12:58 a.m.
URL: https://github.com/SSSD/sssd/pull/5722
Author: grawity
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Action: opened
PR body:
"""
It seems that returning NETDB_INTERNAL as h_errno will cause glibc's
getaddrinfo() to immediately return EAI_SYSTEM *without* falling through
to other configured NSS modules.
This means that if /etc/nsswitch.conf has 'sss' listed before 'dns' (for
example), hostname resolution will be completely broken whenever SSSD is
not running.
(Even hostname lookups done by SSSD itself will fail, as the _SSS_LOOPS
environment variable merely forces errno=0 but the getaddrinfo() call as
a whole still returns EAI_SYSTEM.)
This commit makes the NSS client return h_errno=NO_RECOVERY, as that's
what systemd's nss-resolve and nss-mymachines seem to be doing.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5722/head:pr5722
git checkout pr5722
1:43 a.m.
New subject: [sssd PR#5722][synchronized] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Author: grawity
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5722/head:pr5722
git checkout pr5722
1:45 a.m.
New subject: [sssd PR#5722][comment] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
grawity commented:
"""
(Should failures from sss_nss_gethost_readrep() be handled the same way? I'm not sure.
They *do* return NSS_STATUS_TRYAGAIN, so it feels like they should be setting h_errno to
NO_RECOVERY as well.)
"""
See the full comment at https://github.com/SSSD/sssd/pull/5722#issuecomment-883935953
6:21 a.m.
New subject: [sssd PR#5722][comment] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
sumit-bose commented:
"""
Hi,
thanks for the patch. According to the comment
https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/nss_dns/dns-host....
returning `NO_RECOVERY` if SSSD is not running makes sure that other sources are used as
well.
In the `sss_nss_gethost_readrep()` this is different because here `ERANGE` can be returned
to indicate that the supplied buffer is too small to carry all result. Here it is expected
that glibc immediately returns this information to the caller without looking at other
modules and the caller repeats the call with an increased buffer.
I will run some tests with your patch to understand the general glibc behavior better.
bye,
Sumit
"""
See the full comment at https://github.com/SSSD/sssd/pull/5722#issuecomment-891764934
6:16 a.m.
New subject: [sssd PR#5722][comment] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
alexey-tikhonov commented:
"""
Hi @sumit-bose ,
did you have a chance to take a look at this?
"""
See the full comment at https://github.com/SSSD/sssd/pull/5722#issuecomment-932140451
4:10 a.m.
New subject: [sssd PR#5722][comment] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
sumit-bose commented:
"""
Hi @sumit-bose , did you have a chance to take a look at this?
Hi,
thanks for the reminder. I'm fine with the patch as it is. Imo `NETDB_INTERNAL` should
still be used after calling `sss_nss_gethost_readrep()` because the most common issue
would be `ERANGE` where the caller should increase the buffer immediately. There is
`EBASMSG` as well, which mostly would indicate internal errors, like e.g. not enough data
send by the nss responder. Here I think a hard error would be better instead of a fallback
to other configured modules which would hide the issue. So, ACK.
bye,
Sumit
"""
See the full comment at https://github.com/SSSD/sssd/pull/5722#issuecomment-933294156
4:10 a.m.
New subject: [sssd PR#5722][+Accepted] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Label: +Accepted
3:56 a.m.
New subject: [sssd PR#5722][+Ready to push] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Label: +Ready to push
4:18 a.m.
New subject: [sssd PR#5722][comment] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
pbrezina commented:
"""
Pushed PR: https://github.com/SSSD/sssd/pull/5722
* `master`
* 1a1e914b95c6415533f318f32da58a04015fa912 - NSS client: avoid using NETDB_INTERNAL if
daemon is not available
"""
See the full comment at https://github.com/SSSD/sssd/pull/5722#issuecomment-935800928
4:18 a.m.
New subject: [sssd PR#5722][+Pushed] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Label: +Pushed
4:18 a.m.
New subject: [sssd PR#5722][-Accepted] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Label: -Accepted
4:18 a.m.
New subject: [sssd PR#5722][-Ready to push] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Label: -Ready to push
4:18 a.m.
New subject: [sssd PR#5722][closed] NSS client: avoid using NETDB_INTERNAL if daemon is not available
URL: https://github.com/SSSD/sssd/pull/5722
Author: grawity
Title: #5722: NSS client: avoid using NETDB_INTERNAL if daemon is not available
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5722/head:pr5722
git checkout pr5722
932
days inactive
1009
days old
sssd-devel@lists.fedorahosted.org
12 comments
5 participants
participants (5)
-
alexey-tikhonov -
grawity
-
pbrezina
-
sssd-bot
-
sumit-bose