-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/17/2010 02:38 PM, Sumit Bose wrote: > On Wed, Nov 17, 2010 at 02:32:39PM -0500, Stephen Gallagher wrote: > On 11/17/2010 04:22 AM, Sumit Bose wrote: >>>>> Can you call 'client_ctx->auth_ctx->running--;' directly after >>>>> 'proxy_child_recv()' ? >>>> > > Sure, I just moved the decrement and the creation of the immediate event > to before the return value check, so now it will happen regardless of > the result code. This also eliminates the code duplication in my > previous patch for creating the immediate event. > >> if the proxy_child fails and tevent_create_immediate(), too, >> proxy_reply() is not called. >
Good catch. However, if we have ENOMEM here (the only way tevent_create_immediate() can fail) and there are events on the queue, then one of them may not fire. However, this is a hopefully impossible situation to get into, since we're freeing req just above it. I've added comments to that effect to the patch. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzkM9kACgkQeiVVYja6o6Nu+wCfbHWGSi4s3Tl+b18LWQo5RrhH 2+8An2UY0I6aPWHr8Jgit39YCzL2a3K0 =lWnJ -----END PGP SIGNATURE-----
From d3f9f6f359eeaae77151e32aa7be11a1121d7df9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 16 Nov 2010 16:05:50 -0500
Subject: [PATCH] Fix authentication queue code for proxy auth
We weren't decrementing the count of in-progress authentication
request child processes when they completed successfully. With
this patch, we will now guarantee that the process count is
accurate and that queued requests will be started when a slot is
freed up.
---
src/providers/proxy/proxy_auth.c | 31 +++++++++++++++++++------------
1 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c
index 64b38cbedf30d0989f9517763e8281abb67958d8..b3b878cf62c5d1a74b97cde482631dcfba263fcd 100644
--- a/src/providers/proxy/proxy_auth.c
+++ b/src/providers/proxy/proxy_auth.c
@@ -718,23 +718,30 @@ static void proxy_child_done(struct tevent_req *req)
ret = proxy_child_recv(req, client_ctx, &pd);
talloc_zfree(req);
- if (ret != EOK) {
- /* Pam child failed */
- client_ctx->auth_ctx->running--;
- proxy_reply(client_ctx->be_req, DP_ERR_FATAL, ret,
- "PAM child failed");
-
- /* Start the next auth in the queue, if any */
- imm = tevent_create_immediate(client_ctx->be_req->be_ctx->ev);
- if (imm == NULL) {
- DEBUG(1, ("tevent_create_immediate failed.\n"));
- return;
- }
+ /* Start the next auth in the queue, if any */
+ client_ctx->auth_ctx->running--;
+ imm = tevent_create_immediate(client_ctx->be_req->be_ctx->ev);
+ if (imm == NULL) {
+ DEBUG(1, ("tevent_create_immediate failed.\n"));
+ /* We'll still finish the current request, but we're
+ * likely to have problems if there are queued events
+ * if we've gotten into this state.
+ * Hopefully this is impossible, since freeing req
+ * above should guarantee that we have enough memory
+ * to create this immediate event.
+ */
+ } else {
tevent_schedule_immediate(imm,
client_ctx->be_req->be_ctx->ev,
run_proxy_child_queue,
client_ctx->auth_ctx);
+ }
+
+ if (ret != EOK) {
+ /* Pam child failed */
+ proxy_reply(client_ctx->be_req, DP_ERR_FATAL, ret,
+ "PAM child failed");
return;
}
--
1.7.3.2
0001-Fix-authentication-queue-code-for-proxy-auth.patch.sig
Description: PGP signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
