[SSSD] [PATCH] Pass client context to sss_dp_get_account_send

Mon, 19 Dec 2011 01:44:23 -0800 

My recent fix "DP: Remove processed callbacks" uncovered another bug
which needs immediate attention - any NSS operation currently aborts in
git HEAD. That's my fault, I only tested my previous fix with cached user
data inside the PAM responder where the new bug does not hit. Sorry for that.

The problem is memory hierarchy. When user data update is requested
from check_cache(), the sss_dp_callback structures are created on
sss_domain_context. However, when the callback is called, it goes all the
way into nss_cmd_getpw_send_reply() where the command context is freed,
freeing also sss_domain_context and the sss_dp_callback data. That's a
problem because we are still looping over the callback data.

Attached is a patch that changes the memory context for the
sss_dp_callback to the client context so it's kept even when the command
finishes. The callbacks are freed in the sss_dp_get_account_int_done()
function after the callback finishes so we're not keeping them for long.

The other solution I was thinking about was to not call the callbacks
directly, but only schedule them with tevent_schedule_immediate() so
that we can safely loop over all the callbacks, free the sdp_req and
then let the clients do whatever they need to.

>From c31bb5c945ecffc2d8b2b0c0f4274f0082c356e5 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 19 Dec 2011 10:28:53 +0100
Subject: [PATCH] Pass client context to sss_dp_get_account_send

---
 src/responder/nss/nsssrv_cmd.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 
d8eb8b211587cfc6d3d392de301a4443e8f074d8..0bd2f75ee32a10acbaa44709f05b5a7017811f3c
 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -643,7 +643,7 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
             dctx->res = talloc_steal(dctx, res);
         }
 
-        req = sss_dp_get_account_send(dctx, cctx->rctx, dctx->domain, true,
+        req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true,
                                       req_type, opt_name, opt_id);
         if (!req) {
             DEBUG(SSSDBG_CRIT_FAILURE,
-- 
1.7.7.4


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to