On 04/19/2016 02:07 PM, Lukas Slebodnik wrote:
On (19/04/16 13:55), Petr Cech wrote:
Hi,
I found a strange condition in the function sss_ncache_check_str().
This condition causes the cache is NOT checked and the result of checking is
automatically EEXIST.
I dind't find call of sss_ncache_check_str() with ttl = -1, except in tests.
Note: We use value 0 for permanent cache, no -1.
Regards
--
Petr^4 Čech
From 1fd913a19bbe260fa548c60f224d5072440e956d Mon Sep 17 00:00:00 2001
From: Petr Cech <[email protected]>
Date: Tue, 19 Apr 2016 07:35:26 -0400
Subject: [PATCH] NEGCACHE: Removing of condition for ttl = -1
If ttl = -1 then function sss_ncache_check_str() returns EEXIST without
checking negcache. This behaviour is out of logic. We use ttl = 0 for
permanent caching.
Resolves:
https://fedorahosted.org/sssd/ticket/2928
---
src/responder/common/negcache.c | 6 ------
src/tests/cmocka/test_negcache.c | 46 ----------------------------------------
2 files changed, 52 deletions(-)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index
5b0517ceba85d6e35515a935423412314c218143..1617bf8c5cf7d36e7091a000f6473d1bcfe44f3f
100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -97,12 +97,6 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char
*str, int ttl)
goto done;
}
- if (ttl == -1) {
- /* a negative ttl means: never expires */
- ret = EEXIST;
- goto done;
- }
-
I think that comment is clear.
"negative cache" never expires
IIRC it is used by options
filter_users, filter_groups
which are permanently filterd out.
Nice try :-) but NACK
LS
Hi,
I am afraid that case of filter_users and filter_groups
uses function:
/* Set up the negative cache with values from filter_users and
* filter_groups in the sssd.conf
*/
errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
struct confdb_ctx *cdb,
struct resp_ctx *rctx);
which internally calls
sss_ncache_set_user(ncache, true, dom, name);
sss_ncache_set_group(ncache, true, dom, name);
Those true mean permanent and those functions calls
sss_ncache_set_user_int()
sss_ncache_set_group_int()
which internally calls
sss_ncache_set_str()
and there is
if (permanent) {
timest = talloc_strdup(ctx, "0");
}
So the time of caching is set to 0 and
it means permanent cache.
ttl = -1 is only possible call throw sss_ncache_check_*(),
but if you know that ttl = -1 you call check unnecessarily.
Regards
--
Petr^4 Čech
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]