SSSD / sssd

Clone

1f33147 sssd_client: add mutex protected call to the PAC responder

7 files Authored by sbose 6 years ago, Committed by lslebodn 6 years ago,
raw patch tree parent
7 files changed. 313 lines added. 2 lines removed.
Makefile.am
file modified
+16 -0
src/sss_client/common.c
file modified
+30 -0
src/sss_client/sss_cli.h
file modified
+7 -0
src/sss_client/sss_pac_responder_client.c
file added
+137
src/sss_client/sssd_pac.c
file modified
+2 -2
src/tests/intg/Makefile.am
file modified
+1 -0
src/tests/intg/test_pac_responder.py
file added
+120 
    sssd_client: add mutex protected call to the PAC responder
    
    SSSD's plugin for MIT Kerberos to send the PAC to the PAC responder
    currently uses sss_pac_make_request() which does not protect the
    communication with the PAC responder with a mutex as e.g. the NSS and
    PAM clients.
    
    If an application using threads loads this plugin via libkrb5 in
    different threads and is heavily processing Kerberos tickets with PACs
    chances are that two threads try to communicate with SSSD at once. In
    this case one of the threads will miss a reply and will wait for it
    until the default client timeout of 300s is passed.
    
    This patch adds a call which uses a mutex to protect the communication
    which will avoid the 300s delay mentioned above.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3518
    
    Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
file modified
+16 -0
file modified
+30 -0
file modified
+7 -0
file added
+137
file modified
+2 -2
file modified
+1 -0
file added
+120
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.