Hi!
see attached simple patch for ticket:
https://fedorahosted.org/sssd/ticket/2912
The first patch is for master and 1.13
the second for 1.12.
It seems like the decision to ignore cache
validity when background refresh is enabled
was not a good one and it was not possible
to fetch new netgroup entry even if the
old was invalidated with sss_cache.
Michal
>From 7b260a1947236bfb07d9eb4700d2e69559186918 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Mon, 18 Jan 2016 22:02:55 +0100
Subject: [PATCH] NSS: Refresh also netgroup cache if needed
When refresh_expired_interval was not zero,
the NSS responder only refreshed netgroup cache
using background periodic task and ignored
SYSDB_CACHE_EXPIRE attribute.
With this behaviour it was impossible to
get new netgroup from remote server even
after sss_cache tool was used to expire
existing entry in the cache.
---
src/responder/nss/nsssrv_cmd.c | 53 +++++++++++-------------------------------
1 file changed, 13 insertions(+), 40 deletions(-)
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index d6ac9dc..c2ae438 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -579,25 +579,6 @@ static int nss_cmd_getpw_send_reply(struct nss_dom_ctx *dctx, bool filter)
return EOK;
}
-/* Currently only refreshing expired netgroups is supported. */
-static bool
-is_refreshed_on_bg(enum sss_dp_acct_type req_type,
- enum sss_dp_acct_type refresh_expired_interval)
-{
- if (refresh_expired_interval == 0) {
- return false;
- }
-
- switch (req_type) {
- case SSS_DP_NETGR:
- return true;
- default:
- return false;
- }
-
- return false;
-}
-
static void nsssrv_dp_send_acct_req_done(struct tevent_req *req);
static void get_dp_name_and_id(TALLOC_CTX *mem_ctx,
@@ -753,30 +734,22 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
get_dp_name_and_id(dctx->cmdctx, dctx->domain, req_type, opt_name, opt_id,
&name, &id);
- /* if we have any reply let's check cache validity, but ignore netgroups
- * if refresh_expired_interval is set (which implies that another method
- * is used to refresh netgroups)
- */
+ /* if we have any reply let's check cache validity */
if (res->count > 0) {
- if (is_refreshed_on_bg(req_type,
- dctx->domain->refresh_expired_interval)) {
- ret = EOK;
+ if (req_type == SSS_DP_INITGROUPS) {
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_INITGR_EXPIRE,
+ 0);
} else {
- if (req_type == SSS_DP_INITGROUPS) {
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
- SYSDB_INITGR_EXPIRE,
- 0);
- } else {
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
- SYSDB_CACHE_EXPIRE,
- 0);
- }
-
- /* if we have any reply let's check cache validity */
- ret = sss_cmd_check_cache(res->msgs[0],
- nctx->cache_refresh_percent,
- cacheExpire);
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_CACHE_EXPIRE,
+ 0);
}
+
+ /* if we have any reply let's check cache validity */
+ ret = sss_cmd_check_cache(res->msgs[0],
+ nctx->cache_refresh_percent,
+ cacheExpire);
if (ret == EOK) {
DEBUG(SSSDBG_TRACE_FUNC, "Cached entry is valid, returning..\n");
return EOK;
--
2.5.0
>From 174b916e348134ccfe8c3ec545c9f5f7a10627a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Mon, 18 Jan 2016 22:52:41 +0100
Subject: [PATCH] NSS: Refresh also netgroup cache if needed
When refresh_expired_interval was not zero,
the NSS responder only refreshed netgroup cache
using background periodic task and ignored
SYSDB_CACHE_EXPIRE attribute.
With this behaviour it was impossible to
get new netgroup from remote server even
after sss_cache tool was used to expire
existing entry in the cache.
---
src/responder/nss/nsssrv_cmd.c | 53 +++++++++++-------------------------------
1 file changed, 13 insertions(+), 40 deletions(-)
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 7fba6a1..fcbf441 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -571,25 +571,6 @@ static int nss_cmd_getpw_send_reply(struct nss_dom_ctx *dctx, bool filter)
return EOK;
}
-/* Currently only refreshing expired netgroups is supported. */
-static bool
-is_refreshed_on_bg(enum sss_dp_acct_type req_type,
- enum sss_dp_acct_type refresh_expired_interval)
-{
- if (refresh_expired_interval == 0) {
- return false;
- }
-
- switch (req_type) {
- case SSS_DP_NETGR:
- return true;
- default:
- return false;
- }
-
- return false;
-}
-
static void nsssrv_dp_send_acct_req_done(struct tevent_req *req);
/* FIXME: do not check res->count, but get in a msgs and check in parent */
@@ -620,30 +601,22 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
return ENOENT;
}
- /* if we have any reply let's check cache validity, but ignore netgroups
- * if refresh_expired_interval is set (which implies that another method
- * is used to refresh netgroups)
- */
+ /* if we have any reply let's check cache validity */
if (res->count > 0) {
- if (is_refreshed_on_bg(req_type,
- dctx->domain->refresh_expired_interval)) {
- ret = EOK;
+ if (req_type == SSS_DP_INITGROUPS) {
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_INITGR_EXPIRE,
+ 0);
} else {
- if (req_type == SSS_DP_INITGROUPS) {
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
- SYSDB_INITGR_EXPIRE,
- 0);
- } else {
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
- SYSDB_CACHE_EXPIRE,
- 0);
- }
-
- /* if we have any reply let's check cache validity */
- ret = sss_cmd_check_cache(res->msgs[0],
- nctx->cache_refresh_percent,
- cacheExpire);
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_CACHE_EXPIRE,
+ 0);
}
+
+ /* if we have any reply let's check cache validity */
+ ret = sss_cmd_check_cache(res->msgs[0],
+ nctx->cache_refresh_percent,
+ cacheExpire);
if (ret == EOK) {
DEBUG(SSSDBG_TRACE_FUNC, "Cached entry is valid, returning..\n");
return EOK;
--
2.5.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
