summaryrefslogtreecommitdiff
path: root/src/responder/common
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-08-27 09:13:59 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-09-08 13:30:33 -0400
commitc53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c (patch)
tree959ac4701e208d5d2cc04f4811f7d6253762ce55 /src/responder/common
parent8443d24c0584f45151e0c80506d7a572b8a38ed7 (diff)
downloadsssd-c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c.tar.gz
sssd-c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c.tar.bz2
sssd-c53ed27b33ecc7fcce62d4b3a3e55ce9cda1ca7c.zip
Handle multiple simultaneous enumeration requests
Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
Diffstat (limited to 'src/responder/common')
-rw-r--r--src/responder/common/responder.h11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index deb1e5a3..0f59ffd4 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -92,6 +92,11 @@ struct resp_ctx {
void *pvt_ctx;
};
+/* Needed for the NSS responder */
+struct getent_ref_tracker {
+ void *pvt;
+};
+
struct cli_ctx {
struct tevent_context *ev;
struct resp_ctx *rctx;
@@ -104,6 +109,12 @@ struct cli_ctx {
int32_t client_euid;
int32_t client_egid;
int32_t client_pid;
+
+ int pwent_dom_idx;
+ int pwent_cur;
+
+ int grent_dom_idx;
+ int grent_cur;
};
struct sss_cmd_table {