On 04/19/2016 02:07 PM, Lukas Slebodnik wrote:
On (19/04/16 13:55), Petr Cech wrote:
Hi,

I found a strange condition in the function sss_ncache_check_str().

This condition causes the cache is NOT checked and the result of checking is
automatically EEXIST.

I dind't find call of sss_ncache_check_str() with ttl = -1, except in tests.

Note: We use value 0 for permanent cache, no -1.

Regards

--
Petr^4 Čech

From 1fd913a19bbe260fa548c60f224d5072440e956d Mon Sep 17 00:00:00 2001
From: Petr Cech <[email protected]>
Date: Tue, 19 Apr 2016 07:35:26 -0400
Subject: [PATCH] NEGCACHE: Removing of condition for ttl = -1

If ttl = -1 then function sss_ncache_check_str() returns EEXIST without
checking negcache. This behaviour is out of logic. We use ttl = 0 for
permanent caching.

Resolves:
https://fedorahosted.org/sssd/ticket/2928
---
src/responder/common/negcache.c  |  6 ------
src/tests/cmocka/test_negcache.c | 46 ----------------------------------------
2 files changed, 52 deletions(-)

diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 
5b0517ceba85d6e35515a935423412314c218143..1617bf8c5cf7d36e7091a000f6473d1bcfe44f3f
 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -97,12 +97,6 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char 
*str, int ttl)
         goto done;
     }

-    if (ttl == -1) {
-        /* a negative ttl means: never expires */
-        ret = EEXIST;
-        goto done;
-    }
-
I think that comment is clear.
"negative cache" never expires

IIRC it is used by options
filter_users, filter_groups
which are permanently filterd out.

Nice try :-) but NACK

LS

Hi,

I am afraid that case of filter_users and filter_groups
uses function:

/* Set up the negative cache with values from filter_users and
 * filter_groups in the sssd.conf
 */
errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
                               struct confdb_ctx *cdb,
                               struct resp_ctx *rctx);

which internally calls

sss_ncache_set_user(ncache, true, dom, name);
sss_ncache_set_group(ncache, true, dom, name);

Those true mean permanent and those functions calls

sss_ncache_set_user_int()
sss_ncache_set_group_int()

which internally calls

sss_ncache_set_str()

and there is

if (permanent) {
   timest = talloc_strdup(ctx, "0");
}

So the time of caching is set to 0 and
it means permanent cache.

ttl = -1 is only possible call throw sss_ncache_check_*(),
but if you know that ttl = -1 you call check unnecessarily.

Regards

--
Petr^4 Čech
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]

Reply via email to