extdom: plugin doesn't use timeout in blocking call

Expose nss timeout parameter. Use sss_nss_getorigbyname_timeout instead of sss_nss_getorigbyname Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-09-10 13:32:45 +02:00
parent e5f04258b5
commit 5f898c3c61
6 changed files with 32 additions and 6 deletions
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom.h
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom.h
@@ -35,6 +35,9 @@ enum nss_status {
    NSS_STATUS_RETURN
 };

+/* default NSS operation timeout 10s (ipaExtdomMaxNssTimeout) */
+#define DEFAULT_MAX_NSS_TIMEOUT (10*1000)
+
 /* NSS backend operations implemented using either nss_sss.so.2 or libsss_nss_idmap API */
 struct nss_ops_ctx;

@@ -42,6 +45,7 @@ int back_extdom_init_context(struct nss_ops_ctx **nss_context);
 void back_extdom_free_context(struct nss_ops_ctx **nss_context);
 void back_extdom_set_timeout(struct nss_ops_ctx *nss_context,
                             unsigned int timeout);
+unsigned int back_extdom_get_timeout(struct nss_ops_ctx *nss_context);
 void back_extdom_evict_user(struct nss_ops_ctx *nss_context,
                            const char *name);
 void back_extdom_evict_group(struct nss_ops_ctx *nss_context,
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom_nss_sss.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom_nss_sss.c
@@ -135,7 +135,7 @@ fail:
 }


-/* Following three functions cannot be implemented with nss_sss.so.2
+/* Following four functions cannot be implemented with nss_sss.so.2
 * As result, we simply do nothing here */

 void back_extdom_set_timeout(struct nss_ops_ctx *nss_context,
@@ -143,6 +143,10 @@ void back_extdom_set_timeout(struct nss_ops_ctx *nss_context,
        /* no operation */
 }

+unsigned int back_extdom_get_timeout(struct nss_ops_ctx *nss_context) {
+    return DEFAULT_MAX_NSS_TIMEOUT;
+}
+
 void back_extdom_evict_user(struct nss_ops_ctx *nss_context,
                            const char *name) {
        /* no operation */
@@ -288,4 +292,3 @@ enum nss_status back_extdom_getgrouplist(struct nss_ops_ctx *nss_context,

    return ret;
 }
-
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom_sss_idmap.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom_sss_idmap.c
@@ -111,6 +111,14 @@ void back_extdom_set_timeout(struct nss_ops_ctx *nss_context,
    nss_context->timeout = timeout;
 }

+unsigned int back_extdom_get_timeout(struct nss_ops_ctx *nss_context) {
+    if (nss_context == NULL) {
+        return DEFAULT_MAX_NSS_TIMEOUT;
+    }
+
+    return nss_context->timeout;
+}
+
 void back_extdom_evict_user(struct nss_ops_ctx *nss_context,
                            const char *name) {
    if (nss_context == NULL) {
@@ -272,4 +280,3 @@ enum nss_status back_extdom_getgrouplist(struct nss_ops_ctx *nss_context,
    }
    return __convert_sss_nss2nss_status(ret);
 }
-
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
@@ -59,6 +59,7 @@
 #include <lber.h>
 #include <time.h>

+#define IPA_389DS_PLUGIN_HELPER_CALLS
 #include <sss_nss_idmap.h>

 #define EXOP_EXTDOM_OID "2.16.840.1.113730.3.8.10.4"
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -114,6 +114,13 @@ int __nss_to_err(enum nss_status errcode)
    }
 }

+static int get_timeout(struct ipa_extdom_ctx *ctx) {
+    if (ctx == NULL || ctx->nss_ctx == NULL) {
+        return DEFAULT_MAX_NSS_TIMEOUT;
+    }
+    return back_extdom_get_timeout(ctx->nss_ctx);
+}
+
 int getpwnam_r_wrapper(struct ipa_extdom_ctx *ctx, const char *name,
                       struct passwd *pwd, char **buf, size_t *buf_len)
 {
@@ -1245,7 +1252,9 @@ static int handle_username_request(struct ipa_extdom_ctx *ctx,
    switch(ret) {
    case 0:
        if (request_type == REQ_FULL_WITH_GROUPS) {
-            ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+            ret = sss_nss_getorigbyname_timeout(pwd.pw_name,
+                                                get_timeout(ctx),
+                                                &kv_list, &id_type);
            if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
                              || id_type == SSS_ID_TYPE_BOTH)) {
                set_err_msg(req, "Failed to read original data");
@@ -1334,7 +1343,10 @@ static int handle_groupname_request(struct ipa_extdom_ctx *ctx,
    }

    if (request_type == REQ_FULL_WITH_GROUPS) {
-        ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+        ret = sss_nss_getorigbyname_timeout(grp.gr_name,
+                                            get_timeout(ctx),
+                                            &kv_list,
+                                            &id_type);
        if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
                          || id_type == SSS_ID_TYPE_BOTH)) {
            if (ret == ENOENT) {
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_extop.c
@@ -42,7 +42,6 @@
 #include "util.h"

 #define DEFAULT_MAX_NSS_BUFFER (128*1024*1024)
-#define DEFAULT_MAX_NSS_TIMEOUT (10*1000)

 Slapi_PluginDesc ipa_extdom_plugin_desc = {
    IPA_EXTDOM_FEATURE_DESC,