diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2012-09-26 17:32:56 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-05 14:10:26 -0400 |
| commit | 464e61f63d023a16f6aecd2798860323cbf84c91 (patch) | |
| tree | 706d609daae67822b7c4d130f62efd48464cb5dc /src/kadmin | |
| parent | c16f2f668267b90b28cabf15075022d7810e02ed (diff) | |
| download | krb5-464e61f63d023a16f6aecd2798860323cbf84c91.tar.gz krb5-464e61f63d023a16f6aecd2798860323cbf84c91.tar.xz krb5-464e61f63d023a16f6aecd2798860323cbf84c91.zip | |
Fix kdb5_util dump race
ticket: 7377
Diffstat (limited to 'src/kadmin')
| -rw-r--r-- | src/kadmin/dbutil/dump.c | 64 | ||||
| -rw-r--r-- | src/kadmin/dbutil/kdb5_util.h | 2 |
2 files changed, 32 insertions, 34 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index c5c003484..c1478b6d8 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -490,41 +490,45 @@ current_dump_sno_in_ulog(char *ifile, kdb_hlog_t *ulog) return 1; } -/* - * Update the "ok" file. - */ -void update_ok_file (file_name) - char *file_name; + +/* Create the .dump_ok file. */ +static int +prep_ok_file(krb5_context context, char *file_name, int *fd) { - /* handle slave locking/failure stuff */ - char *file_ok; - int fd; static char ok[]=".dump_ok"; + krb5_error_code retval; + char *file_ok; if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) { - com_err(progname, ENOMEM, - _("while allocating filename for update_ok_file")); + com_err(progname, ENOMEM, _("while allocating dump_ok filename")); exit_status++; - return; + return 0; } - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { - com_err(progname, errno, _("while creating 'ok' file, '%s'"), - file_ok); + + *fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); + if (*fd == -1) { + com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); exit_status++; free(file_ok); - return; + return 0; } - if (write(fd, "", 1) != 1) { - com_err(progname, errno, _("while writing to 'ok' file, '%s'"), - file_ok); - exit_status++; - free(file_ok); - return; + retval = krb5_lock_file(context, *fd, KRB5_LOCKMODE_EXCLUSIVE); + if (retval) { + com_err(progname, retval, _("while locking 'ok' file, '%s'"), file_ok); + return 0; } + return 1; +} - free(file_ok); +/* + * Update the "ok" file. + */ +static void +update_ok_file(krb5_context context, int fd) +{ + write(fd, "", 1); + krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK); close(fd); - return; } /* @@ -1274,6 +1278,7 @@ dump_db(argc, argv) dump_version *dump; int aindex; int conditional = 0; + int ok_fd = -1; char *new_mkey_file = 0; bool_t dump_sno = FALSE; kdb_log_context *log_ctx; @@ -1454,11 +1459,13 @@ dump_db(argc, argv) */ if (ofile[0] == '-') usage(); + if (!prep_ok_file(util_context, ofile, &ok_fd)) + return; /* prep_ok_file() bumps exit_status */ f = create_ofile(ofile, &tmpofile); if (f == NULL) { fprintf(stderr, ofopen_error, progname, ofile, error_message(errno)); - return; + goto error; } } else { f = stdout; @@ -1508,7 +1515,7 @@ dump_db(argc, argv) if (ofile && f != stdout) { fclose(f); finish_ofile(ofile, &tmpofile); - update_ok_file(ofile); + update_ok_file(util_context, ok_fd); } return; } @@ -2732,13 +2739,6 @@ load_db(argc, argv) exit_status++; return; } - if ((kret = krb5_lock_file(kcontext, fileno(f), - KRB5_LOCKMODE_SHARED))) { - fprintf(stderr, _("%s: Cannot lock %s: %s\n"), progname, - dumpfile, error_message(errno)); - exit_status++; - return; - } } else f = stdin; diff --git a/src/kadmin/dbutil/kdb5_util.h b/src/kadmin/dbutil/kdb5_util.h index b606b8d21..9517ea7ea 100644 --- a/src/kadmin/dbutil/kdb5_util.h +++ b/src/kadmin/dbutil/kdb5_util.h @@ -87,8 +87,6 @@ extern krb5_error_code master_key_convert(krb5_context context, krb5_db_entry *db_entry); extern void kdb5_purge_mkeys (int argc, char **argv); -extern void update_ok_file (char *file_name); - extern int kadm5_create (kadm5_config_params *params); extern krb5_error_code add_new_mkey(krb5_context, krb5_db_entry *, |