Re: send returns EPIPE when requesting a large group

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Jakub Hrozek <jhrozek [at] redhat.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: send returns EPIPE when requesting a large group
Date: Thu, 15 Mar 2012 12:20:26 +0100

On Thu, Mar 15, 2012 at 11:10:42AM +0100, Jakub Hrozek wrote:
> On Wed, Mar 14, 2012 at 09:47:26PM +0100, Arthur de Jong wrote:
> > On Tue, 2012-03-13 at 19:18 +0100, Jakub Hrozek wrote:
> > > With EPIPE being quite a common and recoverable error, I was wondering
> > > if it makese sense to special-case this error code and print the
> > > message on a lower debug level?
> > 
> > That is a possibility, but with the recent debian bug report
> > (http://bugs.debian.org/660223) I started thinking a bit about the
> > protocol and I think I came up with another solution. In commit r1637
> > any data that is available for reading is read from the response stream
> > before closing the connection.
> 
> This is much better and systematic solution. 
> 
> > 
> > Since the connection is opened non-blocking only data that can be read
> > without blocking is read which should limit the extra overhead or delay
> > in the NSS module.
> > 
> > This means that most calls that would normally result in a broken pipe
> > message (either application called endent() before reading all results
> > or there the buffer was too small to fit the group) should now not cause
> > a broken pipe in most cases.
> > 
> > The only cases I see remaining that could result in a broken pipe are
> > for misbehaving applications that don't call endent() at all or when
> > nslcd has more information to write than can be read without blocking by
> > the NSS module. The first is a bug in the app and should deserve an
> > error, I hope the second is unlikely to happen too often.
> > 
> 
> I agree.
> 
> I've backported the patch to to 0.7 branch and it works great. Thank you
> very much!

Actually, I think I see one bug:
@@ -147,6 +147,7 @@ nss_status_t nss_ldap_destructor(nss_backend_t *be,void 
UNUSED(*args));
   retv=readfn; \
   /* close socket and we're done */ \
   if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \
+    (void)tio_skip(fp,0); /* read any buffered data */ \
     (void)tio_close(fp); \
   return retv;

I think the whole if() statement should be enclosed in curly braces:
-  if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \
+  if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) { \
+    (void)tio_skip(fp,0); /* read any buffered data */ \
     (void)tio_close(fp); \
+  } \
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

send returns EPIPE when requesting a large group, Jakub Hrozek
- Re: send returns EPIPE when requesting a large group, Arthur de Jong
  - Re: send returns EPIPE when requesting a large group, Jakub Hrozek
    - Re: send returns EPIPE when requesting a large group, Jakub Hrozek

Prev by Date: Re: send returns EPIPE when requesting a large group
Next by Date: [PATCH] increase filter_buffer size in try_autzsearch
Previous by thread: Re: send returns EPIPE when requesting a large group
Next by thread: Re: send returns EPIPE when requesting a large group