| |
@@ -589,19 +589,22 @@
|
| |
return NULL;
|
| |
}
|
| |
|
| |
- do {
|
| |
+ for(rc = NSS_STATUS_TRYAGAIN; rc == NSS_STATUS_TRYAGAIN;) {
|
| |
rc = backend_nss_getgrouplist(ctx, user_name, pwd.pw_gid,
|
| |
grouplist, &ngroups,
|
| |
&lerrno);
|
| |
- if ((rc != NSS_STATUS_SUCCESS)) {
|
| |
- tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
|
| |
- if (tmp_list == NULL) {
|
| |
+ if (rc == NSS_STATUS_TRYAGAIN) {
|
| |
+ tmp_list = NULL;
|
| |
+ if (lerrno == ERANGE) {
|
| |
+ tmp_list = realloc(grouplist, ngroups * sizeof(gid_t));
|
| |
+ }
|
| |
+ if ((tmp_list == NULL) || (lerrno == ENOMEM)) {
|
| |
free(grouplist);
|
| |
return NULL;
|
| |
}
|
| |
grouplist = tmp_list;
|
| |
}
|
| |
- } while (rc != NSS_STATUS_SUCCESS);
|
| |
+ }
|
| |
|
| |
entries = calloc(ngroups + 1, sizeof(entries[0]));
|
| |
if (entries == NULL) {
|
| |
@@ -787,8 +790,8 @@
|
| |
|
| |
if ((staged->type == SCH_NSSWITCH_GROUP) && (NULL != staged->name)) {
|
| |
entries = backend_retrieve_group_entry_from_nsswitch(staged->name, staged->is_id,
|
| |
- staged->container_sdn,
|
| |
- cbdata, &staged->count);
|
| |
+ staged->container_sdn,
|
| |
+ cbdata, &staged->count);
|
| |
if (entries != NULL) {
|
| |
staged->entries = entries;
|
| |
return TRUE;
|
| |
@@ -798,8 +801,8 @@
|
| |
|
| |
if ((staged->type == SCH_NSSWITCH_USER) && (NULL != staged->name)) {
|
| |
entries = backend_retrieve_user_entry_from_nsswitch(staged->name, staged->is_id,
|
| |
- staged->container_sdn,
|
| |
- cbdata, &staged->count);
|
| |
+ staged->container_sdn,
|
| |
+ cbdata, &staged->count);
|
| |
if (entries != NULL) {
|
| |
staged->entries = entries;
|
| |
return TRUE;
|
| |
abbra
commented 2 years ago
back-sch-nss: only loop if asked to try again
slapi-nis uses sss-idmap library to discover user group membership. Its sss_nss_getgrouplist_timeout() function can return timeout errors as well which might cause a busy looping. sss_nss_getgrouplist_timeout() will return ERANGE which is translated by slapi-nis to NSS_STATUS_TRYAGAIN.
Fixes: rhbz#1967179