From faa0bef196b732b45c4614acd655af4881504808 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 22 May 2001 20:35:48 +0000 Subject: Defensive brlock and locking database cleaning code. Jeremy. (This used to be commit d7aa42e4593b02ee6e487f7a4633bd7e7620ef2f) --- source3/include/proto.h | 1 + source3/locking/brlock.c | 49 ++++++++++++++++++++++++---- source3/locking/locking.c | 83 +++++++++++++++++++++++++++++++++++++++++++++-- source3/smbd/reply.c | 82 +++++++++++++++++++++++----------------------- 4 files changed, 165 insertions(+), 50 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index a216235c77..8035931330 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1242,6 +1242,7 @@ struct packet_struct *receive_unexpected(enum packet_type packet_type, int id, /* The following definitions come from locking/brlock.c */ void brl_init(int read_only); +void brl_shutdown(int read_only); BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum, uint16 smbpid, pid_t pid, uint16 tid, br_off start, br_off size, diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index 175ab5c9b0..089818c9aa 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -113,12 +113,16 @@ static BOOL brl_conflict(struct lock_struct *lck1, /**************************************************************************** -delete a record if it is for a dead process + Delete a record if it is for a dead process, if check_self is true, then + delete any records belonging to this pid also (there shouldn't be any). ****************************************************************************/ + static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state) { struct lock_struct *locks; int count, i; + BOOL check_self = *(BOOL *)state; + pid_t mypid = sys_getpid(); tdb_chainlock(tdb, kbuf); @@ -128,7 +132,20 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat for (i=0; icontext.pid)) continue; + /* If check_self is true we want to remove our own records. */ + if (check_self && (mypid == lock->context.pid)) { + + DEBUG(0,("brlock : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n", + (unsigned int)lock->context.pid )); + + } else if (process_exists(lock->context.pid)) { + + DEBUG(10,("brlock : delete_fn. pid %u exists.\n", (unsigned int)lock->context.pid )); + continue; + } + + DEBUG(10,("brlock : delete_fn. Deleting record for process %u\n", + (unsigned int)lock->context.pid )); if (count > 1 && i < count-1) { memmove(&locks[i], &locks[i+1], @@ -152,9 +169,13 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat /**************************************************************************** Open up the brlock.tdb database. ****************************************************************************/ + void brl_init(int read_only) { - if (tdb) return; + BOOL check_self = False; + + if (tdb) + return; tdb = tdb_open(lock_path("brlock.tdb"), 0, TDB_CLEAR_IF_FIRST, read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644); if (!tdb) { @@ -163,11 +184,27 @@ void brl_init(int read_only) } /* delete any dead locks */ - if (!read_only) { - tdb_traverse(tdb, delete_fn, NULL); - } + if (!read_only) + tdb_traverse(tdb, delete_fn, &check_self); } +/**************************************************************************** + Close down the brlock.tdb database. +****************************************************************************/ + +void brl_shutdown(int read_only) +{ + BOOL check_self = True; + + if (tdb) + return; + + /* delete any dead locks */ + if (!read_only) + tdb_traverse(tdb, delete_fn, &check_self); + + tdb_close(tdb); +} /**************************************************************************** Lock a range of bytes. diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 5824287e91..c2d3106a67 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -214,14 +214,73 @@ void locking_close_file(files_struct *fsp) } } +/**************************************************************************** + Delete a record if it is for a dead process, if check_self is true, then + delete any records belonging to this pid also (there shouldn't be any). + This function is only called on locking startup and shutdown. +****************************************************************************/ + +static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state) +{ + struct locking_data *data; + share_mode_entry *shares; + int i, del_count=0; + pid_t mypid = sys_getpid(); + BOOL check_self = *(BOOL *)state; + + tdb_chainlock(tdb, kbuf); + + data = (struct locking_data *)dbuf.dptr; + shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data)); + + for (i=0;inum_share_mode_entries;) { + + if (check_self && (shares[i].pid == mypid)) { + DEBUG(0,("locking : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n", + (unsigned int)shares[i].pid )); + } else if (!process_exists(shares[i].pid)) { + DEBUG(0,("locking : delete_fn. LOGIC ERROR ! Entry for pid %u and it no longer exists !\n", + (unsigned int)shares[i].pid )); + } else { + /* Process exists, leave this record alone. */ + i++; + continue; + } + + data->num_share_mode_entries--; + memmove(&shares[i], &shares[i+1], + dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares))); + del_count++; + + } + + /* the record has shrunk a bit */ + dbuf.dsize -= del_count * sizeof(*shares); + + /* store it back in the database */ + if (data->num_share_mode_entries == 0) + tdb_delete(ttdb, kbuf); + else + tdb_store(ttdb, kbuf, dbuf, TDB_REPLACE); + + tdb_chainunlock(tdb, kbuf); + return 0; +} + /**************************************************************************** Initialise the locking functions. ****************************************************************************/ + +static int open_read_only; + BOOL locking_init(int read_only) { + BOOL check_self = False; + brl_init(read_only); - if (tdb) return True; + if (tdb) + return True; tdb = tdb_open(lock_path("locking.tdb"), 0, TDB_CLEAR_IF_FIRST, @@ -236,15 +295,35 @@ BOOL locking_init(int read_only) if (!posix_locking_init(read_only)) return False; + /* delete any dead locks */ + if (!read_only) + tdb_traverse(tdb, delete_fn, &check_self); + + open_read_only = read_only; + return True; } /******************************************************************* Deinitialize the share_mode management. ******************************************************************/ + BOOL locking_end(void) { - if (tdb && tdb_close(tdb) != 0) return False; + BOOL check_self = True; + + brl_shutdown(open_read_only); + if (tdb) { + + /* delete any dead locks */ + + if (!open_read_only) + tdb_traverse(tdb, delete_fn, &check_self); + + if (tdb_close(tdb) != 0) + return False; + } + return True; } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 2e4837013e..b43512329e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -603,57 +603,55 @@ static BOOL check_domain_security(char *orig_user, char *domain, char *unix_user char *smb_apasswd, int smb_apasslen, char *smb_ntpasswd, int smb_ntpasslen) { - BOOL ret = False; - BOOL user_exists = True; - struct passwd *pwd=NULL; + BOOL ret = False; + BOOL user_exists = True; + struct passwd *pwd=NULL; - if(lp_security() != SEC_DOMAIN) - return False; + if(lp_security() != SEC_DOMAIN) + return False; - if (!check_domain_match(orig_user, domain)) - return False; + if (!check_domain_match(orig_user, domain)) + return False; - ret = domain_client_validate(orig_user, domain, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen, - &user_exists, NULL); + ret = domain_client_validate(orig_user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen, + &user_exists, NULL); - if(ret) { - /* - * User validated ok against Domain controller. - * If the admin wants us to try and create a UNIX - * user on the fly, do so. - */ - if(user_exists && lp_adduser_script() && !(pwd = smb_getpwnam(unix_user,True))) { - smb_create_user(unix_user, NULL); - } + if(ret) { + /* + * User validated ok against Domain controller. + * If the admin wants us to try and create a UNIX + * user on the fly, do so. + */ + if(user_exists && lp_adduser_script() && !(pwd = smb_getpwnam(unix_user,True))) + smb_create_user(unix_user, NULL); - if(lp_adduser_script() && pwd) { - SMB_STRUCT_STAT st; + if(lp_adduser_script() && pwd) { + SMB_STRUCT_STAT st; - /* - * Also call smb_create_user if the users home directory - * doesn't exist. Used with winbindd to allow the script to - * create the home directory for a user mapped with winbindd. - */ + /* + * Also call smb_create_user if the users home directory + * doesn't exist. Used with winbindd to allow the script to + * create the home directory for a user mapped with winbindd. + */ - if (pwd->pw_shell && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT)) - smb_create_user(unix_user, pwd->pw_dir); - } + if (pwd->pw_dir && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT)) + smb_create_user(unix_user, pwd->pw_dir); + } - } else { - /* - * User failed to validate ok against Domain controller. - * If the failure was "user doesn't exist" and admin - * wants us to try and delete that UNIX user on the fly, - * do so. - */ - if(!user_exists && lp_deluser_script() && smb_getpwnam(unix_user,True)) { - smb_delete_user(unix_user); - } - } + } else { + /* + * User failed to validate ok against Domain controller. + * If the failure was "user doesn't exist" and admin + * wants us to try and delete that UNIX user on the fly, + * do so. + */ + if(!user_exists && lp_deluser_script() && smb_getpwnam(unix_user,True)) + smb_delete_user(unix_user); + } - return ret; + return ret; } /**************************************************************************** -- cgit