Re: [OpenCA-Devel] Race condition in request handling and certificate issuance

Tue, 12 Jul 2005 08:38:29 -0700 

Michael Bell wrote:
> The best way is to checkout the CVS branch openca_0_9_2 from Sourceforge
> because this branch includes all fixes for 0.9.2.x. Additionally "diff
> -u" is recommended to help us handling merge trouble.

OK, now with diff -u and against the current openca_0_9_2 from SourceForge.

Regards,
   Juergen

--- openca-0.9/src/common/lib/functions/crypto-utils.lib        2005-06-21 
11:06:14.000000000 +0200
+++ openca-0.9-lock/src/common/lib/functions/crypto-utils.lib   2005-07-12 
16:12:07.000000000 +0200
@@ -19,6 +19,7 @@
 
 use strict;
 use Locale::Messages (':libintl_h');
+use Fcntl ':flock';
 
 ##
 ## following you can find the defined errorcodes of this library
@@ -77,6 +78,7 @@
 ## -------------------
 ## 6701 Needed key to access database!
 ## 6702 Needed passwd!
+## 6710 Cannot open LockFile
 ## 6703 SERVICE_MAIL_ACCOUNT not defined in configfile
 ## 6711 Cannot Access Request!
 ## 6711 Another cert with the same key detected
@@ -1646,6 +1648,31 @@
     return 1;
 }
 
+
+sub libIssueCertificate
+{
+  our $errno;
+  our $errval;
+
+  my $keys = [EMAIL PROTECTED];
+  my $ret;
+  if ( not open ( LOCKFILE, ">> ".getRequired("LockFile")) ) {
+            $errno  = 6710; 
+            $errval = gettext ("Cannot open lockfile.");
+            return undef;
+   }
+
+  flock LOCKFILE, LOCK_EX;
+
+  $ret = libIssueCertificate_notLocked(%{$keys});
+
+  flock LOCKFILE, LOCK_UN;
+
+  close LOCKFILE;
+
+  return $ret;
+}
+
 ## 1. load ca_token
 ## 2. load request
 ## 3. load parameters
@@ -1670,7 +1697,7 @@
 ## 8. update database
 ## tempfile cleanup
 
-sub libIssueCertificate {
+sub libIssueCertificate_notLocked {
 
     our ($errno, $errval);
     my $keys = { @_ };

--- openca-0.9/src/web-interfaces/ca/ca.conf.in 2004-09-20 17:18:13.000000000 
+0200
+++ openca-0.9-lock/src/web-interfaces/ca/ca.conf.in    2005-07-12 
16:12:47.000000000 +0200
@@ -49,6 +49,7 @@
 MaxReturnedItems       20
  
 TempDir                "@var_prefix@/tmp"
+LockFile               "@var_prefix@/tmp/IssueCertificateLock"
 certsIndex             "@var_prefix@/crypto/index.txt"
 extFilesDir            "@etc_prefix@/openssl/extfiles"
 certDir                        "@var_prefix@/crypto/certs"

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to