From ddadd6b1bc55182f1c76c4bee23331dcbac81d11 Mon Sep 17 00:00:00 2001 From: Ian Kent Date: Mon, 27 Mar 2023 16:39:42 +0800 Subject: [PATCH] - add fixes for bug 2170287. --- ...mediately-call-function-when-waiting.patch | 101 ++++++++++++++++++ ...dling-of-ENOENT-in-sss-setautomntent.patch | 59 ++++++++++ autofs.spec | 13 ++- 3 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 autofs-5.1.8-dont-immediately-call-function-when-waiting.patch create mode 100644 autofs-5.1.8-improve-handling-of-ENOENT-in-sss-setautomntent.patch diff --git a/autofs-5.1.8-dont-immediately-call-function-when-waiting.patch b/autofs-5.1.8-dont-immediately-call-function-when-waiting.patch new file mode 100644 index 0000000..9ca6878 --- /dev/null +++ b/autofs-5.1.8-dont-immediately-call-function-when-waiting.patch @@ -0,0 +1,101 @@ +autofs-5.1.8 - dont immediately call function when waiting + +From: Ian Kent + +When autofs needs to wait for a sss connection the connection function +is immediately called a second time without first waiting. Adjust the +calling so that there's a wait before the next call. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_sss.c | 24 ++++++++++++------------ + 2 files changed, 13 insertions(+), 12 deletions(-) + +--- autofs-5.1.7.orig/CHANGELOG ++++ autofs-5.1.7/CHANGELOG +@@ -114,6 +114,7 @@ + - fix incorrect path for is_mounted() in try_remount(). + - fail on empty replicated host name. + - improve handling of ENOENT in sss setautomntent(). ++- don't immediately call function when waiting. + + 25/01/2021 autofs-5.1.7 + - make bind mounts propagation slave by default. +--- autofs-5.1.7.orig/modules/lookup_sss.c ++++ autofs-5.1.7/modules/lookup_sss.c +@@ -338,10 +338,13 @@ static int setautomntent_wait(unsigned i + "can't connect to sssd, retry for %d seconds", + retries); + +- while (++retry <= retries) { ++ while (++retry < retries) { + struct timespec t = { SSS_WAIT_INTERVAL, 0 }; + struct timespec r; + ++ while (nanosleep(&t, &r) == -1 && errno == EINTR) ++ memcpy(&t, &r, sizeof(struct timespec)); ++ + ret = ctxt->setautomntent(ctxt->mapname, sss_ctxt); + if (proto_version(ctxt) == 0) { + if (ret != ENOENT) +@@ -355,9 +358,6 @@ static int setautomntent_wait(unsigned i + free(*sss_ctxt); + *sss_ctxt = NULL; + } +- +- while (nanosleep(&t, &r) == -1 && errno == EINTR) +- memcpy(&t, &r, sizeof(struct timespec)); + } + + if (!ret) +@@ -475,10 +475,13 @@ static int getautomntent_wait(unsigned i + "can't contact sssd to to get map entry, retry for %d seconds", + retries); + +- while (++retry <= retries) { ++ while (++retry < retries) { + struct timespec t = { SSS_WAIT_INTERVAL, 0 }; + struct timespec r; + ++ while (nanosleep(&t, &r) == -1 && errno == EINTR) ++ memcpy(&t, &r, sizeof(struct timespec)); ++ + ret = ctxt->getautomntent_r(key, value, sss_ctxt); + if (proto_version(ctxt) == 0) { + if (ret != ENOENT) +@@ -487,9 +490,6 @@ static int getautomntent_wait(unsigned i + if (ret != EHOSTDOWN) + break; + } +- +- while (nanosleep(&t, &r) == -1 && errno == EINTR) +- memcpy(&t, &r, sizeof(struct timespec)); + } + + if (!ret) +@@ -600,10 +600,13 @@ static int getautomntbyname_wait(unsigne + "can't contact sssd to to lookup key value, retry for %d seconds", + retries); + +- while (++retry <= retries) { ++ while (++retry < retries) { + struct timespec t = { SSS_WAIT_INTERVAL, 0 }; + struct timespec r; + ++ while (nanosleep(&t, &r) == -1 && errno == EINTR) ++ memcpy(&t, &r, sizeof(struct timespec)); ++ + ret = ctxt->getautomntbyname_r(key, value, sss_ctxt); + if (proto_version(ctxt) == 0) { + if (ret != ENOENT) +@@ -612,9 +615,6 @@ static int getautomntbyname_wait(unsigne + if (ret != EHOSTDOWN) + break; + } +- +- while (nanosleep(&t, &r) == -1 && errno == EINTR) +- memcpy(&t, &r, sizeof(struct timespec)); + } + + if (!ret) diff --git a/autofs-5.1.8-improve-handling-of-ENOENT-in-sss-setautomntent.patch b/autofs-5.1.8-improve-handling-of-ENOENT-in-sss-setautomntent.patch new file mode 100644 index 0000000..68bb0d2 --- /dev/null +++ b/autofs-5.1.8-improve-handling-of-ENOENT-in-sss-setautomntent.patch @@ -0,0 +1,59 @@ +autofs-5.1.8 - improve handling of ENOENT in sss setautomntent() + +From: Ian Kent + +In the sss lookup module function setautomntent() a return of ENOENT +isn't handled quite right. + +If ENOENT (rather than EHOSTDOWN) is returned from sss setautomntent() +we should assume the LDAP info. has been read by sss and the entry in +fact doesn't exist. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_sss.c | 16 +++++++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +--- autofs-5.1.7.orig/CHANGELOG ++++ autofs-5.1.7/CHANGELOG +@@ -113,6 +113,7 @@ + - fix minus only option handling in concat_options(). + - fix incorrect path for is_mounted() in try_remount(). + - fail on empty replicated host name. ++- improve handling of ENOENT in sss setautomntent(). + + 25/01/2021 autofs-5.1.7 + - make bind mounts propagation slave by default. +--- autofs-5.1.7.orig/modules/lookup_sss.c ++++ autofs-5.1.7/modules/lookup_sss.c +@@ -394,7 +394,17 @@ static int setautomntent(unsigned int lo + if (ret != ENOENT) + goto error; + } else { +- if (ret != ENOENT && ret != EHOSTDOWN) ++ /* If we get an ENOENT here assume it's accurrate ++ * and return the error. ++ */ ++ if (ret == ENOENT) { ++ error(logopt, MODPREFIX ++ "setautomountent: entry for map %s not found", ++ ctxt->mapname); ++ err = NSS_STATUS_NOTFOUND; ++ goto free; ++ } ++ if (ret != EHOSTDOWN) + goto error; + } + +@@ -410,6 +420,10 @@ static int setautomntent(unsigned int lo + if (ret == EINVAL) + goto free; + if (ret == ENOENT) { ++ /* Map info. not found after host became available */ ++ error(logopt, MODPREFIX ++ "setautomountent: entry for map %s not found", ++ ctxt->mapname); + err = NSS_STATUS_NOTFOUND; + goto free; + } diff --git a/autofs.spec b/autofs.spec index df5ca35..aff4436 100644 --- a/autofs.spec +++ b/autofs.spec @@ -12,7 +12,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.1.7 -Release: 37%{?dist} +Release: 38%{?dist} Epoch: 1 License: GPLv2+ Source: https://www.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}-2.tar.gz @@ -139,6 +139,8 @@ Patch111: autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch Patch112: autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch Patch113: autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch Patch114: autofs-5.1.8-fail-on-empty-replicated-host-name.patch +Patch115: autofs-5.1.8-improve-handling-of-ENOENT-in-sss-setautomntent.patch +Patch116: autofs-5.1.8-dont-immediately-call-function-when-waiting.patch %if %{with_systemd} BuildRequires: systemd-units @@ -322,6 +324,8 @@ echo %{version}-%{release} > .version %patch112 -p1 %patch113 -p1 %patch114 -p1 +%patch115 -p1 +%patch116 -p1 %build LDFLAGS=-Wl,-z,now @@ -430,6 +434,13 @@ fi %dir /etc/auto.master.d %changelog +* Mon Mar 27 2023 Ian Kent - 1:5.1.7-38 +- bz2170287 - Autofs reports can't connect to sssd, retry for 10 + seconds when real problem is empty LDAP object + - improve handling of ENOENT in sss setautomntent(). + - dont immediately call function when waiting. +- Resolves: rhbz#2170287 + * Mon Mar 27 2023 Ian Kent - 1:5.1.7-37 - bz2170285 - Users can trigger a simple autofs DoS with wildcard automounter maps