[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2791-g0bdab79

Michael Adam obnox at samba.org
Tue Aug 5 22:34:40 GMT 2008 

The branch, v3-2-test has been updated
       via  0bdab793c1da9b56790d37ac7d064b67ec51e3a4 (commit)
       via  c0e764d3878120e9612bbd847e581c6fd6c79532 (commit)
       via  c601ad0d1c5b7f3568fef7592e501b8f6be9c469 (commit)
       via  f3cdf9e646180837a470e90f8a17d933f07b60c3 (commit)
      from  91c17ecfd7b07ff948874c3eb7013eb79c5b66ab (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 0bdab793c1da9b56790d37ac7d064b67ec51e3a4
Author: Michael Adam <obnox at samba.org>
Date:   Tue Aug 5 23:38:56 2008 +0200

    dbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().
    
    Michael
    (cherry picked from commit f8f21c8e3922806230e240cb54205fc2db7a3619)

commit c0e764d3878120e9612bbd847e581c6fd6c79532
Author: Michael Adam <obnox at samba.org>
Date:   Tue Aug 5 23:14:05 2008 +0200

    secrets: fix replacemend random seed generator (security issue).
    
    This is a regression introduced by the change to dbwrap.
    The replacement dbwrap_change_int32_atomic() does not
    correctly mimic the behaviour of tdb_change_int32_atomic():
    The intended behaviour is to use *oldval  as an initial
    value when the entry does not yet exist in the db and to
    return the old value in *oldval.
    
    The effect was that:
    1. get_rand_seed() always returns sys_getpid() in *new_seed
       instead of the incremented seed from the secrets.tdb.
    2. the seed stored in the tdb is always starting at 0 instead
       of sys_getpid() + 1 and incremented in subsequent calls.
    
    In principle this is a security issue, but i think the danger is
    low, since this is only used as a fallback when there is no useable
    /dev/urandom, and this is at most called on startup or via
    reinit_after_fork.
    
    Michael
    (cherry picked from commit bfc5d34a196f667276ce1e173821db478d01258b)

commit c601ad0d1c5b7f3568fef7592e501b8f6be9c469
Author: Michael Adam <obnox at samba.org>
Date:   Tue Aug 5 23:13:06 2008 +0200

    dbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().
    
    Michael
    (cherry picked from commit 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0)

commit f3cdf9e646180837a470e90f8a17d933f07b60c3
Author: Michael Adam <obnox at samba.org>
Date:   Tue Aug 5 22:38:44 2008 +0200

    idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().
    
    The race is a regression introduced by the change to dbwrap.
    It might have led to two concurrent processes returning the same id.
    
    This fix is achieved by changing dbwrap_change_uint32_atomic() to
    match the original behaviour of tdb_change_uint32_atomic(), which
    is the following: *oldval is used as initial value when
    the value does not yet exist and that the old value should be
    returned in *oldval.
    
    dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c,
    to get new ids.
    
    Michael
    (cherry picked from commit 72bd83fea7572a6202027b200d192c05023aa633)

-----------------------------------------------------------------------

Summary of changes:
 source/lib/dbwrap_util.c |   30 ++++++++++++++++++++++++++----
 1 files changed, 26 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/dbwrap_util.c b/source/lib/dbwrap_util.c
index 07e5082..09e9071 100644
--- a/source/lib/dbwrap_util.c
+++ b/source/lib/dbwrap_util.c
@@ -98,6 +98,13 @@ bool dbwrap_store_uint32(struct db_context *db, const char *keystr, uint32_t v)
 	return NT_STATUS_IS_OK(status) ? 0 : -1;
 }
 
+/**
+ * Atomic unsigned integer change (addition):
+ *
+ * if value does not exist yet in the db, use *oldval as initial old value.
+ * return old value in *oldval.
+ * store *oldval + change_val to db.
+ */
 uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
 				     uint32_t *oldval, uint32_t change_val)
 {
@@ -110,9 +117,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
 		return -1;
 	}
 
-	if ((rec->value.dptr != NULL)
-	    && (rec->value.dsize == sizeof(val))) {
+	if (rec->value.dptr == NULL) {
+		val = *oldval;
+	} else if (rec->value.dsize == sizeof(val)) {
 		val = IVAL(rec->value.dptr, 0);
+		*oldval = val;
+	} else {
+		return -1;
 	}
 
 	val += change_val;
@@ -127,6 +138,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
 	return 0;
 }
 
+/**
+ * Atomic integer change (addition):
+ *
+ * if value does not exist yet in the db, use *oldval as initial old value.
+ * return old value in *oldval.
+ * store *oldval + change_val to db.
+ */
 int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
 				 int32 *oldval, int32 change_val)
 {
@@ -139,9 +157,13 @@ int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
 		return -1;
 	}
 
-	if ((rec->value.dptr != NULL)
-	    && (rec->value.dsize == sizeof(val))) {
+	if (rec->value.dptr == NULL) {
+		val = *oldval;
+	} else if (rec->value.dsize == sizeof(val)) {
 		val = IVAL(rec->value.dptr, 0);
+		*oldval = val;
+	} else {
+		return -1;
 	}
 
 	val += change_val;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list