Index: trunk/docs/Changelog =================================================================== --- trunk/docs/Changelog (revision 133) +++ trunk/docs/Changelog (revision 134) @@ -3,5 +3,8 @@ * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r, rand_r, strtok_r if available - * protect readdir() with mutex (readdir_r considered harmful) + * protect readdir(), getpwent(), gethostname() with mutexes + (readdir_r considered harmful) + * make checksum/hash function reentrant + * use thread-specific conversion buffer for globber() 2.3.8: Index: trunk/docs/TODO =================================================================== --- trunk/docs/TODO (revision 133) +++ trunk/docs/TODO (revision 134) @@ -1,13 +1,6 @@ -not thread-safe: checksum function (returns static memory), - sh_util_siggen - sh_util_hash_tiger - sh_util_hmac_tiger check thread_safe sh_entropy check thread_safe rng -lock globber -lock sh_alloc/sh_free - Index: trunk/include/sh_pthread.h =================================================================== --- trunk/include/sh_pthread.h (revision 133) +++ trunk/include/sh_pthread.h (revision 134) @@ -30,4 +30,11 @@ */ SH_MUTEX_EXTERN(mutex_skey); +SH_MUTEX_EXTERN(mutex_resolv); +SH_MUTEX_EXTERN(mutex_pwent); + +/* + * ---- Initialize thread-specific conversion area ---- + */ +extern int sh_g_thread(); #else Index: trunk/src/samhain.c =================================================================== --- trunk/src/samhain.c (revision 133) +++ trunk/src/samhain.c (revision 134) @@ -138,4 +138,52 @@ #endif +#ifdef HAVE_PTHREAD +typedef struct gt { + size_t g_count; + char * g_glob; +}; + +pthread_key_t g_key; + +int sh_g_thread() +{ + struct gt * ptr = malloc(sizeof(struct gt)); + if (!gt) + return -1; + ptr->g_count = 0; + ptr->g_glob = calloc(1, SH_MAX_GLOBS * (GLOB_LEN+1)); + if (!(ptr->g_glob)) + return -1; + return pthread_setspecific(g_key, ptr); +} + +void sh_g_destroy(void * data) +{ + struct gt * ptr = (struct gt *) data; + free(ptr->g_glob); + free(ptr); + return; +} + +static void sh_g_init() +{ + if (0 != pthread_key_create(&g_key, sh_g_destroy)) + { + perror("1"); + exit(EXIT_FAILURE); + } + + if (0 != sh_g_thread()) + { + perror("1"); + exit(EXIT_FAILURE); + } + return; +} +#define SH_G_INIT sh_g_init() +#else +#define SH_G_INIT ((void)0) +#endif + char * globber(const char * str) { @@ -143,7 +191,12 @@ size_t j; - static size_t items = 0; +#ifdef HAVE_PTHREAD + struct gt * ptr = pthread_getspecific(g_key); + size_t count = ptr->g_count; + char * glob = ptr->g_glob; +#else static size_t count = 0; static char glob[SH_MAX_GLOBS * (GLOB_LEN+1)]; +# if (str == NULL) @@ -152,6 +205,4 @@ j = strlen(str); - ++items; - ASSERT((j <= GLOB_LEN), _("j <= GLOB_LEN")) @@ -164,5 +215,4 @@ { count = 0; - items = 0; } @@ -177,5 +227,9 @@ i = count; +#ifdef HAVE_PTHREAD + ptr->count = count + j + 1; +#else count = count + j + 1; +#endif return &glob[i]; } @@ -1144,4 +1198,6 @@ char * my_argv[32]; #endif + + SH_G_INIT; /* Must precede any use of _() */ SL_ENTER(_("main")); Index: trunk/src/sh_calls.c =================================================================== --- trunk/src/sh_calls.c (revision 133) +++ trunk/src/sh_calls.c (revision 134) @@ -250,5 +250,5 @@ error = errno; if (val_retry < 0) { - (void) sl_strlcpy(aud_err_message, sh_error_message(error, errbuf, sizeof(errbuf)), 64); + (void) sh_error_message(error, aud_err_message, 64); sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT, sh_error_message(error, errbuf, sizeof(errbuf)), @@ -273,5 +273,5 @@ error = errno; if (val_retry < 0) { - (void) sl_strlcpy(aud_err_message, sh_error_message(error, errbuf, sizeof(errbuf)), 64); + (void) sh_error_message(error, aud_err_message, 64); sh_error_handle ((-1), file, line, error, MSG_ERR_STAT, sh_error_message(error, errbuf, sizeof(errbuf)), @@ -363,5 +363,5 @@ if (sec > 0) { - sleep (sec); + sleep (sec); /* nanosleep not available */ } else @@ -584,5 +584,5 @@ if (val_return < 0) { - (void) sl_strlcpy(aud_err_message, sh_error_message(error, errbuf, sizeof(errbuf)), 64); + (void) sh_error_message(error, aud_err_message, 64); } @@ -618,5 +618,5 @@ if (val_return < 0) { - (void) sl_strlcpy(aud_err_message, sh_error_message(error, errbuf, sizeof(errbuf)), 64); + (void) sh_error_message(error, aud_err_message, 64); } Index: trunk/src/sh_mail.c =================================================================== --- trunk/src/sh_mail.c (revision 133) +++ trunk/src/sh_mail.c (revision 134) @@ -2139,6 +2139,24 @@ #endif } + + SH_MUTEX_LOCK(mutex_resolv); if (domain != NULL) host = /*@-unrecog@*/sh_gethostbyname (domain)/*@+unrecog@*/; + + if (host) + { + result = SH_ALLOC (sizeof (mx)); + retval = SH_ALLOC (sizeof (dnsrep)); + retval->reply = result; + retval->count = 1; + result->pref = 0; + /*@-type@*/ + len = strlen (host->h_name) + 1; + result->address = SH_ALLOC (len); + sl_strlcpy (result->address, host->h_name, len); + /*@+type@*/ + } + SH_MUTEX_UNLOCK(mutex_resolv); + if (!host) { @@ -2152,14 +2170,5 @@ SL_RETURN (NULL, _("return_mx")); } - result = SH_ALLOC (sizeof (mx)); - retval = SH_ALLOC (sizeof (dnsrep)); - retval->reply = result; - retval->count = 1; - result->pref = 0; - /*@-type@*/ - len = strlen (host->h_name) + 1; - result->address = SH_ALLOC (len); - sl_strlcpy (result->address, host->h_name, len); - /*@+type@*/ + SL_RETURN (retval, _("return_mx")); } Index: trunk/src/sh_mem.c =================================================================== --- trunk/src/sh_mem.c (revision 133) +++ trunk/src/sh_mem.c (revision 134) @@ -38,4 +38,5 @@ #include "sh_utils.h" #include "sh_mem.h" +#include "sh_pthread.h" extern int safe_logger (int signal, int method, char * details); @@ -103,4 +104,21 @@ #endif +#ifdef HAVE_PTHREAD +static pthread_once_t mem_is_initialized = PTHREAD_ONCE_INIT; +static pthread_mutex_t mutex_mem; + +static int initialize_mem(void) +{ + pthread_mutexattr_t mta; + pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE); + pthread_mutex_init(&mutex_mem, &mta); + pthread_mutexattr_destroy(&mta); + return 0; +} +#define MEM_MUTEX_INIT (void) pthread_once(&mem_is_initialized, initialize_mem) +#else +#define MEM_MUTEX_INIT ((void)0) +#endif + #ifdef MEM_LOG void sh_mem_dump () @@ -109,5 +127,10 @@ - FILE * fd = fopen(MEM_LOG, "w"); + FILE * fd; + + MEM_MUTEX_INIT; + SH_MUTEX_LOCK(mutex_mem); + + fd = fopen(MEM_LOG, "w"); while (this != NULL) @@ -117,4 +140,5 @@ } fclose(fd); + SH_MUTEX_UNLOCK(mutex_mem); return; } @@ -133,9 +157,12 @@ SL_ENTER(_("sh_mem_stat")); + MEM_MUTEX_INIT; + SH_MUTEX_LOCK(mutex_mem); + if (Alloc_Count == Free_Count) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP, Mem_Max, Mem_Current); - SL_RET0(_("sh_mem_stat")); + goto out; } @@ -167,5 +194,6 @@ this = this->next; } - + out: + SH_MUTEX_UNLOCK(mutex_mem); SL_RET0(_("sh_mem_stat")); } @@ -178,4 +206,6 @@ SL_ENTER(_("sh_mem_check")); + MEM_MUTEX_INIT; + SH_MUTEX_LOCK(mutex_mem); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP, Mem_Max, Mem_Current); @@ -210,4 +240,5 @@ /* if (nerr > 0) abort(); */ + SH_MUTEX_UNLOCK(mutex_mem); SL_RET0(_("sh_mem_check")); } @@ -221,4 +252,6 @@ SL_ENTER(_("sh_mem_malloc")); + MEM_MUTEX_INIT; + SH_MUTEX_LOCK(mutex_mem); the_realAddress = malloc(size + 2 * SH_MEMMULT); @@ -327,5 +360,5 @@ eblock = 0; } - SL_RETURN( the_realAddress, _("sh_mem_malloc")); + _exit(42); } @@ -341,4 +374,5 @@ memlist = this; + SH_MUTEX_UNLOCK(mutex_mem); SL_RETURN( theAddress, _("sh_mem_malloc")); } @@ -353,9 +387,11 @@ SL_ENTER(_("sh_mem_free")); + MEM_MUTEX_INIT; + SH_MUTEX_LOCK(mutex_mem); if ( a == NULL ) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL, file, line); - SL_RET0(_("sh_mem_free")); + goto out; } @@ -374,5 +410,5 @@ sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MREC, file, line); - SL_RET0(_("sh_mem_free")); + goto out; } else @@ -423,4 +459,6 @@ Mem_Current -= size; + out: + SH_MUTEX_UNLOCK(mutex_mem); SL_RET0(_("sh_mem_free")); } Index: trunk/src/sh_portcheck.c =================================================================== --- trunk/src/sh_portcheck.c (revision 133) +++ trunk/src/sh_portcheck.c (revision 134) @@ -835,4 +835,5 @@ } + SH_MUTEX_LOCK(mutex_resolv); hent = gethostbyname(portchk_hostname); @@ -840,11 +841,15 @@ { memcpy (&(iface_list.iface[iface_list.used].s_addr), hent->h_addr_list[i], sizeof(in_addr_t)); + ++iface_list.used; + ++i; + } + SH_MUTEX_UNLOCK(mutex_resolv); + + for (i = 0; i < iface_list.used; ++i) + { sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), - inet_ntoa(iface_list.iface[iface_list.used])); + inet_ntoa(iface_list.iface[i])); sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, errbuf, _("sh_portchk_init")); - - ++iface_list.used; - ++i; } @@ -1442,10 +1447,4 @@ sh_portchk_check(); - /* - sleep(10); - - sh_portchk_check(); - */ - return 0; } Index: trunk/src/sh_prelude_old.c =================================================================== --- trunk/src/sh_prelude_old.c (revision 133) +++ trunk/src/sh_prelude_old.c (revision 134) @@ -127,4 +127,5 @@ #define SH_NEED_GETHOSTBYXXX #include "sh_static.h" +#include "sh_pthread.h" static char programname[64]; @@ -627,6 +628,8 @@ /* Get information about ip address */ + SH_MUTEX_LOCK(mutex_resolv); myhost = sh_gethostbyname(hostname); src_ip = xstrdup(inet_ntoa(*((struct in_addr *)myhost->h_addr_list[0]))); + SH_MUTEX_UNLOCK(mutex_resolv); Index: trunk/src/sh_static.c =================================================================== --- trunk/src/sh_static.c (revision 133) +++ trunk/src/sh_static.c (revision 134) @@ -51,4 +51,6 @@ #include #include + +#include "sh_pthread.h" #ifndef _PATH_PASSWD @@ -312,6 +314,6 @@ } -#define LOCK ((void) 0) -#define UNLOCK ((void) 0) +SH_MUTEX_STATIC(pwf_lock, PTHREAD_MUTEX_INITIALIZER); + static FILE *pwf = NULL; @@ -319,19 +321,19 @@ void sh_setpwent(void) { - LOCK; + SH_MUTEX_LOCK(pwf_lock); if (pwf) { rewind(pwf); } - UNLOCK; + SH_MUTEX_UNLOCK(pwf_lock); } void sh_endpwent(void) { - LOCK; + SH_MUTEX_LOCK(pwf_lock); if (pwf) { fclose(pwf); pwf = NULL; } - UNLOCK; + SH_MUTEX_UNLOCK(pwf_lock); } @@ -343,5 +345,5 @@ int rv; - LOCK; + SH_MUTEX_LOCK(pwf_lock); *result = NULL; /* In case of error... */ @@ -361,11 +363,10 @@ ERR: - UNLOCK; + SH_MUTEX_UNLOCK(pwf_lock); return rv; } -#define LOCK ((void) 0) -#define UNLOCK ((void) 0) +SH_MUTEX_STATIC(grf_lock, PTHREAD_MUTEX_INITIALIZER); static FILE *grf = NULL; @@ -373,19 +374,19 @@ void sh_setgrent(void) { - LOCK; + SH_MUTEX_LOCK(grf_lock); if (grf) { rewind(grf); } - UNLOCK; + SH_MUTEX_UNLOCK(grf_lock); } void sh_endgrent(void) { - LOCK; + SH_MUTEX_LOCK(grf_lock); if (grf) { fclose(grf); grf = NULL; } - UNLOCK; + SH_MUTEX_UNLOCK(grf_lock); } @@ -396,5 +397,5 @@ int rv; - LOCK; + SH_MUTEX_LOCK(grf_lock); *result = NULL; /* In case of error... */ @@ -414,5 +415,5 @@ ERR: - UNLOCK; + SH_MUTEX_UNLOCK(grf_lock); return rv; @@ -437,5 +438,5 @@ struct group *result; - sh_getgrent_r(&gr, line_buff, sizeof(line_buff), &result); + sh_getgrent_r(&gr, line_buff, sizeof(line_buff), &result); return result; } @@ -669,6 +670,6 @@ skip = 0; do { - if (!fgets_unlocked(line_buff, buflen, f)) { - if (feof_unlocked(f)) { + if (!fgets(line_buff, buflen, f)) { + if (feof(f)) { rv = ENOENT; } @@ -863,6 +864,5 @@ #include -#define BIGLOCK -#define BIGUNLOCK +SH_MUTEX_STATIC(resolv_lock, PTHREAD_MUTEX_INITIALIZER); #define __UCLIBC_HAS_IPV6__ @@ -1198,5 +1198,5 @@ sl_strlcpy(lookup,name,MAXDNAME); - BIGLOCK; + SH_MUTEX_LOCK_UNSAFE(resolv_lock); if (variant < __searchdomains && strchr(lookup, '.') == NULL) { @@ -1204,5 +1204,5 @@ sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); } - BIGUNLOCK; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); DPRINTF("lookup name: %s\n", lookup); q.dotted = (char *)lookup; @@ -1348,7 +1348,7 @@ int sdomains; - BIGLOCK; + SH_MUTEX_LOCK_UNSAFE(resolv_lock); sdomains=__searchdomains; - BIGUNLOCK; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); variant = 0; if (retries >= nscount*(sdomains+1)) @@ -1360,7 +1360,7 @@ { int sdomains; - BIGLOCK; + SH_MUTEX_LOCK_UNSAFE(resolv_lock); sdomains=__searchdomains; - BIGUNLOCK; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); if (variant < sdomains) { @@ -1566,8 +1566,7 @@ int argc; - BIGLOCK; - if (__nameservers > 0) { - BIGUNLOCK; - return 0; + SH_MUTEX_LOCK(resolv_lock); + if (__nameservers > 0) { + goto the_end; } @@ -1614,5 +1613,6 @@ } DPRINTF("nameservers = %d\n", __nameservers); - BIGUNLOCK; + the_end: + SH_MUTEX_UNLOCK(resolv_lock); return 0; } @@ -1691,8 +1691,8 @@ for (;;) { - BIGLOCK; + SH_MUTEX_LOCK_UNSAFE(resolv_lock); __nameserversXX=__nameservers; __nameserverXX=__nameserver; - BIGUNLOCK; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); i = __dns_lookup(buf, T_A, __nameserversXX, __nameserverXX, &packet, &a); @@ -1911,8 +1911,8 @@ for (;;) { - BIGLOCK; + SH_MUTEX_LOCK_UNSAFE(resolv_lock); __nameserversXX=__nameservers; __nameserverXX=__nameserver; - BIGUNLOCK; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); i = __dns_lookup(buf, T_PTR, __nameserversXX, __nameserverXX, &packet, &a); Index: trunk/src/sh_tiger0.c =================================================================== --- trunk/src/sh_tiger0.c (revision 133) +++ trunk/src/sh_tiger0.c (revision 134) @@ -100,5 +100,5 @@ */ -static sh_byte buffer[PRIV_MAX + 72]; +/* static sh_byte buffer[PRIV_MAX + 72]; */ #if defined(TIGER_64_BIT) @@ -121,5 +121,5 @@ UINT64 bcount = 0; - static int lockflag = SL_FALSE; + char * buffer = SH_ALLOC(PRIV_MAX + 72); unsigned long pages_read; @@ -176,25 +176,28 @@ MSG_E_ACCESS, (long) euid, tmp); SH_FREE(tmp); + SH_FREE(buffer); SL_RETURN( NULL, _("sh_tiger_hash_val")); } - SH_MUTEX_LOCK(mutex_skey); #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) - if ((lockflag == SL_FALSE) && (skey->mlock_failed == SL_FALSE)) + if (skey->mlock_failed == SL_FALSE) { - lockflag = SL_TRUE; if ( (-1) == sh_unix_mlock(FIL__, __LINE__, (char *)buffer, (PRIV_MAX)*sizeof(sh_byte))) - skey->mlock_failed = SL_TRUE; + { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + } } #else - if (lockflag == SL_FALSE && skey->mlock_failed == SL_FALSE) + if (skey->mlock_failed == SL_FALSE) { - lockflag = SL_TRUE; + SH_MUTEX_LOCK_UNSAFE(mutex_skey); skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); } #endif - SH_MUTEX_UNLOCK(mutex_skey); #ifdef TIGER_DBG @@ -216,4 +219,6 @@ { if (sig_termfast == 1) { + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); SL_RETURN( NULL, _("sh_tiger_hash_val")); } @@ -234,4 +239,6 @@ memset (buffer, 0, PRIV_MAX); + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); SL_RETURN( NULL, _("sh_tiger_hash_val")); } @@ -278,5 +285,6 @@ memset (bbuf, 0, 64); memset (buffer, 0, PRIV_MAX); - + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); SL_RETURN( NULL, _("sh_tiger_hash_val")); } @@ -364,5 +372,6 @@ if (what == TIGER_FILE) (void) sl_close (fd); - + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); SL_RETURN( res, _("sh_tiger_hash_val")); } @@ -370,7 +379,11 @@ if (what == TIGER_DATA && filename != NULL) { - tiger(TIGER_CAST filename, (sh_word32) Length, res); + tiger(TIGER_CAST filename, (sh_word32) Length, res); + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); SL_RETURN(res, _("sh_tiger_hash_val")); } + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); SL_RETURN( NULL, _("sh_tiger_hash_val")); } Index: trunk/src/sh_tools.c =================================================================== --- trunk/src/sh_tools.c (revision 133) +++ trunk/src/sh_tools.c (revision 134) @@ -521,5 +521,6 @@ #endif { - + SH_MUTEX_LOCK(mutex_resolv); + host_entry = sh_gethostbyname(address); @@ -598,4 +599,5 @@ } } + SH_MUTEX_UNLOCK(mutex_resolv); } Index: trunk/src/sh_unix.c =================================================================== --- trunk/src/sh_unix.c (revision 133) +++ trunk/src/sh_unix.c (revision 134) @@ -1583,5 +1583,12 @@ } + SH_MUTEX_LOCK(mutex_resolv); he1 = sh_gethostbyname(hostname); + + if (he1 != NULL) + { + sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); + } + SH_MUTEX_UNLOCK(mutex_resolv); if (he1 == NULL) @@ -1591,8 +1598,4 @@ hostname); sl_strlcpy (sh.host.name, hostname, SH_PATHBUF); - } - else - { - sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); } @@ -1638,4 +1641,6 @@ (void) gethostname (hostname, 1024); hostname[1023] = '\0'; + + SH_MUTEX_LOCK(mutex_resolv); he1 = sh_gethostbyname(hostname); @@ -1644,5 +1649,7 @@ sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); } - else + SH_MUTEX_UNLOCK(mutex_resolv); + + if (he1 == NULL) { dlog(1, FIL__, __LINE__, @@ -1693,5 +1700,7 @@ (char *) skey, sizeof (sh_key_t)) ) { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); } } @@ -1699,5 +1708,7 @@ if (skey->mlock_failed == SL_FALSE) { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); } #endif @@ -4188,4 +4199,7 @@ #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + +SH_MUTEX_STATIC(mutex_mlock,PTHREAD_MUTEX_INITIALIZER); + int sh_unix_mlock (char * file, int line, void * in_addr, size_t len) { @@ -4201,8 +4215,13 @@ SL_ENTER(_("sh_unix_mlock")); + /* There's no cancellation point here, except if tracing is on + */ + SH_MUTEX_LOCK_UNSAFE(mutex_mlock); + if (0 != page_locking) { SL_RETURN((-1), _("sh_unix_mlock")); } + page_locking = 1; @@ -4218,4 +4237,5 @@ * addr is first page; num_pages is #(consecutive pages) to lock */ + while ((page_list != NULL) && (num_pages > 0)) { @@ -4271,6 +4291,7 @@ addr += pagesize; } - page_locking = 0; + SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); + SL_RETURN((status), _("sh_unix_mlock")); } @@ -4304,4 +4325,8 @@ SL_ENTER(_("sh_unix_munlock")); + + /* There's no cancellation point here, except if tracing is on + */ + SH_MUTEX_LOCK_UNSAFE(mutex_mlock); if (0 != page_locking) @@ -4412,4 +4437,6 @@ page_locking = 0; + SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); + SL_RETURN((status), _("sh_unix_munlock")); } Index: trunk/src/sh_userfiles.c =================================================================== --- trunk/src/sh_userfiles.c (revision 133) +++ trunk/src/sh_userfiles.c (revision 134) @@ -267,4 +267,5 @@ /* We build a list in here because the samhain internals want to use * getpwent() too */ + SH_MUTEX_LOCK(mutex_pwent); /*@-unrecog@*/ sh_setpwent(); @@ -292,4 +293,6 @@ } } + sh_endpwent(); + SH_MUTEX_UNLOCK(mutex_pwent); for (homes = userHomes; homes != NULL; homes = homes->next ) { Index: trunk/src/trustfile.c =================================================================== --- trunk/src/trustfile.c (revision 133) +++ trunk/src/trustfile.c (revision 134) @@ -507,4 +507,6 @@ #endif + int retval = SL_FALSE; + SL_ENTER(_("onlytrustedingrp")); @@ -603,4 +605,6 @@ /* now check ALL users for their GID !!! */ + SH_MUTEX_LOCK(mutex_pwent); + while (NULL != (w = sh_getpwent())) { @@ -643,26 +647,34 @@ #endif tf_baduid = w->pw_uid; - SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); + retval = SL_FALSE; + goto out; + /* SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); */ } } } + retval = SL_TRUE; + + out: #ifdef HAVE_ENDPWENT sh_endpwent(); #endif + + SH_MUTEX_UNLOCK(mutex_pwent); + /* TEST_ONLY */ #endif - /* #ifdef HAVE_GETPWENT */ #endif #ifdef TRUST_DEBUG - fprintf(stderr, - "trustfile: group %ld: all members are trusted users --> OK\n", - (UID_CAST)grp); + if (retval == SL_TRUE) + fprintf(stderr, + "trustfile: group %ld: all members are trusted users --> OK\n", + (UID_CAST)grp); #endif /* all found */ - SL_IRETURN(SL_TRUE, _("onlytrustedingrp")); + SL_IRETURN(retval, _("onlytrustedingrp")); }