Enabled security database connection caching and brute-force attack protection for SuperClassic.

This code is almost useless for the regular Classic, but it doesn't hurt either.
2025-01-23 16:03:02 +01:00 · 2008-05-02 11:10:00 +00:00 · 2008-05-02 11:10:00 +00:00 · 51cdfd50e0
commit 51cdfd50e0
parent 1c7c22820f
2 changed files with 19 additions and 36 deletions
--- a/src/jrd/jrd_pwd.h
+++ b/src/jrd/jrd_pwd.h
@ -96,8 +96,6 @@ private:
 	isc_db_handle lookup_db;
 	isc_req_handle lookup_req;

-	static const bool is_cached;
-
 	int counter;

 	void fini();
@ -107,10 +105,9 @@ private:

 	static SecurityDatabase instance;

-	SecurityDatabase() 
-	{
-		lookup_db = 0;
-	}
+	SecurityDatabase()
+		: lookup_db(0), lookup_req(0), counter(0)
+	{}

 public:
 	// Shuts SecurityDatabase in case of errors during attach or create.
@ -159,4 +156,4 @@ public:

 } // namespace Jrd

-#endif /* JRD_PWD_H */
+#endif // JRD_PWD_H
--- a/src/jrd/pwd.cpp
+++ b/src/jrd/pwd.cpp
@ -44,12 +44,6 @@

 using namespace Jrd;

-#ifdef SUPERSERVER
-const bool SecurityDatabase::is_cached = true;
-#else
-const bool SecurityDatabase::is_cached = false;
-#endif
-
 // BLR to search database for user name record

 const UCHAR SecurityDatabase::PWD_REQUEST[] = {
@ -113,8 +107,7 @@ SecurityDatabase SecurityDatabase::instance;

 #ifndef EMBEDDED
 namespace {
-#ifdef SUPERSERVER
-// Disable attempts to brutforce logins/passwords
+// Disable attempts to brute-force logins/passwords
 	class FailedLogin
 	{
 	public:
@ -211,16 +204,6 @@ namespace {
 			}
 		}
 	};
-#else //SUPERSERVER
-	// Unfortunately, in case of multi-process architectire, this doesn't work.
-	class FailedLogins
-	{
-	public:
-		explicit FailedLogins(MemoryPool& p) {}
-		void loginFail(const Firebird::string& login) { }
-		void loginSuccess(const Firebird::string& login) {}
-	};
-#endif //SUPERSERVER

 	Firebird::InitInstance<FailedLogins> usernameFailedLogins;
 	Firebird::InitInstance<FailedLogins> remoteFailedLogins;
@ -235,19 +218,23 @@ namespace {
 void SecurityDatabase::fini()
 {
 	Firebird::MutexLockGuard guard(mutex);
-	counter -= (is_cached) ? 1 : 0;
-#ifndef EMBEDDED
-	if (counter == 1 && lookup_db)
+	if (--counter == 1)
 	{
-		isc_detach_database(status, &lookup_db);
+		if (lookup_req)
+		{
+			isc_release_request(status, &lookup_req);
+		}
+		if (lookup_db)
+		{
+			isc_detach_database(status, &lookup_db);
+		}
 	}
-#endif
 }

 void SecurityDatabase::init()
 {
 	Firebird::MutexLockGuard guard(mutex);
-	counter += (is_cached) ? 1 : 0;
+	++counter;
 }

 bool SecurityDatabase::lookup_user(const TEXT* user_name, int* uid, int* gid, TEXT* pwd)
@ -274,6 +261,10 @@ bool SecurityDatabase::lookup_user(const TEXT* user_name, int* uid, int* gid, TE

 	if (!prepare())
 	{
+		if (lookup_req)
+		{
+			isc_release_request(status, &lookup_req);
+		}
 		if (lookup_db)
 		{
 			isc_db_handle tmp = lookup_db;
@ -314,11 +305,6 @@ bool SecurityDatabase::lookup_user(const TEXT* user_name, int* uid, int* gid, TE

 	isc_rollback_transaction(status, &lookup_trans);

-	if (!is_cached)
-	{
-		isc_detach_database(status, &lookup_db);
-	}
-
 	return found;
 }