Sorry for breaking the thread, but my email server seems to have lost track of the original emails (they're not showing up in my folders).
Jakub, thanks for catching the ioa_common.c issue. Fixed. I didn't bother differentiating the messages in the API because they're A) unimportant and B) not sufficiently different to be worth adding new translatable strings for. I did fix the manpages though. Those SHOULD be documented. New patch attached. Also, this is designed to apply atop my patches for the RootDSE/search base fix (which still needs reviewing). See "[PATCH] LDAP: Do not fail if RootDSE check cannot determine search bases"
From 5b08b71b1d97f74651859d4fb2aa777e49452ec2 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <[email protected]> Date: Thu, 2 Feb 2012 20:19:04 -0500 Subject: [PATCH] NSS: Add individual timeouts for entry types https://fedorahosted.org/sssd/ticket/1016 --- src/confdb/confdb.c | 53 ++++++++++++++++++++++++++- src/confdb/confdb.h | 10 +++++- src/config/SSSDConfig.py | 4 ++ src/config/SSSDConfigTest.py | 8 ++++ src/config/etc/sssd.api.conf | 5 +++ src/man/sssd.conf.5.xml | 53 ++++++++++++++++++++++++++++ src/providers/ipa/ipa_common.c | 1 - src/providers/ipa/ipa_common.h | 2 +- src/providers/ipa/ipa_id.c | 4 +- src/providers/ipa/ipa_id.h | 1 + src/providers/ipa/ipa_netgroups.c | 12 ++++--- src/providers/ldap/ldap_common.c | 1 - src/providers/ldap/sdap.h | 1 - src/providers/ldap/sdap_async_groups.c | 16 ++++---- src/providers/ldap/sdap_async_initgroups.c | 2 +- src/providers/ldap/sdap_async_netgroups.c | 3 +- src/providers/ldap/sdap_async_services.c | 2 +- src/providers/ldap/sdap_async_users.c | 2 +- src/providers/proxy/proxy.h | 1 - src/providers/proxy/proxy_id.c | 14 ++++---- src/providers/proxy/proxy_init.c | 5 --- src/providers/proxy/proxy_netgroup.c | 3 +- src/providers/proxy/proxy_services.c | 6 ++-- src/responder/nss/nsssrv_netgroup.c | 2 +- 24 files changed, 166 insertions(+), 45 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index f0a8caa9de6e2f5021b3e4086944ecf63d05cdff..8b3a046f35e4a8c62c100a1c72ad8a3736cd5412 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -664,6 +664,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, struct ldb_dn *dn; const char *tmp; int ret, val; + uint32_t entry_cache_timeout; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -834,13 +835,61 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - ret = get_entry_as_uint32(res->msgs[0], &domain->entry_cache_timeout, + /* Get the global entry cache timeout setting */ + ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); if (ret != EOK) { - DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); goto done; } + /* Override the user cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout, + CONFDB_DOMAIN_USER_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_USER_CACHE_TIMEOUT)); + goto done; + } + + /* Override the group cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout, + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the netgroup cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout, + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the service cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout, + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT)); + goto done; + } + + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 7cfc73d2b8a9dd61c796fcc14d69c778dc2a0227..7b5a2c945d23e8a48060413c710f8043236672fa 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -124,6 +124,11 @@ #define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" #define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive" +#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout" +#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout" +#define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout" +#define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout" + /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" #define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" @@ -161,7 +166,10 @@ struct sss_domain_info { gid_t override_gid; const char *override_homedir; - uint32_t entry_cache_timeout; + uint32_t user_timeout; + uint32_t group_timeout; + uint32_t netgroup_timeout; + uint32_t service_timeout; struct sss_domain_info *next; }; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index a26c42534c553167ab5d5fc5068fc82fc2e059b2..a789e785b898772f41985501a3d97392d9f8b971 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -93,6 +93,10 @@ option_strings = { 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), 'case_sensitive' : _('Treat usernames as case sensitive'), + 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index afc207c096cc0d79bdffd9eb7b9d8af7adf4c137..c44e6ba8f1723ef7eb95120109f4b0986a0bf330 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -479,6 +479,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', @@ -798,6 +802,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 34b67dec32ad56f1d22813de01f9ecd0db6346a1..8a5449c4c7053ea3a8f3a95789fd71e2bf4dc555 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -76,6 +76,11 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false +#Entry cache timeouts +entry_cache_user_timeout = int, None, false +entry_cache_group_timeout = int, None, false +entry_cache_netgroup_timeout = int, None, false +entry_cache_service_timeout = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index fee40a6a14ae6a9ea7282a1f80b1e83c13370d02..94fc591af377ddef71e863e96d19402c4f51cadb 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -692,6 +692,59 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>entry_cache_user_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + user entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>entry_cache_group_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + group entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>entry_cache_netgroup_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + netgroup entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>entry_cache_service_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + service entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + <varlistentry> <term>cache_credentials (bool)</term> <listitem> diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index ba22830e1ed7c6262bcffe7cab910be2afcf4ed8..e8df5e1524069d5f6216c0565799bc6f2b1d49f1 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -70,7 +70,6 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, { "/etc/ipa/ca.crt" }, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 9cbd993f547e76d53e6d46747c7181fe6592061a..5bf1b7c9d49641db755171dffa52ca8a6ec9d8ed 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 60 +#define IPA_OPTS_BASIC_TEST 59 #define IPA_OPTS_SVC_TEST 5 diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 7302a8da07fc2f521e7269e7b08ea9ac2cff9050..7067f015e4b4b914d3520b62404c31e1ef8d251c 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -232,8 +232,8 @@ static void ipa_netgroup_get_connect_done(struct tevent_req *subreq) return; } - subreq = ipa_get_netgroups_send(state, state->ev, - state->sysdb, sdap_ctx->opts, + subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb, + state->domain, sdap_ctx->opts, state->ctx->ipa_options, sdap_id_op_handle(state->op), state->attrs, state->filter, diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 04a6c2b8aaad024e55a71af39d486bd863313524..3a8fdb44d19d599aa1cec8e65b2e341f87e1b1a9 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -34,6 +34,7 @@ void ipa_account_info_handler(struct be_req *breq); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 620f03cc8e97addd87628d26a79b49158f82e251..ad0a1ef36ab11fa7c7b8a36629bb3ca82f29dc37 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -39,6 +39,7 @@ struct ipa_get_netgroups_state { struct ipa_options *ipa_opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; + struct sss_domain_info *dom; const char **attrs; int timeout; @@ -64,6 +65,7 @@ struct ipa_get_netgroups_state { static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, + struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs) { @@ -166,9 +168,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), - 0); + dom->netgroup_timeout, 0); if (ret) goto fail; return EOK; @@ -185,6 +185,7 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, @@ -208,6 +209,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, state->timeout = timeout; state->base_filter = filter; state->netgr_base_iter = 0; + state->dom = dom; if (!ipa_options->id->netgroup_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -976,8 +978,8 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) } } } - ret = ipa_save_netgroup(state, state->sysdb, state->opts, - state->netgroups[i]); + ret = ipa_save_netgroup(state, state->sysdb, state->dom, + state->opts, state->netgroups[i]); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 38bd1b4f3d2e82057e60e97a9ad420974a200057..737b9156c863c94b7a6ac030b9bddb11d124460f 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -61,7 +61,6 @@ struct dp_option default_basic_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 7bf1805c1798752e87d30e8173ea1b7c4944078b..2e1dfa959d5c6117cae00eb0752c9e31daef1d2f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -173,7 +173,6 @@ enum sdap_basic_opt { SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, SDAP_CACHE_PURGE_TIMEOUT, - SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_TLS_CERT, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index fe5dbd49a159c0ca4f57d60b7f69a8792e9a42c9..feb13db98bceb11098d3827e674dba8f94258f76 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -358,8 +358,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_store_group_with_gid(ctx, name, gid, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), + dom->group_timeout, posix_group, now); if (ret) goto fail; @@ -430,8 +429,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, DEBUG(6, ("Storing members for group %s\n", name)); ret = sysdb_store_group(ctx, name, 0, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->group_timeout, now); if (ret) goto fail; return EOK; @@ -1979,6 +1977,7 @@ immediate: static errno_t sdap_nested_group_check_hash(struct sdap_nested_group_ctx *); static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *member_dn, struct ldb_message ***_msgs, @@ -2034,6 +2033,7 @@ static errno_t sdap_nested_group_process_deref_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2140,6 +2140,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2233,6 +2234,7 @@ sdap_nested_group_check_hash(struct sdap_nested_group_ctx *state) static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *dn, struct ldb_message ***_msgs, @@ -2293,9 +2295,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, create_time = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CREATE_TIME, 0); - expiration = create_time + - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT); + expiration = create_time + dom->user_timeout; } else { /* Regular user, check if we need a refresh */ expiration = ldb_msg_find_attr_as_uint64(msgs[0], @@ -2401,7 +2401,7 @@ sdap_nested_group_process_deref_call(struct tevent_req *req) state->opts->user_map[SDAP_AT_USER_NAME].name; sdap_attrs[SDAP_OPTS_GROUP + 1] = NULL; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->derefctx->orig_dn, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index a769b100557b2d685cb022f09bea0d70ccfe3bb3..964f5b0a0f36951a7bf863b8e1f565e3e77407cf 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -808,7 +808,7 @@ static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req) SDAP_OPTS_GROUP, &sdap_attrs); if (ret != EOK) goto fail; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->orig_dn, diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 0888c7e2fcf03d0b133bcf93ad017086aedffe16..3491c7eb0f0b90b6a38dcfcca84a7eae5b9eaece 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -128,8 +128,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, } ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->netgroup_timeout, now); if (ret) goto fail; if (_timestamp) { diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index f414040bc08cfaf81fc01e22699f238989f48778..bde5820d28c8dba4029a81fc541b90678aba9523 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -458,7 +458,7 @@ sdap_save_service(TALLOC_CTX *mem_ctx, goto done; } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->service_timeout; ret = sysdb_store_service(sysdb, name, port, aliases, protocols, svc_attrs, missing, cache_timeout, now); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 01168321951fa9d14f4b58d891cb922c6c44d2c2..fa9c0a799d363a32f95c1a6ef5ef94afe3033b83 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -235,7 +235,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->user_timeout; if (is_initgr) { ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index e9a550fdb990eaa3a7078a25b35238694f5e73e9..3641d6ee544c69982d23e1f675c40da69b8de604 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -100,7 +100,6 @@ struct authtok_conv { struct proxy_id_ctx { struct be_ctx *be; - int entry_cache_timeout; struct proxy_nss_ops ops; void *handle; }; diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index b11750f736f44e1a9bc9de16d90f7db8beaacbf6..206af294f1870b9a89de2ebee4e5f5a68b2fa3e5 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -100,7 +100,7 @@ static int get_pw_name(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -263,7 +263,7 @@ static int get_pw_uid(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -394,7 +394,7 @@ again: goto again; /* skip */ } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -603,7 +603,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -732,7 +732,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -864,7 +864,7 @@ again: goto again; /* skip */ } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -967,7 +967,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index d43550bfaff0792b29b849f51b3714e4b27c3e55..46b2e7c36e5515b737c1f0e4e887ad5897b8d332 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -101,11 +101,6 @@ int sssm_proxy_id_init(struct be_ctx *bectx, } ctx->be = bectx; - ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, - CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600, - &ctx->entry_cache_timeout); - if (ret != EOK) goto done; - ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c81e60c61be9404fb16e2f4e3d422fb383ed161c..47a425b4673f2ec59c067385101b5ee3666ca0dd 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -152,7 +152,8 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, } ret = save_netgroup(sysdb, name, attrs, - !dom->case_sensitive, ctx->entry_cache_timeout); + !dom->case_sensitive, + dom->netgroup_timeout); if (ret != EOK) { DEBUG(1, ("sysdb_add_netgroup failed.\n")); goto done; diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c index 79508a219b6eb9c4ae8af4f5f2e6d21ff3d75e57..e5654d75b9cd2b06f75e5994c4cddcb8a175ba3d 100644 --- a/src/providers/proxy/proxy_services.c +++ b/src/providers/proxy/proxy_services.c @@ -138,7 +138,7 @@ get_serv_byname(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -191,7 +191,7 @@ get_serv_byport(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -339,7 +339,7 @@ again: const_aliases, protocols, NULL, NULL, - ctx->entry_cache_timeout, + dom->service_timeout, now); if (ret) { /* Do not fail completely on errors. diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index 093329fa3cc95e60bea52f1a6150818bc2cb0c4a..5311b4b479c39a15007e52c3431b041a118529ce 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -494,7 +494,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) name, dom->name)); netgr->ready = true; netgr->found = true; - set_netgr_lifetime(dom->entry_cache_timeout, step_ctx, netgr); + set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr); return EOK; } -- 1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
