On Fri, Feb 03, 2012 at 10:12:54AM +0100, Jan Zelený wrote: > > This patch makes several changes, making the code more manageable by > > reducing the places we need to look for cache values, as well as > > improving the granularity of our cache settings. > > > > 1) Add four new options: entry_cache_user_timeout, > > entry_cache_group_timeout, entry_cache_netgroup_timeout and > > entry_cache_service_timeout. If they are unspecified, they will be > > populated internally with the value of entry_cache_timeout (or its > > default in turn of 5400). > > > > 2) These new cache values are stored as members of the sss_domain_info > > structure, which we have available pretty much everywhere in the > > providers. > > > > 3) It removes 'entry_cache_timeout' from the dp_opt lists for both the > > LDAP and IPA identity providers, in preference to the sss_domain_info > > structure. > > > > 4) The proxy provider no longer reads the entry_cache_timeout into its > > own proxy_id_ctx either, in preference to the sss_domain_info structure. > > > > > > There are also two minor additional fixes I included while adding these > > features. There were two places in the code where we were incorrectly > > using the entry_cache_timeout as the timeout value of an LDAP operation. > > Thus, it was possible to be stuck waiting 90 minutes (by default) for an > > LDAP server to reply. (This was only possible during nested group > > processing on FreeIPA servers, I believe). > > Nack, > please rebase the patch on top of current master. > > Where possible, don't give the sss_domain_info as an argument, it's part of > the sysdb_ctx and can be retrieved by sysdb_ctx_get_domain(). > > Other than that the patch looks fine, I haven't done any testing due to > inability to apply the patch. > > Thanks > Jan
I'm rebasing the autofs patches on top of this one, so I attached a a patch rebased on current master.
>From 02ca0bcf5cd22509544e5686d2bbb2d4eda1fd40 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <[email protected]> Date: Fri, 3 Feb 2012 10:37:19 +0100 Subject: [PATCH] NSS: Add individual timeouts for entry types https://fedorahosted.org/sssd/ticket/1016 --- src/confdb/confdb.c | 53 ++++++++++++++++++++++++++- src/confdb/confdb.h | 10 +++++- src/config/SSSDConfig.py | 4 ++ src/config/SSSDConfigTest.py | 8 ++++ src/config/etc/sssd.api.conf | 5 +++ src/providers/ipa/ipa_common.h | 2 +- src/providers/ipa/ipa_id.c | 4 +- src/providers/ipa/ipa_id.h | 1 + src/providers/ipa/ipa_netgroups.c | 12 ++++--- src/providers/ldap/ldap_common.c | 1 - src/providers/ldap/sdap.h | 1 - src/providers/ldap/sdap_async_groups.c | 16 ++++---- src/providers/ldap/sdap_async_initgroups.c | 2 +- src/providers/ldap/sdap_async_netgroups.c | 3 +- src/providers/ldap/sdap_async_services.c | 2 +- src/providers/ldap/sdap_async_users.c | 2 +- src/providers/proxy/proxy.h | 1 - src/providers/proxy/proxy_id.c | 14 ++++---- src/providers/proxy/proxy_init.c | 5 --- src/providers/proxy/proxy_netgroup.c | 3 +- src/providers/proxy/proxy_services.c | 6 ++-- src/responder/nss/nsssrv_netgroup.c | 2 +- 22 files changed, 113 insertions(+), 44 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index f0a8caa9de6e2f5021b3e4086944ecf63d05cdff..8b3a046f35e4a8c62c100a1c72ad8a3736cd5412 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -664,6 +664,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, struct ldb_dn *dn; const char *tmp; int ret, val; + uint32_t entry_cache_timeout; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -834,13 +835,61 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - ret = get_entry_as_uint32(res->msgs[0], &domain->entry_cache_timeout, + /* Get the global entry cache timeout setting */ + ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); if (ret != EOK) { - DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); goto done; } + /* Override the user cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout, + CONFDB_DOMAIN_USER_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_USER_CACHE_TIMEOUT)); + goto done; + } + + /* Override the group cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout, + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the netgroup cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout, + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the service cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout, + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT)); + goto done; + } + + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 126cbf02952ac1e67f7290d5acba0fb6a741bc3e..2bfe3b272913efacf9c21d1b407d78078696b7e2 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -128,6 +128,11 @@ #define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" #define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive" +#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout" +#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout" +#define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout" +#define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout" + /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" #define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" @@ -165,7 +170,10 @@ struct sss_domain_info { gid_t override_gid; const char *override_homedir; - uint32_t entry_cache_timeout; + uint32_t user_timeout; + uint32_t group_timeout; + uint32_t netgroup_timeout; + uint32_t service_timeout; struct sss_domain_info *next; }; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index da30e075b88fb941cab9b610968c055788bbf78e..6c6c2817c79968d5a6fddc97840d726af84730a7 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -97,6 +97,10 @@ option_strings = { 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), 'case_sensitive' : _('Treat usernames as case sensitive'), + 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index e03800b79ed37659a99ac075f3d1a8dd27cd4386..66b3f9c7abbaa566e411a525e2ee8fd27701ea46 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -479,6 +479,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', @@ -798,6 +802,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index e3d4079e7a3464818d35e8f4a67bf62f51323ce2..6eb08a5d9cd1bb20b35c771885e0b1f6c882c2bb 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -81,6 +81,11 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false +#Entry cache timeouts +entry_cache_user_timeout = int, None, false +entry_cache_group_timeout = int, None, false +entry_cache_netgroup_timeout = int, None, false +entry_cache_service_timeout = int, None, false # Special providers [provider/permit] diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 9cbd993f547e76d53e6d46747c7181fe6592061a..5bf1b7c9d49641db755171dffa52ca8a6ec9d8ed 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 60 +#define IPA_OPTS_BASIC_TEST 59 #define IPA_OPTS_SVC_TEST 5 diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 7302a8da07fc2f521e7269e7b08ea9ac2cff9050..7067f015e4b4b914d3520b62404c31e1ef8d251c 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -232,8 +232,8 @@ static void ipa_netgroup_get_connect_done(struct tevent_req *subreq) return; } - subreq = ipa_get_netgroups_send(state, state->ev, - state->sysdb, sdap_ctx->opts, + subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb, + state->domain, sdap_ctx->opts, state->ctx->ipa_options, sdap_id_op_handle(state->op), state->attrs, state->filter, diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 04a6c2b8aaad024e55a71af39d486bd863313524..3a8fdb44d19d599aa1cec8e65b2e341f87e1b1a9 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -34,6 +34,7 @@ void ipa_account_info_handler(struct be_req *breq); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index d61728f57d31fb7231536dbcbc922d75ff17fbf2..2ac118f0bb8abbef3ba163ab0c81b4720954c449 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -39,6 +39,7 @@ struct ipa_get_netgroups_state { struct ipa_options *ipa_opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; + struct sss_domain_info *dom; const char **attrs; int timeout; @@ -64,6 +65,7 @@ struct ipa_get_netgroups_state { static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, + struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs) { @@ -166,9 +168,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), - 0); + dom->netgroup_timeout, 0); if (ret) goto fail; return EOK; @@ -185,6 +185,7 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, @@ -208,6 +209,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, state->timeout = timeout; state->base_filter = filter; state->netgr_base_iter = 0; + state->dom = dom; ret = sss_hash_create(state, 32, &state->new_netgroups); if (ret != EOK) goto done; @@ -969,8 +971,8 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) } } } - ret = ipa_save_netgroup(state, state->sysdb, state->opts, - state->netgroups[i]); + ret = ipa_save_netgroup(state, state->sysdb, state->dom, + state->opts, state->netgroups[i]); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index f13ce3f8728eca43de24cdc1e6f9010e5567cb7e..43d17f11bbc6937ec36b7cd15e923da345e60eea 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -60,7 +60,6 @@ struct dp_option default_basic_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 7bf1805c1798752e87d30e8173ea1b7c4944078b..2e1dfa959d5c6117cae00eb0752c9e31daef1d2f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -173,7 +173,6 @@ enum sdap_basic_opt { SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, SDAP_CACHE_PURGE_TIMEOUT, - SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_TLS_CERT, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index e59640997d78db525a98a63cd230d2bc1a74d1a1..bf9c0cddf2ae9250cd63099f9d5daa19ed384e01 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -358,8 +358,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_store_group_with_gid(ctx, name, gid, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), + dom->group_timeout, posix_group, now); if (ret) goto fail; @@ -430,8 +429,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, DEBUG(6, ("Storing members for group %s\n", name)); ret = sysdb_store_group(ctx, name, 0, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->group_timeout, now); if (ret) goto fail; return EOK; @@ -1970,6 +1968,7 @@ immediate: static errno_t sdap_nested_group_check_hash(struct sdap_nested_group_ctx *); static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *member_dn, struct ldb_message ***_msgs, @@ -2025,6 +2024,7 @@ static errno_t sdap_nested_group_process_deref_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2131,6 +2131,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2224,6 +2225,7 @@ sdap_nested_group_check_hash(struct sdap_nested_group_ctx *state) static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *dn, struct ldb_message ***_msgs, @@ -2284,9 +2286,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, create_time = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CREATE_TIME, 0); - expiration = create_time + - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT); + expiration = create_time + dom->user_timeout; } else { /* Regular user, check if we need a refresh */ expiration = ldb_msg_find_attr_as_uint64(msgs[0], @@ -2392,7 +2392,7 @@ sdap_nested_group_process_deref_call(struct tevent_req *req) state->opts->user_map[SDAP_AT_USER_NAME].name; sdap_attrs[SDAP_OPTS_GROUP + 1] = NULL; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->derefctx->orig_dn, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 73ab25ea79cd66ff5fe7131ee7606cf71aa382e5..c0d3a7a1f4eeb488d78920ff3c59a23c2d8d6849 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -799,7 +799,7 @@ static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req) SDAP_OPTS_GROUP, &sdap_attrs); if (ret != EOK) goto fail; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->orig_dn, diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 0888c7e2fcf03d0b133bcf93ad017086aedffe16..3491c7eb0f0b90b6a38dcfcca84a7eae5b9eaece 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -128,8 +128,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, } ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->netgroup_timeout, now); if (ret) goto fail; if (_timestamp) { diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index e4371f58e3ed67c3d3c0de58799687efb28e0167..8ed0afeaa036eb07d475a41351bf22ecfc41f83f 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -449,7 +449,7 @@ sdap_save_service(TALLOC_CTX *mem_ctx, goto done; } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->service_timeout; ret = sysdb_store_service(sysdb, name, port, aliases, protocols, svc_attrs, missing, cache_timeout, now); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index ac856a64208cb87994f676ab50fdba6d82dbcb50..8cfda239d4034e1af76e19d2898fbdd58f09addb 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -235,7 +235,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->user_timeout; if (is_initgr) { ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index e9a550fdb990eaa3a7078a25b35238694f5e73e9..3641d6ee544c69982d23e1f675c40da69b8de604 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -100,7 +100,6 @@ struct authtok_conv { struct proxy_id_ctx { struct be_ctx *be; - int entry_cache_timeout; struct proxy_nss_ops ops; void *handle; }; diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index b11750f736f44e1a9bc9de16d90f7db8beaacbf6..206af294f1870b9a89de2ebee4e5f5a68b2fa3e5 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -100,7 +100,7 @@ static int get_pw_name(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -263,7 +263,7 @@ static int get_pw_uid(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -394,7 +394,7 @@ again: goto again; /* skip */ } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -603,7 +603,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -732,7 +732,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -864,7 +864,7 @@ again: goto again; /* skip */ } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -967,7 +967,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index d43550bfaff0792b29b849f51b3714e4b27c3e55..46b2e7c36e5515b737c1f0e4e887ad5897b8d332 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -101,11 +101,6 @@ int sssm_proxy_id_init(struct be_ctx *bectx, } ctx->be = bectx; - ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, - CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600, - &ctx->entry_cache_timeout); - if (ret != EOK) goto done; - ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c81e60c61be9404fb16e2f4e3d422fb383ed161c..47a425b4673f2ec59c067385101b5ee3666ca0dd 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -152,7 +152,8 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, } ret = save_netgroup(sysdb, name, attrs, - !dom->case_sensitive, ctx->entry_cache_timeout); + !dom->case_sensitive, + dom->netgroup_timeout); if (ret != EOK) { DEBUG(1, ("sysdb_add_netgroup failed.\n")); goto done; diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c index 79508a219b6eb9c4ae8af4f5f2e6d21ff3d75e57..e5654d75b9cd2b06f75e5994c4cddcb8a175ba3d 100644 --- a/src/providers/proxy/proxy_services.c +++ b/src/providers/proxy/proxy_services.c @@ -138,7 +138,7 @@ get_serv_byname(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -191,7 +191,7 @@ get_serv_byport(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -339,7 +339,7 @@ again: const_aliases, protocols, NULL, NULL, - ctx->entry_cache_timeout, + dom->service_timeout, now); if (ret) { /* Do not fail completely on errors. diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index 02b88c7b5a2baa3c2e6991cec7e18ad20e10d666..2b9707ab8b9e3d1e4104c3cfad326ca963e6ae20 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -495,7 +495,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) name, dom->name)); netgr->ready = true; netgr->found = true; - set_netgr_lifetime(dom->entry_cache_timeout, step_ctx, netgr); + set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr); return EOK; } -- 1.7.7.6
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
