From d25e7c659361ebd794ef011dc9305543f266e8c4 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 12 Sep 2012 19:23:48 +0200 Subject: FO: Check server validity before setting status The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364 --- src/providers/ldap/sdap_async_connection.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'src/providers/ldap/sdap_async_connection.c') diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 9fee1a5d4..79ad3b8e4 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1012,7 +1012,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) * retry with another KDC */ DEBUG(SSSDBG_MINOR_FAILURE, ("Communication with KDC timed out, trying the next one\n")); - be_fo_set_port_status(state->be, state->kdc_srv, PORT_NOT_WORKING); + be_fo_set_port_status(state->be, state->krb_service_name, + state->kdc_srv, PORT_NOT_WORKING); nextreq = sdap_kinit_next_kdc(req); if (!nextreq) { tevent_req_error(req, ENOMEM); @@ -1040,7 +1041,8 @@ static void sdap_kinit_done(struct tevent_req *subreq) return; } else { if (kerr == KRB5_KDC_UNREACH) { - be_fo_set_port_status(state->be, state->kdc_srv, PORT_NOT_WORKING); + be_fo_set_port_status(state->be, state->krb_service_name, + state->kdc_srv, PORT_NOT_WORKING); nextreq = sdap_kinit_next_kdc(req); if (!nextreq) { tevent_req_error(req, ENOMEM); @@ -1371,7 +1373,8 @@ static void sdap_cli_connect_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { /* retry another server */ - be_fo_set_port_status(state->be, state->srv, PORT_NOT_WORKING); + be_fo_set_port_status(state->be, state->service->name, + state->srv, PORT_NOT_WORKING); ret = sdap_cli_resolve_next(req); if (ret != EOK) { tevent_req_error(req, ret); @@ -1444,7 +1447,8 @@ static void sdap_cli_rootdse_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { if (ret == ETIMEDOUT) { /* retry another server */ - be_fo_set_port_status(state->be, state->srv, PORT_NOT_WORKING); + be_fo_set_port_status(state->be, state->service->name, + state->srv, PORT_NOT_WORKING); ret = sdap_cli_resolve_next(req); if (ret != EOK) { tevent_req_error(req, ret); @@ -1681,7 +1685,8 @@ static void sdap_cli_rootdse_auth_done(struct tevent_req *subreq) if (ret == ETIMEDOUT) { /* The server we authenticated against went down. Retry another * one */ - be_fo_set_port_status(state->be, state->srv, PORT_NOT_WORKING); + be_fo_set_port_status(state->be, state->service->name, + state->srv, PORT_NOT_WORKING); ret = sdap_cli_resolve_next(req); if (ret != EOK) { tevent_req_error(req, ret); @@ -1729,7 +1734,8 @@ int sdap_cli_connect_recv(struct tevent_req *req, if (tevent_req_is_error(req, &tstate, &err)) { /* mark the server as bad if connection failed */ if (state->srv) { - be_fo_set_port_status(state->be, state->srv, PORT_NOT_WORKING); + be_fo_set_port_status(state->be, state->service->name, + state->srv, PORT_NOT_WORKING); } else { if (can_retry) { *can_retry = false; @@ -1741,7 +1747,8 @@ int sdap_cli_connect_recv(struct tevent_req *req, } return EIO; } else if (state->srv) { - be_fo_set_port_status(state->be, state->srv, PORT_WORKING); + be_fo_set_port_status(state->be, state->service->name, + state->srv, PORT_WORKING); } if (gsh) { -- cgit