dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch

1bb595
From aac4dbb17f3e19a2fbeefb38b3319827d3bf820e Mon Sep 17 00:00:00 2001
1bb595
From: Sumit Bose <sbose@redhat.com>
1bb595
Date: Wed, 13 May 2020 13:13:43 +0200
1bb595
Subject: [PATCH] NSS client: preserve errno during _nss_sss_end* calls
1bb595
1bb595
glibc does not expect that errno is changed by some of the calls
1bb595
provided by nss modules. This caused at least issues when
1bb595
_nss_sss_endpwent() is called in compat mode. According to
1bb595
https://pubs.opengroup.org/onlinepubs/9699919799/functions/endpwent.html
1bb595
endpwent() should only set errno in the case of an error. Since there is
1bb595
no other way to report an error we will set errno in the case of an
1bb595
error but preserve it otherwise. This should cause no issues because
1bb595
glibc is taking precautions as well tracked by
1bb595
https://sourceware.org/bugzilla/show_bug.cgi?id=25976.
1bb595
1bb595
To be on the safe side the other _nss_sss_end* calls will show the same
1bb595
behavior.
1bb595
1bb595
Resolves: https://github.com/SSSD/sssd/issues/5153
1bb595
1bb595
Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
1bb595
---
1bb595
 src/sss_client/nss_group.c      | 3 +++
1bb595
 src/sss_client/nss_hosts.c      | 4 +++-
1bb595
 src/sss_client/nss_ipnetworks.c | 4 +++-
1bb595
 src/sss_client/nss_netgroup.c   | 3 +++
1bb595
 src/sss_client/nss_passwd.c     | 3 +++
1bb595
 src/sss_client/nss_services.c   | 3 +++
1bb595
 6 files changed, 18 insertions(+), 2 deletions(-)
1bb595
1bb595
diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
1bb595
index 5ab2bdf78..4a201bf09 100644
1bb595
--- a/src/sss_client/nss_group.c
1bb595
+++ b/src/sss_client/nss_group.c
1bb595
@@ -735,6 +735,7 @@ enum nss_status _nss_sss_endgrent(void)
1bb595
 {
1bb595
     enum nss_status nret;
1bb595
     int errnop;
1bb595
+    int saved_errno = errno;
1bb595
 
1bb595
     sss_nss_lock();
1bb595
 
1bb595
@@ -745,6 +746,8 @@ enum nss_status _nss_sss_endgrent(void)
1bb595
                                 NULL, NULL, NULL, &errnop);
1bb595
     if (nret != NSS_STATUS_SUCCESS) {
1bb595
         errno = errnop;
1bb595
+    } else {
1bb595
+        errno = saved_errno;
1bb595
     }
1bb595
 
1bb595
     sss_nss_unlock();
1bb595
diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
1bb595
index 5e279468b..aa2676286 100644
1bb595
--- a/src/sss_client/nss_hosts.c
1bb595
+++ b/src/sss_client/nss_hosts.c
1bb595
@@ -565,6 +565,7 @@ _nss_sss_endhostent(void)
1bb595
 {
1bb595
     enum nss_status nret;
1bb595
     int errnop;
1bb595
+    int saved_errno = errno;
1bb595
 
1bb595
     sss_nss_lock();
1bb595
 
1bb595
@@ -575,9 +576,10 @@ _nss_sss_endhostent(void)
1bb595
                                 NULL, NULL, NULL, &errnop);
1bb595
     if (nret != NSS_STATUS_SUCCESS) {
1bb595
         errno = errnop;
1bb595
+    } else {
1bb595
+        errno = saved_errno;
1bb595
     }
1bb595
 
1bb595
     sss_nss_unlock();
1bb595
-
1bb595
     return nret;
1bb595
 }
1bb595
diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
1bb595
index 15fee6039..08070499d 100644
1bb595
--- a/src/sss_client/nss_ipnetworks.c
1bb595
+++ b/src/sss_client/nss_ipnetworks.c
1bb595
@@ -510,6 +510,7 @@ _nss_sss_endnetent(void)
1bb595
 {
1bb595
     enum nss_status nret;
1bb595
     int errnop;
1bb595
+    int saved_errno = errno;
1bb595
 
1bb595
     sss_nss_lock();
1bb595
 
1bb595
@@ -520,10 +521,11 @@ _nss_sss_endnetent(void)
1bb595
                                 NULL, NULL, NULL, &errnop);
1bb595
     if (nret != NSS_STATUS_SUCCESS) {
1bb595
         errno = errnop;
1bb595
+    } else {
1bb595
+        errno = saved_errno;
1bb595
     }
1bb595
 
1bb595
     sss_nss_unlock();
1bb595
-
1bb595
     return nret;
1bb595
 }
1bb595
 
1bb595
diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c
1bb595
index 3a1834a31..2fc88f8ae 100644
1bb595
--- a/src/sss_client/nss_netgroup.c
1bb595
+++ b/src/sss_client/nss_netgroup.c
1bb595
@@ -309,6 +309,7 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
1bb595
 {
1bb595
     enum nss_status nret;
1bb595
     int errnop;
1bb595
+    int saved_errno = errno;
1bb595
 
1bb595
     sss_nss_lock();
1bb595
 
1bb595
@@ -319,6 +320,8 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
1bb595
                                 NULL, NULL, NULL, &errnop);
1bb595
     if (nret != NSS_STATUS_SUCCESS) {
1bb595
         errno = errnop;
1bb595
+    } else {
1bb595
+        errno = saved_errno;
1bb595
     }
1bb595
 
1bb595
     sss_nss_unlock();
1bb595
diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
1bb595
index 96368bd6e..c386dd370 100644
1bb595
--- a/src/sss_client/nss_passwd.c
1bb595
+++ b/src/sss_client/nss_passwd.c
1bb595
@@ -455,6 +455,7 @@ enum nss_status _nss_sss_endpwent(void)
1bb595
 {
1bb595
     enum nss_status nret;
1bb595
     int errnop;
1bb595
+    int saved_errno = errno;
1bb595
 
1bb595
     sss_nss_lock();
1bb595
 
1bb595
@@ -465,6 +466,8 @@ enum nss_status _nss_sss_endpwent(void)
1bb595
                                 NULL, NULL, NULL, &errnop);
1bb595
     if (nret != NSS_STATUS_SUCCESS) {
1bb595
         errno = errnop;
1bb595
+    } else {
1bb595
+        errno = saved_errno;
1bb595
     }
1bb595
 
1bb595
     sss_nss_unlock();
1bb595
diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c
1bb595
index 13cb4c3ab..f8c2092cb 100644
1bb595
--- a/src/sss_client/nss_services.c
1bb595
+++ b/src/sss_client/nss_services.c
1bb595
@@ -484,6 +484,7 @@ _nss_sss_endservent(void)
1bb595
 {
1bb595
     enum nss_status nret;
1bb595
     int errnop;
1bb595
+    int saved_errno = errno;
1bb595
 
1bb595
     sss_nss_lock();
1bb595
 
1bb595
@@ -494,6 +495,8 @@ _nss_sss_endservent(void)
1bb595
                                 NULL, NULL, NULL, &errnop);
1bb595
     if (nret != NSS_STATUS_SUCCESS) {
1bb595
         errno = errnop;
1bb595
+    } else {
1bb595
+        errno = saved_errno;
1bb595
     }
1bb595
 
1bb595
     sss_nss_unlock();
1bb595
-- 
1bb595
2.21.3
1bb595