From 181d6fb901afa5aa2e87c4e5f5de4a0b77a1cac5 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 29 Aug 2022 17:44:09 +0200 Subject: [PATCH] CLIENT: fix thread unsafe acces to get*ent structs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All get*ent structs were protected with socket mutex. In case SSSD is built with lock-free client support, `sss_nss_lock()` is a no-op, thus resulting in thread unsafe access. This patch changes those structs to have thread local storage. This conradicts following note in the man page: ``` The function getgrent_r() is not really reentrant since it shares the reading position in the stream with all other threads. ``` I'm not sure if 3rd party apps can legally assume this behaviour based on a note in a man page. And in some cases, non-sharing reading position between threads might make more sense. But that way or another, this is better than thread unsafe access. Reviewed-by: Pavel Březina Reviewed-by: Sumit Bose (cherry picked from commit 69fd828c1d5e92bc3b2e327a45dfed116f49d50a) --- src/sss_client/nss_group.c | 14 ++++++++++++-- src/sss_client/nss_hosts.c | 8 +++++++- src/sss_client/nss_ipnetworks.c | 8 +++++++- src/sss_client/nss_passwd.c | 8 +++++++- src/sss_client/nss_services.c | 8 +++++++- 5 files changed, 40 insertions(+), 6 deletions(-) diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c index f102711ec..fcabf8cfc 100644 --- a/src/sss_client/nss_group.c +++ b/src/sss_client/nss_group.c @@ -19,6 +19,8 @@ /* GROUP database NSS interface */ +#include "config.h" + #include #include #include @@ -31,7 +33,11 @@ #include "nss_mc.h" #include "nss_common.h" -static struct sss_nss_getgrent_data { +static +#ifdef HAVE_PTHREAD_EXT +__thread +#endif +struct sss_nss_getgrent_data { size_t len; size_t ptr; uint8_t *data; @@ -53,7 +59,11 @@ enum sss_nss_gr_type { GETGR_GID }; -static struct sss_nss_getgr_data { +static +#ifdef HAVE_PTHREAD_EXT +__thread +#endif +struct sss_nss_getgr_data { enum sss_nss_gr_type type; union { char *grname; diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c index 59fe82e59..81017bc9d 100644 --- a/src/sss_client/nss_hosts.c +++ b/src/sss_client/nss_hosts.c @@ -20,6 +20,8 @@ along with this program. If not, see . */ +#include "config.h" + #include #include #include @@ -33,7 +35,11 @@ #include #include "sss_cli.h" -static struct sss_nss_gethostent_data { +static +#ifdef HAVE_PTHREAD_EXT +__thread +#endif +struct sss_nss_gethostent_data { size_t len; size_t ptr; uint8_t *data; diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c index 93d564496..85d9cc746 100644 --- a/src/sss_client/nss_ipnetworks.c +++ b/src/sss_client/nss_ipnetworks.c @@ -20,6 +20,8 @@ along with this program. If not, see . */ +#include "config.h" + #include #include #include @@ -33,7 +35,11 @@ #include #include "sss_cli.h" -static struct sss_nss_getnetent_data { +static +#ifdef HAVE_PTHREAD_EXT +__thread +#endif +struct sss_nss_getnetent_data { size_t len; size_t ptr; uint8_t *data; diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c index c386dd370..ec19908f7 100644 --- a/src/sss_client/nss_passwd.c +++ b/src/sss_client/nss_passwd.c @@ -19,6 +19,8 @@ /* PASSWD database NSS interface */ +#include "config.h" + #include #include #include @@ -30,7 +32,11 @@ #include "nss_mc.h" #include "nss_common.h" -static struct sss_nss_getpwent_data { +static +#ifdef HAVE_PTHREAD_EXT +__thread +#endif +struct sss_nss_getpwent_data { size_t len; size_t ptr; uint8_t *data; diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c index f8c2092cb..4f44cb29c 100644 --- a/src/sss_client/nss_services.c +++ b/src/sss_client/nss_services.c @@ -20,6 +20,8 @@ along with this program. If not, see . */ +#include "config.h" + #include #include #include @@ -31,7 +33,11 @@ #include #include "sss_cli.h" -static struct sss_nss_getservent_data { +static +#ifdef HAVE_PTHREAD_EXT +__thread +#endif +struct sss_nss_getservent_data { size_t len; size_t ptr; uint8_t *data; -- 2.37.3