diff options
| author | Robin Hack <rhack@redhat.com> | 2014-02-05 10:32:18 +0100 |
|---|---|---|
| committer | Robin Hack <rhack@redhat.com> | 2014-02-13 13:04:35 +0100 |
| commit | 09060b6b95fc0e6a00142a7e5e141797a1ee28ca (patch) | |
| tree | e62e2a0befae64dfe241b56545056f8594572432 /src/account/LMI_AccountManagementServiceProvider.c | |
| parent | 8f10af2410dcdf2d1bfa1e75673d979e9553aa80 (diff) | |
| download | openlmi-providers-09060b6b95fc0e6a00142a7e5e141797a1ee28ca.tar.gz openlmi-providers-09060b6b95fc0e6a00142a7e5e141797a1ee28ca.tar.xz openlmi-providers-09060b6b95fc0e6a00142a7e5e141797a1ee28ca.zip | |
Account: Race conditions fixes (like: bz#1061150)
This patch solves:
* Avoid race conditions with shadow-utils.
* Avoid race condition with libuser: uid/gid "sharing" amoung users/groups.
* Fix deadlock in lock.c code.
This patch introduces giant lock which is held for all write operations.
Diffstat (limited to 'src/account/LMI_AccountManagementServiceProvider.c')
| -rw-r--r-- | src/account/LMI_AccountManagementServiceProvider.c | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/src/account/LMI_AccountManagementServiceProvider.c b/src/account/LMI_AccountManagementServiceProvider.c index d4e51d5..21473ea 100644 --- a/src/account/LMI_AccountManagementServiceProvider.c +++ b/src/account/LMI_AccountManagementServiceProvider.c @@ -38,6 +38,8 @@ #include <unistd.h> #include <shadow.h> +#include "lock.h" + // Return values of functions // common #define RET_OK 0 @@ -54,6 +56,10 @@ static const CMPIBroker* _cb = NULL; static void LMI_AccountManagementServiceInitialize(const CMPIContext *ctx) { lmi_init(provider_name, _cb, ctx, provider_config_defaults); + if (init_lock_pools() == 0) { + error("Unable to initialize lock pool."); + exit (1); + } } static CMPIStatus LMI_AccountManagementServiceCleanup( @@ -271,6 +277,12 @@ KUint32 LMI_AccountManagementService_CreateGroup( goto clean; } + char userlock[USERNAME_LEN_MAX] = {0}; + /* -1 for NULL char */ + strncpy(userlock, Name->chars, sizeof(userlock) - 1); + lmi_debug("Getting giant lock for user: %s", userlock); + get_giant_lock(); + pwdlockres = lckpwdf(); if (pwdlockres != 0) warn("Cannot acquire passwd file lock\n"); @@ -337,10 +349,14 @@ KUint32 LMI_AccountManagementService_CreateGroup( clean: #undef FAIL - if (lue) lu_ent_free(lue); - if (luc) lu_end(luc); if (pwdlockres == 0) ulckpwdf(); + lmi_debug("Releasing giant lock for user: %s", userlock); + release_giant_lock(); + lmi_debug("Giant lock released for user %s", userlock); + + if (lue) lu_ent_free(lue); + if (luc) lu_end(luc); return result; } @@ -405,6 +421,12 @@ KUint32 LMI_AccountManagementService_CreateAccount( goto clean; } + char userlock[USERNAME_LEN_MAX] = {0}; + /* -1 for NULL char */ + strncpy(userlock, Name->chars, sizeof(userlock) - 1); + lmi_debug("Getting giant lock for user: %s", userlock); + get_giant_lock(); + pwdlockres = lckpwdf(); if (pwdlockres != 0) warn("Cannot acquire passwd file lock\n"); @@ -586,13 +608,16 @@ output: clean: #undef FAIL + if (pwdlockres == 0) + ulckpwdf(); + lmi_debug("Releasing giant lock for user: %s", userlock); + release_giant_lock(); + lmi_debug("Giant lock released for user %s", userlock); + free(group_name); if (lue) lu_ent_free(lue); if (lue_group) lu_ent_free(lue_group); if (luc) lu_end(luc); - if (pwdlockres == 0) - ulckpwdf(); - return result; } |