[Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passsync syncserv.h, 1.7, 1.7.2.1
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2139/passwordsync/passsync
Modified Files:
Tag: Directory71RtmBranch
syncserv.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: syncserv.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.h,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- syncserv.h 19 Apr 2005 22:07:44 -0000 1.7
+++ syncserv.h 30 Mar 2006 23:13:44 -0000 1.7.2.1
@@ -82,6 +82,7 @@
PASS_INFO_LIST passInfoList;
HANDLE passhookEventHandle;
+ HANDLE passhookMutexHandle;
// LDAP variables
LDAP* mainLdapConnection;
@@ -104,7 +105,8 @@
unsigned long maxBackoffTime;
int logLevel;
bool isRunning;
+ DWORD waitRes;
fstream outLog;
};
-#endif
\ No newline at end of file
+#endif
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passsync syncserv.cpp, 1.7.2.6, 1.7.2.7
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync/passsync
Modified Files:
Tag: Directory71RtmBranch
syncserv.cpp
Log Message:
186657 - Implemented locking around passhook data file access
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.7.2.6
retrieving revision 1.7.2.7
diff -u -r1.7.2.6 -r1.7.2.7
--- syncserv.cpp 22 Mar 2006 18:53:37 -0000 1.7.2.6
+++ syncserv.cpp 30 Mar 2006 23:09:00 -0000 1.7.2.7
@@ -76,6 +76,7 @@
unsigned long size;
passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME);
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
mainLdapConnection = NULL;
results = NULL;
currentResult = NULL;
@@ -211,10 +212,14 @@
timeStamp(&outLog);
outLog << "Backing off for " << BackoffTime(GetMinBackoff()) << "ms" << endl;
}
- WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
+ waitRes = WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
if(logLevel > 0) {
timeStamp(&outLog);
- outLog << "Backoff time expired. Attempting sync" << endl;
+ if (waitRes == WAIT_TIMEOUT) {
+ outLog << "Backoff time expired. Attempting sync" << endl;
+ } else {
+ outLog << "Received passhook event. Attempting sync" << endl;
+ }
}
}
@@ -226,24 +231,38 @@
if(passInfoList.size() > 0)
{
- if(saveSet(&passInfoList, dataFilename) == 0)
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Need to loadSet here so we don't overwrite entries that passhook recently added
+ if(loadSet(&passInfoList, dataFilename) == 0)
{
- if(logLevel > 0)
+ if(saveSet(&passInfoList, dataFilename) == 0)
+ {
+ if(logLevel > 0)
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to data file" << endl;
+ }
+ }
+ else
{
timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to data file" << endl;
+ outLog << "Failed to save entries to data file" << endl;
}
- }
- else
- {
+ } else {
timeStamp(&outLog);
- outLog << "Failed to save entries to data file" << endl;
+ outLog << "Failed to load entries from file" << endl;
}
+
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
}
exit:
clearSet(&passInfoList);
CloseHandle(passhookEventHandle);
+ CloseHandle(passhookMutexHandle);
}
// ****************************************************************
@@ -258,6 +277,9 @@
char* dn = NULL;
int tempSize = passInfoList.size();
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
if(loadSet(&passInfoList, dataFilename) == 0)
{
if((passInfoList.size() - tempSize) > 0)
@@ -289,6 +311,9 @@
outLog << "Failed to load entries from file" << endl;
}
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
if(passInfoList.size() > 0)
{
if(logLevel > 0)
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync/passhook passhook.cpp, 1.7.2.1, 1.7.2.2
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync/passhook
Modified Files:
Tag: Directory71RtmBranch
passhook.cpp
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhook.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhook/passhook.cpp,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -r1.7.2.1 -r1.7.2.2
--- passhook.cpp 22 Mar 2006 18:53:32 -0000 1.7.2.1
+++ passhook.cpp 30 Mar 2006 23:08:59 -0000 1.7.2.2
@@ -48,121 +48,74 @@
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
+DWORD WINAPI SavePasshookChange( LPVOID passinfo );
+static HANDLE passhookMutexHandle;
+static unsigned long logLevel;
+
NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password)
{
- HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
- PASS_INFO newPassInfo;
- PASS_INFO_LIST passInfoList;
- HKEY regKey;
- DWORD type;
- unsigned long buffSize;
- char regBuff[PASSHAND_BUF_SIZE];
- unsigned long logLevel;
+ PASS_INFO *newPassInfo = NULL;
+ HANDLE passhookThreadHandle;
fstream outLog;
+ DWORD waitRes;
- RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
- buffSize = PASSHAND_BUF_SIZE;
- if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
- {
- logLevel = (unsigned long)atoi(regBuff);
- }
- else
- {
- logLevel = 0;
- }
- if(logLevel > 0)
- {
- outLog.open("passhook.log", ios::out | ios::app);
- }
- RegCloseKey(regKey);
-
- // This memory will be free'd by calling clearSet below
- newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1);
- newPassInfo.password = (char*)malloc((Password->Length / 2) + 1);
-
- if (newPassInfo.username && newPassInfo.password) {
- _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer);
- _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer);
- newPassInfo.username[UserName->Length / 2] = '\0';
- newPassInfo.password[Password->Length / 2] = '\0';
+ // This memory will be freed in SavePasshookChange
+ if ( newPassInfo = (PASS_INFO *) malloc(sizeof(PASS_INFO)) ) {
+ // These get freed in SavePasshookChange by calling clearSet
+ newPassInfo->username = (char*)malloc((UserName->Length / 2) + 1);
+ newPassInfo->password = (char*)malloc((Password->Length / 2) + 1);
} else {
- if(outLog.is_open()) {
- timeStamp(&outLog);
- outLog << "failed to allocate memory for username and password" << endl;
- }
- free(newPassInfo.username);
- free(newPassInfo.password);
goto exit;
}
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "user " << newPassInfo.username << " password changed" << endl;
- //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl;
- }
+ // Fill in the password change struct
+ if (newPassInfo->username && newPassInfo->password) {
+ _snprintf(newPassInfo->username, (UserName->Length / 2), "%S", UserName->Buffer);
+ _snprintf(newPassInfo->password, (Password->Length / 2), "%S", Password->Buffer);
+ newPassInfo->username[UserName->Length / 2] = '\0';
+ newPassInfo->password[Password->Length / 2] = '\0';
- // loadSet allocates memory for the usernames and password. We need to be
- // sure to free it by calling clearSet.
- if(loadSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries loaded from file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to load entries from file" << endl;
- }
+ // Backoff
+ newPassInfo->backoffCount = 0;
+
+ // Load time
+ time(&(newPassInfo->atTime));
+ } else {
+ // Memory error. Free everything we allocated.
+ free(newPassInfo->username);
+ free(newPassInfo->password);
+ free(newPassInfo);
+ goto exit;
}
- // Add the new change to the list
- passInfoList.push_back(newPassInfo);
+ // Fire off a thread to do the real work
+ passhookThreadHandle = CreateThread(NULL, 0, SavePasshookChange, newPassInfo, 0, NULL);
- // Save the list to disk
- if(saveSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to save entries to file" << endl;
- }
- }
+ // We need to close the handle to the thread we created. Doing
+ // this will not terminate the thread.
+ if (passhookThreadHandle != NULL) {
+ CloseHandle(passhookThreadHandle);
+ } else {
+ // Acquire the mutex so we can log an error
+ waitRes = WaitForSingleObject(passhookMutexHandle, PASSHOOK_TIMEOUT);
- // We need to call clearSet so memory gets free'd
- clearSet(&passInfoList);
+ // If we got the mutex, log the error, otherwise it's not safe to log
+ if (waitRes == WAIT_OBJECT_0) {
+ outLog.open("passhook.log", ios::out | ios::app);
+
+ if(outLog.is_open()) {
+ timeStamp(&outLog);
+ outLog << "Failed to start thread. Aborting change for " << newPassInfo->username << endl;
+ }
-exit:
- if(passhookEventHandle == NULL)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "can not get password sync service event handle, service not running" << endl;
- }
+ outLog.close();
- }
- else
- {
- SetEvent(passhookEventHandle);
- CloseHandle(passhookEventHandle);
+ // Release mutex
+ ReleaseMutex(passhookMutexHandle);
+ }
}
- outLog.close();
-
+exit:
return STATUS_SUCCESS;
}
@@ -173,5 +126,132 @@
BOOL NTAPI InitializeChangeNotify()
{
- return TRUE;
+ HKEY regKey;
+ DWORD type;
+ unsigned long buffSize;
+ char regBuff[PASSHAND_BUF_SIZE];
+ fstream outLog;
+
+ // check if logging is enabled
+ RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
+ buffSize = PASSHAND_BUF_SIZE;
+ if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
+ {
+ logLevel = (unsigned long)atoi(regBuff);
+ }
+ else
+ {
+ logLevel = 0;
+ }
+ RegCloseKey(regKey);
+
+ // Create mutex for passhook data file and log file access
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
+
+ if (passhookMutexHandle == NULL) {
+ // Log an error.
+ outLog.open("passhook.log", ios::out | ios::app);
+ timeStamp(&outLog);
+ outLog << "Failed to create passhook mutex. Passhook DLL will not be loaded." << endl;
+ outLog.close();
+
+ return FALSE;
+ } else {
+ return TRUE;
+ }
+}
+
+// This function will save the password change to the passhook data file. It
+// will be run as a separate thread.
+DWORD WINAPI SavePasshookChange( LPVOID passinfo )
+{
+ PASS_INFO *newPassInfo = NULL;
+ PASS_INFO_LIST passInfoList;
+ HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
+ fstream outLog;
+
+ if ((newPassInfo = (PASS_INFO *)passinfo) == NULL) {
+ goto exit;
+ }
+
+ // Acquire the mutex for passhook.dat. This mutex also guarantees
+ // that we can write to outLog safely.
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Open the log file if logging is enabled
+ if(logLevel > 0)
+ {
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "user " << newPassInfo->username << " password changed" << endl;
+ //outLog << "user " << newPassInfo->username << " password changed to " << newPassInfo->passname << endl;
+ }
+
+ // loadSet allocates memory for the usernames and password. We need to be
+ // sure to free it by calling clearSet.
+ if(loadSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries loaded from file" << endl;
+ }
+ }
+ else
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "failed to load entries from file" << endl;
+ }
+ }
+
+ // Add the new change to the list
+ passInfoList.push_back(*newPassInfo);
+
+ // Save the list to disk
+ if(saveSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to file" << endl;
+ }
+ }
+ else
+ {
+ // We always want to log this error condition
+ if(!outLog.is_open())
+ {
+ // We need to open the log since debug logging is turned off
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ timeStamp(&outLog);
+ outLog << "failed to save entries to file" << endl;
+ }
+
+ // Close the log file before we release the mutex.
+ outLog.close();
+
+ // Release the mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
+ // We need to call clearSet so memory gets free'd
+ clearSet(&passInfoList);
+
+exit:
+ // Free the passed in struct from the heap
+ free(newPassInfo);
+
+ if (passhookEventHandle != NULL) {
+ SetEvent(passhookEventHandle);
+ CloseHandle(passhookEventHandle);
+ }
+
+ return 0;
}
18 years, 1 month
[Fedora-directory-commits] ldapserver/ldap/synctools/passwordsync passhand.cpp, 1.7.2.2, 1.7.2.3 passhand.h, 1.7, 1.7.2.1
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/synctools/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2067/passwordsync
Modified Files:
Tag: Directory71RtmBranch
passhand.cpp passhand.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.cpp,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -u -r1.7.2.2 -r1.7.2.3
--- passhand.cpp 22 Mar 2006 18:53:26 -0000 1.7.2.2
+++ passhand.cpp 30 Mar 2006 23:08:57 -0000 1.7.2.3
@@ -112,6 +112,8 @@
outFile.close();
exit:
+ // We need to unfreeze plainTextStream so memory gets freed by the destructor
+ plainTextStream.rdbuf()->freeze(false);
free(cipherTextBuf);
return result;
}
@@ -119,18 +121,18 @@
int loadSet(PASS_INFO_LIST* passInfoList, char* filename)
{
int result = 0;
- int i;
+ int i = 0;
fstream inFile;
PASS_INFO newPair;
strstream* plainTextStream;
char* cipherTextBuf = NULL;
char* plainTextBuf = NULL;
- int usernameLen;
- int passwordLen;
- int plainTextLen;
- int cipherTextLen;
+ int usernameLen = 0;
+ int passwordLen = 0;
+ int plainTextLen = 0;
+ int cipherTextLen = 0;
int resultTextLen = 0;
- int pairCount;
+ int pairCount = 0;
// Read in cipher text from file
inFile.open(filename, ios::in | ios::binary);
@@ -164,6 +166,12 @@
goto exit;
}
+ // Check to see if plainTextbuf contains anything
+ if (resultTextLen <= 0) {
+ result = -1;
+ goto exit;
+ }
+
plainTextStream = new strstream(plainTextBuf, resultTextLen);
plainTextStream->read((char*)&pairCount, sizeof(pairCount));
Index: passhand.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/synctools/passwordsync/passhand.h,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- passhand.h 19 Apr 2005 22:07:43 -0000 1.7
+++ passhand.h 30 Mar 2006 23:08:57 -0000 1.7.2.1
@@ -50,7 +50,9 @@
#include "prerror.h"
#define PASSHAND_EVENT_NAME "passhand_event"
+#define PASSHOOK_MUTEX_NAME "passhook_mutex"
+#define PASSHOOK_TIMEOUT 30000
#define PASSHAND_BUF_SIZE 256
using namespace std;
18 years, 1 month
[Fedora-directory-commits] winsync/passwordsync/passhook passhook.cpp, 1.8, 1.9
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passhook
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync/passhook
Modified Files:
passhook.cpp
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhook.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhook/passhook.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- passhook.cpp 22 Mar 2006 18:51:11 -0000 1.8
+++ passhook.cpp 30 Mar 2006 22:59:25 -0000 1.9
@@ -48,121 +48,74 @@
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
+DWORD WINAPI SavePasshookChange( LPVOID passinfo );
+static HANDLE passhookMutexHandle;
+static unsigned long logLevel;
+
NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password)
{
- HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
- PASS_INFO newPassInfo;
- PASS_INFO_LIST passInfoList;
- HKEY regKey;
- DWORD type;
- unsigned long buffSize;
- char regBuff[PASSHAND_BUF_SIZE];
- unsigned long logLevel;
+ PASS_INFO *newPassInfo = NULL;
+ HANDLE passhookThreadHandle;
fstream outLog;
+ DWORD waitRes;
- RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
- buffSize = PASSHAND_BUF_SIZE;
- if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
- {
- logLevel = (unsigned long)atoi(regBuff);
- }
- else
- {
- logLevel = 0;
- }
- if(logLevel > 0)
- {
- outLog.open("passhook.log", ios::out | ios::app);
- }
- RegCloseKey(regKey);
-
- // This memory will be free'd by calling clearSet below
- newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1);
- newPassInfo.password = (char*)malloc((Password->Length / 2) + 1);
-
- if (newPassInfo.username && newPassInfo.password) {
- _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer);
- _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer);
- newPassInfo.username[UserName->Length / 2] = '\0';
- newPassInfo.password[Password->Length / 2] = '\0';
+ // This memory will be freed in SavePasshookChange
+ if ( newPassInfo = (PASS_INFO *) malloc(sizeof(PASS_INFO)) ) {
+ // These get freed in SavePasshookChange by calling clearSet
+ newPassInfo->username = (char*)malloc((UserName->Length / 2) + 1);
+ newPassInfo->password = (char*)malloc((Password->Length / 2) + 1);
} else {
- if(outLog.is_open()) {
- timeStamp(&outLog);
- outLog << "failed to allocate memory for username and password" << endl;
- }
- free(newPassInfo.username);
- free(newPassInfo.password);
goto exit;
}
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "user " << newPassInfo.username << " password changed" << endl;
- //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl;
- }
+ // Fill in the password change struct
+ if (newPassInfo->username && newPassInfo->password) {
+ _snprintf(newPassInfo->username, (UserName->Length / 2), "%S", UserName->Buffer);
+ _snprintf(newPassInfo->password, (Password->Length / 2), "%S", Password->Buffer);
+ newPassInfo->username[UserName->Length / 2] = '\0';
+ newPassInfo->password[Password->Length / 2] = '\0';
- // loadSet allocates memory for the usernames and password. We need to be
- // sure to free it by calling clearSet.
- if(loadSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries loaded from file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to load entries from file" << endl;
- }
+ // Backoff
+ newPassInfo->backoffCount = 0;
+
+ // Load time
+ time(&(newPassInfo->atTime));
+ } else {
+ // Memory error. Free everything we allocated.
+ free(newPassInfo->username);
+ free(newPassInfo->password);
+ free(newPassInfo);
+ goto exit;
}
- // Add the new change to the list
- passInfoList.push_back(newPassInfo);
+ // Fire off a thread to do the real work
+ passhookThreadHandle = CreateThread(NULL, 0, SavePasshookChange, newPassInfo, 0, NULL);
- // Save the list to disk
- if(saveSet(&passInfoList, "passhook.dat") == 0)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to file" << endl;
- }
- }
- else
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "failed to save entries to file" << endl;
- }
- }
+ // We need to close the handle to the thread we created. Doing
+ // this will not terminate the thread.
+ if (passhookThreadHandle != NULL) {
+ CloseHandle(passhookThreadHandle);
+ } else {
+ // Acquire the mutex so we can log an error
+ waitRes = WaitForSingleObject(passhookMutexHandle, PASSHOOK_TIMEOUT);
- // We need to call clearSet so memory gets free'd
- clearSet(&passInfoList);
+ // If we got the mutex, log the error, otherwise it's not safe to log
+ if (waitRes == WAIT_OBJECT_0) {
+ outLog.open("passhook.log", ios::out | ios::app);
+
+ if(outLog.is_open()) {
+ timeStamp(&outLog);
+ outLog << "Failed to start thread. Aborting change for " << newPassInfo->username << endl;
+ }
-exit:
- if(passhookEventHandle == NULL)
- {
- if(outLog.is_open())
- {
- timeStamp(&outLog);
- outLog << "can not get password sync service event handle, service not running" << endl;
- }
+ outLog.close();
- }
- else
- {
- SetEvent(passhookEventHandle);
- CloseHandle(passhookEventHandle);
+ // Release mutex
+ ReleaseMutex(passhookMutexHandle);
+ }
}
- outLog.close();
-
+exit:
return STATUS_SUCCESS;
}
@@ -173,5 +126,132 @@
BOOL NTAPI InitializeChangeNotify()
{
- return TRUE;
+ HKEY regKey;
+ DWORD type;
+ unsigned long buffSize;
+ char regBuff[PASSHAND_BUF_SIZE];
+ fstream outLog;
+
+ // check if logging is enabled
+ RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\PasswordSync", ®Key);
+ buffSize = PASSHAND_BUF_SIZE;
+ if(RegQueryValueEx(regKey, "Log Level", NULL, &type, (unsigned char*)regBuff, &buffSize) == ERROR_SUCCESS)
+ {
+ logLevel = (unsigned long)atoi(regBuff);
+ }
+ else
+ {
+ logLevel = 0;
+ }
+ RegCloseKey(regKey);
+
+ // Create mutex for passhook data file and log file access
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
+
+ if (passhookMutexHandle == NULL) {
+ // Log an error.
+ outLog.open("passhook.log", ios::out | ios::app);
+ timeStamp(&outLog);
+ outLog << "Failed to create passhook mutex. Passhook DLL will not be loaded." << endl;
+ outLog.close();
+
+ return FALSE;
+ } else {
+ return TRUE;
+ }
+}
+
+// This function will save the password change to the passhook data file. It
+// will be run as a separate thread.
+DWORD WINAPI SavePasshookChange( LPVOID passinfo )
+{
+ PASS_INFO *newPassInfo = NULL;
+ PASS_INFO_LIST passInfoList;
+ HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME);
+ fstream outLog;
+
+ if ((newPassInfo = (PASS_INFO *)passinfo) == NULL) {
+ goto exit;
+ }
+
+ // Acquire the mutex for passhook.dat. This mutex also guarantees
+ // that we can write to outLog safely.
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Open the log file if logging is enabled
+ if(logLevel > 0)
+ {
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "user " << newPassInfo->username << " password changed" << endl;
+ //outLog << "user " << newPassInfo->username << " password changed to " << newPassInfo->passname << endl;
+ }
+
+ // loadSet allocates memory for the usernames and password. We need to be
+ // sure to free it by calling clearSet.
+ if(loadSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries loaded from file" << endl;
+ }
+ }
+ else
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << "failed to load entries from file" << endl;
+ }
+ }
+
+ // Add the new change to the list
+ passInfoList.push_back(*newPassInfo);
+
+ // Save the list to disk
+ if(saveSet(&passInfoList, "passhook.dat") == 0)
+ {
+ if(outLog.is_open())
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to file" << endl;
+ }
+ }
+ else
+ {
+ // We always want to log this error condition
+ if(!outLog.is_open())
+ {
+ // We need to open the log since debug logging is turned off
+ outLog.open("passhook.log", ios::out | ios::app);
+ }
+
+ timeStamp(&outLog);
+ outLog << "failed to save entries to file" << endl;
+ }
+
+ // Close the log file before we release the mutex.
+ outLog.close();
+
+ // Release the mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
+ // We need to call clearSet so memory gets free'd
+ clearSet(&passInfoList);
+
+exit:
+ // Free the passed in struct from the heap
+ free(newPassInfo);
+
+ if (passhookEventHandle != NULL) {
+ SetEvent(passhookEventHandle);
+ CloseHandle(passhookEventHandle);
+ }
+
+ return 0;
}
18 years, 1 month
[Fedora-directory-commits] winsync/passwordsync/passsync syncserv.cpp, 1.13, 1.14 syncserv.h, 1.7, 1.8
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync/passsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync/passsync
Modified Files:
syncserv.cpp syncserv.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: syncserv.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- syncserv.cpp 22 Mar 2006 18:51:16 -0000 1.13
+++ syncserv.cpp 30 Mar 2006 22:59:26 -0000 1.14
@@ -76,6 +76,7 @@
unsigned long size;
passhookEventHandle = CreateEvent(NULL, FALSE, FALSE, PASSHAND_EVENT_NAME);
+ passhookMutexHandle = CreateMutex(NULL, FALSE, PASSHOOK_MUTEX_NAME);
mainLdapConnection = NULL;
results = NULL;
currentResult = NULL;
@@ -211,10 +212,14 @@
timeStamp(&outLog);
outLog << "Backing off for " << BackoffTime(GetMinBackoff()) << "ms" << endl;
}
- WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
+ waitRes = WaitForSingleObject(passhookEventHandle, BackoffTime(GetMinBackoff()));
if(logLevel > 0) {
timeStamp(&outLog);
- outLog << "Backoff time expired. Attempting sync" << endl;
+ if (waitRes == WAIT_TIMEOUT) {
+ outLog << "Backoff time expired. Attempting sync" << endl;
+ } else {
+ outLog << "Received passhook event. Attempting sync" << endl;
+ }
}
}
@@ -226,24 +231,38 @@
if(passInfoList.size() > 0)
{
- if(saveSet(&passInfoList, dataFilename) == 0)
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
+ // Need to loadSet here so we don't overwrite entries that passhook recently added
+ if(loadSet(&passInfoList, dataFilename) == 0)
{
- if(logLevel > 0)
+ if(saveSet(&passInfoList, dataFilename) == 0)
+ {
+ if(logLevel > 0)
+ {
+ timeStamp(&outLog);
+ outLog << passInfoList.size() << " entries saved to data file" << endl;
+ }
+ }
+ else
{
timeStamp(&outLog);
- outLog << passInfoList.size() << " entries saved to data file" << endl;
+ outLog << "Failed to save entries to data file" << endl;
}
- }
- else
- {
+ } else {
timeStamp(&outLog);
- outLog << "Failed to save entries to data file" << endl;
+ outLog << "Failed to load entries from file" << endl;
}
+
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
}
exit:
clearSet(&passInfoList);
CloseHandle(passhookEventHandle);
+ CloseHandle(passhookMutexHandle);
}
// ****************************************************************
@@ -258,6 +277,9 @@
char* dn = NULL;
int tempSize = passInfoList.size();
+ // Get mutex for passhook.dat
+ WaitForSingleObject(passhookMutexHandle, INFINITE);
+
if(loadSet(&passInfoList, dataFilename) == 0)
{
if((passInfoList.size() - tempSize) > 0)
@@ -289,6 +311,9 @@
outLog << "Failed to load entries from file" << endl;
}
+ // Release mutex for passhook.dat
+ ReleaseMutex(passhookMutexHandle);
+
if(passInfoList.size() > 0)
{
if(logLevel > 0)
Index: syncserv.h
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passsync/syncserv.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- syncserv.h 19 Apr 2005 22:07:44 -0000 1.7
+++ syncserv.h 30 Mar 2006 22:59:26 -0000 1.8
@@ -82,6 +82,7 @@
PASS_INFO_LIST passInfoList;
HANDLE passhookEventHandle;
+ HANDLE passhookMutexHandle;
// LDAP variables
LDAP* mainLdapConnection;
@@ -104,7 +105,8 @@
unsigned long maxBackoffTime;
int logLevel;
bool isRunning;
+ DWORD waitRes;
fstream outLog;
};
-#endif
\ No newline at end of file
+#endif
18 years, 1 month
[Fedora-directory-commits] winsync/passwordsync passhand.cpp, 1.9, 1.10 passhand.h, 1.7, 1.8
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/winsync/passwordsync
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32422/passwordsync
Modified Files:
passhand.cpp passhand.h
Log Message:
186657 - Implemented locking around passhook data file access
Index: passhand.cpp
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhand.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- passhand.cpp 22 Mar 2006 18:51:04 -0000 1.9
+++ passhand.cpp 30 Mar 2006 22:59:25 -0000 1.10
@@ -112,6 +112,8 @@
outFile.close();
exit:
+ // We need to unfreeze plainTextStream so memory gets freed by the destructor
+ plainTextStream.rdbuf()->freeze(false);
free(cipherTextBuf);
return result;
}
@@ -119,18 +121,18 @@
int loadSet(PASS_INFO_LIST* passInfoList, char* filename)
{
int result = 0;
- int i;
+ int i = 0;
fstream inFile;
PASS_INFO newPair;
strstream* plainTextStream;
char* cipherTextBuf = NULL;
char* plainTextBuf = NULL;
- int usernameLen;
- int passwordLen;
- int plainTextLen;
- int cipherTextLen;
+ int usernameLen = 0;
+ int passwordLen = 0;
+ int plainTextLen = 0;
+ int cipherTextLen = 0;
int resultTextLen = 0;
- int pairCount;
+ int pairCount = 0;
// Read in cipher text from file
inFile.open(filename, ios::in | ios::binary);
@@ -164,6 +166,12 @@
goto exit;
}
+ // Check to see if plainTextbuf contains anything
+ if (resultTextLen <= 0) {
+ result = -1;
+ goto exit;
+ }
+
plainTextStream = new strstream(plainTextBuf, resultTextLen);
plainTextStream->read((char*)&pairCount, sizeof(pairCount));
Index: passhand.h
===================================================================
RCS file: /cvs/dirsec/winsync/passwordsync/passhand.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- passhand.h 19 Apr 2005 22:07:43 -0000 1.7
+++ passhand.h 30 Mar 2006 22:59:25 -0000 1.8
@@ -50,7 +50,9 @@
#include "prerror.h"
#define PASSHAND_EVENT_NAME "passhand_event"
+#define PASSHOOK_MUTEX_NAME "passhook_mutex"
+#define PASSHOOK_TIMEOUT 30000
#define PASSHAND_BUF_SIZE 256
using namespace std;
18 years, 1 month
[Fedora-directory-commits] setuputil/installer/unix/lib ux-wrapper.cc, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix/lib
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/unix/lib
Modified Files:
ux-wrapper.cc
Log Message:
Add using namespace std; after the include <iostream>
Remove #include <iostream.h> in files that also include nsdefs.h
Fix a potential buffer non-termination
Index: ux-wrapper.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-wrapper.cc,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ux-wrapper.cc 23 Mar 2006 15:59:22 -0000 1.2
+++ ux-wrapper.cc 30 Mar 2006 00:38:29 -0000 1.3
@@ -29,6 +29,11 @@
** HISTORY:
**
** $Log$
+** Revision 1.3 2006/03/30 00:38:29 rmeggins
+** Add using namespace std; after the include <iostream>
+** Remove #include <iostream.h> in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.2 2006/03/23 15:59:22 rmeggins
** Bug(s) fixed: 186280
** Bug Description: Close potential security vulnerabilities in CGI code
@@ -191,6 +196,7 @@
return;
}
snprintf(buf, sizeof(buf), "[%s] %s", who, level);
+ buf[sizeof(buf)-1] = 0;
va_start (arg, msg);
vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), msg, arg);
18 years, 1 month
[Fedora-directory-commits] setuputil/installer/unix installer.h, 1.1.1.1, 1.2 uninstaller.h, 1.1.1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/unix
Modified Files:
installer.h uninstaller.h
Log Message:
Add using namespace std; after the include <iostream>
Remove #include <iostream.h> in files that also include nsdefs.h
Fix a potential buffer non-termination
Index: installer.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/installer.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- installer.h 29 Jul 2005 22:16:31 -0000 1.1.1.1
+++ installer.h 30 Mar 2006 00:38:29 -0000 1.2
@@ -27,6 +27,11 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/30 00:38:29 rmeggins
+** Add using namespace std; after the include <iostream>
+** Remove #include <iostream.h> in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth
** Importing new setup sdk for open source project
**
@@ -213,7 +218,6 @@
** Includes
**
**********************************************************************/
-#include <iostream.h>
extern "C" {
#include <stdio.h>
Index: uninstaller.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uninstaller.h 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ uninstaller.h 30 Mar 2006 00:38:29 -0000 1.2
@@ -27,6 +27,11 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/30 00:38:29 rmeggins
+** Add using namespace std; after the include <iostream>
+** Remove #include <iostream.h> in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -106,8 +111,6 @@
** Includes
**
**********************************************************************/
-#include <iostream.h>
-
extern "C" {
#include <stdio.h>
#include <stdlib.h>
18 years, 1 month
[Fedora-directory-commits] setuputil/installer/include ldapu.h, 1.2, 1.3 nsdefs.h, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/include
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv651/setuputil/installer/include
Modified Files:
ldapu.h nsdefs.h
Log Message:
Add using namespace std; after the include <iostream>
Remove #include <iostream.h> in files that also include nsdefs.h
Fix a potential buffer non-termination
Index: ldapu.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/include/ldapu.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ldapu.h 27 Mar 2006 21:18:34 -0000 1.2
+++ ldapu.h 30 Mar 2006 00:38:28 -0000 1.3
@@ -29,6 +29,11 @@
**
** HISTORY
** $Log$
+** Revision 1.3 2006/03/30 00:38:28 rmeggins
+** Add using namespace std; after the include <iostream>
+** Remove #include <iostream.h> in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.2 2006/03/27 21:18:34 nhosoi
** [186642] Directory Server Makefile updates for Internal build
** Changed the createSIE so that caller (Admin Server and Directory Server) passes
@@ -275,7 +280,6 @@
#else
-#include <iostream.h>
#include "nsdefs.h"
class Ldap;
Index: nsdefs.h
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/include/nsdefs.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- nsdefs.h 23 Mar 2006 20:45:37 -0000 1.2
+++ nsdefs.h 30 Mar 2006 00:38:28 -0000 1.3
@@ -30,6 +30,11 @@
** HISTORY
**
** $Log$
+** Revision 1.3 2006/03/30 00:38:28 rmeggins
+** Add using namespace std; after the include <iostream>
+** Remove #include <iostream.h> in files that also include nsdefs.h
+** Fix a potential buffer non-termination
+**
** Revision 1.2 2006/03/23 20:45:37 rmeggins
** Use <iostream> instead of <iostream.h> on those platforms that support it.
** With this fix, we don't get the deprecation warnings when building setuputil.
@@ -161,6 +166,7 @@
**********************************************************************/
#if !defined(HPUX) || defined(_HP_NAMESPACE_STD)
#include <iostream>
+using namespace std;
#else
#include <iostream.h> /* use old name on older systems */
#endif
18 years, 1 month