diff options
author | Nicolas Williams <nico@cryptonector.com> | 2012-09-12 11:36:54 -0500 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2013-07-05 18:07:43 -0400 |
commit | aa21e706c4922c2db9e0e279dbdd7cb7ddb0a094 (patch) | |
tree | 9d1172a660d486c5955c770ef04014bb18cf7dee /src/plugins | |
parent | 46d97d394a37928fddd902b9b0740143da87f760 (diff) | |
download | krb5-aa21e706c4922c2db9e0e279dbdd7cb7ddb0a094.zip krb5-aa21e706c4922c2db9e0e279dbdd7cb7ddb0a094.tar.gz krb5-aa21e706c4922c2db9e0e279dbdd7cb7ddb0a094.tar.bz2 |
Fix lock inconsistency in ctx_unlock()
The lock inconsistency fixed here is quite possibly the same as
described in https://bugzilla.redhat.com/show_bug.cgi?id=586032 .
The problem is that ctx_unlock() fails to unlock the principal DB if
it fails to unlock the policy DB, and this happens when ctx_lock()
fails to lock the policy DB (likely because the caller is racing
against a kdb5_util load, which will be using a "permanent" lock,
meaning that the lock file will be unlinked after acquiring the
lock). The fix is to perform both unlock operations *then* handle
any errors that either or both might have returned.
(cherry picked from commit 29ee39baa919361ae08e26caab896890d5cb3eb4)
ticket: 7675 (new)
version_fixed: 1.10.7
status: resolved
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index e85ce4b..6d2608c 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -383,12 +383,10 @@ done: static krb5_error_code ctx_unlock(krb5_context context, krb5_db2_context *dbc) { - krb5_error_code retval; + krb5_error_code retval, retval2; DB *db; retval = osa_adb_release_lock(dbc->policy_db); - if (retval) - return retval; if (!dbc->db_locks_held) /* lock already unlocked */ return KRB5_KDB_NOTLOCKED; @@ -399,9 +397,15 @@ ctx_unlock(krb5_context context, krb5_db2_context *dbc) dbc->db = NULL; dbc->db_lock_mode = 0; - retval = krb5_lock_file(context, dbc->db_lf_file, + retval2 = krb5_lock_file(context, dbc->db_lf_file, KRB5_LOCKMODE_UNLOCK); + if (retval2) + return retval2; } + + /* We may be unlocking because osa_adb_get_lock() failed. */ + if (retval == OSA_ADB_NOTLOCKED) + return 0; return retval; } |