security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Serialize access to hosttable. 

* dirmngr/dirmngr.h (ks_hkp_init): New.
* dirmngr/dirmngr.c (main): Call ks_hkp_init.
* dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
(ks_hkp_mark_host): Serialize access to hosttable.
(ks_hkp_print_hosttable, make_host_part): Likewise.
(ks_hkp_housekeeping, ks_hkp_reload): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2018-09-11 13:54:49 +09:00
parent f80346f42d
commit 995aded587
3 changed files with 64 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dirmngr/dirmngr.c
View File

@ -1143,6 +1143,7 @@ main (int argc, char **argv)
thread_init (); thread_init ();
cert_cache_init (hkp_cacert_filenames); cert_cache_init (hkp_cacert_filenames);
crl_cache_init (); crl_cache_init ();
ks_hkp_init ();
http_register_netactivity_cb (netactivity_action); http_register_netactivity_cb (netactivity_action);
start_command_handler (ASSUAN_INVALID_FD, 0); start_command_handler (ASSUAN_INVALID_FD, 0);
shutdown_reaper (); shutdown_reaper ();
@ -1178,6 +1179,7 @@ main (int argc, char **argv)
thread_init (); thread_init ();
cert_cache_init (hkp_cacert_filenames); cert_cache_init (hkp_cacert_filenames);
crl_cache_init (); crl_cache_init ();
ks_hkp_init ();
http_register_netactivity_cb (netactivity_action); http_register_netactivity_cb (netactivity_action);
handle_connections (3); handle_connections (3);
shutdown_reaper (); shutdown_reaper ();
@ -1399,6 +1401,7 @@ main (int argc, char **argv)
thread_init (); thread_init ();
cert_cache_init (hkp_cacert_filenames); cert_cache_init (hkp_cacert_filenames);
crl_cache_init (); crl_cache_init ();
ks_hkp_init ();
http_register_netactivity_cb (netactivity_action); http_register_netactivity_cb (netactivity_action);
handle_connections (fd); handle_connections (fd);
shutdown_reaper (); shutdown_reaper ();
@ -1421,6 +1424,7 @@ main (int argc, char **argv)
thread_init (); thread_init ();
cert_cache_init (hkp_cacert_filenames); cert_cache_init (hkp_cacert_filenames);
crl_cache_init (); crl_cache_init ();
ks_hkp_init ();
if (!argc) if (!argc)
rc = crl_cache_load (&ctrlbuf, NULL); rc = crl_cache_load (&ctrlbuf, NULL);
else else
@ -1444,6 +1448,7 @@ main (int argc, char **argv)
thread_init (); thread_init ();
cert_cache_init (hkp_cacert_filenames); cert_cache_init (hkp_cacert_filenames);
crl_cache_init (); crl_cache_init ();
ks_hkp_init ();
rc = crl_fetch (&ctrlbuf, argv[0], &reader); rc = crl_fetch (&ctrlbuf, argv[0], &reader);
if (rc) if (rc)
log_error (_("fetching CRL from '%s' failed: %s\n"), log_error (_("fetching CRL from '%s' failed: %s\n"),

2
dirmngr/dirmngr.h
View File

@ -218,7 +218,7 @@ int dirmngr_use_tor (void);
/*-- Various housekeeping functions. --*/ /*-- Various housekeeping functions. --*/
void ks_hkp_housekeeping (time_t curtime); void ks_hkp_housekeeping (time_t curtime);
void ks_hkp_reload (void); void ks_hkp_reload (void);
void ks_hkp_init (void);
/*-- server.c --*/ /*-- server.c --*/
ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl); ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl);

65
dirmngr/ks-engine-hkp.c
View File

@ -35,6 +35,7 @@
# include <netdb.h> # include <netdb.h>
#endif /*!HAVE_W32_SYSTEM*/ #endif /*!HAVE_W32_SYSTEM*/
#include <npth.h>
#include "dirmngr.h" #include "dirmngr.h"
#include "misc.h" #include "misc.h"
#include "../common/userids.h" #include "../common/userids.h"
@ -108,6 +109,8 @@ struct hostinfo_s
resolved from a pool name and its allocated size.*/ resolved from a pool name and its allocated size.*/
static hostinfo_t *hosttable; static hostinfo_t *hosttable;
static int hosttable_size; static int hosttable_size;
/* A mutex used to serialize access to the hosttable. */
static npth_mutex_t hosttable_lock;
/* The number of host slots we initially allocate for HOSTTABLE. */ /* The number of host slots we initially allocate for HOSTTABLE. */
#define INITIAL_HOSTTABLE_SIZE 50 #define INITIAL_HOSTTABLE_SIZE 50
@ -753,9 +756,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive)
if (!name || !*name || !strcmp (name, "localhost")) if (!name || !*name || !strcmp (name, "localhost"))
return 0; return 0;
if (npth_mutex_lock (&hosttable_lock))
log_fatal ("failed to acquire mutex\n");
idx = find_hostinfo (name); idx = find_hostinfo (name);
if (idx == -1) if (idx == -1)
return gpg_error (GPG_ERR_NOT_FOUND); {
err = gpg_error (GPG_ERR_NOT_FOUND);
goto leave;
}
hi = hosttable[idx]; hi = hosttable[idx];
if (alive && hi->dead) if (alive && hi->dead)
@ -814,6 +823,10 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive)
} }
} }
leave:
if (npth_mutex_unlock (&hosttable_lock))
log_fatal ("failed to release mutex\n");
return err; return err;
} }
@ -834,7 +847,9 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
if (err) if (err)
return err; return err;
/* FIXME: We need a lock for the hosttable. */ if (npth_mutex_lock (&hosttable_lock))
log_fatal ("failed to acquire mutex\n");
curtime = gnupg_get_time (); curtime = gnupg_get_time ();
for (idx=0; idx < hosttable_size; idx++) for (idx=0; idx < hosttable_size; idx++)
if ((hi=hosttable[idx])) if ((hi=hosttable[idx]))
@ -927,12 +942,12 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
diedstr? ")":"" ); diedstr? ")":"" );
xfree (died); xfree (died);
if (err) if (err)
return err; goto leave;
if (hi->cname) if (hi->cname)
err = ks_printf_help (ctrl, " . %s", hi->cname); err = ks_printf_help (ctrl, " . %s", hi->cname);
if (err) if (err)
return err; goto leave;
if (hi->pool) if (hi->pool)
{ {
@ -947,14 +962,21 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
put_membuf( &mb, "", 1); put_membuf( &mb, "", 1);
p = get_membuf (&mb, NULL); p = get_membuf (&mb, NULL);
if (!p) if (!p)
return gpg_error_from_syserror (); {
err = gpg_error_from_syserror ();
goto leave;
}
err = ks_print_help (ctrl, p); err = ks_print_help (ctrl, p);
xfree (p); xfree (p);
if (err) if (err)
return err; goto leave;
} }
} }
return 0;
leave:
if (npth_mutex_unlock (&hosttable_lock))
log_fatal ("failed to release mutex\n");
return err;
} }
@ -1023,9 +1045,16 @@ make_host_part (ctrl_t ctrl,
protocol = KS_PROTOCOL_HKP; protocol = KS_PROTOCOL_HKP;
} }
if (npth_mutex_lock (&hosttable_lock))
log_fatal ("failed to acquire mutex\n");
portstr[0] = 0; portstr[0] = 0;
err = map_host (ctrl, host, srvtag, force_reselect, protocol, err = map_host (ctrl, host, srvtag, force_reselect, protocol,
&hostname, portstr, r_httpflags, r_httphost); &hostname, portstr, r_httpflags, r_httphost);
if (npth_mutex_unlock (&hosttable_lock))
log_fatal ("failed to release mutex\n");
if (err) if (err)
return err; return err;
@ -1099,6 +1128,9 @@ ks_hkp_housekeeping (time_t curtime)
int idx; int idx;
hostinfo_t hi; hostinfo_t hi;
if (npth_mutex_lock (&hosttable_lock))
log_fatal ("failed to acquire mutex\n");
for (idx=0; idx < hosttable_size; idx++) for (idx=0; idx < hosttable_size; idx++)
{ {
hi = hosttable[idx]; hi = hosttable[idx];
@ -1115,6 +1147,9 @@ ks_hkp_housekeeping (time_t curtime)
log_info ("resurrected host '%s'", hi->name); log_info ("resurrected host '%s'", hi->name);
} }
} }
if (npth_mutex_unlock (&hosttable_lock))
log_fatal ("failed to release mutex\n");
} }
@ -1126,6 +1161,9 @@ ks_hkp_reload (void)
int idx, count; int idx, count;
hostinfo_t hi; hostinfo_t hi;
if (npth_mutex_lock (&hosttable_lock))
log_fatal ("failed to acquire mutex\n");
for (idx=count=0; idx < hosttable_size; idx++) for (idx=count=0; idx < hosttable_size; idx++)
{ {
hi = hosttable[idx]; hi = hosttable[idx];
@ -1139,6 +1177,9 @@ ks_hkp_reload (void)
} }
if (count) if (count)
log_info ("number of resurrected hosts: %d", count); log_info ("number of resurrected hosts: %d", count);
if (npth_mutex_unlock (&hosttable_lock))
log_fatal ("failed to release mutex\n");
} }
@ -1754,3 +1795,13 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
xfree (httphost); xfree (httphost);
return err; return err;
} }
void
ks_hkp_init (void)
{
int err;
err = npth_mutex_init (&hosttable_lock, NULL);
if (err)
log_fatal ("error initializing mutex: %s\n", strerror (err));
}