From: adam <adam@noemail.net>
Date: Thu, 31 May 2012 00:21:28 +0000 (+0000)
Subject: Only call fchown when running as root and supporting files mismatch the database... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3aed0eb475c11f3458143c9e082318239bb895d6;p=thirdparty%2Fsqlite.git

Only call fchown when running as root and supporting files mismatch the database owner & perms

FossilOrigin-Name: ed53b645cc791e2c75885866ecb668fff14f8e7e
---

diff --git a/manifest b/manifest
index 33b5a9beea..7d6b945e1e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Version\s3.7.12.1
-D 2012-05-22T13:11:12.948
+C Only\scall\sfchown\swhen\srunning\sas\sroot\sand\ssupporting\sfiles\smismatch\sthe\sdatabase\sowner\s&\sperms
+D 2012-05-31T00:21:28.876
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 957c9693400fca6cb8b533b589e69ddee7bcb27c
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -162,7 +162,7 @@ F src/os.c 4c8c8d72a6c58ad2fde4865783e8ae26b494a85e
 F src/os.h 59beba555b65a450bd1d804220532971d4299f60
 F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
 F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
-F src/os_unix.c d0eeadc475783bf595646da42bd263ec9063e267
+F src/os_unix.c 1f91f7309b09950ffdad97dc57d139894904a621
 F src/os_win.c 24b57b4aec07ec78ae759244ab6d9759a70fe29b
 F src/pager.c 544cc84d50fea0ca921d448037b217ecabba359b
 F src/pager.h 42926ac0fe69e9d7e17a54e6b37417e581a429d7
@@ -1003,7 +1003,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings-clang.sh a8a0a3babda96dfb1ff51adda3cbbf3dfb7266c2
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
-P 4068abe05c3a94c9ac7cff72b77fb8e47a2b1a5d 6d326d44fd1d626aae0e8456e5fa2049f1ce0789
-R c922f8f99b5b09d1465707239bb63cb8
-U drh
-Z 7d8c65e663650788e8582bc64982bc90
+P 972e75bb5d7349297b94cec2f19561ee105a22cf
+R dc2606f2c7e5fe470f213999e83f4d98
+U adam
+Z f9040a054a2aa40cbe8724b598475c77
diff --git a/manifest.uuid b/manifest.uuid
index 72b478a252..57cce91ce0 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-972e75bb5d7349297b94cec2f19561ee105a22cf
\ No newline at end of file
+ed53b645cc791e2c75885866ecb668fff14f8e7e
\ No newline at end of file
diff --git a/src/os_unix.c b/src/os_unix.c
index 8a8a4ebede..1582173e9f 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -4704,17 +4704,6 @@ static int unixOpenSharedMemory(unixFile *pDbFd){
         goto shm_open_err;
       }
 
-      /* If this process is running as root, make sure that the SHM file
-      ** is owned by the same user that owns the original database.  Otherwise,
-      ** the original owner will not be able to connect. If this process is
-      ** not root, the following fchown() will fail, but we don't care.  The
-      ** if(){..} and the UNIXFILE_CHOWN flag are purely to silence compiler
-      ** warnings.
-      */
-      if( osFchown(pShmNode->h, sStat.st_uid, sStat.st_gid)==0 ){
-        pDbFd->ctrlFlags |= UNIXFILE_CHOWN;
-      }
-  
       /* Check to see if another process is holding the dead-man switch.
       ** If not, truncate the file to zero length. 
       */
@@ -4726,9 +4715,11 @@ static int unixOpenSharedMemory(unixFile *pDbFd){
           /* If running as root set the uid/gid of the shm file to match
           ** the database */
           uid_t euid = geteuid();
-          if( euid==0 && (euid!=sStat.st_uid || getegid()!=sStat.st_gid) ){
-            if( fchown(pShmNode->h, sStat.st_uid, sStat.st_gid) ){
+          if( (!pShmNode->isReadonly) && euid==0 && (euid!=sStat.st_uid || getegid()!=sStat.st_gid) ){
+            if( osFchown(pShmNode->h, sStat.st_uid, sStat.st_gid) ){
               rc = SQLITE_IOERR_SHMOPEN;
+            }else{
+              pDbFd->ctrlFlags |= UNIXFILE_CHOWN;
             }
           }
         }
@@ -5257,12 +5248,17 @@ static int unixTruncateDatabase(unixFile *pFile, int bFlags) {
   if( (bFlags&SQLITE_TRUNCATE_INITIALIZE_HEADER_MASK)!=0 ){
     /* initialize a new database in TMPDIR and copy the contents over */
     const char *tDir = unixTempFileDir();
-    int tLen = sizeof(char) * (strlen(tDir) + 11);
+    int tDirLen = strlen(tDir);
+    int tLen = sizeof(char) * (tDirLen + 12);
     char *tDbPath = (char *)malloc(tLen);
     int tFd = -1;
     
     strlcpy(tDbPath, tDir, tLen);
-    strlcat(tDbPath, "tmpdbXXXXX", tLen);
+    if( tDbPath[(tDirLen-1)] != '/' ){
+      strlcat(tDbPath, "/tmpdbXXXXX", tLen);
+    } else {
+      strlcat(tDbPath, "tmpdbXXXXX", tLen);
+    }
     tFd = mkstemp(tDbPath);
     if( tFd==-1 ){
       storeLastErrno(pFile, errno);
@@ -6352,23 +6348,13 @@ static int unixOpen(
     if( !isReadonly && (flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL)) ){
       uid_t euid = geteuid();
       if( euid==0 && (euid!=uid || getegid()!=gid) ){
-        if( fchown(fd, uid, gid) ){
+        if( osFchown(fd, uid, gid) ){
           rc = SQLITE_CANTOPEN_BKPT;
           goto open_finished;
         }
+        p->ctrlFlags |= UNIXFILE_CHOWN;
       }
     }
-
-    /* If this process is running as root and if creating a new rollback
-    ** journal or WAL file, set the ownership of the journal or WAL to be
-    ** the same as the original database.  If we are not running as root,
-    ** then the fchown() call will fail, but that's ok.  The "if(){}" and
-    ** the setting of the UNIXFILE_CHOWN flag are purely to silence compiler
-    ** warnings from gcc.
-    */
-    if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){
-      if( osFchown(fd, uid, gid)==0 ){ p->ctrlFlags |= UNIXFILE_CHOWN; }
-    }
   }
   assert( fd>=0 );
   if( pOutFlags ){