diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-27 09:13:59 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-09-08 13:30:33 -0400 |
commit | c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c (patch) | |
tree | 959ac4701e208d5d2cc04f4811f7d6253762ce55 /src/responder/common | |
parent | 8443d24c0584f45151e0c80506d7a572b8a38ed7 (diff) | |
download | sssd-c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c.tar.gz sssd-c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c.tar.bz2 sssd-c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c.zip |
Handle multiple simultaneous enumeration requests
Previously, if a second enumeration request arrived while one was
already being processed, each process would receive only a subset
of the total number of available users or groups. This is because
we were maintaining the response object as a global value in the
NSS responder. The second request would come in, see that the data
set was already populated, and start reading from wherever the
cursor was currently pointed.
With this patch, we now move the cursor to the client context
instead of the global NSS context.
Additionally, this patch completely rewrites the approach to
enumerations in the tevent_req style. This makes it much easier to
follow in the code.
In order to ensure that a slow or malicious client cannot hold
onto a reference for the setent result object indefinitely, we
set an expiration on the object. We use the enum_cache_timeout
here, since that is an appropriate value.
If the timeout fires during the normal operation of the get*ent()
loop of a client program, we will save the current values of the
read index so that we can resume as soon as the object has been
refreshed by an implicit setent call.
Instead of deleting the enumeration result object immediately
after the last in-progress client has read it, we'll keep the
object around for the lifetime of enum_cache_timeout. This way,
additional clients making enumeration requests can still access
the results in-memory.
Diffstat (limited to 'src/responder/common')
-rw-r--r-- | src/responder/common/responder.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index deb1e5a3..0f59ffd4 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -92,6 +92,11 @@ struct resp_ctx { void *pvt_ctx; }; +/* Needed for the NSS responder */ +struct getent_ref_tracker { + void *pvt; +}; + struct cli_ctx { struct tevent_context *ev; struct resp_ctx *rctx; @@ -104,6 +109,12 @@ struct cli_ctx { int32_t client_euid; int32_t client_egid; int32_t client_pid; + + int pwent_dom_idx; + int pwent_cur; + + int grent_dom_idx; + int grent_cur; }; struct sss_cmd_table { |