On (19/06/16 15:27), Simo Sorce wrote:
>As the commit message says, nothing more.
>Isn't it right to wait for 6 seconds as the timeout says ?
>Can you add debug to see what errno is returned (if any) ?
>Or does the code never trigger and only the timeout kick in ?
>
Yes, only the timeout kick in
It might be caused by using DROP instead of REJECT in firewall.
But users use DROP very often as well. But I'm not sure.
>We can revert that change in tevent flags if they cause a regression,
>but I want a comment in the code that the connect() man page is
>misleading if that's the case.
>
I added comment; similar as in commit message.
LS
>From 1596c1d9e262aa40f961adf25c1051db05a735db Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Sat, 18 Jun 2016 19:26:33 +0200
Subject: [PATCH 1/2] UTIL: Fix debug message in sssd_async_connect_done
Function strerror does not expect negative values.
There should be errno.
[sssd_async_connect_done] (0x0020):
connect failed [-1][Unknown error 18446744073709551615].
---
src/util/sss_sockets.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
index
27be852ebea1a1aa22e37d8182272564fe336847..67db80850f7a2348900003fe0d0244de46fcfc25
100644
--- a/src/util/sss_sockets.c
+++ b/src/util/sss_sockets.c
@@ -192,6 +192,7 @@ static void sssd_async_connect_done(struct tevent_context
*ev,
if (ret == EOK) {
tevent_req_done(req);
} else {
+ ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE,
"connect failed [%d][%s].\n", ret, strerror(ret));
tevent_req_error(req, ret);
--
2.7.4
>From 6b87b25a0edc2b0bb6e1fb2205813b113a2332aa Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Sat, 18 Jun 2016 19:30:04 +0200
Subject: [PATCH 2/2] UTIL: Revent connection handling in
sssd_async_connect_send
Even though the connect() man page says waiting on a non-blocking connect
should be done by checking for writability, we need to check also for
readability. Otherwise it slightly break offline mode.
Changing password in offline mode is not supported by sssd
and error message "System is offline, password change not possible"
is printed. However without TEVENT_FD_READ for connect it takes much longer
when sssd finds out that it cannot connect to a server. It fails after
expiration of timeout (6 seconds). But meanwhile "passwd user" finished
without logging the offline message.
With TEVENT_FD_READ, connect fails much faster
with errno 113/No route to host.
The change was introduced in the commit
e05d3f5872263aadfbc2f6a2a8c9735219922387
---
src/util/sss_sockets.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
index
67db80850f7a2348900003fe0d0244de46fcfc25..5e9be9ebd11d94bdd3f107f793f3e5438b26cd6b
100644
--- a/src/util/sss_sockets.c
+++ b/src/util/sss_sockets.c
@@ -142,7 +142,15 @@ struct tevent_req *sssd_async_connect_send(TALLOC_CTX
*mem_ctx,
switch (ret) {
case EINPROGRESS:
case EINTR:
- state->fde = tevent_add_fd(ev, state, fd, TEVENT_FD_WRITE,
+
+ /* Despite the connect() man page says waiting on a non-blocking
+ * connect should be done by checking for writability, we need to check
+ * also for readability.
+ * With TEVENT_FD_READ, connect fails much faster in offline mode with
+ * errno 113/No route to host.
+ */
+ state->fde = tevent_add_fd(ev, state, fd,
+ TEVENT_FD_READ | TEVENT_FD_WRITE,
sssd_async_connect_done, req);
if (state->fde == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_fd failed.\n");
--
2.7.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
