Hello,
this patch set moves negative cache from particular context of given
responder to common context resp_ctx.
It is reaction on Fix taloc context for negative cache [1]. And it
replaces it.
It is applicable after [PATCH SET] Make the negcache timeout part of
nc_ctx [2]
For clarity, there is branch with all negative cache's patches [3].
Links:
[1]
https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26529.html
[2]
https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26515.html
[3] https://github.com/celestian/sssd/commits/ncache_v2
Regards
--
Petr^4 Čech
>From b71de52198cede4a91744378e9254a8c9b3667ca Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Mon, 2 May 2016 09:55:47 -0400
Subject: [PATCH 1/6] RESPONDERS: Negcache in resp_ctx preparing
Preparation for initialization of negative cache in common responder.
---
Makefile.am | 6 ++--
src/responder/common/responder.h | 2 ++
src/responder/common/responder_common.c | 47 ++++++++++++++++++++++++++++++++
src/tests/cmocka/common_mock_resp.c | 6 ++++
src/tests/cmocka/test_responder_common.c | 34 +++++++++++++++--------
src/tests/cwrap/Makefile.am | 1 +
6 files changed, 83 insertions(+), 13 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 7161bef3c9b47db92a390220e3f285c7b5d2d812..dc477249be0dab29cef490cf4fb558b5e8b16d3c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1790,6 +1790,7 @@ sss_idmap_tests_LDADD = \
responder_socket_access_tests_SOURCES = \
src/tests/responder_socket_access-tests.c \
+ src/responder/common/negcache.c \
src/responder/common/responder_common.c \
src/responder/common/responder_packet.c \
src/responder/common/responder_cmd.c
@@ -1965,13 +1966,14 @@ pam_srv_tests_LDADD = \
EXTRA_responder_get_domains_tests_DEPENDENCIES = \
$(ldblib_LTLIBRARIES)
responder_get_domains_tests_SOURCES = \
- src/responder/common/responder_get_domains.c \
+ $(SSSD_RESPONDER_OBJ) \
src/tests/cmocka/test_responder_common.c \
src/tests/cmocka/common_mock_resp.c
responder_get_domains_tests_CFLAGS = \
$(AM_CFLAGS)
responder_get_domains_tests_LDFLAGS = \
- -Wl,-wrap,sss_parse_name_for_domains
+ -Wl,-wrap,sss_parse_name_for_domains \
+ -Wl,-wrap,sss_ncache_reset_repopulate_permanent
responder_get_domains_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 56ff2b3ec9348ee50df6f93770369f6a2b40ff6d..d3f5c8d94000a7b0ca8f41fb3cb40b32186d391e 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -92,6 +92,8 @@ struct resp_ctx {
const char *sock_name;
const char *priv_sock_name;
+ struct sss_nc_ctx *ncache;
+
struct sbus_connection *mon_conn;
struct be_conn *be_conns;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 639356749f3c70c6b8c743f62856dfeb3c2db731..4f620f7d9bc47db374144f008d1855fbe1178f50 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -756,6 +756,47 @@ static int sss_responder_ctx_destructor(void *ptr)
return 0;
}
+static errno_t responder_init_ncache(TALLOC_CTX *mem_ctx,
+ struct confdb_ctx *cdb,
+ struct sss_nc_ctx **ncache)
+{
+ uint32_t neg_timeout;
+ int tmp_value;
+ int ret;
+
+ /* neg_timeout */
+ ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENTRY_NEG_TIMEOUT,
+ 15, &tmp_value);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal failure of setup negative cache timeout.\n");
+ ret = ENOENT;
+ goto done;
+ }
+
+ if (tmp_value < 0) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ neg_timeout = tmp_value;
+ ret = EOK;
+
+ /* negative cache init */
+ ret = sss_ncache_init(mem_ctx, neg_timeout, ncache);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal failure of initializing negative cache.\n");
+ goto done;
+ }
+
+ ret = EOK;
+
+done:
+ return ret;
+}
+
int sss_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb,
@@ -913,6 +954,12 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
+ ret = responder_init_ncache(rctx, rctx->cdb, &rctx->ncache);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n");
+ goto fail;
+ }
+
DEBUG(SSSDBG_TRACE_FUNC, "Responder Initialization complete\n");
*responder_ctx = rctx;
diff --git a/src/tests/cmocka/common_mock_resp.c b/src/tests/cmocka/common_mock_resp.c
index 767d4d7e1455d0998e6511cefa595ec6238ba07d..8bcf18b800d8f64d5ddff9b6524eb209aa88f213 100644
--- a/src/tests/cmocka/common_mock_resp.c
+++ b/src/tests/cmocka/common_mock_resp.c
@@ -42,6 +42,12 @@ mock_rctx(TALLOC_CTX *mem_ctx,
return NULL;
}
+ ret = sss_ncache_init(rctx, 10, &rctx->ncache);
+ if (ret != EOK) {
+ talloc_free(rctx);
+ return NULL;
+ }
+
rctx->ev = ev;
rctx->domains = domains;
rctx->pvt_ctx = pvt_ctx;
diff --git a/src/tests/cmocka/test_responder_common.c b/src/tests/cmocka/test_responder_common.c
index 48e0e91a3686bb19adf4719b1bc744348670e6b3..e145aa77ec4b4f6689f9222bec6ac4c573a8d0b2 100644
--- a/src/tests/cmocka/test_responder_common.c
+++ b/src/tests/cmocka/test_responder_common.c
@@ -35,16 +35,28 @@
#define NAME "username"
+/* register_cli_protocol_version is required in test since it links with
+ * responder_common.c module
+ */
+struct cli_protocol_version *register_cli_protocol_version(void)
+{
+ static struct cli_protocol_version responder_test_cli_protocol_version[] = {
+ {0, NULL, NULL}
+ };
+
+ return responder_test_cli_protocol_version;
+}
+
static void
mock_sss_dp_done(struct tevent_context *ev,
struct tevent_immediate *imm,
void *pvt);
errno_t
-sss_dp_issue_request(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
- const char *strkey, struct sss_domain_info *dom,
- dbus_msg_constructor msg_create, void *pvt,
- struct tevent_req *nreq)
+__wrap_sss_dp_issue_request(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
+ const char *strkey, struct sss_domain_info *dom,
+ dbus_msg_constructor msg_create, void *pvt,
+ struct tevent_req *nreq)
{
struct tevent_immediate *imm;
@@ -69,11 +81,11 @@ mock_sss_dp_done(struct tevent_context *ev,
}
errno_t
-sss_dp_req_recv(TALLOC_CTX *mem_ctx,
- struct tevent_req *sidereq,
- dbus_uint16_t *dp_err,
- dbus_uint32_t *dp_ret,
- char **err_msg)
+__wrap_sss_dp_req_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *sidereq,
+ dbus_uint16_t *dp_err,
+ dbus_uint32_t *dp_ret,
+ char **err_msg)
{
return EOK;
}
@@ -271,8 +283,8 @@ struct sss_nc_ctx {
struct parse_inp_test_ctx *pctx;
};
-errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
- struct sss_nc_ctx *dummy_ncache_ptr)
+errno_t __wrap_sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
+ struct sss_nc_ctx *dummy_ncache_ptr)
{
test_ev_done(dummy_ncache_ptr->pctx->tctx, EOK);
return EOK;
diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
index ee9970667ab1ff8d5d84279113a773c183a4d739..a5afb8c020ee00b680aac0680bcf6f6495dd8222 100644
--- a/src/tests/cwrap/Makefile.am
+++ b/src/tests/cwrap/Makefile.am
@@ -106,6 +106,7 @@ usertools_tests_LDADD = \
responder_common_tests_SOURCES =\
test_responder_common.c \
+ ../../../src/responder/common/negcache.c \
../../../src/responder/common/responder_common.c \
../../../src/responder/common/responder_packet.c \
../../../src/responder/common/responder_cmd.c \
--
2.5.5
>From ee660b069f63971047d98bd98313dfa54709ce6c Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Wed, 4 May 2016 11:36:18 -0400
Subject: [PATCH 2/6] RESPONDER: Removing ncache from nss_ctx
This patch switches ncache from nss_ctx to resp_ctx.
---
src/responder/nss/nsssrv.c | 15 ++-------
src/responder/nss/nsssrv.h | 2 --
src/responder/nss/nsssrv_cmd.c | 67 +++++++++++++++++--------------------
src/responder/nss/nsssrv_netgroup.c | 4 +--
src/responder/nss/nsssrv_services.c | 12 +++----
src/tests/cmocka/test_negcache.c | 6 ----
src/tests/cmocka/test_nss_srv.c | 6 ----
7 files changed, 40 insertions(+), 72 deletions(-)
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 363ee7bffac5a3fa61a9d81ae5821ed6ffaa50d7..2cc934c45b27bcb423e88d6bf6886e40e1168ca3 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -247,7 +247,7 @@ static int nss_get_config(struct nss_ctx *nctx,
nctx->cache_refresh_percent = 0;
}
- ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx);
+ ret = sss_ncache_prepopulate(nctx->rctx->ncache, cdb, nctx->rctx);
if (ret != EOK) {
goto done;
}
@@ -411,7 +411,6 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
enum idmap_error_code err;
int hret;
int fd_limit;
- uint32_t neg_timeout;
nss_cmds = get_nss_cmds();
@@ -436,16 +435,6 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
- if (ret != EOK) goto fail;
-
- ret = sss_ncache_init(rctx, neg_timeout, &nctx->ncache);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "fatal error initializing negative cache\n");
- goto fail;
- }
-
nctx->rctx = rctx;
nctx->rctx->pvt_ctx = nctx;
@@ -545,7 +534,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->ncache);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->rctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 28e62b78acf85299c5d813182fca68ca964549d3..2977479aa52082480f92eab94f7833e2e696a9ac 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -44,8 +44,6 @@ struct sss_mc_ctx;
struct nss_ctx {
struct resp_ctx *rctx;
- struct sss_nc_ctx *ncache;
-
int cache_refresh_percent;
int enum_cache_timeout;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 30daf4bc5791283f20c2d39725e487ac827347ce..0c7bf8adad8695082e7dfb376836c2398f6b46b4 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -108,14 +108,7 @@ struct setent_ctx {
static int nss_reset_negcache(struct resp_ctx *rctx)
{
- struct nss_ctx *nss_ctx;
-
- nss_ctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
- if (nss_ctx == NULL) {
- return EIO;
- }
-
- return sss_ncache_reset_repopulate_permanent(rctx, nss_ctx->ncache);
+ return sss_ncache_reset_repopulate_permanent(rctx, rctx->ncache);
}
/****************************************************************************
@@ -408,7 +401,7 @@ static int fill_pwent(struct sss_packet *packet,
}
if (filter_users) {
- ncret = sss_ncache_check_user(nctx->ncache, dom, orig_name);
+ ncret = sss_ncache_check_user(nctx->rctx->ncache, dom, orig_name);
if (ncret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"User [%s@%s] filtered out! (negative cache)\n",
@@ -1007,7 +1000,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->ncache, dom, name);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
/* if neg cached, return we didn't find it */
if (ret == EEXIST) {
@@ -1087,7 +1080,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_user(nctx->ncache, false, dom, name);
+ ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
name, dom->name);
@@ -1266,7 +1259,7 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
* here. */
switch (dctx->cmdctx->cmd) {
case SSS_NSS_GETPWUID:
- ret = sss_ncache_set_uid(nctx->ncache, false, dctx->domain,
+ ret = sss_ncache_set_uid(nctx->rctx->ncache, false, dctx->domain,
cmdctx->id);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -1276,7 +1269,7 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
gnd_flags = SSS_GND_DESCEND;
break;
case SSS_NSS_GETGRGID:
- ret = sss_ncache_set_gid(nctx->ncache, false, dctx->domain,
+ ret = sss_ncache_set_gid(nctx->rctx->ncache, false, dctx->domain,
cmdctx->id);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -1286,14 +1279,14 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
gnd_flags = SSS_GND_DESCEND;
break;
case SSS_NSS_GETSIDBYID:
- ret = sss_ncache_set_uid(nctx->ncache, false, dctx->domain,
+ ret = sss_ncache_set_uid(nctx->rctx->ncache, false, dctx->domain,
cmdctx->id);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negative cache for UID %"PRIu32"\n",
cmdctx->id);
}
- ret = sss_ncache_set_gid(nctx->ncache, false, dctx->domain,
+ ret = sss_ncache_set_gid(nctx->rctx->ncache, false, dctx->domain,
cmdctx->id);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -1876,7 +1869,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
done:
if (ret == ENOENT) {
/* The entry was not found, need to set result in negative cache */
- err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id);
+ err = sss_ncache_set_uid(nctx->rctx->ncache, false, NULL, cmdctx->id);
if (err != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id);
@@ -1947,7 +1940,7 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
switch(dctx->cmdctx->cmd) {
case SSS_NSS_GETPWUID:
- ret = sss_ncache_check_uid(nctx->ncache, NULL, cmdctx->id);
+ ret = sss_ncache_check_uid(nctx->rctx->ncache, NULL, cmdctx->id);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Uid [%"PRIu32"] does not exist! (negative cache)\n",
@@ -1957,7 +1950,7 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
}
break;
case SSS_NSS_GETGRGID:
- ret = sss_ncache_check_gid(nctx->ncache, NULL, cmdctx->id);
+ ret = sss_ncache_check_gid(nctx->rctx->ncache, NULL, cmdctx->id);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Gid [%"PRIu32"] does not exist! (negative cache)\n",
@@ -1967,9 +1960,9 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
}
break;
case SSS_NSS_GETSIDBYID:
- ret = sss_ncache_check_uid(nctx->ncache, NULL, cmdctx->id);
+ ret = sss_ncache_check_uid(nctx->rctx->ncache, NULL, cmdctx->id);
if (ret != EEXIST) {
- ret = sss_ncache_check_gid(nctx->ncache, NULL, cmdctx->id);
+ ret = sss_ncache_check_gid(nctx->rctx->ncache, NULL, cmdctx->id);
}
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
@@ -2823,7 +2816,7 @@ static int fill_members(struct sss_packet *packet,
}
if (nctx->filter_users_in_groups) {
- ret = sss_ncache_check_user(nctx->ncache, dom, tmpstr);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, tmpstr);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Group [%s] member [%s@%s] filtered out!"
@@ -2979,7 +2972,7 @@ static int fill_grent(struct sss_packet *packet,
}
if (filter_groups) {
- ret = sss_ncache_check_group(nctx->ncache, dom, orig_name);
+ ret = sss_ncache_check_group(nctx->rctx->ncache, dom, orig_name);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Group [%s@%s] filtered out! (negative cache)\n",
@@ -3216,7 +3209,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* verify this group has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_group(nctx->ncache, dom, name);
+ ret = sss_ncache_check_group(nctx->rctx->ncache, dom, name);
/* if neg cached, return we didn't find it */
if (ret == EEXIST) {
@@ -3262,7 +3255,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_group(nctx->ncache, false, dom, name);
+ ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
name, dom->name);
@@ -3453,7 +3446,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
done:
if (ret == ENOENT) {
/* The entry was not found, need to set result in negative cache */
- err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id);
+ err = sss_ncache_set_gid(nctx->rctx->ncache, false, NULL, cmdctx->id);
if (err != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id);
@@ -4333,7 +4326,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->ncache, dom, name);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
/* if neg cached, return we didn't find it */
if (ret == EEXIST) {
@@ -4408,7 +4401,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_user(nctx->ncache, false, dom, name);
+ ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
name, dom->name);
@@ -4542,9 +4535,9 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%"PRIu32"@%s]\n",
cmdctx->id, dom->name);
- ret = sss_ncache_check_uid(nctx->ncache, dom, cmdctx->id);
+ ret = sss_ncache_check_uid(nctx->rctx->ncache, dom, cmdctx->id);
if (ret == EEXIST) {
- ret = sss_ncache_check_gid(nctx->ncache, dom, cmdctx->id);
+ ret = sss_ncache_check_gid(nctx->rctx->ncache, dom, cmdctx->id);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"ID [%"PRIu32"] does not exist in [%s]! (negative cache)\n",
@@ -4595,10 +4588,10 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
/* verify this name has not yet been negatively cached, as user
* and groupm, or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->ncache, dom, name);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
if (ret == EEXIST) {
- ret = sss_ncache_check_group(nctx->ncache, dom, name);
+ ret = sss_ncache_check_group(nctx->rctx->ncache, dom, name);
if (ret == EEXIST) {
/* if neg cached, return we didn't find it */
DEBUG(SSSDBG_TRACE_FUNC,
@@ -4721,13 +4714,13 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME
|| cmdctx->cmd == SSS_NSS_GETORIGBYNAME) {
- ret = sss_ncache_set_user(nctx->ncache, false, dom, name);
+ ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negcache for %s@%s\n", name, dom->name);
}
- ret = sss_ncache_set_group(nctx->ncache, false, dom, name);
+ ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negcache for %s@%s\n", name, dom->name);
@@ -4796,13 +4789,13 @@ done:
if (cmdctx->cmd == SSS_NSS_GETSIDBYID) {
DEBUG(SSSDBG_MINOR_FAILURE,
"No matching domain found for [%"PRIu32"], fail!\n", cmdctx->id);
- err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id);
+ err = sss_ncache_set_uid(nctx->rctx->ncache, false, NULL, cmdctx->id);
if (err != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id);
}
- err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id);
+ err = sss_ncache_set_gid(nctx->rctx->ncache, false, NULL, cmdctx->id);
if (err != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id);
@@ -4838,7 +4831,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_sid(nctx->ncache, cmdctx->secid);
+ ret = sss_ncache_check_sid(nctx->rctx->ncache, cmdctx->secid);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"SID [%s] does not exist! (negative cache)\n", cmdctx->secid);
@@ -4852,7 +4845,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n");
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid);
+ ret = sss_ncache_set_sid(nctx->rctx->ncache, false, cmdctx->secid);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot set negative cache for %s\n", cmdctx->secid);
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index cde3a207430c6e42cc71036242e04fce48ac94f5..a3c74a3fd2050a63dff3d69224bcf0cc59b2a9bf 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -467,7 +467,7 @@ static errno_t create_negcache_netgr(struct setent_step_ctx *step_ctx)
netgr->ready = true;
netgr->found = false;
- lifetime = sss_ncache_get_timeout(step_ctx->nctx->ncache);
+ lifetime = sss_ncache_get_timeout(step_ctx->nctx->rctx->ncache);
set_netgr_lifetime(lifetime, step_ctx, netgr);
ret = EOK;
@@ -587,7 +587,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
"Failed to convert results into entries\n");
netgr->ready = true;
netgr->found = false;
- lifetime = sss_ncache_get_timeout(step_ctx->nctx->ncache);
+ lifetime = sss_ncache_get_timeout(step_ctx->nctx->rctx->ncache);
set_netgr_lifetime(lifetime, step_ctx, netgr);
ret = EIO;
goto done;
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index 213d2926b3abb87d0b95ebcc6836e87b0df15754..05f9d52fad299bc4621d0890c95a10d9b8cd842d 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -174,7 +174,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* If we're looking up by name */
if (service_name) {
/* Check the negative cache */
- ret = sss_ncache_check_service(nctx->ncache, dom,
+ ret = sss_ncache_check_service(nctx->rctx->ncache, dom,
SVC_NAME_CASED, SVC_PROTO_CASED);
/* If negatively cached, return we didn't find it */
if (ret == EEXIST) {
@@ -213,7 +213,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
&state->res);
} else { /* Looking up by port */
/* Check the negative cache */
- ret = sss_ncache_check_service_port(nctx->ncache, dom, port,
+ ret = sss_ncache_check_service_port(nctx->rctx->ncache, dom, port,
SVC_PROTO_CASED);
/* If negatively cached, return we didn't find it */
if (ret == EEXIST) {
@@ -262,7 +262,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
} else {
/* No provider to check. Set the negative cache here */
if (state->name) {
- ret = sss_ncache_set_service_name(nctx->ncache, false,
+ ret = sss_ncache_set_service_name(nctx->rctx->ncache, false,
dom,
SVC_NAME_CASED,
SVC_PROTO_CASED);
@@ -275,7 +275,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
SVC_NAME_CASED, SVC_PROTO_CASED);
}
} else {
- ret = sss_ncache_set_service_port(nctx->ncache, false,
+ ret = sss_ncache_set_service_port(nctx->rctx->ncache, false,
dom,
state->port,
SVC_PROTO_CASED);
@@ -510,7 +510,7 @@ static void lookup_service_done(struct tevent_req *subreq)
* Set the negative cache
*/
if (state->name) {
- ret = sss_ncache_set_service_name(nctx->ncache, false,
+ ret = sss_ncache_set_service_name(nctx->rctx->ncache, false,
dom,
SVC_NAME_CASED,
SVC_PROTO_CASED);
@@ -523,7 +523,7 @@ static void lookup_service_done(struct tevent_req *subreq)
SVC_NAME_CASED, SVC_PROTO_CASED);
}
} else {
- ret = sss_ncache_set_service_port(nctx->ncache, false,
+ ret = sss_ncache_set_service_port(nctx->rctx->ncache, false,
dom,
state->port,
SVC_PROTO_CASED);
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index 99d61fbc646e86de8fdb775dce3e062ce5b66b8a..e309ce6456ddaa425568d263964e7a01a653eaf5 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -71,7 +71,6 @@ static struct nss_ctx *
mock_nctx(TALLOC_CTX *mem_ctx)
{
struct nss_ctx *nctx;
- errno_t ret;
enum idmap_error_code err;
nctx = talloc_zero(mem_ctx, struct nss_ctx);
@@ -79,11 +78,6 @@ mock_nctx(TALLOC_CTX *mem_ctx)
return NULL;
}
- ret = sss_ncache_init(nctx, SHORTSPAN, &nctx->ncache);
- if (ret != EOK) {
- talloc_free(nctx);
- return NULL;
- }
nctx->pwfield = discard_const("*");
err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 9471e51bd8203a2112e300b3590e5b313df9494a..3064a96ea30633b5d65a874b16f7a17d9b87101e 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -62,7 +62,6 @@ struct nss_ctx *
mock_nctx(TALLOC_CTX *mem_ctx)
{
struct nss_ctx *nctx;
- errno_t ret;
enum idmap_error_code err;
nctx = talloc_zero(mem_ctx, struct nss_ctx);
@@ -70,11 +69,6 @@ mock_nctx(TALLOC_CTX *mem_ctx)
return NULL;
}
- ret = sss_ncache_init(nctx, 10, &nctx->ncache);
- if (ret != EOK) {
- talloc_free(nctx);
- return NULL;
- }
nctx->pwfield = discard_const("*");
err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
--
2.5.5
>From c4393245babd4177cc4dddc94367e5493449f4bf Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Wed, 4 May 2016 13:36:53 -0400
Subject: [PATCH 3/6] RESPONDER: Removing ncache from ifp_ctx
This patch switches ncache from ifp_ctx to resp_ctx.
---
src/responder/ifp/ifp_groups.c | 9 +++++----
src/responder/ifp/ifp_private.h | 1 -
src/responder/ifp/ifp_users.c | 9 +++++----
src/responder/ifp/ifpsrv.c | 11 -----------
src/responder/ifp/ifpsrv_cmd.c | 4 ++--
5 files changed, 12 insertions(+), 22 deletions(-)
diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
index 411cebc12079e01b05d341ca98f159f30d9395a1..1c1f1a7705ed6384c23ebe4a7aebf2b6e5ee1edb 100644
--- a/src/responder/ifp/ifp_groups.c
+++ b/src/responder/ifp/ifp_groups.c
@@ -118,7 +118,7 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req,
}
req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, 0, NULL, name);
+ ctx->rctx->ncache, 0, NULL, name);
if (req == NULL) {
return ENOMEM;
}
@@ -188,7 +188,7 @@ int ifp_groups_find_by_id(struct sbus_request *sbus_req,
}
req = cache_req_group_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, 0, NULL, id);
+ ctx->rctx->ncache, 0, NULL, id);
if (req == NULL) {
return ENOMEM;
}
@@ -526,7 +526,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx,
}
subreq = cache_req_group_by_name_send(state, ev, ctx->rctx,
- ctx->ncache, 0, domain->name, name);
+ ctx->rctx->ncache, 0, domain->name, name);
if (subreq == NULL) {
ret = ENOMEM;
goto immediately;
@@ -604,7 +604,8 @@ errno_t resolv_ghosts_step(struct tevent_req *req)
}
subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx,
- state->ctx->ncache, 0, state->domain->name,
+ state->ctx->rctx->ncache, 0,
+ state->domain->name,
state->ghosts[state->index]);
if (subreq == NULL) {
return ENOMEM;
diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h
index 9eacdbb9e43a17db4800eb0eb12cdc3e4f130741..24e60df48f6525348cecee7f31bc69751b287108 100644
--- a/src/responder/ifp/ifp_private.h
+++ b/src/responder/ifp/ifp_private.h
@@ -39,7 +39,6 @@ struct sysbus_ctx {
struct ifp_ctx {
struct resp_ctx *rctx;
struct sss_names_ctx *snctx;
- struct sss_nc_ctx *ncache;
struct sysbus_ctx *sysbus;
const char **user_whitelist;
diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
index f362ea289be2a2188b588ebaf69c1d98d432c29f..e16ee65009666e8866027bb8e42cdc777ebeed31 100644
--- a/src/responder/ifp/ifp_users.c
+++ b/src/responder/ifp/ifp_users.c
@@ -99,7 +99,7 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req,
}
req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, 0, NULL, name);
+ ctx->rctx->ncache, 0, NULL, name);
if (req == NULL) {
return ENOMEM;
}
@@ -169,7 +169,7 @@ int ifp_users_find_by_id(struct sbus_request *sbus_req,
}
req = cache_req_user_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, 0, NULL, id);
+ ctx->rctx->ncache, 0, NULL, id);
if (req == NULL) {
return ENOMEM;
}
@@ -255,7 +255,7 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data,
}
req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, 0, NULL, derb64);
+ ctx->rctx->ncache, 0, NULL, derb64);
if (req == NULL) {
return ENOMEM;
}
@@ -651,7 +651,8 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req,
}
req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, 0, domain->name, username);
+ ctx->rctx->ncache, 0, domain->name,
+ username);
if (req == NULL) {
return ENOMEM;
}
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index 55a182143b82c7eedfa4f4619adc6ab1de73bf4d..879e00c8ed78751bb37d5d5a019ff1c7bc03966d 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -227,7 +227,6 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
int ret;
int max_retries;
- uint32_t neg_timeout;
char *uid_str;
char *attr_list_str;
char *wildcard_limit_str;
@@ -283,16 +282,6 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- /* Set up the negative cache */
- ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
- if (ret != EOK) goto fail;
-
- ret = sss_ncache_init(rctx, neg_timeout, &ifp_ctx->ncache);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n");
- goto fail;
- }
-
ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY, CONFDB_IFP_USER_ATTR_LIST,
NULL, &attr_list_str);
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index c50f51763fdf5cfcf941c8be76333ddafe9023b5..27a9d6a1ef0bc9622e8df6a5888e861f5ed4dbe4 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -91,7 +91,7 @@ int ifp_user_get_attr(struct sbus_request *dbus_req, void *data)
attr_req->name, ireq->dbus_req->client);
req = ifp_user_get_attr_send(ireq, ifp_ctx->rctx,
- ifp_ctx->ncache, SSS_DP_USER,
+ ifp_ctx->rctx->ncache, SSS_DP_USER,
attr_req->name, attr_req->attrs);
if (req == NULL) {
return sbus_request_finish(dbus_req, NULL);
@@ -320,7 +320,7 @@ int ifp_user_get_groups(struct sbus_request *dbus_req,
group_req->name, group_req->ireq->dbus_req->client);
req = ifp_user_get_attr_send(ireq, ifp_ctx->rctx,
- ifp_ctx->ncache, SSS_DP_INITGROUPS,
+ ifp_ctx->rctx->ncache, SSS_DP_INITGROUPS,
group_req->name, group_req->attrs);
if (req == NULL) {
return sbus_request_finish(dbus_req, NULL);
--
2.5.5
>From 87b9367afcc2f248353a1d1103536d7a76588111 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Thu, 5 May 2016 04:46:50 -0400
Subject: [PATCH 4/6] RESPONDER: Removing ncache from pac_ctx
This patch switches ncache from pac_ctx to resp_ctx.
---
src/responder/pac/pacsrv.c | 11 -----------
src/responder/pac/pacsrv.h | 2 --
src/responder/pac/pacsrv_cmd.c | 2 +-
3 files changed, 1 insertion(+), 14 deletions(-)
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index f2cc7f95a6928db0b070ec96f1ff5f691193c64a..b4b033b68a847ed6058fbe8364cf362a950f0782 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -111,7 +111,6 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
struct pac_ctx *pac_ctx;
int ret, max_retries;
- uint32_t neg_timeout;
enum idmap_error_code err;
int fd_limit;
char *uid_str;
@@ -196,16 +195,6 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
- if (ret != EOK) goto fail;
-
- ret = sss_ncache_init(pac_ctx, neg_timeout, &pac_ctx->ncache);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Failed to initializing negative cache\n");
- goto fail;
- }
-
ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY,
CONFDB_PAC_LIFETIME, 300,
&pac_ctx->pac_lifetime);
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index b2899bff2273f20b7f6cff109f605c1740175799..aea16f39ff41bf1c718f99c9bd448dc7aedf7e47 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -35,8 +35,6 @@ struct pac_ctx {
struct dom_sid *my_dom_sid;
struct local_mapping_ranges *range_map;
int pac_lifetime;
-
- struct sss_nc_ctx *ncache;
};
struct sss_cmd_table *get_pac_cmds(void);
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 8f5404150f79164200851345251bda85e828fd9d..0e2b25c3367a3babab8042d9d6917804f0e2fdb8 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -197,7 +197,7 @@ static errno_t pac_resolve_user_sid_next(struct pac_req_ctx *pr_ctx)
req = cache_req_object_by_sid_send(pr_ctx, pr_ctx->cctx->ev,
pr_ctx->cctx->rctx,
- pr_ctx->pac_ctx->ncache,
+ pr_ctx->pac_ctx->rctx->ncache,
0, pr_ctx->dom->name,
pr_ctx->user_sid_str,
pw_attrs);
--
2.5.5
>From 18fee4d016f043d2237f0ad10c06cfe0a9db7bb2 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Thu, 5 May 2016 05:12:48 -0400
Subject: [PATCH 5/6] RESPONDER: Removing ncache from pam_ctx
This patch switches ncache from pam_ctx to resp_ctx.
---
src/responder/pam/pamsrv.c | 15 ++-------------
src/responder/pam/pamsrv.h | 1 -
src/responder/pam/pamsrv_cmd.c | 10 ++++++----
src/tests/cmocka/test_pam_srv.c | 3 ---
4 files changed, 8 insertions(+), 21 deletions(-)
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 78521e895fc50abed679293f67d050d0a609867a..6596ccd755e46e2fa8a50c52099add57031827ed 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -191,7 +191,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
struct pam_ctx *pctx;
int ret, max_retries;
- uint32_t neg_timeout;
int id_timeout;
int fd_limit;
@@ -259,17 +258,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
pctx->id_timeout = (size_t)id_timeout;
- ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
- if (ret != EOK) goto done;
-
- ret = sss_ncache_init(pctx, neg_timeout, &pctx->ncache);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "fatal error initializing negative cache\n");
- goto done;
- }
-
- ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx);
+ ret = sss_ncache_prepopulate(pctx->rctx->ncache, cdb, pctx->rctx);
if (ret != EOK) {
goto done;
}
@@ -296,7 +285,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx, pctx->ncache);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, pctx->rctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto done;
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
index a4d2ae69eb4093da1566748198a6f644c528a857..e686d03a4a2ab19614dd9231f7874abf0688fa2c 100644
--- a/src/responder/pam/pamsrv.h
+++ b/src/responder/pam/pamsrv.h
@@ -33,7 +33,6 @@ typedef void (pam_dp_callback_t)(struct pam_auth_req *preq);
struct pam_ctx {
struct resp_ctx *rctx;
- struct sss_nc_ctx *ncache;
time_t id_timeout;
hash_table_t *id_table;
size_t trusted_uids_count;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 6fd934509090cd35d0c552a036e058a301a54773..a25d2ef6408598d291236c907b5702b8b2b3fbe2 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1142,7 +1142,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
goto done;
}
- ncret = sss_ncache_check_user(pctx->ncache, preq->domain, pd->user);
+ ncret = sss_ncache_check_user(pctx->rctx->ncache,
+ preq->domain, pd->user);
if (ncret == EEXIST) {
/* User found in the negative cache */
ret = ENOENT;
@@ -1154,7 +1155,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
dom = get_next_domain(dom, 0)) {
if (dom->fqnames) continue;
- ncret = sss_ncache_check_user(pctx->ncache, dom, pd->user);
+ ncret = sss_ncache_check_user(pctx->rctx->ncache,
+ dom, pd->user);
if (ncret == ENOENT) {
/* User not found in the negative cache
* Proceed with PAM actions
@@ -1247,7 +1249,7 @@ static void pam_forwarder_cert_cb(struct tevent_req *req)
req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx,
- pctx->ncache, 0, NULL, cert);
+ pctx->rctx->ncache, 0, NULL, cert);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n");
ret = ENOMEM;
@@ -1504,7 +1506,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
if (ret == ENOENT) {
if (preq->check_provider == false) {
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_user(pctx->ncache, false, dom, name);
+ ret = sss_ncache_set_user(pctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
/* Should not be fatal, just slower next time */
DEBUG(SSSDBG_MINOR_FAILURE,
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index d88d9a03681189ffe731827550e375d203e5982d..1e3ac542cf4610cd411f7b335930d8e1a1753e89 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -177,9 +177,6 @@ struct pam_ctx *mock_pctx(TALLOC_CTX *mem_ctx)
pctx = talloc_zero(mem_ctx, struct pam_ctx);
assert_non_null(pctx);
- ret = sss_ncache_init(pctx, 10, &pctx->ncache);
- assert_int_equal(ret, EOK);
-
ret = sss_hash_create(pctx, 10, &pctx->id_table);
assert_int_equal(ret, EOK);
--
2.5.5
>From 21d79db14d1633e727b9d0992dd43488fc0d2c50 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Thu, 5 May 2016 05:26:00 -0400
Subject: [PATCH 6/6] RESPONDER: Removing ncache from sudo_ctx
This patch switches ncache from sudo_ctx to resp_ctx.
---
src/responder/sudo/sudosrv.c | 13 +------------
src/responder/sudo/sudosrv_get_sudorules.c | 3 ++-
src/responder/sudo/sudosrv_private.h | 2 --
3 files changed, 3 insertions(+), 15 deletions(-)
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index cf131853d16314356e18063972812f56ccbb4386..73c91b1f820ed686336a12b3613b81a406a53073 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -90,7 +90,6 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
int ret;
int max_retries;
- uint32_t neg_timeout;
sudo_cmds = get_sudo_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
@@ -115,20 +114,10 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
- if (ret != EOK) goto fail;
-
- ret = sss_ncache_init(rctx, neg_timeout, &sudo_ctx->ncache);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "fatal error initializing ncache\n");
- goto fail;
- }
-
sudo_ctx->rctx = rctx;
sudo_ctx->rctx->pvt_ctx = sudo_ctx;
- sss_ncache_prepopulate(sudo_ctx->ncache, sudo_ctx->rctx->cdb, rctx);
+ sss_ncache_prepopulate(sudo_ctx->rctx->ncache, sudo_ctx->rctx->cdb, rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"failed to set ncache for sudo's filter_users\n");
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index b981a3252a5d2ad48c302515292863b6ebb31ec1..9095d77ba022ce0f4c6c830ca142a2cdebce8670 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -457,7 +457,8 @@ struct tevent_req *sudosrv_get_rules_send(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_TRACE_FUNC, "Running initgroups for [%s]\n", username);
subreq = cache_req_initgr_by_name_send(state, ev, sudo_ctx->rctx,
- sudo_ctx->ncache, 0, NULL, username);
+ sudo_ctx->rctx->ncache, 0, NULL,
+ username);
if (subreq == NULL) {
ret = ENOMEM;
goto immediately;
diff --git a/src/responder/sudo/sudosrv_private.h b/src/responder/sudo/sudosrv_private.h
index a44d724ed488415ffb6f7d0276614eee017f98a1..94f3c4458ab20e64db3e0bfce726d5d30a70a202 100644
--- a/src/responder/sudo/sudosrv_private.h
+++ b/src/responder/sudo/sudosrv_private.h
@@ -43,8 +43,6 @@ enum sss_sudo_type {
struct sudo_ctx {
struct resp_ctx *rctx;
- struct sss_nc_ctx *ncache;
-
/*
* options
*/
--
2.5.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org