Defensive brlock and locking database cleaning code.

Jeremy.
(This used to be commit d7aa42e4593b02ee6e487f7a4633bd7e7620ef2f)

4 files changed, 165 insertions, 50 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index a216235c77..8035931330 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1242,6 +1242,7 @@ struct packet_struct *receive_unexpected(enum packet_type packet_type, int id,
 /* The following definitions come from locking/brlock.c  */
 
 void brl_init(int read_only);
+void brl_shutdown(int read_only);
 BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 	      uint16 smbpid, pid_t pid, uint16 tid,
 	      br_off start, br_off size, 
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 175ab5c9b0..089818c9aa 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -113,12 +113,16 @@ static BOOL brl_conflict(struct lock_struct *lck1,
 
 
 /****************************************************************************
-delete a record if it is for a dead process
+ Delete a record if it is for a dead process, if check_self is true, then
+ delete any records belonging to this pid also (there shouldn't be any).
 ****************************************************************************/
+
 static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
 {
 	struct lock_struct *locks;
 	int count, i;
+	BOOL check_self = *(BOOL *)state;
+	pid_t mypid = sys_getpid();
 
 	tdb_chainlock(tdb, kbuf);
 
@@ -128,7 +132,20 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat
 	for (i=0; i<count; i++) {
 		struct lock_struct *lock = &locks[i];
 
-		if (process_exists(lock->context.pid)) continue;
+		/* If check_self is true we want to remove our own records. */
+		if (check_self && (mypid == lock->context.pid)) {
+
+			DEBUG(0,("brlock : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n",
+					(unsigned int)lock->context.pid ));
+
+		} else if (process_exists(lock->context.pid)) {
+
+			DEBUG(10,("brlock : delete_fn. pid %u exists.\n", (unsigned int)lock->context.pid ));
+			continue;
+		}
+
+		DEBUG(10,("brlock : delete_fn. Deleting record for process %u\n",
+				(unsigned int)lock->context.pid ));
 
 		if (count > 1 && i < count-1) {
 			memmove(&locks[i], &locks[i+1], 
@@ -152,9 +169,13 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat
 /****************************************************************************
  Open up the brlock.tdb database.
 ****************************************************************************/
+
 void brl_init(int read_only)
 {
-	if (tdb) return;
+	BOOL check_self = False;
+
+	if (tdb)
+		return;
 	tdb = tdb_open(lock_path("brlock.tdb"), 0, TDB_CLEAR_IF_FIRST, 
 		       read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
 	if (!tdb) {
@@ -163,11 +184,27 @@ void brl_init(int read_only)
 	}
 
 	/* delete any dead locks */
-	if (!read_only) {
-		tdb_traverse(tdb, delete_fn, NULL);
-	}
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
 }
 
+/****************************************************************************
+ Close down the brlock.tdb database.
+****************************************************************************/
+
+void brl_shutdown(int read_only)
+{
+	BOOL check_self = True;
+
+	if (tdb)
+		return;
+
+	/* delete any dead locks */
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
+
+	tdb_close(tdb);
+}
 
 /****************************************************************************
  Lock a range of bytes.
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 5824287e91..c2d3106a67 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -215,13 +215,72 @@ void locking_close_file(files_struct *fsp)
 }
 
 /****************************************************************************
+ Delete a record if it is for a dead process, if check_self is true, then
+ delete any records belonging to this pid also (there shouldn't be any).
+ This function is only called on locking startup and shutdown.
+****************************************************************************/
+
+static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct locking_data *data;
+	share_mode_entry *shares;
+	int i, del_count=0;
+	pid_t mypid = sys_getpid();
+	BOOL check_self = *(BOOL *)state;
+
+	tdb_chainlock(tdb, kbuf);
+
+	data = (struct locking_data *)dbuf.dptr;
+	shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data));
+
+	for (i=0;i<data->num_share_mode_entries;) {
+
+		if (check_self && (shares[i].pid == mypid)) {
+			DEBUG(0,("locking : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n",
+					(unsigned int)shares[i].pid ));
+		} else if (!process_exists(shares[i].pid)) {
+			DEBUG(0,("locking : delete_fn. LOGIC ERROR ! Entry for pid %u and it no longer exists !\n",
+					(unsigned int)shares[i].pid ));
+		} else {
+			/* Process exists, leave this record alone. */
+			i++;
+			continue;
+		}
+
+		data->num_share_mode_entries--;
+		memmove(&shares[i], &shares[i+1],
+		dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares)));
+		del_count++;
+
+	}
+
+	/* the record has shrunk a bit */
+	dbuf.dsize -= del_count * sizeof(*shares);
+
+	/* store it back in the database */
+	if (data->num_share_mode_entries == 0)
+		tdb_delete(ttdb, kbuf);
+	else
+		tdb_store(ttdb, kbuf, dbuf, TDB_REPLACE);
+
+	tdb_chainunlock(tdb, kbuf);
+	return 0;
+}
+
+/****************************************************************************
  Initialise the locking functions.
 ****************************************************************************/
+
+static int open_read_only;
+
 BOOL locking_init(int read_only)
 {
+	BOOL check_self = False;
+
 	brl_init(read_only);
 
-	if (tdb) return True;
+	if (tdb)
+		return True;
 
 	tdb = tdb_open(lock_path("locking.tdb"), 
 		       0, TDB_CLEAR_IF_FIRST, 
@@ -236,15 +295,35 @@ BOOL locking_init(int read_only)
 	if (!posix_locking_init(read_only))
 		return False;
 
+	/* delete any dead locks */
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
+
+	open_read_only = read_only;
+
 	return True;
 }
 
 /*******************************************************************
  Deinitialize the share_mode management.
 ******************************************************************/
+
 BOOL locking_end(void)
 {
-	if (tdb && tdb_close(tdb) != 0) return False;
+	BOOL check_self = True;
+
+	brl_shutdown(open_read_only);
+	if (tdb) {
+
+		/* delete any dead locks */
+
+		if (!open_read_only)
+			tdb_traverse(tdb, delete_fn, &check_self);
+
+		if (tdb_close(tdb) != 0)
+			return False;
+	}
+
 	return True;
 }
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 2e4837013e..b43512329e 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -603,57 +603,55 @@ static BOOL check_domain_security(char *orig_user, char *domain, char *unix_user
                                   char *smb_apasswd, int smb_apasslen,
                                   char *smb_ntpasswd, int smb_ntpasslen)
 {
-  BOOL ret = False;
-  BOOL user_exists = True;
-  struct passwd *pwd=NULL;
+	BOOL ret = False;
+	BOOL user_exists = True;
+	struct passwd *pwd=NULL;
 
-  if(lp_security() != SEC_DOMAIN)
-    return False;
+	if(lp_security() != SEC_DOMAIN)
+		return False;
 
-  if (!check_domain_match(orig_user, domain))
-     return False;
+	if (!check_domain_match(orig_user, domain))
+		return False;
 
-  ret = domain_client_validate(orig_user, domain,
-                                smb_apasswd, smb_apasslen,
-                                smb_ntpasswd, smb_ntpasslen,
-                                &user_exists, NULL);
+	ret = domain_client_validate(orig_user, domain,
+			smb_apasswd, smb_apasslen,
+			smb_ntpasswd, smb_ntpasslen,
+			&user_exists, NULL);
 
-  if(ret) {
-    /*
-     * User validated ok against Domain controller.
-     * If the admin wants us to try and create a UNIX
-     * user on the fly, do so.
-     */
-    if(user_exists && lp_adduser_script() && !(pwd = smb_getpwnam(unix_user,True))) {
-      smb_create_user(unix_user, NULL);
-    }
+	if(ret) {
+		/*
+		 * User validated ok against Domain controller.
+		 * If the admin wants us to try and create a UNIX
+		 * user on the fly, do so.
+		 */
+		if(user_exists && lp_adduser_script() && !(pwd = smb_getpwnam(unix_user,True)))
+			smb_create_user(unix_user, NULL);
 
-    if(lp_adduser_script() && pwd) {
-      SMB_STRUCT_STAT st;
+		if(lp_adduser_script() && pwd) {
+			SMB_STRUCT_STAT st;
 
-      /*
-       * Also call smb_create_user if the users home directory
-       * doesn't exist. Used with winbindd to allow the script to
-       * create the home directory for a user mapped with winbindd.
-       */
+			/*
+			 * Also call smb_create_user if the users home directory
+			 * doesn't exist. Used with winbindd to allow the script to
+			 * create the home directory for a user mapped with winbindd.
+			 */
 
-      if (pwd->pw_shell && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT))
-        smb_create_user(unix_user, pwd->pw_dir);
-    }
+			if (pwd->pw_dir && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT))
+				smb_create_user(unix_user, pwd->pw_dir);
+		}
 
-  } else {
-    /*
-     * User failed to validate ok against Domain controller.
-     * If the failure was "user doesn't exist" and admin 
-     * wants us to try and delete that UNIX user on the fly,
-     * do so.
-     */
-    if(!user_exists && lp_deluser_script() && smb_getpwnam(unix_user,True)) {
-      smb_delete_user(unix_user);
-    }
-  }
+	} else {
+		/*
+		 * User failed to validate ok against Domain controller.
+		 * If the failure was "user doesn't exist" and admin 
+		 * wants us to try and delete that UNIX user on the fly,
+		 * do so.
+		 */
+		if(!user_exists && lp_deluser_script() && smb_getpwnam(unix_user,True))
+			smb_delete_user(unix_user);
+	}
 
-  return ret;
+	return ret;
 }
 
 /****************************************************************************