x/ref/lib/security: explicitly create a read lock file if it does not…

… exist already (#179) * x/ref/lib/security: explicitly create a read lock file if it does not exist already
vanadium · Dec 10, 2020 · 399567d · 399567d
1 parent cb85103
commit 399567d
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 10 deletions.
diff --git a/go.mod b/go.mod
@@ -5,7 +5,6 @@ go 1.13
 require (
 	github.com/DATA-DOG/go-sqlmock v1.3.3
 	github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
-	github.com/cosnicolaou/go-bindata/v3 v3.0.8 // indirect
 	github.com/go-ole/go-ole v1.2.4 // indirect
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/golang/protobuf v1.3.2
@@ -22,7 +21,6 @@ require (
 	golang.org/x/net v0.0.0-20201021035429-f5854403a974
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
-	golang.org/x/tools v0.0.0-20201109182053-3db8fd265862 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/api v0.9.0
 	v.io/x/lib v0.1.7

diff --git a/go.sum b/go.sum
@@ -8,8 +8,6 @@ github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk=
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cosnicolaou/go-bindata/v3 v3.0.8 h1:TFkRvB8gs11F8cTN+txbTQ27uH5/nKmANv9VWjMFFhw=
-github.com/cosnicolaou/go-bindata/v3 v3.0.8/go.mod h1:0iCg7gGrUDn2i+XhRcis0RDdNsccqPBLJECyrlpJ21M=
 github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
@@ -60,7 +58,6 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/vanadium/go-mdns-sd v0.0.0-20181006014439-f1a1ccd1252e h1:pHSeCN6iUoIWXqaMgi9TeKuESVQY1zThuhVjAHq3GpI=
 github.com/vanadium/go-mdns-sd v0.0.0-20181006014439-f1a1ccd1252e/go.mod h1:35fXDjvKtzyf89fHHhyTTNLHaG2CkI7u/GvO59PIjP4=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -125,8 +122,6 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c h1:97SnQk1GYRXJgvwZ8fadnxD
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e h1:aZzprAO9/8oim3qStq3wc1Xuxx4QmAGriC4VU4ojemQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20201109182053-3db8fd265862 h1:LeKnBqBqKuA2WEVPhyr22inXOMgckBKHfUvD0n5kyCg=
-golang.org/x/tools v0.0.0-20201109182053-3db8fd265862/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/x/ref/lib/security/principal_test.go b/x/ref/lib/security/principal_test.go
@@ -138,9 +138,9 @@ func TestReadonlyAccess(t *testing.T) {
 	}
 
 	// Read-only access without a dir.lock file should succeed for a read-only
-	// filesystem, but not otherwise.
+	// filesystem, but fail otherwise after attempting to create a lock file.
 	_, err = LoadPersistentPrincipalDaemon(gocontext.TODO(), dir, nil, true, time.Second)
-	if err == nil || !strings.Contains(err.Error(), "dir.lock: no such file or directory") {
+	if err == nil || !strings.Contains(err.Error(), "failed to create new read lock") {
 		t.Fatalf("missing or incorrect error: %v", err)
 	}
 

diff --git a/x/ref/lib/security/util.go b/x/ref/lib/security/util.go
@@ -41,6 +41,19 @@ func NewPrivateKey(keyType string) (interface{}, error) {
 	}
 }
 
+// createReadLockfile ensures that a lockfile for read-only access
+// exists by first creating a lockfile for writes, unlocking it
+// and then relocking for reads only.
+func createReadLockfile(flock *lockedfile.Mutex) (func(), error) {
+	unlock, err := flock.Lock()
+	if err != nil {
+		return func() {}, err
+	}
+	unlock()
+	unlock, err = flock.RLock()
+	return unlock, err
+}
+
 // lockAndLoad only needs to read the credentials information.
 func readLockAndLoad(flock *lockedfile.Mutex, loader func() error) (func(), error) {
 	if flock == nil {
@@ -53,7 +66,13 @@ func readLockAndLoad(flock *lockedfile.Mutex, loader func() error) (func(), erro
 	}
 	unlock, err := flock.RLock()
 	if err != nil {
-		return nil, err
+		if !os.IsNotExist(err) {
+			return nil, err
+		}
+		unlock, err = createReadLockfile(flock)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create new read lock: %v", err)
+		}
 	}
 	return unlock, loader()
 }