From 181d6fb901afa5aa2e87c4e5f5de4a0b77a1cac5 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 29 Aug 2022 17:44:09 +0200
Subject: [PATCH] CLIENT: fix thread unsafe acces to get*ent structs.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

All get*ent structs were protected with socket mutex. In case SSSD
is built with lock-free client support, `sss_nss_lock()` is a no-op,
thus resulting in thread unsafe access.

This patch changes those structs to have thread local storage.

This conradicts following note in the man page:
```
The function getgrent_r() is not really reentrant since it shares
the reading position in the stream with all other threads.
```
I'm not sure if 3rd party apps can legally assume this behaviour
based on a note in a man page. And in some cases, non-sharing reading
position between threads might make more sense.
But that way or another, this is better than thread unsafe access.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 69fd828c1d5e92bc3b2e327a45dfed116f49d50a)
---
 src/sss_client/nss_group.c      | 14 ++++++++++++--
 src/sss_client/nss_hosts.c      |  8 +++++++-
 src/sss_client/nss_ipnetworks.c |  8 +++++++-
 src/sss_client/nss_passwd.c     |  8 +++++++-
 src/sss_client/nss_services.c   |  8 +++++++-
 5 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
index f102711ec..fcabf8cfc 100644
--- a/src/sss_client/nss_group.c
+++ b/src/sss_client/nss_group.c
@@ -19,6 +19,8 @@
 
 /* GROUP database NSS interface */
 
+#include "config.h"
+
 #include <nss.h>
 #include <errno.h>
 #include <sys/types.h>
@@ -31,7 +33,11 @@
 #include "nss_mc.h"
 #include "nss_common.h"
 
-static struct sss_nss_getgrent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getgrent_data {
     size_t len;
     size_t ptr;
     uint8_t *data;
@@ -53,7 +59,11 @@ enum sss_nss_gr_type {
     GETGR_GID
 };
 
-static struct sss_nss_getgr_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getgr_data {
     enum sss_nss_gr_type type;
     union {
         char *grname;
diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
index 59fe82e59..81017bc9d 100644
--- a/src/sss_client/nss_hosts.c
+++ b/src/sss_client/nss_hosts.c
@@ -20,6 +20,8 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include "config.h"
+
 #include <nss.h>
 #include <netdb.h>
 #include <resolv.h>
@@ -33,7 +35,11 @@
 #include <string.h>
 #include "sss_cli.h"
 
-static struct sss_nss_gethostent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_gethostent_data {
     size_t len;
     size_t ptr;
     uint8_t *data;
diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
index 93d564496..85d9cc746 100644
--- a/src/sss_client/nss_ipnetworks.c
+++ b/src/sss_client/nss_ipnetworks.c
@@ -20,6 +20,8 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include "config.h"
+
 #include <nss.h>
 #include <netdb.h>
 #include <resolv.h>
@@ -33,7 +35,11 @@
 #include <string.h>
 #include "sss_cli.h"
 
-static struct sss_nss_getnetent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getnetent_data {
     size_t len;
     size_t ptr;
     uint8_t *data;
diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
index c386dd370..ec19908f7 100644
--- a/src/sss_client/nss_passwd.c
+++ b/src/sss_client/nss_passwd.c
@@ -19,6 +19,8 @@
 
 /* PASSWD database NSS interface */
 
+#include "config.h"
+
 #include <nss.h>
 #include <errno.h>
 #include <sys/types.h>
@@ -30,7 +32,11 @@
 #include "nss_mc.h"
 #include "nss_common.h"
 
-static struct sss_nss_getpwent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getpwent_data {
     size_t len;
     size_t ptr;
     uint8_t *data;
diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c
index f8c2092cb..4f44cb29c 100644
--- a/src/sss_client/nss_services.c
+++ b/src/sss_client/nss_services.c
@@ -20,6 +20,8 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include "config.h"
+
 #include <nss.h>
 #include <netdb.h>
 #include <errno.h>
@@ -31,7 +33,11 @@
 #include <string.h>
 #include "sss_cli.h"
 
-static struct sss_nss_getservent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getservent_data {
     size_t len;
     size_t ptr;
     uint8_t *data;
-- 
2.37.3