From e6d450d4f67c3c639a6ab7e891adccc361d80ecd Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Fri, 19 Aug 2022 09:50:22 -0400 Subject: [PATCH 8/9] RESPONDER: Fix client ID tracking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Client ID is not stored properly to match requests when parallel requests are made to client SSSD Resolves: https://github.com/SSSD/sssd/issues/6307 Reviewed-by: Alexey Tikhonov Reviewed-by: Pavel Březina Reviewed-by: Alexey Tikhonov --- src/responder/common/cache_req/cache_req.c | 5 +++-- .../plugins/cache_req_autofs_entry_by_name.c | 3 ++- .../cache_req/plugins/cache_req_autofs_map_by_name.c | 3 ++- .../cache_req/plugins/cache_req_autofs_map_entries.c | 3 ++- .../plugins/cache_req_ssh_host_id_by_name.c | 3 ++- src/responder/common/responder.h | 2 +- src/responder/common/responder_common.c | 12 +++++++----- src/responder/common/responder_dp.c | 5 +++-- src/responder/common/responder_get_domains.c | 3 ++- src/responder/pam/pamsrv_cmd.c | 4 ++-- 10 files changed, 26 insertions(+), 17 deletions(-) diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 4dd45b038..bc65bae71 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -24,6 +24,7 @@ #include #include "util/util.h" +#include "util/sss_chain_id.h" #include "responder/common/responder.h" #include "responder/common/cache_req/cache_req_private.h" #include "responder/common/cache_req/cache_req_plugin.h" @@ -1124,8 +1125,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, } state->first_iteration = true; - SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%u] '%s'\n", - rctx->client_id_num, cr->reqname); + SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%lu] '%s'\n", + sss_chain_id_get(), cr->reqname); ret = cache_req_is_well_known_object(state, cr, &result); if (ret == EOK) { diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c index 788b6708c..b2b0a06eb 100644 --- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c @@ -24,6 +24,7 @@ #include "db/sysdb.h" #include "db/sysdb_autofs.h" #include "util/util.h" +#include "util/sss_chain_id.h" #include "providers/data_provider.h" #include "responder/common/cache_req/cache_req_plugin.h" @@ -86,7 +87,7 @@ cache_req_autofs_entry_by_name_dp_send(TALLOC_CTX *mem_ctx, be_conn->bus_name, SSS_BUS_PATH, 0, data->name.name, data->autofs_entry_name, - cr->rctx->client_id_num); + sss_chain_id_get()); } bool diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c index 5d82641cc..23b11b1cd 100644 --- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c @@ -24,6 +24,7 @@ #include "db/sysdb.h" #include "db/sysdb_autofs.h" #include "util/util.h" +#include "util/sss_chain_id.h" #include "providers/data_provider.h" #include "responder/common/cache_req/cache_req_plugin.h" @@ -82,7 +83,7 @@ cache_req_autofs_map_by_name_dp_send(TALLOC_CTX *mem_ctx, return sbus_call_dp_autofs_GetMap_send(mem_ctx, be_conn->conn, be_conn->bus_name, SSS_BUS_PATH, 0, data->name.name, - cr->rctx->client_id_num); + sss_chain_id_get()); } bool diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c index 29f289723..18c08ca39 100644 --- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c +++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c @@ -24,6 +24,7 @@ #include "db/sysdb.h" #include "db/sysdb_autofs.h" #include "util/util.h" +#include "util/sss_chain_id.h" #include "providers/data_provider.h" #include "responder/common/cache_req/cache_req_plugin.h" @@ -114,7 +115,7 @@ cache_req_autofs_map_entries_dp_send(TALLOC_CTX *mem_ctx, return sbus_call_dp_autofs_Enumerate_send(mem_ctx, be_conn->conn, be_conn->bus_name, SSS_BUS_PATH, 0, data->name.name, - cr->rctx->client_id_num); + sss_chain_id_get()); } bool diff --git a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c index a8b8f47a8..29f52f10d 100644 --- a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c @@ -23,6 +23,7 @@ #include "db/sysdb_ssh.h" #include "util/util.h" +#include "util/sss_chain_id.h" #include "providers/data_provider.h" #include "responder/common/cache_req/cache_req_plugin.h" @@ -86,7 +87,7 @@ cache_req_host_by_name_dp_send(TALLOC_CTX *mem_ctx, return sbus_call_dp_dp_hostHandler_send(mem_ctx, be_conn->conn, be_conn->bus_name, SSS_BUS_PATH, 0, data->name.name, data->alias, - cr->rctx->client_id_num); + sss_chain_id_get()); } static bool diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 5cb79e3e6..259b3ff13 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -165,13 +165,13 @@ struct cli_ctx { struct cli_creds *creds; char *cmd_line; - uint64_t old_chain_id; void *protocol_ctx; void *state_ctx; struct tevent_timer *idle; time_t last_request_time; + uint32_t client_id_num; }; struct sss_cmd_table { diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 6e3b61ef0..a4ba8ea71 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -87,8 +87,6 @@ static void client_close_fn(struct tevent_context *ev, "Failed to close fd [%d]: [%s]\n", ctx->cfd, strerror(ret)); } - /* Restore the original chain id */ - sss_chain_id_set(ctx->old_chain_id); DEBUG(SSSDBG_TRACE_INTERNAL, "Terminated client [%p][%d]\n", @@ -526,7 +524,6 @@ static void accept_fd_handler(struct tevent_context *ev, int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd; rctx->client_id_num++; - if (accept_ctx->is_private) { ret = stat(rctx->priv_sock_name, &stat_buf); if (ret == -1) { @@ -557,6 +554,8 @@ static void accept_fd_handler(struct tevent_context *ev, talloc_set_destructor(cctx, cli_ctx_destructor); + cctx->client_id_num = rctx->client_id_num; + len = sizeof(cctx->addr); cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len); if (cctx->cfd == -1) { @@ -645,7 +644,7 @@ static void accept_fd_handler(struct tevent_context *ev, DEBUG(SSSDBG_TRACE_FUNC, "[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n", - rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds), + cctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds), cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : ""); return; @@ -1090,6 +1089,7 @@ void sss_client_fd_handler(void *ptr, uint16_t flags) { errno_t ret; + uint64_t old_chain_id; struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); /* Always reset the responder idle timer on any activity */ @@ -1105,7 +1105,7 @@ void sss_client_fd_handler(void *ptr, } /* Set the chain id */ - cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num); + old_chain_id = sss_chain_id_set(cctx->client_id_num); if (flags & TEVENT_FD_READ) { recv_fn(cctx); @@ -1116,6 +1116,8 @@ void sss_client_fd_handler(void *ptr, send_fn(cctx); return; } + /* Restore the original chain id */ + sss_chain_id_set(old_chain_id); } int sss_connection_setup(struct cli_ctx *cctx) diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index d549e02d3..4b4770da1 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -23,6 +23,7 @@ #include #include #include "util/util.h" +#include "util/sss_chain_id.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "providers/data_provider.h" @@ -276,7 +277,7 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, subreq = sbus_call_dp_dp_getAccountInfo_send(state, be_conn->conn, be_conn->bus_name, SSS_BUS_PATH, dp_flags, entry_type, filter, dom->name, extra, - rctx->client_id_num); + sss_chain_id_get()); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); ret = ENOMEM; @@ -406,7 +407,7 @@ sss_dp_resolver_get_send(TALLOC_CTX *mem_ctx, SSS_BUS_PATH, dp_flags, entry_type, filter_type, filter_value, - rctx->client_id_num); + sss_chain_id_get()); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); ret = ENOMEM; diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index 918124756..aeff28d73 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -19,6 +19,7 @@ */ #include "util/util.h" +#include "util/sss_chain_id.h" #include "responder/common/responder.h" #include "providers/data_provider.h" #include "db/sysdb.h" @@ -751,7 +752,7 @@ sss_dp_get_account_domain_send(TALLOC_CTX *mem_ctx, be_conn->bus_name, SSS_BUS_PATH, dp_flags, entry_type, filter, - rctx->client_id_num); + sss_chain_id_get()); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); ret = ENOMEM; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index cb0e1b82f..1695554fc 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1492,7 +1492,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) } preq->cctx = cctx; preq->cert_auth_local = false; - preq->client_id_num = pctx->rctx->client_id_num; + preq->client_id_num = cctx->client_id_num; preq->pd = create_pam_data(preq); if (!preq->pd) { @@ -1513,7 +1513,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) pd->cmd = pam_cmd; pd->priv = cctx->priv; - pd->client_id_num = pctx->rctx->client_id_num; + pd->client_id_num = cctx->client_id_num; ret = pam_forwarder_parse_data(cctx, pd); if (ret == EAGAIN) { -- 2.37.1