#3963 Responders: processing of `filter_users`/`filter_groups` should avoid calling blocking NSS API
Closed: Fixed 2 years ago by jhrozek. Opened 2 years ago by atikhonov.

Current implementation of sss_ncache_prepopulate() might call NSS API for users and groups in filter_* lists. This call might block (for example due to fail of external module) and thus result in termination of responder by own watchdog.
For details see https://bugzilla.redhat.com/show_bug.cgi?id=1666819
This also might be related with #3813

Users and groups from filter_* lists should be added to ncache unconditionally, without redundant is_user_local_by_name() check (thus not involving getpw*()).


Metadata Update from @atikhonov:
- Issue assigned to atikhonov

2 years ago

Metadata Update from @atikhonov:
- Custom field rhbz adjusted to 1666819
- Issue priority set to: major (was: minor)

2 years ago

Metadata Update from @atikhonov:
- Issue tagged with: bug

2 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to 1666819, https://bugzilla.redhat.com/show_bug.cgi?id=1666819 (was: 1666819)

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2

2 years ago

Metadata Update from @atikhonov:
- Issue tagged with: PR

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4936

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata