-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/17/2010 02:38 PM, Sumit Bose wrote: > On Wed, Nov 17, 2010 at 02:32:39PM -0500, Stephen Gallagher wrote: > On 11/17/2010 04:22 AM, Sumit Bose wrote: >>>>> Can you call 'client_ctx->auth_ctx->running--;' directly after >>>>> 'proxy_child_recv()' ? >>>> > > Sure, I just moved the decrement and the creation of the immediate event > to before the return value check, so now it will happen regardless of > the result code. This also eliminates the code duplication in my > previous patch for creating the immediate event. > >> if the proxy_child fails and tevent_create_immediate(), too, >> proxy_reply() is not called. >
Good catch. However, if we have ENOMEM here (the only way tevent_create_immediate() can fail) and there are events on the queue, then one of them may not fire. However, this is a hopefully impossible situation to get into, since we're freeing req just above it. I've added comments to that effect to the patch. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzkM9kACgkQeiVVYja6o6Nu+wCfbHWGSi4s3Tl+b18LWQo5RrhH 2+8An2UY0I6aPWHr8Jgit39YCzL2a3K0 =lWnJ -----END PGP SIGNATURE-----
From d3f9f6f359eeaae77151e32aa7be11a1121d7df9 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Tue, 16 Nov 2010 16:05:50 -0500 Subject: [PATCH] Fix authentication queue code for proxy auth We weren't decrementing the count of in-progress authentication request child processes when they completed successfully. With this patch, we will now guarantee that the process count is accurate and that queued requests will be started when a slot is freed up. --- src/providers/proxy/proxy_auth.c | 31 +++++++++++++++++++------------ 1 files changed, 19 insertions(+), 12 deletions(-) diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 64b38cbedf30d0989f9517763e8281abb67958d8..b3b878cf62c5d1a74b97cde482631dcfba263fcd 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -718,23 +718,30 @@ static void proxy_child_done(struct tevent_req *req) ret = proxy_child_recv(req, client_ctx, &pd); talloc_zfree(req); - if (ret != EOK) { - /* Pam child failed */ - client_ctx->auth_ctx->running--; - proxy_reply(client_ctx->be_req, DP_ERR_FATAL, ret, - "PAM child failed"); - - /* Start the next auth in the queue, if any */ - imm = tevent_create_immediate(client_ctx->be_req->be_ctx->ev); - if (imm == NULL) { - DEBUG(1, ("tevent_create_immediate failed.\n")); - return; - } + /* Start the next auth in the queue, if any */ + client_ctx->auth_ctx->running--; + imm = tevent_create_immediate(client_ctx->be_req->be_ctx->ev); + if (imm == NULL) { + DEBUG(1, ("tevent_create_immediate failed.\n")); + /* We'll still finish the current request, but we're + * likely to have problems if there are queued events + * if we've gotten into this state. + * Hopefully this is impossible, since freeing req + * above should guarantee that we have enough memory + * to create this immediate event. + */ + } else { tevent_schedule_immediate(imm, client_ctx->be_req->be_ctx->ev, run_proxy_child_queue, client_ctx->auth_ctx); + } + + if (ret != EOK) { + /* Pam child failed */ + proxy_reply(client_ctx->be_req, DP_ERR_FATAL, ret, + "PAM child failed"); return; } -- 1.7.3.2
0001-Fix-authentication-queue-code-for-proxy-auth.patch.sig
Description: PGP signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel