diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2016-02-17 15:21:55 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-03-11 11:46:15 +0100 |
| commit | 6748a4c9d75db997c724c1dcea541e0047742f52 (patch) | |
| tree | 39c68265c270373e68b5615dcbb5cea5907335b1 /src/sss_client | |
| parent | a452d199bc125e8d53033d7c00383b4a275ab85e (diff) | |
| download | sssd-6748a4c9d75db997c724c1dcea541e0047742f52.tar.gz sssd-6748a4c9d75db997c724c1dcea541e0047742f52.tar.xz sssd-6748a4c9d75db997c724c1dcea541e0047742f52.zip | |
CLIENT: Retry request after EPIPE
We have a function sss_cli_check_socket which checks
socket in client code. The socket is reopened in case of some
issues e.g. responder terminated connections ...
We use syscall poll for checking status of socket.
It's not 100% reliable method because there is still
chance that responder will terminate socket after this check.
Here is a schema of sss_*_make_request functions:
sss_cli_check_socket
sss_cli_make_request_nochecks {
sss_cli_send_req {
poll
send
}
sss_cli_recv_rep {
poll
read
}
}
The syscall pool does not return EPIPE directly but we convert
special revents from poll to EPIPE. As it was mentioned earlier,
checking of socket in the sss_cli_check_socket is not 100% reliable.
It can happen very rarely due to TOCTOU issue (Time of check to time of use)
We can return EPIPE from the sss_cli_make_request_nochecks function
in case of failure in poll in sss_cli_send_req. The send function
in sss_cli_send_req can also return EPIPE is responder close socket
in the same time. The send function can succeed in sss_cli_send_req
but it does not mean that responder read the message. It can happen
that timer for closing socket can be handled before reading a message.
Therefore there is a still a chance that we might return EPIPE in case
of failure in poll in sss_cli_recv_rep.
Therefore we need to reconnect to responder(sss_cli_check_socket)
in case of EPIPE returned from sss_cli_make_request_nochecks and
try to do the same request one more time.
Resolves:
https://fedorahosted.org/sssd/ticket/2626
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/sss_client')
| -rw-r--r-- | src/sss_client/common.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 827f0c2ac..20106b1b6 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -734,6 +734,22 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + if (ret == SSS_STATUS_UNAVAIL && *errnop == EPIPE) { + /* try reopen socket */ + ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { +#ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR + *errnop = 0; + errno = 0; + return NSS_STATUS_NOTFOUND; +#else + return NSS_STATUS_UNAVAIL; +#endif + } + + /* and make request one more time */ + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + } switch (ret) { case SSS_STATUS_TRYAGAIN: return NSS_STATUS_TRYAGAIN; @@ -784,6 +800,16 @@ int sss_pac_make_request(enum sss_cli_command cmd, } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + if (ret == SSS_STATUS_UNAVAIL && *errnop == EPIPE) { + /* try reopen socket */ + ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { + return NSS_STATUS_UNAVAIL; + } + + /* and make request one more time */ + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + } switch (ret) { case SSS_STATUS_TRYAGAIN: return NSS_STATUS_TRYAGAIN; @@ -888,6 +914,18 @@ int sss_pam_make_request(enum sss_cli_command cmd, } status = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + if (status == SSS_STATUS_UNAVAIL && *errnop == EPIPE) { + /* try reopen socket */ + status = sss_cli_check_socket(errnop, socket_name); + if (status != SSS_STATUS_SUCCESS) { + ret = PAM_SERVICE_ERR; + goto out; + } + + /* and make request one more time */ + status = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + } + if (status == SSS_STATUS_SUCCESS) { ret = PAM_SUCCESS; } else { @@ -926,6 +964,16 @@ sss_cli_make_request_with_checks(enum sss_cli_command cmd, } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + if (ret == SSS_STATUS_UNAVAIL && *errnop == EPIPE) { + /* try reopen socket */ + ret = sss_cli_check_socket(errnop, socket_name); + if (ret != SSS_STATUS_SUCCESS) { + return SSS_STATUS_UNAVAIL; + } + + /* and make request one more time */ + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + } return ret; } |