diff options
author | Tom Yu <tlyu@mit.edu> | 2013-07-03 18:16:38 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2013-07-05 19:29:53 -0400 |
commit | c5a0602e889bb17e85b7201d9e69d41ff5d9f315 (patch) | |
tree | 72e63959eb26fe41cd5b026580b12df7558f9b3c | |
parent | 9d424a50ac5f0d718f74a65ce226cca7bf1c0dbe (diff) | |
download | krb5-c5a0602e889bb17e85b7201d9e69d41ff5d9f315.zip krb5-c5a0602e889bb17e85b7201d9e69d41ff5d9f315.tar.gz krb5-c5a0602e889bb17e85b7201d9e69d41ff5d9f315.tar.bz2 |
Fix lock inconsistency in krb5_db2_unlock()
[ text below refers to new function names in krb5-1.10+ ]
The lock inconsistency fixed here is quite possibly the same as
described in https://bugzilla.redhat.com/show_bug.cgi?id=586032 .
The problem is that ctx_unlock() fails to unlock the principal DB if
it fails to unlock the policy DB, and this happens when ctx_lock()
fails to lock the policy DB (likely because the caller is racing
against a kdb5_util load, which will be using a "permanent" lock,
meaning that the lock file will be unlinked after acquiring the
lock). The fix is to perform both unlock operations *then* handle
any errors that either or both might have returned.
(back ported from commit 29ee39baa919361ae08e26caab896890d5cb3eb4)
ticket: 7674 (new)
version_fixed: 1.9.6
status: resolved
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 59660da..210afff 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -620,16 +620,14 @@ krb5_db2_unlock(krb5_context context) { krb5_db2_context *db_ctx; DB *db; - krb5_error_code retval; + krb5_error_code retval, retval2; if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; db_ctx = context->dal_handle->db_context; - if ((retval = osa_adb_release_lock(db_ctx->policy_db))) { - return retval; - } + retval = osa_adb_release_lock(db_ctx->policy_db); if (!db_ctx->db_locks_held) /* lock already unlocked */ return KRB5_KDB_NOTLOCKED; @@ -637,13 +635,18 @@ krb5_db2_unlock(krb5_context context) if (--(db_ctx->db_locks_held) == 0) { (*db->close) (db); db_ctx->db = NULL; - - retval = krb5_lock_file(context, db_ctx->db_lf_file, - KRB5_LOCKMODE_UNLOCK); db_ctx->db_lock_mode = 0; - return (retval); + + retval2 = krb5_lock_file(context, db_ctx->db_lf_file, + KRB5_LOCKMODE_UNLOCK); + if (retval2) + return retval2; } - return 0; + + /* We may be unlocking because osa_adb_get_lock() failed. */ + if (retval == OSA_ADB_NOTLOCKED) + return 0; + return retval; } /* Create the database, assuming it's not there. */ |