[PATCHSET] dbwarp_tool: reduce risk of erasing databases

Michael Adam obnox at samba.org
Thu Jan 30 03:07:21 MST 2014 

dbwrap_tool is currently inherently dangerous:
if a persistent (aka non-CLEAR_IF_FIRST) database
is openened with default modes with dbwrap_tool
when there is no other opener on the db, it will
be erased.. :-(

This patchset adds a --non-persistent option, and
forces the user to conciously specify one of
"--persistent" and "--non-persistent" and updates
the docs.

review & push appreciated

Thanks - Michael
-------------- next part --------------
From 7e19916569975dcdc41d77ee9d7a654f791ba68f Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Wed, 29 Jan 2014 16:58:37 +0100
Subject: [PATCH 1/5] dbwrap_tool: remove the short form "-p" of "--persistent"

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source3/utils/dbwrap_tool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/utils/dbwrap_tool.c b/source3/utils/dbwrap_tool.c
index 79b40d2..406e89e 100644
--- a/source3/utils/dbwrap_tool.c
+++ b/source3/utils/dbwrap_tool.c
@@ -420,7 +420,7 @@ int main(int argc, const char **argv)
 	struct poptOption popt_options[] = {
 		POPT_AUTOHELP
 		POPT_COMMON_SAMBA
-		{ "persistent", 'p', POPT_ARG_NONE, &persistent, 0, "treat the database as persistent", NULL },
+		{ "persistent", 0, POPT_ARG_NONE, &persistent, 0, "treat the database as persistent", NULL },
 		POPT_TABLEEND
 	};
 	int opt;
-- 
1.8.3.2


From 32ad8e64c052d0aa64569d8e5b37a852ad028e7a Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 30 Jan 2014 10:33:00 +0100
Subject: [PATCH 2/5] docs: remove short form "-p" of --persistent from
 dbwrap_tool manpage

Signed-off-by: Michael Adam <obnox at samba.org>
---
 docs-xml/manpages/dbwrap_tool.1.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml
index 8e979f6..f190623 100644
--- a/docs-xml/manpages/dbwrap_tool.1.xml
+++ b/docs-xml/manpages/dbwrap_tool.1.xml
@@ -19,7 +19,7 @@
 <refsynopsisdiv>
 	<cmdsynopsis>
 		<command>dbwrap_tool</command>
-		<arg choice="opt">-p|--persistent</arg>
+		<arg choice="opt">--persistent</arg>
 		<arg choice="opt">-d <debug level></arg>
 		<arg choice="opt">-s <config file></arg>
 		<arg choice="opt">-l <log file base></arg>
@@ -70,7 +70,7 @@
 
 	<variablelist>
 		<varlistentry>
-			<term>-p|--persistent</term>
+			<term>--persistent</term>
 			<listitem><para>Open the database as a persistent database.
 			If this option is not specified, the database is opened as
 			non-persistent.
-- 
1.8.3.2


From bae2c2a505dccffe2492ad4cd4ef75b28e31634d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 30 Jan 2014 10:29:49 +0100
Subject: [PATCH 3/5] dbwrap_tool: add option "--non-persistent" and force
 excatly one of "--[non-]persistent"

We want to force users of dbwrap_tool to explicitly specify
persistent or non-persistent. Otherwise, one could easily
by accident wipe a whole database that is actually persistent
but not currently opened by a samba process, just by openeing
the DB with the default non-persistent mode...

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source3/utils/dbwrap_tool.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/source3/utils/dbwrap_tool.c b/source3/utils/dbwrap_tool.c
index 406e89e..38d4a11 100644
--- a/source3/utils/dbwrap_tool.c
+++ b/source3/utils/dbwrap_tool.c
@@ -411,6 +411,7 @@ int main(int argc, const char **argv)
 	enum dbwrap_type type;
 	const char *valuestr = "0";
 	int persistent = 0;
+	int non_persistent = 0;
 	int tdb_flags = TDB_DEFAULT;
 
 	TALLOC_CTX *mem_ctx = talloc_stackframe();
@@ -420,6 +421,7 @@ int main(int argc, const char **argv)
 	struct poptOption popt_options[] = {
 		POPT_AUTOHELP
 		POPT_COMMON_SAMBA
+		{ "non-persistent", 0, POPT_ARG_NONE, &non_persistent, 0, "treat the database as non-persistent", NULL },
 		{ "persistent", 0, POPT_ARG_NONE, &persistent, 0, "treat the database as persistent", NULL },
 		POPT_TABLEEND
 	};
@@ -463,6 +465,16 @@ int main(int argc, const char **argv)
 		goto done;
 	}
 
+	if ((persistent == 0 && non_persistent == 0) ||
+	    (persistent == 1 && non_persistent == 1))
+	{
+		d_fprintf(stderr, "ERROR: you must specify exactly one "
+			  "of --persistent and --non-persistent\n");
+		goto done;
+	} else if (non_persistent == 1) {
+		tdb_flags |= TDB_CLEAR_IF_FIRST;
+	}
+
 	dbname = extra_argv[0];
 	opname = extra_argv[1];
 
@@ -563,10 +575,6 @@ int main(int argc, const char **argv)
 		goto done;
 	}
 
-	if (persistent == 0) {
-		tdb_flags |= TDB_CLEAR_IF_FIRST;
-	}
-
 	switch (op) {
 	case OP_FETCH:
 	case OP_STORE:
-- 
1.8.3.2


From 3189fb85c13692f48b18ef0922e26cf5a2a56957 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 30 Jan 2014 10:36:46 +0100
Subject: [PATCH 4/5] docs: document new --non-persistent option to dbwrap_tool

Signed-off-by: Michael Adam <obnox at samba.org>
---
 docs-xml/manpages/dbwrap_tool.1.xml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml
index f190623..2ea8a65 100644
--- a/docs-xml/manpages/dbwrap_tool.1.xml
+++ b/docs-xml/manpages/dbwrap_tool.1.xml
@@ -20,6 +20,7 @@
 	<cmdsynopsis>
 		<command>dbwrap_tool</command>
 		<arg choice="opt">--persistent</arg>
+		<arg choice="opt">--non-persistent</arg>
 		<arg choice="opt">-d <debug level></arg>
 		<arg choice="opt">-s <config file></arg>
 		<arg choice="opt">-l <log file base></arg>
@@ -72,8 +73,23 @@
 		<varlistentry>
 			<term>--persistent</term>
 			<listitem><para>Open the database as a persistent database.
-			If this option is not specified, the database is opened as
-			non-persistent.
+			</para>
+			<para>
+			Exactly one of --persistent and --non-persistent must be
+			specified.
+			</para></listitem>
+		</varlistentry>
+		<varlistentry>
+			<term>--non-persistent</term>
+			<listitem><para>Open the database as a non-persistent database.
+			</para>
+			<para>
+			Caveat: opening a database as non-persistent when there
+			is currently no other opener will wipe the database.
+			</para>
+			<para>
+			Exactly one of --persistent and --non-persistent must be
+			specified.
 			</para></listitem>
 		</varlistentry>
 		&popt.common.samba.client;
-- 
1.8.3.2


From 597016c2108f9b8309e5ceb877a8ddd685cc6aeb Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 30 Jan 2014 10:47:15 +0100
Subject: [PATCH 5/5] docs: remove extra spaces in synopsis of dbwrap_tool

Signed-off-by: Michael Adam <obnox at samba.org>
---
 docs-xml/manpages/dbwrap_tool.1.xml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml
index 2ea8a65..0c27fad 100644
--- a/docs-xml/manpages/dbwrap_tool.1.xml
+++ b/docs-xml/manpages/dbwrap_tool.1.xml
@@ -30,9 +30,7 @@
 		<arg choice="req"><operation></arg>
 		<arg choice="opt"><key>
 			<arg choice="opt"><type>
-				<arg choice="opt"><value></arg>
-			</arg>
-		</arg>
+				<arg choice="opt"><value></arg></arg></arg>
 	</cmdsynopsis>
 </refsynopsisdiv>
 
-- 
1.8.3.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 215 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140130/a5b9ede5/attachment.pgp>

More information about the samba-technical mailing list