if(pthread_mutex_lock(&cred_handle_lock) < 0)
 					abort();
+				/* if no one is using the old credentials, release them */
+				if(cred_handle && cred_handle->counter == 0) {
+					edg_wll_gss_release_cred(&cred_handle->creds, NULL);
+					free(cred_handle);
+					il_log(LOG_DEBUG, "  freed old credentials\n");
+				}
 				cred_handle = malloc(sizeof(*cred_handle));
 				if(cred_handle == NULL) {
 					il_log(LOG_CRIT, "Failed to allocate structure for credentials.\n");
diff --git a/org.glite.lb.logger/src/send_event.c b/org.glite.lb.logger/src/send_event.c
index 3e9444d..57f43b8 100644
--- a/org.glite.lb.logger/src/send_event.c
+++ b/org.glite.lb.logger/src/send_event.c
@@ -179,29 +179,28 @@ event_queue_connect(struct event_queue *eq)
 
     tv.tv_sec = TIMEOUT;
     tv.tv_usec = 0;
-    /* get thread specific pointer to credentials */
-    local_cred_handle = pthread_getspecific(cred_handle_key);
 
-    /* check if there are new credentials */
+    /* get pointer to the credentials */
     if(pthread_mutex_lock(&cred_handle_lock) < 0)
 	    abort();
-    if(local_cred_handle != cred_handle) {
-	    il_log(LOG_DEBUG, "    new credentials were found, discarding old\n");
-	    /* decrement counter in credentials, if it goes to zero, deallocate */
-	    if(local_cred_handle && --(local_cred_handle->counter) == 0) {
-		    edg_wll_gss_release_cred(&local_cred_handle->creds, &gss_stat);
-		    free(local_cred_handle);
-		    il_log(LOG_DEBUG, "   freed old credentials, not used anymore\n");
-	    }
-	    /* use the new credentials, increment usage count */
-	    local_cred_handle = cred_handle;
-	    local_cred_handle->counter++;
-	    pthread_setspecific(cred_handle_key, local_cred_handle);
-    }
-    if(pthread_mutex_unlock(&cred_handle_lock) < 0) 
+    local_cred_handle = cred_handle;
+    local_cred_handle->counter++;
+    if(pthread_mutex_unlock(&cred_handle_lock) < 0)
 	    abort();
+    
     il_log(LOG_DEBUG, "    trying to connect to %s:%d\n", eq->dest_name, eq->dest_port);
     ret = edg_wll_gss_connect(local_cred_handle->creds, eq->dest_name, eq->dest_port, &tv, &eq->gss, &gss_stat);
+    if(pthread_mutex_lock(&cred_handle_lock) < 0)
+	    abort();
+    /* check if we need to release the credentials */
+    if(local_cred_handle != cred_handle && --(local_cred_handle->counter) == 0) {
+	    edg_wll_gss_release_cred(&local_cred_handle->creds, NULL);
+	    free(local_cred_handle);
+	    il_log(LOG_DEBUG, "   freed credentials, not used anymore\n");
+    }
+    if(pthread_mutex_unlock(&cred_handle_lock) < 0) 
+	    abort();
+
     if(ret < 0) {
       char *gss_err = NULL;
 
-- 
1.8.2.3