Resolves: upstream#3719 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ed238e28ff)
(cherry picked from commit 8530c8b24d)

0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch

@@ -0,0 +1,56 @@
+From dfcc67f54823bee15632cf52704842863e8b8a93 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Tue, 3 Apr 2018 21:48:37 +0200
+Subject: [PATCH] Do not keep allocating external groups on a long-lived
+ context
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The hash table with the external groups was never freed, so the
+server_mode->ext_groups context was growing over time.
+
+This patch keeps the new hash on the state if something failed, then
+frees the previous hash and finally steals the new hash onto the server
+mode.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3719
+
+Signed-off-by: Sumit Bose <sbose@redhat.com>
+Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
+(cherry picked from commit 10213efaf1f9f587b47a82778a252d79863f665e)
+---
+ src/providers/ipa/ipa_subdomains_ext_groups.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c
+index 9e1d6c3a9..63ff7c7d7 100644
+--- a/src/providers/ipa/ipa_subdomains_ext_groups.c
++++ b/src/providers/ipa/ipa_subdomains_ext_groups.c
+@@ -583,14 +583,19 @@ static void ipa_get_ext_groups_done(struct tevent_req *subreq)
+     DEBUG(SSSDBG_TRACE_FUNC, "[%zu] external groups found.\n",
+                               state->reply_count);
+ 
+-    ret = process_ext_groups(state->server_mode->ext_groups,
+-                             state->reply_count, state->reply, &ext_group_hash);
++    ret = process_ext_groups(state,
++                             state->reply_count,
++                             state->reply,
++                             &ext_group_hash);
+     if (ret != EOK) {
+         DEBUG(SSSDBG_OP_FAILURE, "process_ext_groups failed.\n");
+         goto fail;
+     }
+ 
+-    state->server_mode->ext_groups->ext_groups = ext_group_hash;
++    talloc_free(state->server_mode->ext_groups->ext_groups);
++    state->server_mode->ext_groups->ext_groups = talloc_steal(
++            state->server_mode->ext_groups,
++            ext_group_hash);
+     /* Do we have to make the update timeout configurable? */
+     state->server_mode->ext_groups->next_update = time(NULL) + 10;
+ 
+-- 
+2.17.0
+

sssd.spec

@@ -101,6 +101,7 @@ Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
 Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch
 Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
 Patch0058: 0058-SYSDB-Only-check-non-POSIX-groups-for-GID-conflicts.patch
+Patch0059: 0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch
 
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
 Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@@ -1311,6 +1312,9 @@ fi
                             something different than 'ad'.
 - Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is
                            set.
+- Resolves: upstream#3719 - The SSSD IPA provider allocates information about
+                            external groups on a long lived memory context,
+                            causing memory growth of the sssd_be process
 
 * Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
 - Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa