f1e19a
From 0f700cf71f5531fb6c863990216aa1eb88970dc8 Mon Sep 17 00:00:00 2001
f1e19a
From: Alexander Bokovoy <abokovoy@redhat.com>
f1e19a
Date: Wed, 16 Jun 2021 11:08:21 +0300
f1e19a
Subject: [PATCH] back-sch-nss: only loop if asked to try again
f1e19a
f1e19a
slapi-nis uses sss-idmap library to discover user group membership.  Its
f1e19a
sss_nss_getgrouplist_timeout() function can return timeout errors as
f1e19a
well which might cause a busy looping.  sss_nss_getgrouplist_timeout()
f1e19a
will return ERANGE which is translated by slapi-nis to NSS_STATUS_TRYAGAIN.
f1e19a
f1e19a
Fixes: rhbz#1967179
f1e19a
f1e19a
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
f1e19a
---
f1e19a
 src/back-sch-nss.c | 13 ++++++++-----
f1e19a
 1 file changed, 8 insertions(+), 5 deletions(-)
f1e19a
f1e19a
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
f1e19a
index df04a96..b595f3b 100644
f1e19a
--- a/src/back-sch-nss.c
f1e19a
+++ b/src/back-sch-nss.c
f1e19a
@@ -589,19 +589,22 @@ repeat:
f1e19a
 		return NULL;
f1e19a
 	}
f1e19a
 
f1e19a
-	do {
f1e19a
+	for(rc = NSS_STATUS_TRYAGAIN; rc == NSS_STATUS_TRYAGAIN;) {
f1e19a
 		rc = backend_nss_getgrouplist(ctx, user_name, pwd.pw_gid,
f1e19a
 					      grouplist, &ngroups,
f1e19a
 					      &lerrno);
f1e19a
-		if ((rc != NSS_STATUS_SUCCESS)) {
f1e19a
-			tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
f1e19a
-			if (tmp_list == NULL) {
f1e19a
+		if (rc == NSS_STATUS_TRYAGAIN) {
f1e19a
+			tmp_list = NULL;
f1e19a
+			if (lerrno == ERANGE) {
f1e19a
+				tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
f1e19a
+			}
f1e19a
+			if ((tmp_list == NULL) || (lerrno == ENOMEM)) {
f1e19a
 				free(grouplist);
f1e19a
 				return NULL;
f1e19a
 			}
f1e19a
 			grouplist = tmp_list;
f1e19a
 		}
f1e19a
-	} while (rc != NSS_STATUS_SUCCESS);
f1e19a
+	}
f1e19a
 
f1e19a
 	entries = calloc(ngroups + 1, sizeof(entries[0]));
f1e19a
 	if (entries == NULL) {
f1e19a
-- 
f1e19a
2.31.1
f1e19a