Tree - rpms/sssd - CentOS Git server

rpms / sssd

Blame SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch

Blob History Raw

		9fb617	`From e6d450d4f67c3c639a6ab7e891adccc361d80ecd Mon Sep 17 00:00:00 2001`
		9fb617	`From: Justin Stephenson <jstephen@redhat.com>`
		9fb617	`Date: Fri, 19 Aug 2022 09:50:22 -0400`
		9fb617	`Subject: [PATCH 8/9] RESPONDER: Fix client ID tracking`
		9fb617	`MIME-Version: 1.0`
		9fb617	`Content-Type: text/plain; charset=UTF-8`
		9fb617	`Content-Transfer-Encoding: 8bit`
		9fb617
		9fb617	`Client ID is not stored properly to match requests`
		9fb617	`when parallel requests are made to client SSSD`
		9fb617
		9fb617	`Resolves: https://github.com/SSSD/sssd/issues/6307`
		9fb617
		9fb617	`Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>`
		9fb617	`Reviewed-by: Pavel Březina <pbrezina@redhat.com>`
		9fb617
		9fb617	`Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>`
		9fb617	`---`
		9fb617	`src/responder/common/cache_req/cache_req.c \| 5 +++--`
		9fb617	`.../plugins/cache_req_autofs_entry_by_name.c \| 3 ++-`
		9fb617	`.../cache_req/plugins/cache_req_autofs_map_by_name.c \| 3 ++-`
		9fb617	`.../cache_req/plugins/cache_req_autofs_map_entries.c \| 3 ++-`
		9fb617	`.../plugins/cache_req_ssh_host_id_by_name.c \| 3 ++-`
		9fb617	`src/responder/common/responder.h \| 2 +-`
		9fb617	`src/responder/common/responder_common.c \| 12 +++++++-----`
		9fb617	`src/responder/common/responder_dp.c \| 5 +++--`
		9fb617	`src/responder/common/responder_get_domains.c \| 3 ++-`
		9fb617	`src/responder/pam/pamsrv_cmd.c \| 4 ++--`
		9fb617	`10 files changed, 26 insertions(+), 17 deletions(-)`
		9fb617
		9fb617	`diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c`
		9fb617	`index 4dd45b038..bc65bae71 100644`
		9fb617	`--- a/src/responder/common/cache_req/cache_req.c`
		9fb617	`+++ b/src/responder/common/cache_req/cache_req.c`
		9fb617	`@@ -24,6 +24,7 @@`
		9fb617	`#include <errno.h>`
		9fb617
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "responder/common/responder.h"`
		9fb617	`#include "responder/common/cache_req/cache_req_private.h"`
		9fb617	`#include "responder/common/cache_req/cache_req_plugin.h"`
		9fb617	`@@ -1124,8 +1125,8 @@ struct tevent_req cache_req_send(TALLOC_CTX mem_ctx,`
		9fb617	`}`
		9fb617	`state->first_iteration = true;`
		9fb617
		9fb617	`- SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%u] '%s'\n",`
		9fb617	`- rctx->client_id_num, cr->reqname);`
		9fb617	`+ SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%lu] '%s'\n",`
		9fb617	`+ sss_chain_id_get(), cr->reqname);`
		9fb617
		9fb617	`ret = cache_req_is_well_known_object(state, cr, &result);`
		9fb617	`if (ret == EOK) {`
		9fb617	`diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c`
		9fb617	`index 788b6708c..b2b0a06eb 100644`
		9fb617	`--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c`
		9fb617	`+++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c`
		9fb617	`@@ -24,6 +24,7 @@`
		9fb617	`#include "db/sysdb.h"`
		9fb617	`#include "db/sysdb_autofs.h"`
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "providers/data_provider.h"`
		9fb617	`#include "responder/common/cache_req/cache_req_plugin.h"`
		9fb617
		9fb617	`@@ -86,7 +87,7 @@ cache_req_autofs_entry_by_name_dp_send(TALLOC_CTX *mem_ctx,`
		9fb617	`be_conn->bus_name, SSS_BUS_PATH,`
		9fb617	`0, data->name.name,`
		9fb617	`data->autofs_entry_name,`
		9fb617	`- cr->rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`}`
		9fb617
		9fb617	`bool`
		9fb617	`diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c`
		9fb617	`index 5d82641cc..23b11b1cd 100644`
		9fb617	`--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c`
		9fb617	`+++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c`
		9fb617	`@@ -24,6 +24,7 @@`
		9fb617	`#include "db/sysdb.h"`
		9fb617	`#include "db/sysdb_autofs.h"`
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "providers/data_provider.h"`
		9fb617	`#include "responder/common/cache_req/cache_req_plugin.h"`
		9fb617
		9fb617	`@@ -82,7 +83,7 @@ cache_req_autofs_map_by_name_dp_send(TALLOC_CTX *mem_ctx,`
		9fb617	`return sbus_call_dp_autofs_GetMap_send(mem_ctx, be_conn->conn,`
		9fb617	`be_conn->bus_name, SSS_BUS_PATH,`
		9fb617	`0, data->name.name,`
		9fb617	`- cr->rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`}`
		9fb617
		9fb617	`bool`
		9fb617	`diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c`
		9fb617	`index 29f289723..18c08ca39 100644`
		9fb617	`--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c`
		9fb617	`+++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c`
		9fb617	`@@ -24,6 +24,7 @@`
		9fb617	`#include "db/sysdb.h"`
		9fb617	`#include "db/sysdb_autofs.h"`
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "providers/data_provider.h"`
		9fb617	`#include "responder/common/cache_req/cache_req_plugin.h"`
		9fb617
		9fb617	`@@ -114,7 +115,7 @@ cache_req_autofs_map_entries_dp_send(TALLOC_CTX *mem_ctx,`
		9fb617	`return sbus_call_dp_autofs_Enumerate_send(mem_ctx, be_conn->conn,`
		9fb617	`be_conn->bus_name, SSS_BUS_PATH,`
		9fb617	`0, data->name.name,`
		9fb617	`- cr->rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`}`
		9fb617
		9fb617	`bool`
		9fb617	`diff --git a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c`
		9fb617	`index a8b8f47a8..29f52f10d 100644`
		9fb617	`--- a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c`
		9fb617	`+++ b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c`
		9fb617	`@@ -23,6 +23,7 @@`
		9fb617
		9fb617	`#include "db/sysdb_ssh.h"`
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "providers/data_provider.h"`
		9fb617	`#include "responder/common/cache_req/cache_req_plugin.h"`
		9fb617
		9fb617	`@@ -86,7 +87,7 @@ cache_req_host_by_name_dp_send(TALLOC_CTX *mem_ctx,`
		9fb617	`return sbus_call_dp_dp_hostHandler_send(mem_ctx, be_conn->conn,`
		9fb617	`be_conn->bus_name, SSS_BUS_PATH,`
		9fb617	`0, data->name.name, data->alias,`
		9fb617	`- cr->rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`}`
		9fb617
		9fb617	`static bool`
		9fb617	`diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h`
		9fb617	`index 5cb79e3e6..259b3ff13 100644`
		9fb617	`--- a/src/responder/common/responder.h`
		9fb617	`+++ b/src/responder/common/responder.h`
		9fb617	`@@ -165,13 +165,13 @@ struct cli_ctx {`
		9fb617
		9fb617	`struct cli_creds *creds;`
		9fb617	`char *cmd_line;`
		9fb617	`- uint64_t old_chain_id;`
		9fb617
		9fb617	`void *protocol_ctx;`
		9fb617	`void *state_ctx;`
		9fb617
		9fb617	`struct tevent_timer *idle;`
		9fb617	`time_t last_request_time;`
		9fb617	`+ uint32_t client_id_num;`
		9fb617	`};`
		9fb617
		9fb617	`struct sss_cmd_table {`
		9fb617	`diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c`
		9fb617	`index 6e3b61ef0..a4ba8ea71 100644`
		9fb617	`--- a/src/responder/common/responder_common.c`
		9fb617	`+++ b/src/responder/common/responder_common.c`
		9fb617	`@@ -87,8 +87,6 @@ static void client_close_fn(struct tevent_context *ev,`
		9fb617	`"Failed to close fd [%d]: [%s]\n",`
		9fb617	`ctx->cfd, strerror(ret));`
		9fb617	`}`
		9fb617	`- /* Restore the original chain id */`
		9fb617	`- sss_chain_id_set(ctx->old_chain_id);`
		9fb617
		9fb617	`DEBUG(SSSDBG_TRACE_INTERNAL,`
		9fb617	`"Terminated client [%p][%d]\n",`
		9fb617	`@@ -526,7 +524,6 @@ static void accept_fd_handler(struct tevent_context *ev,`
		9fb617	`int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd;`
		9fb617
		9fb617	`rctx->client_id_num++;`
		9fb617	`-`
		9fb617	`if (accept_ctx->is_private) {`
		9fb617	`ret = stat(rctx->priv_sock_name, &stat_buf);`
		9fb617	`if (ret == -1) {`
		9fb617	`@@ -557,6 +554,8 @@ static void accept_fd_handler(struct tevent_context *ev,`
		9fb617
		9fb617	`talloc_set_destructor(cctx, cli_ctx_destructor);`
		9fb617
		9fb617	`+ cctx->client_id_num = rctx->client_id_num;`
		9fb617	`+`
		9fb617	`len = sizeof(cctx->addr);`
		9fb617	`cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len;;`
		9fb617	`if (cctx->cfd == -1) {`
		9fb617	`@@ -645,7 +644,7 @@ static void accept_fd_handler(struct tevent_context *ev,`
		9fb617
		9fb617	`DEBUG(SSSDBG_TRACE_FUNC,`
		9fb617	`"[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",`
		9fb617	`- rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),`
		9fb617	`+ cctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),`
		9fb617	`cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : "");`
		9fb617
		9fb617	`return;`
		9fb617	`@@ -1090,6 +1089,7 @@ void sss_client_fd_handler(void *ptr,`
		9fb617	`uint16_t flags)`
		9fb617	`{`
		9fb617	`errno_t ret;`
		9fb617	`+ uint64_t old_chain_id;`
		9fb617	`struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx);`
		9fb617
		9fb617	`/* Always reset the responder idle timer on any activity */`
		9fb617	`@@ -1105,7 +1105,7 @@ void sss_client_fd_handler(void *ptr,`
		9fb617	`}`
		9fb617
		9fb617	`/* Set the chain id */`
		9fb617	`- cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num);`
		9fb617	`+ old_chain_id = sss_chain_id_set(cctx->client_id_num);`
		9fb617
		9fb617	`if (flags & TEVENT_FD_READ) {`
		9fb617	`recv_fn(cctx);`
		9fb617	`@@ -1116,6 +1116,8 @@ void sss_client_fd_handler(void *ptr,`
		9fb617	`send_fn(cctx);`
		9fb617	`return;`
		9fb617	`}`
		9fb617	`+ /* Restore the original chain id */`
		9fb617	`+ sss_chain_id_set(old_chain_id);`
		9fb617	`}`
		9fb617
		9fb617	`int sss_connection_setup(struct cli_ctx *cctx)`
		9fb617	`diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c`
		9fb617	`index d549e02d3..4b4770da1 100644`
		9fb617	`--- a/src/responder/common/responder_dp.c`
		9fb617	`+++ b/src/responder/common/responder_dp.c`
		9fb617	`@@ -23,6 +23,7 @@`
		9fb617	`#include <sys/time.h>`
		9fb617	`#include <time.h>`
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "responder/common/responder_packet.h"`
		9fb617	`#include "responder/common/responder.h"`
		9fb617	`#include "providers/data_provider.h"`
		9fb617	`@@ -276,7 +277,7 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx,`
		9fb617	`subreq = sbus_call_dp_dp_getAccountInfo_send(state, be_conn->conn,`
		9fb617	`be_conn->bus_name, SSS_BUS_PATH, dp_flags,`
		9fb617	`entry_type, filter, dom->name, extra,`
		9fb617	`- rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`if (subreq == NULL) {`
		9fb617	`DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");`
		9fb617	`ret = ENOMEM;`
		9fb617	`@@ -406,7 +407,7 @@ sss_dp_resolver_get_send(TALLOC_CTX *mem_ctx,`
		9fb617	`SSS_BUS_PATH,`
		9fb617	`dp_flags, entry_type,`
		9fb617	`filter_type, filter_value,`
		9fb617	`- rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`if (subreq == NULL) {`
		9fb617	`DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");`
		9fb617	`ret = ENOMEM;`
		9fb617	`diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c`
		9fb617	`index 918124756..aeff28d73 100644`
		9fb617	`--- a/src/responder/common/responder_get_domains.c`
		9fb617	`+++ b/src/responder/common/responder_get_domains.c`
		9fb617	`@@ -19,6 +19,7 @@`
		9fb617	`*/`
		9fb617
		9fb617	`#include "util/util.h"`
		9fb617	`+#include "util/sss_chain_id.h"`
		9fb617	`#include "responder/common/responder.h"`
		9fb617	`#include "providers/data_provider.h"`
		9fb617	`#include "db/sysdb.h"`
		9fb617	`@@ -751,7 +752,7 @@ sss_dp_get_account_domain_send(TALLOC_CTX *mem_ctx,`
		9fb617	`be_conn->bus_name,`
		9fb617	`SSS_BUS_PATH, dp_flags,`
		9fb617	`entry_type, filter,`
		9fb617	`- rctx->client_id_num);`
		9fb617	`+ sss_chain_id_get());`
		9fb617	`if (subreq == NULL) {`
		9fb617	`DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");`
		9fb617	`ret = ENOMEM;`
		9fb617	`diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c`
		9fb617	`index cb0e1b82f..1695554fc 100644`
		9fb617	`--- a/src/responder/pam/pamsrv_cmd.c`
		9fb617	`+++ b/src/responder/pam/pamsrv_cmd.c`
		9fb617	`@@ -1492,7 +1492,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)`
		9fb617	`}`
		9fb617	`preq->cctx = cctx;`
		9fb617	`preq->cert_auth_local = false;`
		9fb617	`- preq->client_id_num = pctx->rctx->client_id_num;`
		9fb617	`+ preq->client_id_num = cctx->client_id_num;`
		9fb617
		9fb617	`preq->pd = create_pam_data(preq);`
		9fb617	`if (!preq->pd) {`
		9fb617	`@@ -1513,7 +1513,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)`
		9fb617
		9fb617	`pd->cmd = pam_cmd;`
		9fb617	`pd->priv = cctx->priv;`
		9fb617	`- pd->client_id_num = pctx->rctx->client_id_num;`
		9fb617	`+ pd->client_id_num = cctx->client_id_num;`
		9fb617
		9fb617	`ret = pam_forwarder_parse_data(cctx, pd);`
		9fb617	`if (ret == EAGAIN) {`
		9fb617	`--`
		9fb617	`2.37.1`
		9fb617

rpms / sssd

Source Code

Blame SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch