From 18fde45d13a62f7e861887adffaa08bbbc63d2b3 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@mit.edu>
Date: Tue, 16 Mar 2004 04:32:45 +0000
Subject: [PATCH] kfw-thread-safety-20040315

Add a mutex semaphore around the kfw initialization code to prevent
multiple threads from attempting to initialize simultaneously.
---
 src/WINNT/client_creds/afskfw.c | 95 +++++++++++++++++++++++++--------
 1 file changed, 73 insertions(+), 22 deletions(-)

diff --git a/src/WINNT/client_creds/afskfw.c b/src/WINNT/client_creds/afskfw.c
index 0e2e03e6f..5c93cfefe 100644
--- a/src/WINNT/client_creds/afskfw.c
+++ b/src/WINNT/client_creds/afskfw.c
@@ -397,34 +397,50 @@ void
 KFW_initialize(void)
 {
     static int inited = 0;
+
     if ( !inited ) {
-        inited = 1;
-        LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
-        LoadFuncs(KRB4_DLL, k4_fi, &hKrb5, 0, 1, 0, 0);
-        LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
-        LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
+        char mutexName[MAX_PATH];
+        HANDLE hMutex = NULL;
+
+        sprintf(mutexName, "AFS KFW Init pid=%d", getpid());
+        
+        hMutex = CreateMutex( NULL, TRUE, mutexName );
+        if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+            if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
+                return;
+            }
+        }
+        if ( !inited ) {
+            inited = 1;
+            LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
+            LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0);
+            LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
+            LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
 #ifdef USE_MS2MIT
-        LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
+            LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
 #endif /* USE_MS2MIT */
-        LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1);
-        LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
-        LoadFuncs(AFSTOKENS_DLL, afst_fi, &hAfsTokens, 0, 1, 0, 0);
-        LoadFuncs(AFSCONF_DLL, afsc_fi, &hAfsConf, 0, 1, 0, 0);
-        LoadFuncs(LEASH_DLL, leash_fi, &hLeash, 0, 1, 0, 0);
-        LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0);
-
-        if ( KFW_is_available() ) {
-            char rootcell[MAXCELLCHARS+1];
+            LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1);
+            LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
+            LoadFuncs(AFSTOKENS_DLL, afst_fi, &hAfsTokens, 0, 1, 0, 0);
+            LoadFuncs(AFSCONF_DLL, afsc_fi, &hAfsConf, 0, 1, 0, 0);
+            LoadFuncs(LEASH_DLL, leash_fi, &hLeash, 0, 1, 0, 0);
+            LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0);
+
+            if ( KFW_is_available() ) {
+                char rootcell[MAXCELLCHARS+1];
 #ifdef USE_MS2MIT
-            KFW_import_windows_lsa();
+                KFW_import_windows_lsa();
 #endif /* USE_MS2MIT */
-            KFW_import_ccache_data();
-		    KFW_AFS_renew_expiring_tokens();
+                KFW_import_ccache_data();
+                KFW_AFS_renew_expiring_tokens();
 
-            /* WIN32 NOTE: no way to get max chars */
-            if (!pcm_GetRootCellName(rootcell))
-                KFW_AFS_renew_token_for_cell(rootcell);
+                /* WIN32 NOTE: no way to get max chars */
+                if (!pcm_GetRootCellName(rootcell))
+                    KFW_AFS_renew_token_for_cell(rootcell);
+            }
         }
+        ReleaseMutex(hMutex);
+        CloseHandle(hMutex);
     }
 }
 
@@ -490,7 +506,7 @@ KFW_is_available(void)
          hSecur32 && 
 #endif /* USE_MS2MIT */
          hKrb524 &&
-         hProfile && hAfsTokens && hAfsConf )
+         hProfile && hAfsTokens && hAfsConf && hLeash && hCCAPI )
         return TRUE;
     return FALSE;
 }
@@ -832,6 +848,9 @@ KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc)
     char * ccname = 0;
     krb5_error_code code;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     if ( alt_ctx ) {
         ctx = alt_ctx;
     } else {
@@ -878,6 +897,9 @@ KFW_import_windows_lsa(void)
     char cell[128]="";
     int i;
          
+    if (!pkrb5_init_context)
+        return;
+
     if ( !MSLSA_IsKerberosLogon() )
         return;
 
@@ -1138,6 +1160,9 @@ KFW_AFS_get_cred(char * username,
     int  cell_count=0;
     afsconf_cell cellconfig;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     if ( IsDebuggerPresent() ) {
         OutputDebugString("KFW_AFS_get_cred for token ");
         OutputDebugString(username);
@@ -1262,6 +1287,9 @@ KFW_AFS_destroy_tickets_for_cell(char * cell)
     int count;
     char ** principals = NULL;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     if ( IsDebuggerPresent() ) {
         OutputDebugString("KFW_AFS_destroy_ticets_for_cell: ");
         OutputDebugString(cell);
@@ -1329,6 +1357,9 @@ KFW_AFS_renew_expiring_tokens(void)
     char local_cell[MAXCELLCHARS+1]="";
     afsconf_cell cellconfig;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     if ( pcc_next == NULL ) // nothing to do
         return 0;
 
@@ -1422,6 +1453,9 @@ KFW_AFS_renew_token_for_cell(char * cell)
     int count;
     char ** principals = NULL;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     if ( IsDebuggerPresent() ) {
         OutputDebugString("KFW_AFS_renew_token_for_cell:");
         OutputDebugString(cell);
@@ -1435,7 +1469,9 @@ KFW_AFS_renew_token_for_cell(char * cell)
     if ( count > 0 ) {
         krb5_principal      princ = 0;
         krb5_principal      service = 0;
+#ifdef COMMENT
         krb5_creds          mcreds, creds;
+#endif /* COMMENT */
         krb5_ccache			cc  = 0;
         const char * realm = NULL;
         afsconf_cell cellconfig;
@@ -1554,6 +1590,9 @@ KFW_renew(krb5_context alt_ctx, krb5_ccache alt_cc)
     krb5_creds			        my_creds;
     krb5_data                   *realm = 0;
 
+    if (!pkrb5_init_context)
+        return 0;
+
 	memset(&my_creds, 0, sizeof(krb5_creds));
 
     if ( alt_ctx ) {
@@ -1831,6 +1870,9 @@ KFW_kdestroy(krb5_context alt_ctx, krb5_ccache alt_cc)
     krb5_ccache			cc;
     krb5_error_code		code;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     if (alt_ctx)
     {
         ctx = alt_ctx;
@@ -2538,6 +2580,9 @@ KFW_AFS_klog(
         return(-2);
     }
 
+    if (!pkrb5_init_context)
+        return 0;
+
     memset(RealmName, '\0', sizeof(RealmName));
     memset(CellName, '\0', sizeof(CellName));
     memset(ServiceName, '\0', sizeof(ServiceName));
@@ -2818,6 +2863,9 @@ afs_realm_of_cell(afsconf_cell *cellconfig)
     if (!cellconfig)
         return 0;
 
+    if (!pkrb5_init_context)
+        return 0;
+
     r = pkrb5_init_context(&ctx); 
     if ( !r )
         r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist);
@@ -3217,6 +3265,9 @@ ObtainTokensFromUserIfNeeded(HWND hWnd)
         return;
     }
 
+    if (!pkrb5_init_context)
+        return;
+
     if ( use_kfw ) {
         code = pkrb5_init_context(&ctx);
         if ( code ) goto cleanup;
-- 
2.39.5