Skip to content

Commit 31299b0

Browse files
rouaultrouault
authoredNov 15, 2017
Merge pull request #5646 from rouault/fix_16966
[QgsAuthManager] Protect all methods that do SQL queries with mutex (fixes #16966)
·
ltr-3_44final-3_0_0
2 parents bc90210 + 4ce1752 commit 31299b0

File tree

1 file changed

+56
-0
lines changed

1 file changed

+56
-0
lines changed
 

‎src/core/auth/qgsauthmanager.cpp‎

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,7 @@ bool QgsAuthManager::init( const QString &pluginPath, const QString &authDatabas
304304

305305
bool QgsAuthManager::createConfigTables()
306306
{
307+
QMutexLocker locker( mMutex );
307308
// create and open the db
308309
if ( !authDbOpen() )
309310
{
@@ -356,6 +357,7 @@ bool QgsAuthManager::createConfigTables()
356357

357358
bool QgsAuthManager::createCertTables()
358359
{
360+
QMutexLocker locker( mMutex );
359361
// NOTE: these tables were added later, so IF NOT EXISTS is used
360362
QgsDebugMsg( "Creating cert tables in auth db" );
361363

@@ -863,6 +865,7 @@ bool QgsAuthManager::hasConfigId( const QString &txt ) const
863865

864866
QgsAuthMethodConfigsMap QgsAuthManager::availableAuthMethodConfigs( const QString &dataprovider )
865867
{
868+
QMutexLocker locker( mMutex );
866869
QStringList providerAuthMethodsKeys;
867870
if ( !dataprovider.isEmpty() )
868871
{
@@ -907,6 +910,7 @@ QgsAuthMethodConfigsMap QgsAuthManager::availableAuthMethodConfigs( const QStrin
907910

908911
void QgsAuthManager::updateConfigAuthMethods()
909912
{
913+
QMutexLocker locker( mMutex );
910914
if ( isDisabled() )
911915
return;
912916

@@ -1016,6 +1020,7 @@ QgsAuthMethod::Expansions QgsAuthManager::supportedAuthMethodExpansions( const Q
10161020

10171021
bool QgsAuthManager::storeAuthenticationConfig( QgsAuthMethodConfig &mconfig )
10181022
{
1023+
QMutexLocker locker( mMutex );
10191024
if ( !setMasterPassword( true ) )
10201025
return false;
10211026

@@ -1092,6 +1097,7 @@ bool QgsAuthManager::storeAuthenticationConfig( QgsAuthMethodConfig &mconfig )
10921097

10931098
bool QgsAuthManager::updateAuthenticationConfig( const QgsAuthMethodConfig &config )
10941099
{
1100+
QMutexLocker locker( mMutex );
10951101
if ( !setMasterPassword( true ) )
10961102
return false;
10971103

@@ -1162,6 +1168,7 @@ bool QgsAuthManager::updateAuthenticationConfig( const QgsAuthMethodConfig &conf
11621168

11631169
bool QgsAuthManager::loadAuthenticationConfig( const QString &authcfg, QgsAuthMethodConfig &mconfig, bool full )
11641170
{
1171+
QMutexLocker locker( mMutex );
11651172
if ( isDisabled() )
11661173
return false;
11671174

@@ -1228,6 +1235,7 @@ bool QgsAuthManager::loadAuthenticationConfig( const QString &authcfg, QgsAuthMe
12281235

12291236
bool QgsAuthManager::removeAuthenticationConfig( const QString &authcfg )
12301237
{
1238+
QMutexLocker locker( mMutex );
12311239
if ( isDisabled() )
12321240
return false;
12331241

@@ -1260,6 +1268,7 @@ bool QgsAuthManager::removeAuthenticationConfig( const QString &authcfg )
12601268

12611269
bool QgsAuthManager::removeAllAuthenticationConfigs()
12621270
{
1271+
QMutexLocker locker( mMutex );
12631272
if ( isDisabled() )
12641273
return false;
12651274

@@ -1280,6 +1289,7 @@ bool QgsAuthManager::removeAllAuthenticationConfigs()
12801289

12811290
bool QgsAuthManager::backupAuthenticationDatabase( QString *backuppath )
12821291
{
1292+
QMutexLocker locker( mMutex );
12831293
if ( !QFile::exists( authenticationDatabasePath() ) )
12841294
{
12851295
const char *err = QT_TR_NOOP( "No authentication database found" );
@@ -1315,6 +1325,7 @@ bool QgsAuthManager::backupAuthenticationDatabase( QString *backuppath )
13151325

13161326
bool QgsAuthManager::eraseAuthenticationDatabase( bool backup, QString *backuppath )
13171327
{
1328+
QMutexLocker locker( mMutex );
13181329
if ( isDisabled() )
13191330
return false;
13201331

@@ -1497,6 +1508,7 @@ bool QgsAuthManager::updateNetworkProxy( QNetworkProxy &proxy, const QString &au
14971508

14981509
bool QgsAuthManager::storeAuthSetting( const QString &key, const QVariant &value, bool encrypt )
14991510
{
1511+
QMutexLocker locker( mMutex );
15001512
if ( key.isEmpty() )
15011513
return false;
15021514

@@ -1537,6 +1549,7 @@ bool QgsAuthManager::storeAuthSetting( const QString &key, const QVariant &value
15371549

15381550
QVariant QgsAuthManager::authSetting( const QString &key, const QVariant &defaultValue, bool decrypt )
15391551
{
1552+
QMutexLocker locker( mMutex );
15401553
if ( key.isEmpty() )
15411554
return QVariant();
15421555

@@ -1579,6 +1592,7 @@ QVariant QgsAuthManager::authSetting( const QString &key, const QVariant &defaul
15791592

15801593
bool QgsAuthManager::existsAuthSetting( const QString &key )
15811594
{
1595+
QMutexLocker locker( mMutex );
15821596
if ( key.isEmpty() )
15831597
return false;
15841598

@@ -1611,6 +1625,7 @@ bool QgsAuthManager::existsAuthSetting( const QString &key )
16111625

16121626
bool QgsAuthManager::removeAuthSetting( const QString &key )
16131627
{
1628+
QMutexLocker locker( mMutex );
16141629
if ( key.isEmpty() )
16151630
return false;
16161631

@@ -1641,6 +1656,7 @@ bool QgsAuthManager::removeAuthSetting( const QString &key )
16411656

16421657
bool QgsAuthManager::initSslCaches()
16431658
{
1659+
QMutexLocker locker( mMutex );
16441660
bool res = true;
16451661
res = res && rebuildCaCertsCache();
16461662
res = res && rebuildCertTrustCache();
@@ -1653,6 +1669,7 @@ bool QgsAuthManager::initSslCaches()
16531669

16541670
bool QgsAuthManager::storeCertIdentity( const QSslCertificate &cert, const QSslKey &key )
16551671
{
1672+
QMutexLocker locker( mMutex );
16561673
if ( cert.isNull() )
16571674
{
16581675
QgsDebugMsg( "Passed certificate is null" );
@@ -1696,6 +1713,7 @@ bool QgsAuthManager::storeCertIdentity( const QSslCertificate &cert, const QSslK
16961713

16971714
const QSslCertificate QgsAuthManager::certIdentity( const QString &id )
16981715
{
1716+
QMutexLocker locker( mMutex );
16991717
QSslCertificate emptycert;
17001718
QSslCertificate cert;
17011719
if ( id.isEmpty() )
@@ -1729,6 +1747,7 @@ const QSslCertificate QgsAuthManager::certIdentity( const QString &id )
17291747

17301748
const QPair<QSslCertificate, QSslKey> QgsAuthManager::certIdentityBundle( const QString &id )
17311749
{
1750+
QMutexLocker locker( mMutex );
17321751
QPair<QSslCertificate, QSslKey> bundle;
17331752
if ( id.isEmpty() )
17341753
return bundle;
@@ -1783,6 +1802,7 @@ const QPair<QSslCertificate, QSslKey> QgsAuthManager::certIdentityBundle( const
17831802

17841803
const QStringList QgsAuthManager::certIdentityBundleToPem( const QString &id )
17851804
{
1805+
QMutexLocker locker( mMutex );
17861806
QPair<QSslCertificate, QSslKey> bundle( certIdentityBundle( id ) );
17871807
if ( QgsAuthCertUtils::certIsViable( bundle.first ) && !bundle.second.isNull() )
17881808
{
@@ -1793,6 +1813,7 @@ const QStringList QgsAuthManager::certIdentityBundleToPem( const QString &id )
17931813

17941814
const QList<QSslCertificate> QgsAuthManager::certIdentities()
17951815
{
1816+
QMutexLocker locker( mMutex );
17961817
QList<QSslCertificate> certs;
17971818

17981819
QSqlQuery query( authDatabaseConnection() );
@@ -1814,6 +1835,7 @@ const QList<QSslCertificate> QgsAuthManager::certIdentities()
18141835

18151836
QStringList QgsAuthManager::certIdentityIds() const
18161837
{
1838+
QMutexLocker locker( mMutex );
18171839
QStringList identityids = QStringList();
18181840

18191841
if ( isDisabled() )
@@ -1839,6 +1861,7 @@ QStringList QgsAuthManager::certIdentityIds() const
18391861

18401862
bool QgsAuthManager::existsCertIdentity( const QString &id )
18411863
{
1864+
QMutexLocker locker( mMutex );
18421865
if ( id.isEmpty() )
18431866
return false;
18441867

@@ -1871,6 +1894,7 @@ bool QgsAuthManager::existsCertIdentity( const QString &id )
18711894

18721895
bool QgsAuthManager::removeCertIdentity( const QString &id )
18731896
{
1897+
QMutexLocker locker( mMutex );
18741898
if ( id.isEmpty() )
18751899
{
18761900
QgsDebugMsg( "Passed bundle ID is empty" );
@@ -1898,6 +1922,7 @@ bool QgsAuthManager::removeCertIdentity( const QString &id )
18981922

18991923
bool QgsAuthManager::storeSslCertCustomConfig( const QgsAuthConfigSslServer &config )
19001924
{
1925+
QMutexLocker locker( mMutex );
19011926
if ( config.isNull() )
19021927
{
19031928
QgsDebugMsg( "Passed config is null" );
@@ -1939,6 +1964,7 @@ bool QgsAuthManager::storeSslCertCustomConfig( const QgsAuthConfigSslServer &con
19391964

19401965
const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfig( const QString &id, const QString &hostport )
19411966
{
1967+
QMutexLocker locker( mMutex );
19421968
QgsAuthConfigSslServer config;
19431969

19441970
if ( id.isEmpty() || hostport.isEmpty() )
@@ -1980,6 +2006,7 @@ const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfig( const QString
19802006

19812007
const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfigByHost( const QString &hostport )
19822008
{
2009+
QMutexLocker locker( mMutex );
19832010
QgsAuthConfigSslServer config;
19842011

19852012
if ( hostport.isEmpty() )
@@ -2020,6 +2047,7 @@ const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfigByHost( const QS
20202047

20212048
const QList<QgsAuthConfigSslServer> QgsAuthManager::sslCertCustomConfigs()
20222049
{
2050+
QMutexLocker locker( mMutex );
20232051
QList<QgsAuthConfigSslServer> configs;
20242052

20252053
QSqlQuery query( authDatabaseConnection() );
@@ -2046,6 +2074,7 @@ const QList<QgsAuthConfigSslServer> QgsAuthManager::sslCertCustomConfigs()
20462074

20472075
bool QgsAuthManager::existsSslCertCustomConfig( const QString &id, const QString &hostport )
20482076
{
2077+
QMutexLocker locker( mMutex );
20492078
if ( id.isEmpty() || hostport.isEmpty() )
20502079
{
20512080
QgsDebugMsg( "Passed config ID or host:port is empty" );
@@ -2083,6 +2112,7 @@ bool QgsAuthManager::existsSslCertCustomConfig( const QString &id, const QString
20832112

20842113
bool QgsAuthManager::removeSslCertCustomConfig( const QString &id, const QString &hostport )
20852114
{
2115+
QMutexLocker locker( mMutex );
20862116
if ( id.isEmpty() || hostport.isEmpty() )
20872117
{
20882118
QgsDebugMsg( "Passed config ID or host:port is empty" );
@@ -2118,6 +2148,7 @@ bool QgsAuthManager::removeSslCertCustomConfig( const QString &id, const QString
21182148

21192149
void QgsAuthManager::dumpIgnoredSslErrorsCache_()
21202150
{
2151+
QMutexLocker locker( mMutex );
21212152
if ( !mIgnoredSslErrorsCache.isEmpty() )
21222153
{
21232154
QgsDebugMsg( "Ignored SSL errors cache items:" );
@@ -2141,6 +2172,7 @@ void QgsAuthManager::dumpIgnoredSslErrorsCache_()
21412172

21422173
bool QgsAuthManager::updateIgnoredSslErrorsCacheFromConfig( const QgsAuthConfigSslServer &config )
21432174
{
2175+
QMutexLocker locker( mMutex );
21442176
if ( config.isNull() )
21452177
{
21462178
QgsDebugMsg( "Passed config is null" );
@@ -2169,6 +2201,7 @@ bool QgsAuthManager::updateIgnoredSslErrorsCacheFromConfig( const QgsAuthConfigS
21692201

21702202
bool QgsAuthManager::updateIgnoredSslErrorsCache( const QString &shahostport, const QList<QSslError> &errors )
21712203
{
2204+
QMutexLocker locker( mMutex );
21722205
QRegExp rx( "\\S+:\\S+:\\d+" );
21732206
if ( !rx.exactMatch( shahostport ) )
21742207
{
@@ -2212,6 +2245,7 @@ bool QgsAuthManager::updateIgnoredSslErrorsCache( const QString &shahostport, co
22122245

22132246
bool QgsAuthManager::rebuildIgnoredSslErrorCache()
22142247
{
2248+
QMutexLocker locker( mMutex );
22152249
QHash<QString, QSet<QSslError::SslError> > prevcache( mIgnoredSslErrorsCache );
22162250
QHash<QString, QSet<QSslError::SslError> > nextcache;
22172251

@@ -2273,6 +2307,7 @@ bool QgsAuthManager::rebuildIgnoredSslErrorCache()
22732307

22742308
bool QgsAuthManager::storeCertAuthorities( const QList<QSslCertificate> &certs )
22752309
{
2310+
QMutexLocker locker( mMutex );
22762311
if ( certs.isEmpty() )
22772312
{
22782313
QgsDebugMsg( "Passed certificate list has no certs" );
@@ -2289,6 +2324,7 @@ bool QgsAuthManager::storeCertAuthorities( const QList<QSslCertificate> &certs )
22892324

22902325
bool QgsAuthManager::storeCertAuthority( const QSslCertificate &cert )
22912326
{
2327+
QMutexLocker locker( mMutex );
22922328
// don't refuse !cert.isValid() (actually just expired) CAs,
22932329
// as user may want to ignore that SSL connection error
22942330
if ( cert.isNull() )
@@ -2324,6 +2360,7 @@ bool QgsAuthManager::storeCertAuthority( const QSslCertificate &cert )
23242360

23252361
const QSslCertificate QgsAuthManager::certAuthority( const QString &id )
23262362
{
2363+
QMutexLocker locker( mMutex );
23272364
QSslCertificate emptycert;
23282365
QSslCertificate cert;
23292366
if ( id.isEmpty() )
@@ -2357,6 +2394,7 @@ const QSslCertificate QgsAuthManager::certAuthority( const QString &id )
23572394

23582395
bool QgsAuthManager::existsCertAuthority( const QSslCertificate &cert )
23592396
{
2397+
QMutexLocker locker( mMutex );
23602398
if ( cert.isNull() )
23612399
{
23622400
QgsDebugMsg( "Passed certificate is null" );
@@ -2394,6 +2432,7 @@ bool QgsAuthManager::existsCertAuthority( const QSslCertificate &cert )
23942432

23952433
bool QgsAuthManager::removeCertAuthority( const QSslCertificate &cert )
23962434
{
2435+
QMutexLocker locker( mMutex );
23972436
if ( cert.isNull() )
23982437
{
23992438
QgsDebugMsg( "Passed certificate is null" );
@@ -2433,6 +2472,7 @@ const QList<QSslCertificate> QgsAuthManager::systemRootCAs()
24332472

24342473
const QList<QSslCertificate> QgsAuthManager::extraFileCAs()
24352474
{
2475+
QMutexLocker locker( mMutex );
24362476
QList<QSslCertificate> certs;
24372477
QList<QSslCertificate> filecerts;
24382478
QVariant cafileval = QgsAuthManager::instance()->authSetting( QStringLiteral( "cafile" ) );
@@ -2466,6 +2506,7 @@ const QList<QSslCertificate> QgsAuthManager::extraFileCAs()
24662506

24672507
const QList<QSslCertificate> QgsAuthManager::databaseCAs()
24682508
{
2509+
QMutexLocker locker( mMutex );
24692510
QList<QSslCertificate> certs;
24702511

24712512
QSqlQuery query( authDatabaseConnection() );
@@ -2487,11 +2528,13 @@ const QList<QSslCertificate> QgsAuthManager::databaseCAs()
24872528

24882529
const QMap<QString, QSslCertificate> QgsAuthManager::mappedDatabaseCAs()
24892530
{
2531+
QMutexLocker locker( mMutex );
24902532
return QgsAuthCertUtils::mapDigestToCerts( databaseCAs() );
24912533
}
24922534

24932535
bool QgsAuthManager::rebuildCaCertsCache()
24942536
{
2537+
QMutexLocker locker( mMutex );
24952538
mCaCertsCache.clear();
24962539
// in reverse order of precedence, with regards to duplicates, so QMap inserts overwrite
24972540
insertCaCertInCache( QgsAuthCertUtils::SystemRoot, systemRootCAs() );
@@ -2505,6 +2548,7 @@ bool QgsAuthManager::rebuildCaCertsCache()
25052548

25062549
bool QgsAuthManager::storeCertTrustPolicy( const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy )
25072550
{
2551+
QMutexLocker locker( mMutex );
25082552
if ( cert.isNull() )
25092553
{
25102554
QgsDebugMsg( "Passed certificate is null" );
@@ -2543,6 +2587,7 @@ bool QgsAuthManager::storeCertTrustPolicy( const QSslCertificate &cert, QgsAuthC
25432587

25442588
QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::certTrustPolicy( const QSslCertificate &cert )
25452589
{
2590+
QMutexLocker locker( mMutex );
25462591
if ( cert.isNull() )
25472592
{
25482593
QgsDebugMsg( "Passed certificate is null" );
@@ -2580,6 +2625,7 @@ QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::certTrustPolicy( const QSslCer
25802625

25812626
bool QgsAuthManager::removeCertTrustPolicies( const QList<QSslCertificate> &certs )
25822627
{
2628+
QMutexLocker locker( mMutex );
25832629
if ( certs.empty() )
25842630
{
25852631
QgsDebugMsg( "Passed certificate list has no certs" );
@@ -2596,6 +2642,7 @@ bool QgsAuthManager::removeCertTrustPolicies( const QList<QSslCertificate> &cert
25962642

25972643
bool QgsAuthManager::removeCertTrustPolicy( const QSslCertificate &cert )
25982644
{
2645+
QMutexLocker locker( mMutex );
25992646
if ( cert.isNull() )
26002647
{
26012648
QgsDebugMsg( "Passed certificate is null" );
@@ -2626,6 +2673,7 @@ bool QgsAuthManager::removeCertTrustPolicy( const QSslCertificate &cert )
26262673

26272674
QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::certificateTrustPolicy( const QSslCertificate &cert )
26282675
{
2676+
QMutexLocker locker( mMutex );
26292677
if ( cert.isNull() )
26302678
{
26312679
return QgsAuthCertUtils::NoPolicy;
@@ -2649,6 +2697,7 @@ QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::certificateTrustPolicy( const
26492697

26502698
bool QgsAuthManager::setDefaultCertTrustPolicy( QgsAuthCertUtils::CertTrustPolicy policy )
26512699
{
2700+
26522701
if ( policy == QgsAuthCertUtils::DefaultTrust )
26532702
{
26542703
// set default trust policy to Trusted by removing setting
@@ -2659,6 +2708,7 @@ bool QgsAuthManager::setDefaultCertTrustPolicy( QgsAuthCertUtils::CertTrustPolic
26592708

26602709
QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::defaultCertTrustPolicy()
26612710
{
2711+
QMutexLocker locker( mMutex );
26622712
QVariant policy( authSetting( QStringLiteral( "certdefaulttrust" ) ) );
26632713
if ( policy.isNull() )
26642714
{
@@ -2669,6 +2719,7 @@ QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::defaultCertTrustPolicy()
26692719

26702720
bool QgsAuthManager::rebuildCertTrustCache()
26712721
{
2722+
QMutexLocker locker( mMutex );
26722723
mCertTrustCache.clear();
26732724

26742725
QSqlQuery query( authDatabaseConnection() );
@@ -2702,6 +2753,7 @@ bool QgsAuthManager::rebuildCertTrustCache()
27022753

27032754
const QList<QSslCertificate> QgsAuthManager::trustedCaCerts( bool includeinvalid )
27042755
{
2756+
QMutexLocker locker( mMutex );
27052757
QgsAuthCertUtils::CertTrustPolicy defaultpolicy( defaultCertTrustPolicy() );
27062758
QStringList trustedids = mCertTrustCache.value( QgsAuthCertUtils::Trusted );
27072759
QStringList untrustedids = mCertTrustCache.value( QgsAuthCertUtils::Untrusted );
@@ -2735,6 +2787,7 @@ const QList<QSslCertificate> QgsAuthManager::trustedCaCerts( bool includeinvalid
27352787

27362788
const QList<QSslCertificate> QgsAuthManager::untrustedCaCerts( QList<QSslCertificate> trustedCAs )
27372789
{
2790+
QMutexLocker locker( mMutex );
27382791
if ( trustedCAs.isEmpty() )
27392792
{
27402793
if ( mTrustedCaCertsCache.isEmpty() )
@@ -2760,6 +2813,7 @@ const QList<QSslCertificate> QgsAuthManager::untrustedCaCerts( QList<QSslCertifi
27602813

27612814
bool QgsAuthManager::rebuildTrustedCaCertsCache()
27622815
{
2816+
QMutexLocker locker( mMutex );
27632817
mTrustedCaCertsCache = trustedCaCerts();
27642818
QgsDebugMsg( "Rebuilt trusted cert authorities cache" );
27652819
// TODO: add some error trapping for the operation
@@ -2768,11 +2822,13 @@ bool QgsAuthManager::rebuildTrustedCaCertsCache()
27682822

27692823
const QByteArray QgsAuthManager::trustedCaCertsPemText()
27702824
{
2825+
QMutexLocker locker( mMutex );
27712826
return QgsAuthCertUtils::certsToPemText( trustedCaCertsCache() );
27722827
}
27732828

27742829
bool QgsAuthManager::passwordHelperSync()
27752830
{
2831+
QMutexLocker locker( mMutex );
27762832
if ( masterPasswordIsSet() )
27772833
{
27782834
return passwordHelperWrite( mMasterPass );

0 commit comments

Comments
 (0)
Please sign in to comment.