[nss-pam-ldapd] Backport fixes for #1003011
Jakub Hrozek
jhrozek at fedoraproject.org
Sat Oct 5 19:00:47 UTC 2013
commit 4bc23a7af0ff28df431024f00266f961ec84980c
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Sat Oct 5 21:00:01 2013 +0200
Backport fixes for #1003011
...12-In-nslcd-log-EPIPE-only-on-debug-level.patch | 30 +++++++
...meout-when-skipping-remaining-result-data.patch | 87 ++++++++++++++++++++
nss-pam-ldapd.spec | 11 ++-
3 files changed, 126 insertions(+), 2 deletions(-)
---
diff --git a/nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch b/nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
new file mode 100644
index 0000000..aef3cba
--- /dev/null
+++ b/nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
@@ -0,0 +1,30 @@
+From cd1821cbc600ce3a55959890c47c7941ccac0d26 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek at redhat.com>
+Date: Sat, 5 Oct 2013 20:47:51 +0200
+Subject: [PATCH] In nslcd, log EPIPE only on debug level
+
+See:
+https://bugzilla.redhat.com/show_bug.cgi?id=1003011
+---
+ nslcd/common.h | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/nslcd/common.h b/nslcd/common.h
+index 736d7c09c9cd6d333fc4caa0a15144cc83eb9ecd..d24d7e5c69af1005b50c0b6d0f3cc02b79ce9222 100644
+--- a/nslcd/common.h
++++ b/nslcd/common.h
+@@ -43,7 +43,10 @@
+ stream */
+
+ #define ERROR_OUT_WRITEERROR(fp) \
+- log_log(LOG_WARNING,"error writing to client: %s",strerror(errno)); \
++ if (errno == EPIPE) \
++ log_log(LOG_DEBUG, "error writing to client: %s", strerror(errno)); \
++ else \
++ log_log(LOG_WARNING, "error writing to client: %s", strerror(errno)); \
+ return -1;
+
+ #define ERROR_OUT_READERROR(fp) \
+--
+1.8.3.1
+
diff --git a/nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch b/nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch
new file mode 100644
index 0000000..58e1cd9
--- /dev/null
+++ b/nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch
@@ -0,0 +1,87 @@
+From 0dd454ac2335714d30e20afeed2259a30e57348e Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek at redhat.com>
+Date: Sat, 5 Oct 2013 20:55:11 +0200
+Subject: [PATCH] Use a timeout when skipping remaining result data
+
+When the NSS modules closes the connection and skips any remaining
+result data, wait for up to 500 msec to read any available data.
+
+See:
+https://bugzilla.redhat.com/show_bug.cgi?id=1003011
+---
+ common/tio.c | 4 ++--
+ common/tio.h | 2 +-
+ nss/common.h | 8 ++++++--
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/common/tio.c b/common/tio.c
+index 9aef80ca91faedad8f75e09b9070d22ed4a0878d..da84673b9174f77e6eb0e287d18b7054deae4491 100644
+--- a/common/tio.c
++++ b/common/tio.c
+@@ -298,7 +298,7 @@ int tio_skip(TFILE *fp, size_t count)
+ }
+
+ /* Read all available data from the stream and empty the read buffer. */
+-int tio_skipall(TFILE *fp)
++int tio_skipall(TFILE *fp, int skiptimeout)
+ {
+ struct pollfd fds[1];
+ int rv;
+@@ -318,7 +318,7 @@ int tio_skipall(TFILE *fp)
+ /* see if any data is available */
+ fds[0].fd=fp->fd;
+ fds[0].events=POLLIN;
+- rv=poll(fds,1,0);
++ rv = poll(fds, 1, skiptimeout);
+ /* check the poll() result */
+ if (rv==0)
+ return 0; /* no file descriptor ready */
+diff --git a/common/tio.h b/common/tio.h
+index cd3f370732e4c54815187bb8012fd5a5ff8972af..2c64d7096ce0643ff56ebf009fb2950ac80d62b8 100644
+--- a/common/tio.h
++++ b/common/tio.h
+@@ -59,7 +59,7 @@ int tio_read(TFILE *fp,void *buf,size_t count);
+ int tio_skip(TFILE *fp,size_t count);
+
+ /* Read all available data from the stream and empty the read buffer. */
+-int tio_skipall(TFILE *fp);
++int tio_skipall(TFILE *fp, int skiptimeout);
+
+ /* Write the specified buffer to the stream. */
+ int tio_write(TFILE *fp,const void *buf,size_t count);
+diff --git a/nss/common.h b/nss/common.h
+index e8d8e0526499c252f69a558384ddae8504009d26..c9bd7a349b318f78dc35102f5f1cb8b47718581f 100644
+--- a/nss/common.h
++++ b/nss/common.h
+@@ -35,6 +35,10 @@
+ #include "solnss.h"
+ #endif /* NSS_FLAVOUR_SOLARIS */
+
++/* skip timeout determines the maximum time to wait when closing the
++ connection and reading whatever data that is available */
++#define SKIP_TIMEOUT 500
++
+ /* These are macros for handling read and write problems, they are
+ NSS specific due to the return code so are defined here. They
+ genrally close the open file, set an error code and return with
+@@ -127,7 +131,7 @@
+ /* close socket and we're done */ \
+ if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \
+ { \
+- (void)tio_skipall(fp); \
++ (void)tio_skipall(fp, SKIP_TIMEOUT); \
+ (void)tio_close(fp); \
+ } \
+ return retv;
+@@ -203,7 +207,7 @@
+ NSS_AVAILCHECK; \
+ if (fp!=NULL) \
+ { \
+- (void)tio_skipall(fp); \
++ (void)tio_skipall(fp, SKIP_TIMEOUT); \
+ (void)tio_close(fp); \
+ fp=NULL; \
+ } \
+--
+1.8.3.1
+
diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec
index 46cd3b1..d2f728a 100644
--- a/nss-pam-ldapd.spec
+++ b/nss-pam-ldapd.spec
@@ -39,7 +39,7 @@
Name: nss-pam-ldapd
Version: 0.8.13
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: An nsswitch module which uses directory servers
Group: System Environment/Base
License: LGPLv2+
@@ -50,7 +50,9 @@ Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
Patch1: nss-pam-ldapd-0.8.12-validname.patch
+Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
+Patch4: nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openldap-devel, krb5-devel
BuildRequires: autoconf, automake
@@ -98,7 +100,9 @@ nsswitch module.
%prep
%setup -q
%patch1 -p0 -b .validname
+%patch2 -p1 -b .epipe
%patch3 -p1 -b .overflow
+%patch4 -p1 -b .skiptimeout
autoreconf -f -i
%build
@@ -334,7 +338,10 @@ exit 0
%endif
%changelog
-* Wed Jul 31 2013 Jakub Hrozek <jhrozek at redhat.com> 0.8.13-3
+* Sat Oct 05 2013 Jakub Hrozek <jhrozek at redhat.com> 0.8.13-4
+- Backport fixes for #1003011
+
+* Sat Oct 05 2013 Jakub Hrozek <jhrozek at redhat.com> 0.8.13-3
- Build with _hardened_build macro
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.13-2
More information about the scm-commits
mailing list