URL: https://github.com/SSSD/sssd/pull/5722
Author: grawity
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Action: opened
PR body:
"""
It seems that returning NETDB_INTERNAL as h_errno will cause glibc's
getaddrinfo() to immediately return EAI_SYSTEM *without* falling through
to other configured NSS modules.
This means that if /etc/nsswitch.conf has 'sss' listed before 'dns' (for
example), hostname resolution will be completely broken whenever SSSD is
not running.
(Even hostname lookups done by SSSD itself will fail, as the _SSS_LOOPS
environment variable merely forces errno=0 but the getaddrinfo() call as
a whole still returns EAI_SYSTEM.)
This commit makes the NSS client return h_errno=NO_RECOVERY, as that's
what systemd's nss-resolve and nss-mymachines seem to be doing.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5722/head:pr5722
git checkout pr5722
From b94d85cd18298a2c601f626803c1d9129d9e4f40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <graw...@gmail.com>
Date: Wed, 21 Jul 2021 08:50:09 +0300
Subject: [PATCH] NSS client: avoid using NETDB_INTERNAL if daemon is not
available
It seems that returning NETDB_INTERNAL as h_errno will cause glibc's
getaddrinfo() to immediately return EAI_SYSTEM *without* falling through
to other configured NSS modules.
This means that if /etc/nsswitch.conf has 'sss' listed before 'dns' (for
example), hostname resolution will be completely broken whenever SSSD is
not running.
(Even hostname lookups done by SSSD itself will fail, as the _SSS_LOOPS
environment variable merely forces errno=0 but the getaddrinfo() call as
a whole still returns EAI_SYSTEM.)
This commit makes the NSS client return h_errno=NO_RECOVERY, as that's
what systemd's nss-resolve and nss-mymachines seem to be doing.
---
src/sss_client/nss_hosts.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
index aa26762865..123a2cb8db 100644
--- a/src/sss_client/nss_hosts.c
+++ b/src/sss_client/nss_hosts.c
@@ -250,7 +250,7 @@ internal_gethostbyname2_r(const char *name, int af,
nret = sss_nss_make_request(SSS_NSS_GETHOSTBYNAME2, &rd,
&repbuf, &replen, errnop);
if (nret != NSS_STATUS_SUCCESS) {
- *h_errnop = NETDB_INTERNAL;
+ *h_errnop = NO_RECOVERY;
goto out;
}
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
