From 0f700cf71f5531fb6c863990216aa1eb88970dc8 Mon Sep 17 00:00:00 2001

From: Alexander Bokovoy <abokovoy@redhat.com>

Date: Wed, 16 Jun 2021 11:08:21 +0300

Subject: [PATCH] back-sch-nss: only loop if asked to try again

slapi-nis uses sss-idmap library to discover user group membership.  Its

sss_nss_getgrouplist_timeout() function can return timeout errors as

well which might cause a busy looping.  sss_nss_getgrouplist_timeout()

will return ERANGE which is translated by slapi-nis to NSS_STATUS_TRYAGAIN.

Fixes: rhbz#1967179

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

---

 src/back-sch-nss.c | 13 ++++++++-----

 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c

index df04a96..b595f3b 100644

--- a/src/back-sch-nss.c

+++ b/src/back-sch-nss.c

@@ -589,19 +589,22 @@ repeat:

 		return NULL;

 	}

-	do {

+	for(rc = NSS_STATUS_TRYAGAIN; rc == NSS_STATUS_TRYAGAIN;) {

 		rc = backend_nss_getgrouplist(ctx, user_name, pwd.pw_gid,

 					      grouplist, &ngroups,

 					      &lerrno);

-		if ((rc != NSS_STATUS_SUCCESS)) {

-			tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));

-			if (tmp_list == NULL) {

+		if (rc == NSS_STATUS_TRYAGAIN) {

+			tmp_list = NULL;

+			if (lerrno == ERANGE) {

+				tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));

+			}

+			if ((tmp_list == NULL) || (lerrno == ENOMEM)) {

 				free(grouplist);

 				return NULL;

 			}

 			grouplist = tmp_list;

 		}

-	} while (rc != NSS_STATUS_SUCCESS);

+	}

 	entries = calloc(ngroups + 1, sizeof(entries[0]));

 	if (entries == NULL) {

-- 

2.31.1