-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sssd not thread-safe in innetgr() #5540
Labels
Comments
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Mar 18, 2021
The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will read all required data from the NSS responder and store it in the data member of the __netgrent struct. Upcoming getnetgrent() calls will only operate on the stored data and not connect to the NSS responder anymore. endgrent() will free the data. Since the netgroup data is read in a single request to the NSS responder protected by a mutex and stored in private context of innetgr() this call is now thread-safe. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Mar 18, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Mar 18, 2021
The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will open a new connection to the NSS responder and stores the file descriptor in the data member of __netgrent struct so that the following getnetgrent() and endgrent() will use the same connection. Since the NSS responder stores the netgroup lookups related data in a per connection context and a new thread will open a new connection the implementation is thread safe. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Mar 18, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 16, 2021
The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will read all required data from the NSS responder and store it in the data member of the __netgrent struct. Upcoming getnetgrent() calls will only operate on the stored data and not connect to the NSS responder anymore. endgrent() will free the data. Since the netgroup data is read in a single request to the NSS responder protected by a mutex and stored in private context of innetgr() this call is now thread-safe. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 16, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 16, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 20, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 20, 2021
The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will read all required data from the NSS responder and store it in the data member of the __netgrent struct. Upcoming getnetgrent() calls will only operate on the stored data and not connect to the NSS responder anymore. endgrent() will free the data. Since the netgroup data is read in a single request to the NSS responder protected by a mutex and stored in private context of innetgr() this call is now thread-safe. Resolves: SSSD#5540
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 20, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540
pbrezina
pushed a commit
that referenced
this issue
Apr 21, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: #5540 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
akuster
pushed a commit
to akuster/sssd
that referenced
this issue
May 18, 2021
The innetgr() call is expected to be thread safe but SSSD's the current implementation isn't. In glibc innetgr() is implementend by calling the setnetgrent(), getnetgrent(), endgrent() sequence with a private context (struct __netgrent) with provides a member where NSS modules can store data between the calls. With this patch setnetgrent() will read all required data from the NSS responder and store it in the data member of the __netgrent struct. Upcoming getnetgrent() calls will only operate on the stored data and not connect to the NSS responder anymore. endgrent() will free the data. Since the netgroup data is read in a single request to the NSS responder protected by a mutex and stored in private context of innetgr() this call is now thread-safe. Resolves: SSSD#5540 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
akuster
pushed a commit
to akuster/sssd
that referenced
this issue
May 18, 2021
This integration test adds 2 large netgroups in LDAP and runs a program with 2 threads looking up those netgroups in parallel. Resolves: SSSD#5540 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
jakub-vavra-cz
added a commit
to jakub-vavra-cz/sssd
that referenced
this issue
Jun 4, 2021
Verifies Issue: SSSD#5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436
jakub-vavra-cz
added a commit
to jakub-vavra-cz/sssd
that referenced
this issue
Jun 4, 2021
Verifies Issue: SSSD#5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436
jakub-vavra-cz
added a commit
to jakub-vavra-cz/sssd
that referenced
this issue
Jun 4, 2021
Verifies Issue: SSSD#5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436
jakub-vavra-cz
added a commit
to jakub-vavra-cz/sssd
that referenced
this issue
Jun 7, 2021
Verifies Issue: SSSD#5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436
jakub-vavra-cz
added a commit
to jakub-vavra-cz/sssd
that referenced
this issue
Jun 7, 2021
Verifies Issue: SSSD#5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436
jakub-vavra-cz
added a commit
to jakub-vavra-cz/sssd
that referenced
this issue
Jun 11, 2021
Verifies Issue: SSSD#5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436
pbrezina
pushed a commit
that referenced
this issue
Jun 17, 2021
Verifies Issue: #5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
pbrezina
pushed a commit
that referenced
this issue
Jun 17, 2021
Verifies Issue: #5540 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1703436 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1703436
The text was updated successfully, but these errors were encountered: