From 0f700cf71f5531fb6c863990216aa1eb88970dc8 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 16 Jun 2021 11:08:21 +0300
Subject: [PATCH] back-sch-nss: only loop if asked to try again
slapi-nis uses sss-idmap library to discover user group membership. Its
sss_nss_getgrouplist_timeout() function can return timeout errors as
well which might cause a busy looping. sss_nss_getgrouplist_timeout()
will return ERANGE which is translated by slapi-nis to NSS_STATUS_TRYAGAIN.
Fixes: rhbz#1967179
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/back-sch-nss.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
index df04a96..b595f3b 100644
--- a/src/back-sch-nss.c
+++ b/src/back-sch-nss.c
@@ -589,19 +589,22 @@ repeat:
return NULL;
}
- do {
+ for(rc = NSS_STATUS_TRYAGAIN; rc == NSS_STATUS_TRYAGAIN;) {
rc = backend_nss_getgrouplist(ctx, user_name, pwd.pw_gid,
grouplist, &ngroups,
&lerrno);
- if ((rc != NSS_STATUS_SUCCESS)) {
- tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
- if (tmp_list == NULL) {
+ if (rc == NSS_STATUS_TRYAGAIN) {
+ tmp_list = NULL;
+ if (lerrno == ERANGE) {
+ tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
+ }
+ if ((tmp_list == NULL) || (lerrno == ENOMEM)) {
free(grouplist);
return NULL;
}
grouplist = tmp_list;
}
- } while (rc != NSS_STATUS_SUCCESS);
+ }
entries = calloc(ngroups + 1, sizeof(entries[0]));
if (entries == NULL) {
--
2.31.1