diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-09-12 19:23:48 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-09-13 16:51:38 +0200 |
commit | d25e7c659361ebd794ef011dc9305543f266e8c4 (patch) | |
tree | 7203927b13d500ce1b41c12db712625bfe6f5f15 /src/providers/ldap/ldap_auth.c | |
parent | 3c79852d5d5ba4111c0535bafea43450dba8ed12 (diff) | |
download | sssd-d25e7c659361ebd794ef011dc9305543f266e8c4.tar.gz sssd-d25e7c659361ebd794ef011dc9305543f266e8c4.tar.xz sssd-d25e7c659361ebd794ef011dc9305543f266e8c4.zip |
FO: Check server validity before setting status
The list of resolved servers is allocated on the back end context and
kept in the fo_service structure. However, a single request often
resolves a server and keeps a pointer until the end of a request and
only then gives feedback about the server based on the request result.
This presents a big race condition in case the SRV resolution is used.
When there are requests coming in in parallel, it is possible that an
incoming request will invalidate a server until another request that
holds a pointer to the original server is able to give a feedback.
This patch simply checks if a server is in the list of servers
maintained by a service before reading its status.
https://fedorahosted.org/sssd/ticket/1364
Diffstat (limited to 'src/providers/ldap/ldap_auth.c')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index cc5eff1b2..32a2e04ea 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -605,6 +605,7 @@ static void auth_connect_done(struct tevent_req *subreq) if (state->srv) { /* mark this server as bad if connection failed */ be_fo_set_port_status(state->ctx->be, + state->sdap_service->name, state->srv, PORT_NOT_WORKING); } if (ret == ETIMEDOUT) { @@ -617,7 +618,8 @@ static void auth_connect_done(struct tevent_req *subreq) tevent_req_error(req, ret); return; } else if (state->srv) { - be_fo_set_port_status(state->ctx->be, state->srv, PORT_WORKING); + be_fo_set_port_status(state->ctx->be, state->sdap_service->name, + state->srv, PORT_WORKING); } ret = get_user_dn(state, state->ctx->be->sysdb, state->ctx->opts, |