Backported CORE-6450 & CORE-6441

AlexPeshkoff · AlexPeshkoff · commit 8f49cd73de5f · 2020-11-19T13:38:18.000+03:00
diff --git a/src/auth/SecDbCache.cpp b/src/auth/SecDbCache.cpp
@@ -51,7 +51,7 @@ void CachedSecurityDatabase::handler()
 }
 
 
-void PluginDatabases::getInstance(IPluginConfig* pluginConfig, RefPtr<CachedSecurityDatabase>& instance)
+void PluginDatabases::getInstance(IPluginConfig* pluginConfig, CachedSecurityDatabase::Instance& instance)
 {
 	// Determine sec.db name based on existing config
 	PathName secDbName;
@@ -74,18 +74,28 @@ void PluginDatabases::getInstance(IPluginConfig* pluginConfig, RefPtr<CachedSecu
 
 	{ // guard scope
 		MutexLockGuard g(arrayMutex, FB_FUNCTION);
-		for (unsigned int i = 0; i < dbArray.getCount(); ++i)
+		for (unsigned int i = 0; i < dbArray.getCount(); )
 		{
 			if (secDbName == dbArray[i]->secureDbName)
 			{
-				instance = dbArray[i];
-				break;
+				CachedSecurityDatabase* fromCache = dbArray[i];
+				if (fromCache->secDb->test())
+				{
+					instance.set(fromCache);
+					break;
+				}
+				else
+				{
+					dbArray.remove(i);
+					continue;
+				}
 			}
+			++i;
 		}
 
 		if (!instance)
 		{
-			instance = FB_NEW CachedSecurityDatabase(this, secDbName);
+			instance.set(FB_NEW CachedSecurityDatabase(this, secDbName));
 			instance->addRef();
 			secDbName.copyTo(instance->secureDbName, sizeof(instance->secureDbName));
 			dbArray.add(instance);
diff --git a/src/auth/SecDbCache.h b/src/auth/SecDbCache.h
@@ -49,6 +49,7 @@ class VSecDb
 	}
 
 	virtual bool lookup(void* inMsg, void* outMsg) = 0;
+	virtual bool test() = 0;
 };
 
 
@@ -85,6 +86,33 @@ class CachedSecurityDatabase FB_FINAL
 	Firebird::Mutex mutex;
 	Firebird::AutoPtr<VSecDb> secDb;
 	PluginDatabases* list;
+
+public:
+	// Related RAII holder
+	class Instance : public Firebird::RefPtr<CachedSecurityDatabase>
+	{
+	public:
+		Instance()
+		{ }
+
+		void set(CachedSecurityDatabase* db)
+		{
+			fb_assert(!hasData());
+			fb_assert(db);
+
+			assign(db);
+			(*this)->mutex.enter(FB_FUNCTION);
+		}
+
+		~Instance()
+		{
+			if (hasData())
+			{
+				(*this)->mutex.leave();
+				(*this)->close();
+			}
+		}
+	};
 };
 
 class PluginDatabases
@@ -99,7 +127,7 @@ class PluginDatabases
 	Firebird::Mutex arrayMutex;
 
 public:
-	void getInstance(Firebird::IPluginConfig* pluginConfig, Firebird::RefPtr<CachedSecurityDatabase>& instance);
+	void getInstance(Firebird::IPluginConfig* pluginConfig, CachedSecurityDatabase::Instance& instance);
 	int shutdown();
 	void handler(CachedSecurityDatabase* tgt);
 };
diff --git a/src/auth/SecureRemotePassword/server/SrpServer.cpp b/src/auth/SecureRemotePassword/server/SrpServer.cpp
@@ -120,6 +120,14 @@ class SecurityDatabase : public VSecDb
 		return false;	// safe default
 	}
 
+	bool test() override
+	{
+		Jrd::FbLocalStatus status;
+
+		att->ping(&status);
+		return !(status->getState() & IStatus::STATE_ERRORS);
+	}
+
 	// This 2 are needed to satisfy temporarily different calling requirements
 	static int shutdown(const int, const int, void*)
 	{
@@ -293,28 +301,19 @@ int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
 			messages.param->loginNull = 0;
 			messages.data.clear();
 
-			{ // reference & mutex scope scope
+			{ // instance RAII scope
+				CachedSecurityDatabase::Instance instance;
+
 				// Get database block from cache
-				RefPtr<CachedSecurityDatabase> instance;
 				instances->getInstance(iParameter, instance);
+				secDbName = instance->secureDbName;
 
-				try
-				{
-					MutexLockGuard g(instance->mutex, FB_FUNCTION);
-
-					secDbName = instance->secureDbName;
-					if (!instance->secDb)
-						instance->secDb = FB_NEW SecurityDatabase(instance->secureDbName, cryptCallback);
-
-					instance->secDb->lookup(messages.param.getData(), messages.data.getData());
-				}
-				catch(const Exception&)
-				{
-					instance->close();
-					throw;
-				}
+				// Create SecurityDatabase if needed
+				if (!instance->secDb)
+					instance->secDb = FB_NEW SecurityDatabase(instance->secureDbName, cryptCallback);
 
-				instance->close();
+				// Lookup
+				instance->secDb->lookup(messages.param.getData(), messages.data.getData());
 			}
 			HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: Executed statement\n"));
 
diff --git a/src/auth/SecurityDatabase/LegacyServer.cpp b/src/auth/SecurityDatabase/LegacyServer.cpp
@@ -149,6 +149,11 @@ class SecurityDatabase : public VSecDb
 public:
 	bool lookup(void* inMsg, void* outMsg);
 
+	bool test() override
+	{
+		return fb_ping(status, &lookup_db) == FB_SUCCESS;
+	}
+
 	// This 2 are needed to satisfy temporarily different calling requirements
 	static int shutdown(const int, const int, void*)
 	{
@@ -326,32 +331,20 @@ int SecurityDatabaseServer::authenticate(CheckStatusWrapper* status, IServerBloc
 		bool found = false;
 		char pw1[MAX_LEGACY_PASSWORD_LENGTH + 1];
 		PathName secureDbName;
-		{ // reference & mutex scope scope
+		{ // instance scope
 			// Get database block from cache
-			RefPtr<CachedSecurityDatabase> instance;
+			CachedSecurityDatabase::Instance instance;
 			instances->getInstance(iParameter, instance);
 
-			try
-			{
-				MutexLockGuard g(instance->mutex, FB_FUNCTION);
-
-				secureDbName = instance->secureDbName;
-				if (!instance->secDb)
-					instance->secDb = FB_NEW SecurityDatabase(instance->secureDbName);
-
-				user_name uname;		// user name buffer
-				login.copyTo(uname, sizeof uname);
-				user_record user_block;		// user record
-				found = instance->secDb->lookup(uname, &user_block);
-				fb_utils::copy_terminate(pw1, user_block.password, MAX_LEGACY_PASSWORD_LENGTH + 1);
-			}
-			catch(const Exception&)
-			{
-				instance->close();
-				throw;
-			}
+			secureDbName = instance->secureDbName;
+			if (!instance->secDb)
+				instance->secDb = FB_NEW SecurityDatabase(instance->secureDbName);
 
-			instance->close();
+			user_name uname;		// user name buffer
+			login.copyTo(uname, sizeof uname);
+			user_record user_block;		// user record
+			found = instance->secDb->lookup(uname, &user_block);
+			fb_utils::copy_terminate(pw1, user_block.password, MAX_LEGACY_PASSWORD_LENGTH + 1);
 		}
 		if (!found)
 		{
diff --git a/src/common/classes/RefCounted.h b/src/common/classes/RefCounted.h
@@ -193,7 +193,7 @@ namespace Firebird
 			return ptr;
 		}
 
-	private:
+	protected:
 		T* assign(T* const p)
 		{
 			if (ptr != p)

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ void CachedSecurityDatabase::handler()`
`51`	`51`	`}`
`52`	`52`
`53`	`53`
`54`		`-void PluginDatabases::getInstance(IPluginConfig* pluginConfig, RefPtr<CachedSecurityDatabase>& instance)`
	`54`	`+void PluginDatabases::getInstance(IPluginConfig* pluginConfig, CachedSecurityDatabase::Instance& instance)`
`55`	`55`	`{`
`56`	`56`	`// Determine sec.db name based on existing config`
`57`	`57`	`PathName secDbName;`
`@@ -74,18 +74,28 @@ void PluginDatabases::getInstance(IPluginConfig* pluginConfig, RefPtr<CachedSecu`
`74`	`74`
`75`	`75`	`{ // guard scope`
`76`	`76`	`MutexLockGuard g(arrayMutex, FB_FUNCTION);`
`77`		`- for (unsigned int i = 0; i < dbArray.getCount(); ++i)`
	`77`	`+ for (unsigned int i = 0; i < dbArray.getCount(); )`
`78`	`78`	`{`
`79`	`79`	`if (secDbName == dbArray[i]->secureDbName)`
`80`	`80`	`{`
`81`		`- instance = dbArray[i];`
`82`		`- break;`
	`81`	`+ CachedSecurityDatabase* fromCache = dbArray[i];`
	`82`	`+ if (fromCache->secDb->test())`
	`83`	`+ {`
	`84`	`+ instance.set(fromCache);`
	`85`	`+ break;`
	`86`	`+ }`
	`87`	`+ else`
	`88`	`+ {`
	`89`	`+ dbArray.remove(i);`
	`90`	`+ continue;`
	`91`	`+ }`
`83`	`92`	`}`
	`93`	`+ ++i;`
`84`	`94`	`}`
`85`	`95`
`86`	`96`	`if (!instance)`
`87`	`97`	`{`
`88`		`- instance = FB_NEW CachedSecurityDatabase(this, secDbName);`
	`98`	`+ instance.set(FB_NEW CachedSecurityDatabase(this, secDbName));`
`89`	`99`	`instance->addRef();`
`90`	`100`	`secDbName.copyTo(instance->secureDbName, sizeof(instance->secureDbName));`
`91`	`101`	`dbArray.add(instance);`
Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ namespace Firebird`
`193`	`193`	`return ptr;`
`194`	`194`	`}`
`195`	`195`
`196`		`- private:`
	`196`	`+ protected:`
`197`	`197`	`T* assign(T* const p)`
`198`	`198`	`{`
`199`	`199`	`if (ptr != p)`