[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-2791-g0bdab79
Michael Adam
obnox at samba.org
Tue Aug 5 22:34:40 GMT 2008
The branch, v3-2-test has been updated
via 0bdab793c1da9b56790d37ac7d064b67ec51e3a4 (commit)
via c0e764d3878120e9612bbd847e581c6fd6c79532 (commit)
via c601ad0d1c5b7f3568fef7592e501b8f6be9c469 (commit)
via f3cdf9e646180837a470e90f8a17d933f07b60c3 (commit)
from 91c17ecfd7b07ff948874c3eb7013eb79c5b66ab (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 0bdab793c1da9b56790d37ac7d064b67ec51e3a4
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 23:38:56 2008 +0200
dbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().
Michael
(cherry picked from commit f8f21c8e3922806230e240cb54205fc2db7a3619)
commit c0e764d3878120e9612bbd847e581c6fd6c79532
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 23:14:05 2008 +0200
secrets: fix replacemend random seed generator (security issue).
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
(cherry picked from commit bfc5d34a196f667276ce1e173821db478d01258b)
commit c601ad0d1c5b7f3568fef7592e501b8f6be9c469
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 23:13:06 2008 +0200
dbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().
Michael
(cherry picked from commit 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0)
commit f3cdf9e646180837a470e90f8a17d933f07b60c3
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 22:38:44 2008 +0200
idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().
The race is a regression introduced by the change to dbwrap.
It might have led to two concurrent processes returning the same id.
This fix is achieved by changing dbwrap_change_uint32_atomic() to
match the original behaviour of tdb_change_uint32_atomic(), which
is the following: *oldval is used as initial value when
the value does not yet exist and that the old value should be
returned in *oldval.
dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c,
to get new ids.
Michael
(cherry picked from commit 72bd83fea7572a6202027b200d192c05023aa633)
-----------------------------------------------------------------------
Summary of changes:
source/lib/dbwrap_util.c | 30 ++++++++++++++++++++++++++----
1 files changed, 26 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/dbwrap_util.c b/source/lib/dbwrap_util.c
index 07e5082..09e9071 100644
--- a/source/lib/dbwrap_util.c
+++ b/source/lib/dbwrap_util.c
@@ -98,6 +98,13 @@ bool dbwrap_store_uint32(struct db_context *db, const char *keystr, uint32_t v)
return NT_STATUS_IS_OK(status) ? 0 : -1;
}
+/**
+ * Atomic unsigned integer change (addition):
+ *
+ * if value does not exist yet in the db, use *oldval as initial old value.
+ * return old value in *oldval.
+ * store *oldval + change_val to db.
+ */
uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
uint32_t *oldval, uint32_t change_val)
{
@@ -110,9 +117,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
return -1;
}
- if ((rec->value.dptr != NULL)
- && (rec->value.dsize == sizeof(val))) {
+ if (rec->value.dptr == NULL) {
+ val = *oldval;
+ } else if (rec->value.dsize == sizeof(val)) {
val = IVAL(rec->value.dptr, 0);
+ *oldval = val;
+ } else {
+ return -1;
}
val += change_val;
@@ -127,6 +138,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
return 0;
}
+/**
+ * Atomic integer change (addition):
+ *
+ * if value does not exist yet in the db, use *oldval as initial old value.
+ * return old value in *oldval.
+ * store *oldval + change_val to db.
+ */
int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
int32 *oldval, int32 change_val)
{
@@ -139,9 +157,13 @@ int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
return -1;
}
- if ((rec->value.dptr != NULL)
- && (rec->value.dsize == sizeof(val))) {
+ if (rec->value.dptr == NULL) {
+ val = *oldval;
+ } else if (rec->value.dsize == sizeof(val)) {
val = IVAL(rec->value.dptr, 0);
+ *oldval = val;
+ } else {
+ return -1;
}
val += change_val;
--
Samba Shared Repository
More information about the samba-cvs
mailing list