On Thu, May 29, 2014 at 10:30:26AM +0930, William wrote: > On Mon, 2014-05-26 at 09:19 +0200, Jan Cholasta wrote: > > On 26.5.2014 03:41, William wrote: > > > > > >> I'm afraid there is no right thing to call ATM, as there is no support > > >> for cache invalidation in SSH host code. I guess you'll have to > > >> implement it yourself. > > >> > > >> Off the top of my head, you need to properly set SYSDB_CACHE_EXPIRE in > > >> sysdb_store_ssh_host, return only unexpired hosts in > > >> sysdb_get_ssh_known_hosts, make sysdb_search_ssh_hosts public and create > > >> sysdb_set_ssh_host_attr (sysdb_update_ssh_hosts does the same, so you > > >> can modify and rename it instead of writing a completely new function). > > > > > > Please find attached a patch that adds the functionality. Note that > > > ssh_hosts don't use the dataExpire attribute, they use a different > > > attribute, which is why I opted to call ssh_known_host_expire. > > > > > > > I'm sorry, but that's completely wrong. The ssh_known_host_expire > > attribute does *not* denote cache entry expiration, it denotes > > known_hosts entry expiration, hence my request to add support for > > SYSDB_CACHE_EXPIRE. Unless you do that, I can't ACK. > > > > Here is the fixed patch as per your advice. I am now adding the > SYSDB_CACHE_EXPIRE attribute to ssh_hosts on add, the update attr > function is now exposed, and I added some helpers to keep inline with > some of the other sysdb functions. > > I noticed in my testing that when a host had been expired, it wasn't put > into known_hosts (Which is correct), but that the sss_ssh_knownproxy or > other process wasn't updating the actual sysdb entries with the new key. > Where is the refresh of an expired host taking place, or rather, where > should it be taking place? I suspect it is in the freeipa provider code > somewhere ... >
Honza, does this patch version look any better to you? _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
