From 62ff4caa39235fd0ba30b51f419309fcba06001d Mon Sep 17 00:00:00 2001
From: Patrik Nyblom <pan@erlang.org>
Date: Thu, 26 May 2011 18:41:51 +0200
Subject: Add global lock for erlsrv to avoid races

---
 erts/etc/win32/erlsrv/erlsrv_interactive.c | 140 ++++++++++++++++++++++++-----
 erts/etc/win32/erlsrv/erlsrv_interactive.h |   2 +
 2 files changed, 120 insertions(+), 22 deletions(-)

(limited to 'erts/etc/win32')

diff --git a/erts/etc/win32/erlsrv/erlsrv_interactive.c b/erts/etc/win32/erlsrv/erlsrv_interactive.c
index 13e029b364..8910be103b 100644
--- a/erts/etc/win32/erlsrv/erlsrv_interactive.c
+++ b/erts/etc/win32/erlsrv/erlsrv_interactive.c
@@ -841,6 +841,7 @@ int do_add_or_set(int argc, char **argv){
 	   argv[0], service_name);
   return 0;
 }
+
 int do_rename(int argc, char **argv){
   RegEntry *current = empty_reg_tab();
   RegEntry *dummy = empty_reg_tab();
@@ -1129,35 +1130,130 @@ void read_arguments(int *pargc, char ***pargv){
     *pargc = argc;
     *pargv = argv;
 }
+
+/* Create a free-for-all ACL to set on the semaphore */
+PACL get_acl(PSECURITY_DESCRIPTOR secdescp)  
+{
+  DWORD acl_length = 0;  
+  PSID auth_users_sidp = NULL;  
+  PACL aclp = NULL;  
+  SID_IDENTIFIER_AUTHORITY ntauth = SECURITY_NT_AUTHORITY;  
+  
+  if(!InitializeSecurityDescriptor(secdescp, SECURITY_DESCRIPTOR_REVISION)) {
+    return NULL;
+  }
+  
+  if(!AllocateAndInitializeSid(&ntauth, 
+			       1, 
+			       SECURITY_AUTHENTICATED_USER_RID, 
+			       0, 0, 0, 0, 0, 0, 0, 
+			       &auth_users_sidp)) {
+    return NULL;
+  }
+  
+  acl_length =   sizeof(ACL) +  
+    sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) +  
+    GetLengthSid(auth_users_sidp);  
+  
+  if((aclp = (PACL) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, acl_length)) == NULL) {
+    FreeSid(auth_users_sidp);  
+    return NULL;
+  }
+  
+  if(!InitializeAcl(aclp, acl_length, ACL_REVISION)) {
+    FreeSid(auth_users_sidp);  
+    HeapFree(GetProcessHeap(), 0, aclp);
+    return NULL;
+  }
+  
+  if(!AddAccessAllowedAce(aclp, ACL_REVISION, SEMAPHORE_ALL_ACCESS, auth_users_sidp)) {
+    FreeSid(auth_users_sidp);  
+    HeapFree(GetProcessHeap(), 0, aclp);
+    return NULL;
+  }
+  
+  if(!SetSecurityDescriptorDacl(secdescp, TRUE, aclp, FALSE)) {
+    FreeSid(auth_users_sidp);  
+    HeapFree(GetProcessHeap(), 0, aclp);
+    return NULL;
+  }
+  return aclp;  
+} 
+
+static HANDLE lock_semaphore = NULL;
+
+int take_lock(void) {
+  SECURITY_ATTRIBUTES attr;  
+  PACL aclp;  
+  SECURITY_DESCRIPTOR secdesc;  
+  
+  if ((aclp = get_acl(&secdesc)) == NULL) {
+    return -1;
+  }
+  
+  memset(&attr,0,sizeof(attr));
+  attr.nLength = sizeof(attr);  
+  attr.lpSecurityDescriptor = &secdesc;  
+  attr.bInheritHandle = FALSE;  
+  
+  if ((lock_semaphore = CreateSemaphore(&attr, 1, 1, ERLSRV_INTERACTIVE_GLOBAL_SEMAPHORE)) == NULL) {
+    return -1;
+  }
+  
+  if (WaitForSingleObject(lock_semaphore,INFINITE) != WAIT_OBJECT_0) {
+    return -1;
+  }
+  
+  HeapFree(GetProcessHeap(), 0, aclp);
+  return 0;
+}
+
+void release_lock(void) {
+  ReleaseSemaphore(lock_semaphore,1,NULL);
+}
     
 
+
 int interactive_main(int argc, char **argv){
   char *action = argv[1];
-
+  int res;
+  
+  if (take_lock() != 0) {
+    fprintf(stderr,"%s: unable to acquire global lock (%s).\n",argv[0],
+	    ERLSRV_INTERACTIVE_GLOBAL_SEMAPHORE);
+    return 1;
+  }
+  
   if(!_stricmp(action,"readargs")){
-      read_arguments(&argc,&argv);
-      action = argv[1];
+    read_arguments(&argc,&argv);
+    action = argv[1];
   }
   if(!_stricmp(action,"set") || !_stricmp(action,"add"))
-    return do_add_or_set(argc,argv);
-  if(!_stricmp(action,"rename"))
-    return do_rename(argc,argv);
-  if(!_stricmp(action,"remove"))
-    return do_remove(argc,argv);
-  if(!_stricmp(action,"list"))
-    return do_list(argc,argv);
-  if(!_stricmp(action,"start") ||
-     !_stricmp(action,"stop") ||
-     !_stricmp(action,"enable") ||
-     !_stricmp(action,"disable"))
-    return do_manage(argc,argv);
-  if(_stricmp(action,"?") &&
-     _stricmp(action,"/?") &&
-     _stricmp(action,"-?") &&
-     *action != 'h' &&
-     *action != 'H')
+    res = do_add_or_set(argc,argv);
+  else if(!_stricmp(action,"rename"))
+    res = do_rename(argc,argv);
+  else if(!_stricmp(action,"remove"))
+    res = do_remove(argc,argv);
+  else if(!_stricmp(action,"list"))
+    res = do_list(argc,argv);
+  else if(!_stricmp(action,"start") ||
+	  !_stricmp(action,"stop") ||
+	  !_stricmp(action,"enable") ||
+	  !_stricmp(action,"disable"))
+    res =  do_manage(argc,argv);
+  else if(_stricmp(action,"?") &&
+	  _stricmp(action,"/?") &&
+	  _stricmp(action,"-?") &&
+	  *action != 'h' &&
+	  *action != 'H') {
     fprintf(stderr,"%s: action %s not implemented.\n",argv[0],action);
-  do_usage(argv[0]);
-  return 1;
+    do_usage(argv[0]);
+    res = 1;
+  } else {
+    do_usage(argv[0]);
+    res = 0;
+  }
+  release_lock();
+  return res;
 }
 
diff --git a/erts/etc/win32/erlsrv/erlsrv_interactive.h b/erts/etc/win32/erlsrv/erlsrv_interactive.h
index deacf81899..602da24575 100644
--- a/erts/etc/win32/erlsrv/erlsrv_interactive.h
+++ b/erts/etc/win32/erlsrv/erlsrv_interactive.h
@@ -19,6 +19,8 @@
 #ifndef _ERLSRV_INTERACTIVE_H
 #define _ERLSRV_INTERACTIVE_H
 
+#define ERLSRV_INTERACTIVE_GLOBAL_SEMAPHORE "{468d6954-e355-415f-968f-d257cb0feef4}"
+
 int interactive_main(int argc, char **argv);
 
 #endif /* _ERLSRV_INTERACTIVE_H */
-- 
cgit v1.2.3