eabdullin
742312a8a9
- Apply 0004-sss_iface-do-not-add-cli_id-to-chain-key.patch - Apply 0005-Accept-krb5-1.21-for-building-the-PAC-plugin.patch - Apply 0006-MC-a-couple-of-additions-to-recover-from-invalid-memory.patch
333 lines
12 KiB
Diff
333 lines
12 KiB
Diff
From 88d8afbb115f18007dcc11f7ebac1b238c3ebd98 Mon Sep 17 00:00:00 2001
|
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
Date: Mon, 25 Sep 2023 12:36:09 +0200
|
|
Subject: [PATCH] MC: a couple of additions to 'recover from invalid memory
|
|
cache size' patch
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Additions to 641e5f73d3bd5b3d32cafd551013d3bfd2a52732 :
|
|
|
|
- handle all invalidations consistently
|
|
- supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`,
|
|
not a pointer to a local var
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
---
|
|
src/responder/nss/nss_get_object.c | 10 ++---
|
|
src/responder/nss/nss_iface.c | 8 ++--
|
|
src/responder/nss/nsssrv_mmap_cache.c | 64 ++++++++++++++++++---------
|
|
src/responder/nss/nsssrv_mmap_cache.h | 10 ++---
|
|
4 files changed, 56 insertions(+), 36 deletions(-)
|
|
|
|
diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c
|
|
index 5d62dd0985..29f9cb59b5 100644
|
|
--- a/src/responder/nss/nss_get_object.c
|
|
+++ b/src/responder/nss/nss_get_object.c
|
|
@@ -34,13 +34,13 @@ memcache_delete_entry_by_name(struct sss_nss_ctx *nss_ctx,
|
|
|
|
switch (type) {
|
|
case SSS_MC_PASSWD:
|
|
- ret = sss_mmap_cache_pw_invalidate(nss_ctx->pwd_mc_ctx, name);
|
|
+ ret = sss_mmap_cache_pw_invalidate(&nss_ctx->pwd_mc_ctx, name);
|
|
break;
|
|
case SSS_MC_GROUP:
|
|
- ret = sss_mmap_cache_gr_invalidate(nss_ctx->grp_mc_ctx, name);
|
|
+ ret = sss_mmap_cache_gr_invalidate(&nss_ctx->grp_mc_ctx, name);
|
|
break;
|
|
case SSS_MC_INITGROUPS:
|
|
- ret = sss_mmap_cache_initgr_invalidate(nss_ctx->initgr_mc_ctx, name);
|
|
+ ret = sss_mmap_cache_initgr_invalidate(&nss_ctx->initgr_mc_ctx, name);
|
|
break;
|
|
default:
|
|
return EINVAL;
|
|
@@ -66,10 +66,10 @@ memcache_delete_entry_by_id(struct sss_nss_ctx *nss_ctx,
|
|
|
|
switch (type) {
|
|
case SSS_MC_PASSWD:
|
|
- ret = sss_mmap_cache_pw_invalidate_uid(nss_ctx->pwd_mc_ctx, (uid_t)id);
|
|
+ ret = sss_mmap_cache_pw_invalidate_uid(&nss_ctx->pwd_mc_ctx, (uid_t)id);
|
|
break;
|
|
case SSS_MC_GROUP:
|
|
- ret = sss_mmap_cache_gr_invalidate_gid(nss_ctx->grp_mc_ctx, (gid_t)id);
|
|
+ ret = sss_mmap_cache_gr_invalidate_gid(&nss_ctx->grp_mc_ctx, (gid_t)id);
|
|
break;
|
|
default:
|
|
return EINVAL;
|
|
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
|
|
index 07e91aa811..db743f8b7e 100644
|
|
--- a/src/responder/nss/nss_iface.c
|
|
+++ b/src/responder/nss/nss_iface.c
|
|
@@ -78,7 +78,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx,
|
|
|
|
if (ret == ENOENT || res->count == 0) {
|
|
/* The user is gone. Invalidate the mc record */
|
|
- ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, delete_name);
|
|
+ ret = sss_mmap_cache_pw_invalidate(&nctx->pwd_mc_ctx, delete_name);
|
|
if (ret != EOK && ret != ENOENT) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
"Internal failure in memory cache code: %d [%s]\n",
|
|
@@ -125,7 +125,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx,
|
|
for (i = 0; i < gnum; i++) {
|
|
id = groups[i];
|
|
|
|
- ret = sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, id);
|
|
+ ret = sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, id);
|
|
if (ret != EOK && ret != ENOENT) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
"Internal failure in memory cache code: %d [%s]\n",
|
|
@@ -134,7 +134,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx,
|
|
}
|
|
|
|
to_sized_string(delete_name, fq_name);
|
|
- ret = sss_mmap_cache_initgr_invalidate(nctx->initgr_mc_ctx,
|
|
+ ret = sss_mmap_cache_initgr_invalidate(&nctx->initgr_mc_ctx,
|
|
delete_name);
|
|
if (ret != EOK && ret != ENOENT) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
@@ -208,7 +208,7 @@ sss_nss_memorycache_invalidate_group_by_id(TALLOC_CTX *mem_ctx,
|
|
DEBUG(SSSDBG_TRACE_LIBS,
|
|
"Invalidating group %u from memory cache\n", gid);
|
|
|
|
- sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
|
|
+ sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, gid);
|
|
|
|
return EOK;
|
|
}
|
|
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
|
|
index 90d12299a4..06f3d7a694 100644
|
|
--- a/src/responder/nss/nsssrv_mmap_cache.c
|
|
+++ b/src/responder/nss/nsssrv_mmap_cache.c
|
|
@@ -701,16 +701,22 @@ static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc,
|
|
* generic invalidation
|
|
***************************************************************************/
|
|
|
|
-static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc,
|
|
+static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc);
|
|
+
|
|
+static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *key)
|
|
{
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec;
|
|
+ int ret;
|
|
|
|
- if (mcc == NULL) {
|
|
- /* cache not initialized? */
|
|
- return EINVAL;
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
+ if (ret != EOK) {
|
|
+ return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
rec = sss_mc_find_record(mcc, key);
|
|
if (rec == NULL) {
|
|
/* nothing to invalidate */
|
|
@@ -785,7 +791,7 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *homedir,
|
|
const struct sized_string *shell)
|
|
{
|
|
- struct sss_mc_ctx *mcc = *_mcc;
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec;
|
|
struct sss_mc_pwd_data *data;
|
|
struct sized_string uidkey;
|
|
@@ -795,11 +801,13 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
|
size_t pos;
|
|
int ret;
|
|
|
|
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
if (ret != EOK) {
|
|
return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
ret = snprintf(uidstr, 11, "%ld", (long)uid);
|
|
if (ret > 10) {
|
|
return EINVAL;
|
|
@@ -851,14 +859,15 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
|
return EOK;
|
|
}
|
|
|
|
-errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc,
|
|
+errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *name)
|
|
{
|
|
- return sss_mmap_cache_invalidate(mcc, name);
|
|
+ return sss_mmap_cache_invalidate(_mcc, name);
|
|
}
|
|
|
|
-errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid)
|
|
+errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid)
|
|
{
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec = NULL;
|
|
struct sss_mc_pwd_data *data;
|
|
uint32_t hash;
|
|
@@ -866,11 +875,13 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid)
|
|
char *uidstr;
|
|
errno_t ret;
|
|
|
|
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
if (ret != EOK) {
|
|
return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
uidstr = talloc_asprintf(NULL, "%ld", (long)uid);
|
|
if (!uidstr) {
|
|
return ENOMEM;
|
|
@@ -927,7 +938,7 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
|
gid_t gid, size_t memnum,
|
|
const char *membuf, size_t memsize)
|
|
{
|
|
- struct sss_mc_ctx *mcc = *_mcc;
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec;
|
|
struct sss_mc_grp_data *data;
|
|
struct sized_string gidkey;
|
|
@@ -937,11 +948,13 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
|
size_t pos;
|
|
int ret;
|
|
|
|
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
if (ret != EOK) {
|
|
return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
ret = snprintf(gidstr, 11, "%ld", (long)gid);
|
|
if (ret > 10) {
|
|
return EINVAL;
|
|
@@ -989,14 +1002,15 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
|
return EOK;
|
|
}
|
|
|
|
-errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc,
|
|
+errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *name)
|
|
{
|
|
- return sss_mmap_cache_invalidate(mcc, name);
|
|
+ return sss_mmap_cache_invalidate(_mcc, name);
|
|
}
|
|
|
|
-errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid)
|
|
+errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid)
|
|
{
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec = NULL;
|
|
struct sss_mc_grp_data *data;
|
|
uint32_t hash;
|
|
@@ -1004,11 +1018,13 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid)
|
|
char *gidstr;
|
|
errno_t ret;
|
|
|
|
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
if (ret != EOK) {
|
|
return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
gidstr = talloc_asprintf(NULL, "%ld", (long)gid);
|
|
if (!gidstr) {
|
|
return ENOMEM;
|
|
@@ -1061,7 +1077,7 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
|
uint32_t num_groups,
|
|
const uint8_t *gids_buf)
|
|
{
|
|
- struct sss_mc_ctx *mcc = *_mcc;
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec;
|
|
struct sss_mc_initgr_data *data;
|
|
size_t data_len;
|
|
@@ -1069,11 +1085,13 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
|
size_t pos;
|
|
int ret;
|
|
|
|
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
if (ret != EOK) {
|
|
return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
/* array of gids + name + unique_name */
|
|
data_len = num_groups * sizeof(uint32_t) + name->len + unique_name->len;
|
|
rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_initgr_data)
|
|
@@ -1119,10 +1137,10 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
|
return EOK;
|
|
}
|
|
|
|
-errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc,
|
|
+errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *name)
|
|
{
|
|
- return sss_mmap_cache_invalidate(mcc, name);
|
|
+ return sss_mmap_cache_invalidate(_mcc, name);
|
|
}
|
|
|
|
errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
|
@@ -1131,18 +1149,20 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
|
uint32_t type,
|
|
bool explicit_lookup)
|
|
{
|
|
- struct sss_mc_ctx *mcc = *_mcc;
|
|
+ struct sss_mc_ctx *mcc;
|
|
struct sss_mc_rec *rec;
|
|
struct sss_mc_sid_data *data;
|
|
char idkey[16];
|
|
size_t rec_len;
|
|
int ret;
|
|
|
|
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
|
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
|
if (ret != EOK) {
|
|
return ret;
|
|
}
|
|
|
|
+ mcc = *_mcc;
|
|
+
|
|
ret = snprintf(idkey, sizeof(idkey), "%d-%ld",
|
|
(type == SSS_ID_TYPE_GID) ? SSS_ID_TYPE_GID : SSS_ID_TYPE_UID,
|
|
(long)id);
|
|
diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h
|
|
index 686b8e1b21..28ee5adb64 100644
|
|
--- a/src/responder/nss/nsssrv_mmap_cache.h
|
|
+++ b/src/responder/nss/nsssrv_mmap_cache.h
|
|
@@ -63,17 +63,17 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
|
uint32_t type, /* enum sss_id_type*/
|
|
bool explicit_lookup); /* false ~ by_id(), true ~ by_uid/gid() */
|
|
|
|
-errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc,
|
|
+errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *name);
|
|
|
|
-errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid);
|
|
+errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid);
|
|
|
|
-errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc,
|
|
+errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *name);
|
|
|
|
-errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid);
|
|
+errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid);
|
|
|
|
-errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc,
|
|
+errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc,
|
|
const struct sized_string *name);
|
|
|
|
errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx,
|