Bug 1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z]
Summary: sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Nikhil Dehadrai
URL:
Whiteboard:
Depends On: 1461462
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-26 14:27 UTC by Oneata Mircea Teodor
Modified: 2020-05-04 11:03 UTC (History)
23 users (show)

Fixed In Version: sssd-1.15.2-50.el7_4.7
Doc Type: Bug Fix
Doc Text:
Previously, the calls provided by SSSD to send data to the Privilege Attribute Certificate (PAC) responder did not use a mutex or any other means to serialize access to the PAC responder from a single process. When multithreaded applications overran the PAC responder with multiple parallel requests, some threads did not receive a proper reply. Consequently, such threads only resumed work after waiting 5 minutes for a response. This update configures mutex to serialize access to the PAC responder socket for multithreaded applications. As a result, all threads now get a proper and timely reply.
Clone Of: 1461462
Environment:
Last Closed: 2017-12-05 10:51:36 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 4544 None None None 2020-05-04 11:03:26 UTC
Red Hat Product Errata RHSA-2017:3379 normal SHIPPED_LIVE Moderate: sssd security and bug fix update 2017-12-05 06:11:14 UTC

Description Oneata Mircea Teodor 2017-10-26 14:27:26 UTC
This bug has been copied from bug #1461462 and has been proposed to be backported to 7.4 z-stream (EUS).

Comment 3 Nikhil Dehadrai 2017-11-13 10:33:22 UTC
IPA-server: ipa-server-4.5.0-22.el7_4.x86_64
sssd version: sssd-ipa-1.15.2-50.el7_4.8.x86_64


Verified the bug with following tests/ observations:
1. Tested that the sanity test suite for IPA-Trust Functional-ssh runs successfully.
2. Tested that the sanity test suite for IPA-Trust Functional-sudo runs successfully.
3. Tested that the sanity test suite for IPA-Trust Functional-user runs successfully.


Thus marking the status of bug to "VERIFIED", based on above observations.

Comment 11 errata-xmlrpc 2017-12-05 10:51:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3379


Note You need to log in before you can comment on or make changes to this bug.