From 181d6fb901afa5aa2e87c4e5f5de4a0b77a1cac5 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 29 Aug 2022 17:44:09 +0200
Subject: [PATCH] CLIENT: fix thread unsafe acces to get*ent structs.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
All get*ent structs were protected with socket mutex. In case SSSD
is built with lock-free client support, `sss_nss_lock()` is a no-op,
thus resulting in thread unsafe access.
This patch changes those structs to have thread local storage.
This conradicts following note in the man page:
```
The function getgrent_r() is not really reentrant since it shares
the reading position in the stream with all other threads.
```
I'm not sure if 3rd party apps can legally assume this behaviour
based on a note in a man page. And in some cases, non-sharing reading
position between threads might make more sense.
But that way or another, this is better than thread unsafe access.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 69fd828c1d5e92bc3b2e327a45dfed116f49d50a)
---
src/sss_client/nss_group.c | 14 ++++++++++++--
src/sss_client/nss_hosts.c | 8 +++++++-
src/sss_client/nss_ipnetworks.c | 8 +++++++-
src/sss_client/nss_passwd.c | 8 +++++++-
src/sss_client/nss_services.c | 8 +++++++-
5 files changed, 40 insertions(+), 6 deletions(-)
diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
index f102711ec..fcabf8cfc 100644
--- a/src/sss_client/nss_group.c
+++ b/src/sss_client/nss_group.c
@@ -19,6 +19,8 @@
/* GROUP database NSS interface */
+#include "config.h"
+
#include <nss.h>
#include <errno.h>
#include <sys/types.h>
@@ -31,7 +33,11 @@
#include "nss_mc.h"
#include "nss_common.h"
-static struct sss_nss_getgrent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getgrent_data {
size_t len;
size_t ptr;
uint8_t *data;
@@ -53,7 +59,11 @@ enum sss_nss_gr_type {
GETGR_GID
};
-static struct sss_nss_getgr_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getgr_data {
enum sss_nss_gr_type type;
union {
char *grname;
diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
index 59fe82e59..81017bc9d 100644
--- a/src/sss_client/nss_hosts.c
+++ b/src/sss_client/nss_hosts.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include "config.h"
+
#include <nss.h>
#include <netdb.h>
#include <resolv.h>
@@ -33,7 +35,11 @@
#include <string.h>
#include "sss_cli.h"
-static struct sss_nss_gethostent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_gethostent_data {
size_t len;
size_t ptr;
uint8_t *data;
diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
index 93d564496..85d9cc746 100644
--- a/src/sss_client/nss_ipnetworks.c
+++ b/src/sss_client/nss_ipnetworks.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include "config.h"
+
#include <nss.h>
#include <netdb.h>
#include <resolv.h>
@@ -33,7 +35,11 @@
#include <string.h>
#include "sss_cli.h"
-static struct sss_nss_getnetent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getnetent_data {
size_t len;
size_t ptr;
uint8_t *data;
diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
index c386dd370..ec19908f7 100644
--- a/src/sss_client/nss_passwd.c
+++ b/src/sss_client/nss_passwd.c
@@ -19,6 +19,8 @@
/* PASSWD database NSS interface */
+#include "config.h"
+
#include <nss.h>
#include <errno.h>
#include <sys/types.h>
@@ -30,7 +32,11 @@
#include "nss_mc.h"
#include "nss_common.h"
-static struct sss_nss_getpwent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getpwent_data {
size_t len;
size_t ptr;
uint8_t *data;
diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c
index f8c2092cb..4f44cb29c 100644
--- a/src/sss_client/nss_services.c
+++ b/src/sss_client/nss_services.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include "config.h"
+
#include <nss.h>
#include <netdb.h>
#include <errno.h>
@@ -31,7 +33,11 @@
#include <string.h>
#include "sss_cli.h"
-static struct sss_nss_getservent_data {
+static
+#ifdef HAVE_PTHREAD_EXT
+__thread
+#endif
+struct sss_nss_getservent_data {
size_t len;
size_t ptr;
uint8_t *data;
--
2.37.3