Add new option to asterisk.conf (lockconfdir) to protect conf dir during reloads

(closes issue #16358) Reported by: raarts Patches: lockconfdir.diff uploaded by raarts (license 937) modified by me git-svn-id: http://svn.digium.com/svn/asterisk/trunk@243551 f38db490-d61c-443f-a65b-d21fe96a405b
author: jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b> 2010-01-27 18:29:49 +0000
committer: jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b> 2010-01-27 18:29:49 +0000
commit: dd43b1905e4c4177b84bac51e4f0d02538cbf0ae (patch)
tree: 2f8be97f4da2d33e2bcaa8caddcb6f0037931465
parent: 182dc0d6c4e61c3edbfd836c7a03e17956f9fb9b (diff)
5 files changed, 31 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 60504e74c..ca811cabe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -389,6 +389,8 @@ Miscellaneous
  * An 'X' option has been added to the asterisk application which enables #exec support.
    This allows #exec to be used in asterisk.conf.
  * jabber.conf supports a new option auth_policy that toggles auto user registration.
+ * A new lockconfdir option has been added to asterisk.conf to protect the
+   AST_CONFIG_DIR during reloads.
 
 ------------------------------------------------------------------------------
 --- Functionality changes from Asterisk 1.6.1 to Asterisk 1.6.2  -------------
diff --git a/Makefile b/Makefile
index a198d7a96..a2521017c 100644
--- a/Makefile
+++ b/Makefile
@@ -743,6 +743,7 @@ samples: adsi
 		echo ";lightbackground = yes ; If your terminal is set for a light-colored background" ; \
 		echo "documentation_language = en_US ; Set the Language you want Documentation displayed in. Value is in the same format as locale names" ; \
 		echo ";hideconnect = yes ; Hide messages displayed when a remote console connects and disconnects" ; \
+		echo ";lockconfdir = no ; Protect the directory containing the configuration files (/etc/asterisk) with a lock" ; \
 		echo "" ; \
 		echo "; Changing the following lines may compromise your security." ; \
 		echo ";[files]" ; \
diff --git a/include/asterisk/options.h b/include/asterisk/options.h
index 065d0c9a1..d3305be66 100644
--- a/include/asterisk/options.h
+++ b/include/asterisk/options.h
@@ -90,6 +90,8 @@ enum ast_option_flags {
 	AST_OPT_FLAG_FORCE_BLACK_BACKGROUND = (1 << 27),
 	/*! Hide remote console connect messages on console */
 	AST_OPT_FLAG_HIDE_CONSOLE_CONNECT = (1 << 28),
+	/*! Protect the configuration file path with a lock */
+	AST_OPT_FLAG_LOCK_CONFIG_DIR = (1 << 29),
 };
 
 /*! These are the options that set by default when Asterisk starts */
@@ -122,6 +124,7 @@ enum ast_option_flags {
 #define ast_opt_light_background		ast_test_flag(&ast_options, AST_OPT_FLAG_LIGHT_BACKGROUND)
 #define ast_opt_force_black_background		ast_test_flag(&ast_options, AST_OPT_FLAG_FORCE_BLACK_BACKGROUND)
 #define ast_opt_hide_connect		ast_test_flag(&ast_options, AST_OPT_FLAG_HIDE_CONSOLE_CONNECT)
+#define ast_opt_lock_confdir		ast_test_flag(&ast_options, AST_OPT_FLAG_LOCK_CONFIG_DIR)
 
 extern struct ast_flags ast_options;
 
diff --git a/main/asterisk.c b/main/asterisk.c
index 5ccfd200b..4b691d873 100644
--- a/main/asterisk.c
+++ b/main/asterisk.c
@@ -2997,6 +2997,8 @@ static void ast_readconfig(void)
 			ast_set2_flag(&ast_options, ast_true(v->value), AST_OPT_FLAG_FORCE_BLACK_BACKGROUND);
 		} else if (!strcasecmp(v->name, "hideconnect")) {
 			ast_set2_flag(&ast_options, ast_true(v->value), AST_OPT_FLAG_HIDE_CONSOLE_CONNECT);
+		} else if (!strcasecmp(v->name, "lockconfdir")) {
+			ast_set2_flag(&ast_options, ast_true(v->value),	AST_OPT_FLAG_LOCK_CONFIG_DIR);
 		}
 	}
 	for (v = ast_variable_browse(cfg, "compat"); v; v = v->next) {
diff --git a/main/loader.c b/main/loader.c
index 8c0067d92..99c9f124f 100644
--- a/main/loader.c
+++ b/main/loader.c
@@ -49,6 +49,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include "asterisk/dsp.h"
 #include "asterisk/udptl.h"
 #include "asterisk/heap.h"
+#include "asterisk/app.h"
 
 #include <dlfcn.h>
 
@@ -652,6 +653,22 @@ int ast_module_reload(const char *name)
 	}
 	ast_lastreloadtime = ast_tvnow();
 
+	if (ast_opt_lock_confdir) {
+		int try;
+		int res;
+		for (try = 1, res = AST_LOCK_TIMEOUT; try < 6 && (res == AST_LOCK_TIMEOUT); try++) {
+			res = ast_lock_path(ast_config_AST_CONFIG_DIR);
+			if (res == AST_LOCK_TIMEOUT) {
+				ast_log(LOG_WARNING, "Failed to grab lock on %s, try %d\n", ast_config_AST_CONFIG_DIR, try);
+			}
+		}
+		if (res != AST_LOCK_SUCCESS) {
+			ast_verbose("Cannot grab lock on %s\n", ast_config_AST_CONFIG_DIR);
+			ast_mutex_unlock(&reloadlock);
+			return -1;
+		}
+	}
+
 	/* Call "predefined" reload here first */
 	for (i = 0; reload_classes[i].name; i++) {
 		if (!name || !strcasecmp(name, reload_classes[i].name)) {
@@ -661,6 +678,9 @@ int ast_module_reload(const char *name)
 	}
 
 	if (name && res) {
+		if (ast_opt_lock_confdir) {
+			ast_unlock_path(ast_config_AST_CONFIG_DIR);
+		}
 		ast_mutex_unlock(&reloadlock);
 		return res;
 	}
@@ -695,6 +715,9 @@ int ast_module_reload(const char *name)
 	}
 	AST_LIST_UNLOCK(&module_list);
 
+	if (ast_opt_lock_confdir) {
+		ast_unlock_path(ast_config_AST_CONFIG_DIR);
+	}
 	ast_mutex_unlock(&reloadlock);
 
 	return res;
author	jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b>	2010-01-27 18:29:49 +0000
committer	jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b>	2010-01-27 18:29:49 +0000
commit	dd43b1905e4c4177b84bac51e4f0d02538cbf0ae (patch)
tree	2f8be97f4da2d33e2bcaa8caddcb6f0037931465
parent	182dc0d6c4e61c3edbfd836c7a03e17956f9fb9b (diff)