On Fri, 2012-02-03 at 15:20 -0500, Stephen Gallagher wrote: > On Fri, 2012-02-03 at 14:32 -0500, Simo Sorce wrote: > > On Fri, 2012-02-03 at 10:31 -0500, Stephen Gallagher wrote: > > > Sorry for breaking the thread, but my email server seems to have lost > > > track of the original emails (they're not showing up in my folders). > > > > > > Jakub, thanks for catching the ioa_common.c issue. Fixed. > > > > > > I didn't bother differentiating the messages in the API because they're > > > A) unimportant and B) not sufficiently different to be worth adding new > > > translatable strings for. > > > > > > I did fix the manpages though. Those SHOULD be documented. > > > > > > New patch attached. > > > > > > Also, this is designed to apply atop my patches for the RootDSE/search > > > base fix (which still needs reviewing). See "[PATCH] LDAP: Do not fail > > > if RootDSE check cannot determine search bases" > > > > This is a matter of taste I guess but I find it difficult to read and > > remember th anme you cage to the options. > > Why entry_cache_user_timeout and not just user_cache_timeout (and so on > > for other maps) ? > > It sounds more readable to me. > > > > > > Also I understand why you do these changes: > > - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); > > + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); > > > > But I think they belong in a separate patch, as they seem to fix using > > the wrong timeout but are not directly related to the change the patch > > is about ? > > > > Everything else looks fine. > > > Sure, I agree. When I push them I'll split them into a separate patch.
For posterity (and to make it easier on me to keep track of what needs pushing), here are the two new patches. I left the option names alone, for the record. I prefer the shorter names, and it's a purely cosmetic decision.
From 11c13c3929cd19ec2b4e9a4d4d493d2744d83320 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <[email protected]> Date: Fri, 3 Feb 2012 15:32:43 -0500 Subject: [PATCH 2/3] LDAP: Fix incorrect search timeouts --- src/providers/ldap/sdap_async_groups.c | 2 +- src/providers/ldap/sdap_async_initgroups.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index fe5dbd49a159c0ca4f57d60b7f69a8792e9a42c9..f89362647f67df084fca64df95319f52791efaef 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -2401,7 +2401,7 @@ sdap_nested_group_process_deref_call(struct tevent_req *req) state->opts->user_map[SDAP_AT_USER_NAME].name; sdap_attrs[SDAP_OPTS_GROUP + 1] = NULL; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->derefctx->orig_dn, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index a769b100557b2d685cb022f09bea0d70ccfe3bb3..964f5b0a0f36951a7bf863b8e1f565e3e77407cf 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -808,7 +808,7 @@ static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req) SDAP_OPTS_GROUP, &sdap_attrs); if (ret != EOK) goto fail; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->orig_dn, -- 1.7.7.6
From 9a7bd725f07e7b7e2191b41d9b42f71f80fbd275 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <[email protected]> Date: Fri, 3 Feb 2012 15:33:00 -0500 Subject: [PATCH 3/3] NSS: Add individual timeouts for entry types https://fedorahosted.org/sssd/ticket/1016 --- src/confdb/confdb.c | 53 +++++++++++++++++++++++++++- src/confdb/confdb.h | 10 +++++- src/config/SSSDConfig.py | 4 ++ src/config/SSSDConfigTest.py | 8 ++++ src/config/etc/sssd.api.conf | 5 +++ src/man/sssd.conf.5.xml | 53 +++++++++++++++++++++++++++++ src/providers/ipa/ipa_common.c | 1 - src/providers/ipa/ipa_common.h | 2 +- src/providers/ipa/ipa_id.c | 4 +- src/providers/ipa/ipa_id.h | 1 + src/providers/ipa/ipa_netgroups.c | 12 ++++--- src/providers/ldap/ldap_common.c | 1 - src/providers/ldap/sdap.h | 1 - src/providers/ldap/sdap_async_groups.c | 14 ++++---- src/providers/ldap/sdap_async_netgroups.c | 3 +- src/providers/ldap/sdap_async_services.c | 2 +- src/providers/ldap/sdap_async_users.c | 2 +- src/providers/proxy/proxy.h | 1 - src/providers/proxy/proxy_id.c | 14 ++++---- src/providers/proxy/proxy_init.c | 5 --- src/providers/proxy/proxy_netgroup.c | 3 +- src/providers/proxy/proxy_services.c | 6 ++-- src/responder/nss/nsssrv_netgroup.c | 2 +- 23 files changed, 164 insertions(+), 43 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index f0a8caa9de6e2f5021b3e4086944ecf63d05cdff..8b3a046f35e4a8c62c100a1c72ad8a3736cd5412 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -664,6 +664,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, struct ldb_dn *dn; const char *tmp; int ret, val; + uint32_t entry_cache_timeout; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -834,13 +835,61 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - ret = get_entry_as_uint32(res->msgs[0], &domain->entry_cache_timeout, + /* Get the global entry cache timeout setting */ + ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); if (ret != EOK) { - DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); goto done; } + /* Override the user cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout, + CONFDB_DOMAIN_USER_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_USER_CACHE_TIMEOUT)); + goto done; + } + + /* Override the group cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout, + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the netgroup cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout, + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the service cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout, + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT)); + goto done; + } + + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 7cfc73d2b8a9dd61c796fcc14d69c778dc2a0227..7b5a2c945d23e8a48060413c710f8043236672fa 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -124,6 +124,11 @@ #define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" #define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive" +#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout" +#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout" +#define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout" +#define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout" + /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" #define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" @@ -161,7 +166,10 @@ struct sss_domain_info { gid_t override_gid; const char *override_homedir; - uint32_t entry_cache_timeout; + uint32_t user_timeout; + uint32_t group_timeout; + uint32_t netgroup_timeout; + uint32_t service_timeout; struct sss_domain_info *next; }; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index a26c42534c553167ab5d5fc5068fc82fc2e059b2..a789e785b898772f41985501a3d97392d9f8b971 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -93,6 +93,10 @@ option_strings = { 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), 'case_sensitive' : _('Treat usernames as case sensitive'), + 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index afc207c096cc0d79bdffd9eb7b9d8af7adf4c137..c44e6ba8f1723ef7eb95120109f4b0986a0bf330 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -479,6 +479,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', @@ -798,6 +802,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 34b67dec32ad56f1d22813de01f9ecd0db6346a1..8a5449c4c7053ea3a8f3a95789fd71e2bf4dc555 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -76,6 +76,11 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false +#Entry cache timeouts +entry_cache_user_timeout = int, None, false +entry_cache_group_timeout = int, None, false +entry_cache_netgroup_timeout = int, None, false +entry_cache_service_timeout = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index fee40a6a14ae6a9ea7282a1f80b1e83c13370d02..94fc591af377ddef71e863e96d19402c4f51cadb 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -692,6 +692,59 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>entry_cache_user_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + user entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>entry_cache_group_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + group entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>entry_cache_netgroup_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + netgroup entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>entry_cache_service_timeout (integer)</term> + <listitem> + <para> + How many seconds should nss_sss consider + service entries valid before asking the backend again + </para> + <para> + Default: entry_cache_timeout + </para> + </listitem> + </varlistentry> + <varlistentry> <term>cache_credentials (bool)</term> <listitem> diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index ba22830e1ed7c6262bcffe7cab910be2afcf4ed8..e8df5e1524069d5f6216c0565799bc6f2b1d49f1 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -70,7 +70,6 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, { "/etc/ipa/ca.crt" }, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 9cbd993f547e76d53e6d46747c7181fe6592061a..5bf1b7c9d49641db755171dffa52ca8a6ec9d8ed 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 60 +#define IPA_OPTS_BASIC_TEST 59 #define IPA_OPTS_SVC_TEST 5 diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 7302a8da07fc2f521e7269e7b08ea9ac2cff9050..7067f015e4b4b914d3520b62404c31e1ef8d251c 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -232,8 +232,8 @@ static void ipa_netgroup_get_connect_done(struct tevent_req *subreq) return; } - subreq = ipa_get_netgroups_send(state, state->ev, - state->sysdb, sdap_ctx->opts, + subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb, + state->domain, sdap_ctx->opts, state->ctx->ipa_options, sdap_id_op_handle(state->op), state->attrs, state->filter, diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 04a6c2b8aaad024e55a71af39d486bd863313524..3a8fdb44d19d599aa1cec8e65b2e341f87e1b1a9 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -34,6 +34,7 @@ void ipa_account_info_handler(struct be_req *breq); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 620f03cc8e97addd87628d26a79b49158f82e251..ad0a1ef36ab11fa7c7b8a36629bb3ca82f29dc37 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -39,6 +39,7 @@ struct ipa_get_netgroups_state { struct ipa_options *ipa_opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; + struct sss_domain_info *dom; const char **attrs; int timeout; @@ -64,6 +65,7 @@ struct ipa_get_netgroups_state { static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, + struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs) { @@ -166,9 +168,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), - 0); + dom->netgroup_timeout, 0); if (ret) goto fail; return EOK; @@ -185,6 +185,7 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, @@ -208,6 +209,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, state->timeout = timeout; state->base_filter = filter; state->netgr_base_iter = 0; + state->dom = dom; if (!ipa_options->id->netgroup_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -976,8 +978,8 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) } } } - ret = ipa_save_netgroup(state, state->sysdb, state->opts, - state->netgroups[i]); + ret = ipa_save_netgroup(state, state->sysdb, state->dom, + state->opts, state->netgroups[i]); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 38bd1b4f3d2e82057e60e97a9ad420974a200057..737b9156c863c94b7a6ac030b9bddb11d124460f 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -61,7 +61,6 @@ struct dp_option default_basic_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 7bf1805c1798752e87d30e8173ea1b7c4944078b..2e1dfa959d5c6117cae00eb0752c9e31daef1d2f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -173,7 +173,6 @@ enum sdap_basic_opt { SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, SDAP_CACHE_PURGE_TIMEOUT, - SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_TLS_CERT, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index f89362647f67df084fca64df95319f52791efaef..feb13db98bceb11098d3827e674dba8f94258f76 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -358,8 +358,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_store_group_with_gid(ctx, name, gid, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), + dom->group_timeout, posix_group, now); if (ret) goto fail; @@ -430,8 +429,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, DEBUG(6, ("Storing members for group %s\n", name)); ret = sysdb_store_group(ctx, name, 0, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->group_timeout, now); if (ret) goto fail; return EOK; @@ -1979,6 +1977,7 @@ immediate: static errno_t sdap_nested_group_check_hash(struct sdap_nested_group_ctx *); static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *member_dn, struct ldb_message ***_msgs, @@ -2034,6 +2033,7 @@ static errno_t sdap_nested_group_process_deref_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2140,6 +2140,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2233,6 +2234,7 @@ sdap_nested_group_check_hash(struct sdap_nested_group_ctx *state) static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *dn, struct ldb_message ***_msgs, @@ -2293,9 +2295,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, create_time = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CREATE_TIME, 0); - expiration = create_time + - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT); + expiration = create_time + dom->user_timeout; } else { /* Regular user, check if we need a refresh */ expiration = ldb_msg_find_attr_as_uint64(msgs[0], diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index f3a378f6488cfd46001c22b3a5abf29724f2fd0d..37aa2f112d88834162135c29b8294af90898f922 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -128,8 +128,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, } ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->netgroup_timeout, now); if (ret) goto fail; if (_timestamp) { diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index f414040bc08cfaf81fc01e22699f238989f48778..bde5820d28c8dba4029a81fc541b90678aba9523 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -458,7 +458,7 @@ sdap_save_service(TALLOC_CTX *mem_ctx, goto done; } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->service_timeout; ret = sysdb_store_service(sysdb, name, port, aliases, protocols, svc_attrs, missing, cache_timeout, now); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 01168321951fa9d14f4b58d891cb922c6c44d2c2..fa9c0a799d363a32f95c1a6ef5ef94afe3033b83 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -235,7 +235,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->user_timeout; if (is_initgr) { ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index e9a550fdb990eaa3a7078a25b35238694f5e73e9..3641d6ee544c69982d23e1f675c40da69b8de604 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -100,7 +100,6 @@ struct authtok_conv { struct proxy_id_ctx { struct be_ctx *be; - int entry_cache_timeout; struct proxy_nss_ops ops; void *handle; }; diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index b11750f736f44e1a9bc9de16d90f7db8beaacbf6..206af294f1870b9a89de2ebee4e5f5a68b2fa3e5 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -100,7 +100,7 @@ static int get_pw_name(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -263,7 +263,7 @@ static int get_pw_uid(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -394,7 +394,7 @@ again: goto again; /* skip */ } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -603,7 +603,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -732,7 +732,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -864,7 +864,7 @@ again: goto again; /* skip */ } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -967,7 +967,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index d43550bfaff0792b29b849f51b3714e4b27c3e55..46b2e7c36e5515b737c1f0e4e887ad5897b8d332 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -101,11 +101,6 @@ int sssm_proxy_id_init(struct be_ctx *bectx, } ctx->be = bectx; - ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, - CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600, - &ctx->entry_cache_timeout); - if (ret != EOK) goto done; - ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c81e60c61be9404fb16e2f4e3d422fb383ed161c..47a425b4673f2ec59c067385101b5ee3666ca0dd 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -152,7 +152,8 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, } ret = save_netgroup(sysdb, name, attrs, - !dom->case_sensitive, ctx->entry_cache_timeout); + !dom->case_sensitive, + dom->netgroup_timeout); if (ret != EOK) { DEBUG(1, ("sysdb_add_netgroup failed.\n")); goto done; diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c index 79508a219b6eb9c4ae8af4f5f2e6d21ff3d75e57..e5654d75b9cd2b06f75e5994c4cddcb8a175ba3d 100644 --- a/src/providers/proxy/proxy_services.c +++ b/src/providers/proxy/proxy_services.c @@ -138,7 +138,7 @@ get_serv_byname(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -191,7 +191,7 @@ get_serv_byport(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -339,7 +339,7 @@ again: const_aliases, protocols, NULL, NULL, - ctx->entry_cache_timeout, + dom->service_timeout, now); if (ret) { /* Do not fail completely on errors. diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index 093329fa3cc95e60bea52f1a6150818bc2cb0c4a..5311b4b479c39a15007e52c3431b041a118529ce 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -494,7 +494,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) name, dom->name)); netgr->ready = true; netgr->found = true; - set_netgr_lifetime(dom->entry_cache_timeout, step_ctx, netgr); + set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr); return EOK; } -- 1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
