On Mon, 2012-06-18 at 11:33 -0400, Stephen Gallagher wrote:
On Mon, 2012-06-18 at 09:33 -0400, Stephen Gallagher wrote:
On Mon, 2012-06-18 at 06:30 -0700, Shantanu Goel wrote:
Hi Stephen,
Please feel free to modify the patch in any way or shape you deem necessary for inclusion. We are just glad that you agree there is a real problem which needs fixing. One thing I ask is if you expect to have rhel 5 or 6 test RPMs that we could test with the ultimate fix any time soon, please drop me a note and we will gladly install them on some of our problematic machines here to see if they address the problems we have seen.
Sure, once this is done I'm going to be committing it upstream for the master branch (future 1.9), the sssd-1-8 branch (our current LTM release) and the sssd-1-5 branch (our previous LTM release).
You should be able to pull the patches from the sssd-1-5 branch and build them for your systems once they're ready.
Ok, new patches attached. Shantanu, these are currently designed for the master branch. We'll get them committed there first and tested out for a little while, then we'll backport them.
Patch 0001: Return the correct errno value. Previously it could have been reset by closing the socket.
Patch 0002: Add some additional debugging to the client_destructor()
Patch 0003: On systems that support MSG_NOSIGNAL, we should use it. This way, if a client app isn't configured to listen for SIGPIPE, it will not crash.
Patch 0004: Add a timer to each client context. If sixty seconds pass (configurable in the patch 0005) without either read or write activity, we will free the client context and close the socket. The client code is already written to be tolerant of this and will reconnect on the next request. This will help us avoid resource exhaustion if we have clients that hang on to NSS and PAM file descriptors indefinitely (like 'su' and 'login' do for PAM).
Patch 0005: Make the client idle timeout value configurable and add it to the manpages and config API.
0001 ack 0002 ack 0003 Please always use send with a default set of flags, make the ifdef set the default set of flags (0 vs MSG_NOSIGNAL) 0004 ack (not like much the TODO but I was told 4/5 got split for reviewability, so ok) 0005 ack
Simo.