Hello,

this patch set moves negative cache from particular context of given responder to common context resp_ctx.

It is reaction on Fix taloc context for negative cache [1]. And it replaces it.

It is applicable after [PATCH SET] Make the negcache timeout part of nc_ctx [2]

For clarity, there is branch with all negative cache's patches [3].


Links:

[1] https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26529.html

[2] https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26515.html

[3] https://github.com/celestian/sssd/commits/ncache_v2


Regards

--
Petr^4 Čech
>From b71de52198cede4a91744378e9254a8c9b3667ca Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Mon, 2 May 2016 09:55:47 -0400
Subject: [PATCH 1/6] RESPONDERS: Negcache in resp_ctx preparing

Preparation for initialization of negative cache in common responder.
---
 Makefile.am                              |  6 ++--
 src/responder/common/responder.h         |  2 ++
 src/responder/common/responder_common.c  | 47 ++++++++++++++++++++++++++++++++
 src/tests/cmocka/common_mock_resp.c      |  6 ++++
 src/tests/cmocka/test_responder_common.c | 34 +++++++++++++++--------
 src/tests/cwrap/Makefile.am              |  1 +
 6 files changed, 83 insertions(+), 13 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 7161bef3c9b47db92a390220e3f285c7b5d2d812..dc477249be0dab29cef490cf4fb558b5e8b16d3c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1790,6 +1790,7 @@ sss_idmap_tests_LDADD = \
 
 responder_socket_access_tests_SOURCES = \
     src/tests/responder_socket_access-tests.c \
+    src/responder/common/negcache.c \
     src/responder/common/responder_common.c \
     src/responder/common/responder_packet.c \
     src/responder/common/responder_cmd.c
@@ -1965,13 +1966,14 @@ pam_srv_tests_LDADD = \
 EXTRA_responder_get_domains_tests_DEPENDENCIES = \
      $(ldblib_LTLIBRARIES)
 responder_get_domains_tests_SOURCES = \
-     src/responder/common/responder_get_domains.c \
+     $(SSSD_RESPONDER_OBJ) \
      src/tests/cmocka/test_responder_common.c \
      src/tests/cmocka/common_mock_resp.c
 responder_get_domains_tests_CFLAGS = \
     $(AM_CFLAGS)
 responder_get_domains_tests_LDFLAGS = \
-    -Wl,-wrap,sss_parse_name_for_domains
+    -Wl,-wrap,sss_parse_name_for_domains \
+    -Wl,-wrap,sss_ncache_reset_repopulate_permanent
 responder_get_domains_tests_LDADD = \
     $(CMOCKA_LIBS) \
     $(SSSD_LIBS) \
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 56ff2b3ec9348ee50df6f93770369f6a2b40ff6d..d3f5c8d94000a7b0ca8f41fb3cb40b32186d391e 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -92,6 +92,8 @@ struct resp_ctx {
     const char *sock_name;
     const char *priv_sock_name;
 
+    struct sss_nc_ctx *ncache;
+
     struct sbus_connection *mon_conn;
     struct be_conn *be_conns;
 
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 639356749f3c70c6b8c743f62856dfeb3c2db731..4f620f7d9bc47db374144f008d1855fbe1178f50 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -756,6 +756,47 @@ static int sss_responder_ctx_destructor(void *ptr)
     return 0;
 }
 
+static errno_t responder_init_ncache(TALLOC_CTX *mem_ctx,
+                                     struct confdb_ctx *cdb,
+                                     struct sss_nc_ctx **ncache)
+{
+    uint32_t neg_timeout;
+    int tmp_value;
+    int ret;
+
+    /* neg_timeout */
+    ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
+                         CONFDB_NSS_ENTRY_NEG_TIMEOUT,
+                         15, &tmp_value);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Fatal failure of setup negative cache timeout.\n");
+        ret = ENOENT;
+        goto done;
+    }
+
+    if (tmp_value < 0) {
+        ret = EINVAL;
+        goto done;
+    }
+
+    neg_timeout = tmp_value;
+    ret = EOK;
+
+    /* negative cache init */
+    ret = sss_ncache_init(mem_ctx, neg_timeout, ncache);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Fatal failure of initializing negative cache.\n");
+        goto done;
+    }
+
+    ret = EOK;
+
+done:
+    return ret;
+}
+
 int sss_process_init(TALLOC_CTX *mem_ctx,
                      struct tevent_context *ev,
                      struct confdb_ctx *cdb,
@@ -913,6 +954,12 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
         goto fail;
     }
 
+    ret = responder_init_ncache(rctx, rctx->cdb, &rctx->ncache);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n");
+        goto fail;
+    }
+
     DEBUG(SSSDBG_TRACE_FUNC, "Responder Initialization complete\n");
 
     *responder_ctx = rctx;
diff --git a/src/tests/cmocka/common_mock_resp.c b/src/tests/cmocka/common_mock_resp.c
index 767d4d7e1455d0998e6511cefa595ec6238ba07d..8bcf18b800d8f64d5ddff9b6524eb209aa88f213 100644
--- a/src/tests/cmocka/common_mock_resp.c
+++ b/src/tests/cmocka/common_mock_resp.c
@@ -42,6 +42,12 @@ mock_rctx(TALLOC_CTX *mem_ctx,
         return NULL;
     }
 
+    ret = sss_ncache_init(rctx, 10, &rctx->ncache);
+    if (ret != EOK) {
+        talloc_free(rctx);
+        return NULL;
+    }
+
     rctx->ev = ev;
     rctx->domains = domains;
     rctx->pvt_ctx = pvt_ctx;
diff --git a/src/tests/cmocka/test_responder_common.c b/src/tests/cmocka/test_responder_common.c
index 48e0e91a3686bb19adf4719b1bc744348670e6b3..e145aa77ec4b4f6689f9222bec6ac4c573a8d0b2 100644
--- a/src/tests/cmocka/test_responder_common.c
+++ b/src/tests/cmocka/test_responder_common.c
@@ -35,16 +35,28 @@
 
 #define NAME "username"
 
+/* register_cli_protocol_version is required in test since it links with
+ * responder_common.c module
+ */
+struct cli_protocol_version *register_cli_protocol_version(void)
+{
+    static struct cli_protocol_version responder_test_cli_protocol_version[] = {
+        {0, NULL, NULL}
+    };
+
+    return responder_test_cli_protocol_version;
+}
+
 static void
 mock_sss_dp_done(struct tevent_context *ev,
                  struct tevent_immediate *imm,
                  void *pvt);
 
 errno_t
-sss_dp_issue_request(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
-                     const char *strkey, struct sss_domain_info *dom,
-                     dbus_msg_constructor msg_create, void *pvt,
-                     struct tevent_req *nreq)
+__wrap_sss_dp_issue_request(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
+                            const char *strkey, struct sss_domain_info *dom,
+                            dbus_msg_constructor msg_create, void *pvt,
+                            struct tevent_req *nreq)
 {
     struct tevent_immediate *imm;
 
@@ -69,11 +81,11 @@ mock_sss_dp_done(struct tevent_context *ev,
 }
 
 errno_t
-sss_dp_req_recv(TALLOC_CTX *mem_ctx,
-                struct tevent_req *sidereq,
-                dbus_uint16_t *dp_err,
-                dbus_uint32_t *dp_ret,
-                char **err_msg)
+__wrap_sss_dp_req_recv(TALLOC_CTX *mem_ctx,
+                       struct tevent_req *sidereq,
+                       dbus_uint16_t *dp_err,
+                       dbus_uint32_t *dp_ret,
+                       char **err_msg)
 {
     return EOK;
 }
@@ -271,8 +283,8 @@ struct sss_nc_ctx {
     struct parse_inp_test_ctx *pctx;
 };
 
-errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
-                                              struct sss_nc_ctx *dummy_ncache_ptr)
+errno_t __wrap_sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
+                                                     struct sss_nc_ctx *dummy_ncache_ptr)
 {
     test_ev_done(dummy_ncache_ptr->pctx->tctx, EOK);
     return EOK;
diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
index ee9970667ab1ff8d5d84279113a773c183a4d739..a5afb8c020ee00b680aac0680bcf6f6495dd8222 100644
--- a/src/tests/cwrap/Makefile.am
+++ b/src/tests/cwrap/Makefile.am
@@ -106,6 +106,7 @@ usertools_tests_LDADD = \
 
 responder_common_tests_SOURCES =\
     test_responder_common.c \
+    ../../../src/responder/common/negcache.c \
     ../../../src/responder/common/responder_common.c \
     ../../../src/responder/common/responder_packet.c \
     ../../../src/responder/common/responder_cmd.c \
-- 
2.5.5

>From ee660b069f63971047d98bd98313dfa54709ce6c Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Wed, 4 May 2016 11:36:18 -0400
Subject: [PATCH 2/6] RESPONDER: Removing ncache from nss_ctx

This patch switches ncache from nss_ctx to resp_ctx.
---
 src/responder/nss/nsssrv.c          | 15 ++-------
 src/responder/nss/nsssrv.h          |  2 --
 src/responder/nss/nsssrv_cmd.c      | 67 +++++++++++++++++--------------------
 src/responder/nss/nsssrv_netgroup.c |  4 +--
 src/responder/nss/nsssrv_services.c | 12 +++----
 src/tests/cmocka/test_negcache.c    |  6 ----
 src/tests/cmocka/test_nss_srv.c     |  6 ----
 7 files changed, 40 insertions(+), 72 deletions(-)

diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 363ee7bffac5a3fa61a9d81ae5821ed6ffaa50d7..2cc934c45b27bcb423e88d6bf6886e40e1168ca3 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -247,7 +247,7 @@ static int nss_get_config(struct nss_ctx *nctx,
         nctx->cache_refresh_percent = 0;
     }
 
-    ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx);
+    ret = sss_ncache_prepopulate(nctx->rctx->ncache, cdb, nctx->rctx);
     if (ret != EOK) {
         goto done;
     }
@@ -411,7 +411,6 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
     enum idmap_error_code err;
     int hret;
     int fd_limit;
-    uint32_t neg_timeout;
 
     nss_cmds = get_nss_cmds();
 
@@ -436,16 +435,6 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
         goto fail;
     }
 
-    ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
-    if (ret != EOK) goto fail;
-
-    ret = sss_ncache_init(rctx, neg_timeout, &nctx->ncache);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_FATAL_FAILURE,
-              "fatal error initializing negative cache\n");
-        goto fail;
-    }
-
     nctx->rctx = rctx;
     nctx->rctx->pvt_ctx = nctx;
 
@@ -545,7 +534,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
     }
     responder_set_fd_limit(fd_limit);
 
-    ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->ncache);
+    ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->rctx->ncache);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
         goto fail;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 28e62b78acf85299c5d813182fca68ca964549d3..2977479aa52082480f92eab94f7833e2e696a9ac 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -44,8 +44,6 @@ struct sss_mc_ctx;
 struct nss_ctx {
     struct resp_ctx *rctx;
 
-    struct sss_nc_ctx *ncache;
-
     int cache_refresh_percent;
 
     int enum_cache_timeout;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 30daf4bc5791283f20c2d39725e487ac827347ce..0c7bf8adad8695082e7dfb376836c2398f6b46b4 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -108,14 +108,7 @@ struct setent_ctx {
 
 static int nss_reset_negcache(struct resp_ctx *rctx)
 {
-    struct nss_ctx *nss_ctx;
-
-    nss_ctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
-    if (nss_ctx == NULL) {
-        return EIO;
-    }
-
-    return sss_ncache_reset_repopulate_permanent(rctx, nss_ctx->ncache);
+    return sss_ncache_reset_repopulate_permanent(rctx, rctx->ncache);
 }
 
 /****************************************************************************
@@ -408,7 +401,7 @@ static int fill_pwent(struct sss_packet *packet,
         }
 
         if (filter_users) {
-            ncret = sss_ncache_check_user(nctx->ncache, dom, orig_name);
+            ncret = sss_ncache_check_user(nctx->rctx->ncache, dom, orig_name);
             if (ncret == EEXIST) {
                 DEBUG(SSSDBG_TRACE_FUNC,
                       "User [%s@%s] filtered out! (negative cache)\n",
@@ -1007,7 +1000,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
 
         /* verify this user has not yet been negatively cached,
         * or has been permanently filtered */
-        ret = sss_ncache_check_user(nctx->ncache, dom, name);
+        ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
 
         /* if neg cached, return we didn't find it */
         if (ret == EEXIST) {
@@ -1087,7 +1080,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
 
         if (dctx->res->count == 0 && !dctx->check_provider) {
             /* set negative cache only if not result of cache check */
-            ret = sss_ncache_set_user(nctx->ncache, false, dom, name);
+            ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
                       name, dom->name);
@@ -1266,7 +1259,7 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
          * here. */
         switch (dctx->cmdctx->cmd) {
         case SSS_NSS_GETPWUID:
-            ret = sss_ncache_set_uid(nctx->ncache, false, dctx->domain,
+            ret = sss_ncache_set_uid(nctx->rctx->ncache, false, dctx->domain,
                                      cmdctx->id);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
@@ -1276,7 +1269,7 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
             gnd_flags = SSS_GND_DESCEND;
             break;
         case SSS_NSS_GETGRGID:
-            ret = sss_ncache_set_gid(nctx->ncache, false, dctx->domain,
+            ret = sss_ncache_set_gid(nctx->rctx->ncache, false, dctx->domain,
                                      cmdctx->id);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
@@ -1286,14 +1279,14 @@ static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min,
             gnd_flags = SSS_GND_DESCEND;
             break;
         case SSS_NSS_GETSIDBYID:
-            ret = sss_ncache_set_uid(nctx->ncache, false, dctx->domain,
+            ret = sss_ncache_set_uid(nctx->rctx->ncache, false, dctx->domain,
                                      cmdctx->id);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                       "Cannot set negative cache for UID %"PRIu32"\n",
                        cmdctx->id);
             }
-            ret = sss_ncache_set_gid(nctx->ncache, false, dctx->domain,
+            ret = sss_ncache_set_gid(nctx->rctx->ncache, false, dctx->domain,
                                      cmdctx->id);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
@@ -1876,7 +1869,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
 done:
     if (ret == ENOENT) {
         /* The entry was not found, need to set result in negative cache */
-        err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id);
+        err = sss_ncache_set_uid(nctx->rctx->ncache, false, NULL, cmdctx->id);
         if (err != EOK) {
             DEBUG(SSSDBG_MINOR_FAILURE,
                 "Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id);
@@ -1947,7 +1940,7 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
 
     switch(dctx->cmdctx->cmd) {
     case SSS_NSS_GETPWUID:
-        ret = sss_ncache_check_uid(nctx->ncache, NULL, cmdctx->id);
+        ret = sss_ncache_check_uid(nctx->rctx->ncache, NULL, cmdctx->id);
         if (ret == EEXIST) {
             DEBUG(SSSDBG_TRACE_FUNC,
                   "Uid [%"PRIu32"] does not exist! (negative cache)\n",
@@ -1957,7 +1950,7 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
         }
         break;
     case SSS_NSS_GETGRGID:
-        ret = sss_ncache_check_gid(nctx->ncache, NULL, cmdctx->id);
+        ret = sss_ncache_check_gid(nctx->rctx->ncache, NULL, cmdctx->id);
         if (ret == EEXIST) {
             DEBUG(SSSDBG_TRACE_FUNC,
                   "Gid [%"PRIu32"] does not exist! (negative cache)\n",
@@ -1967,9 +1960,9 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
         }
         break;
     case SSS_NSS_GETSIDBYID:
-        ret = sss_ncache_check_uid(nctx->ncache, NULL, cmdctx->id);
+        ret = sss_ncache_check_uid(nctx->rctx->ncache, NULL, cmdctx->id);
         if (ret != EEXIST) {
-            ret = sss_ncache_check_gid(nctx->ncache, NULL, cmdctx->id);
+            ret = sss_ncache_check_gid(nctx->rctx->ncache, NULL, cmdctx->id);
         }
         if (ret == EEXIST) {
             DEBUG(SSSDBG_TRACE_FUNC,
@@ -2823,7 +2816,7 @@ static int fill_members(struct sss_packet *packet,
         }
 
         if (nctx->filter_users_in_groups) {
-            ret = sss_ncache_check_user(nctx->ncache, dom, tmpstr);
+            ret = sss_ncache_check_user(nctx->rctx->ncache, dom, tmpstr);
             if (ret == EEXIST) {
                 DEBUG(SSSDBG_TRACE_FUNC,
                       "Group [%s] member [%s@%s] filtered out!"
@@ -2979,7 +2972,7 @@ static int fill_grent(struct sss_packet *packet,
         }
 
         if (filter_groups) {
-            ret = sss_ncache_check_group(nctx->ncache, dom, orig_name);
+            ret = sss_ncache_check_group(nctx->rctx->ncache, dom, orig_name);
             if (ret == EEXIST) {
                 DEBUG(SSSDBG_TRACE_FUNC,
                       "Group [%s@%s] filtered out! (negative cache)\n",
@@ -3216,7 +3209,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
 
         /* verify this group has not yet been negatively cached,
         * or has been permanently filtered */
-        ret = sss_ncache_check_group(nctx->ncache, dom, name);
+        ret = sss_ncache_check_group(nctx->rctx->ncache, dom, name);
 
         /* if neg cached, return we didn't find it */
         if (ret == EEXIST) {
@@ -3262,7 +3255,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
 
         if (dctx->res->count == 0 && !dctx->check_provider) {
             /* set negative cache only if not result of cache check */
-            ret = sss_ncache_set_group(nctx->ncache, false, dom, name);
+            ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
                       name, dom->name);
@@ -3453,7 +3446,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
 done:
     if (ret == ENOENT) {
         /* The entry was not found, need to set result in negative cache */
-        err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id);
+        err = sss_ncache_set_gid(nctx->rctx->ncache, false, NULL, cmdctx->id);
         if (err != EOK) {
             DEBUG(SSSDBG_MINOR_FAILURE,
                 "Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id);
@@ -4333,7 +4326,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
 
         /* verify this user has not yet been negatively cached,
         * or has been permanently filtered */
-        ret = sss_ncache_check_user(nctx->ncache, dom, name);
+        ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
 
         /* if neg cached, return we didn't find it */
         if (ret == EEXIST) {
@@ -4408,7 +4401,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
 
         if (dctx->res->count == 0 && !dctx->check_provider) {
             /* set negative cache only if not result of cache check */
-            ret = sss_ncache_set_user(nctx->ncache, false, dom, name);
+            ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
                       name, dom->name);
@@ -4542,9 +4535,9 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
             DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%"PRIu32"@%s]\n",
                                       cmdctx->id, dom->name);
 
-            ret = sss_ncache_check_uid(nctx->ncache, dom, cmdctx->id);
+            ret = sss_ncache_check_uid(nctx->rctx->ncache, dom, cmdctx->id);
             if (ret == EEXIST) {
-                ret = sss_ncache_check_gid(nctx->ncache, dom, cmdctx->id);
+                ret = sss_ncache_check_gid(nctx->rctx->ncache, dom, cmdctx->id);
                 if (ret == EEXIST) {
                     DEBUG(SSSDBG_TRACE_FUNC,
                           "ID [%"PRIu32"] does not exist in [%s]! (negative cache)\n",
@@ -4595,10 +4588,10 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
 
             /* verify this name has not yet been negatively cached, as user
              * and groupm, or has been permanently filtered */
-            ret = sss_ncache_check_user(nctx->ncache, dom, name);
+            ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
 
             if (ret == EEXIST) {
-                ret = sss_ncache_check_group(nctx->ncache, dom, name);
+                ret = sss_ncache_check_group(nctx->rctx->ncache, dom, name);
                 if (ret == EEXIST) {
                     /* if neg cached, return we didn't find it */
                     DEBUG(SSSDBG_TRACE_FUNC,
@@ -4721,13 +4714,13 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
         if (dctx->res->count == 0 && !dctx->check_provider) {
             if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME
                     || cmdctx->cmd == SSS_NSS_GETORIGBYNAME) {
-                ret = sss_ncache_set_user(nctx->ncache, false, dom, name);
+                ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
                 if (ret != EOK) {
                     DEBUG(SSSDBG_MINOR_FAILURE,
                           "Cannot set negcache for %s@%s\n", name, dom->name);
                 }
 
-                ret = sss_ncache_set_group(nctx->ncache, false, dom, name);
+                ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
                 if (ret != EOK) {
                     DEBUG(SSSDBG_MINOR_FAILURE,
                           "Cannot set negcache for %s@%s\n", name, dom->name);
@@ -4796,13 +4789,13 @@ done:
         if (cmdctx->cmd == SSS_NSS_GETSIDBYID) {
             DEBUG(SSSDBG_MINOR_FAILURE,
                 "No matching domain found for [%"PRIu32"], fail!\n", cmdctx->id);
-            err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id);
+            err = sss_ncache_set_uid(nctx->rctx->ncache, false, NULL, cmdctx->id);
             if (err != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                     "Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id);
             }
 
-            err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id);
+            err = sss_ncache_set_gid(nctx->rctx->ncache, false, NULL, cmdctx->id);
             if (err != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                     "Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id);
@@ -4838,7 +4831,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
 
     /* verify this user has not yet been negatively cached,
         * or has been permanently filtered */
-    ret = sss_ncache_check_sid(nctx->ncache, cmdctx->secid);
+    ret = sss_ncache_check_sid(nctx->rctx->ncache, cmdctx->secid);
     if (ret == EEXIST) {
         DEBUG(SSSDBG_TRACE_FUNC,
               "SID [%s] does not exist! (negative cache)\n", cmdctx->secid);
@@ -4852,7 +4845,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
             DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n");
 
             /* set negative cache only if not result of cache check */
-            ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid);
+            ret = sss_ncache_set_sid(nctx->rctx->ncache, false, cmdctx->secid);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                       "Cannot set negative cache for %s\n", cmdctx->secid);
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index cde3a207430c6e42cc71036242e04fce48ac94f5..a3c74a3fd2050a63dff3d69224bcf0cc59b2a9bf 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -467,7 +467,7 @@ static errno_t create_negcache_netgr(struct setent_step_ctx *step_ctx)
     netgr->ready = true;
     netgr->found = false;
 
-    lifetime = sss_ncache_get_timeout(step_ctx->nctx->ncache);
+    lifetime = sss_ncache_get_timeout(step_ctx->nctx->rctx->ncache);
     set_netgr_lifetime(lifetime, step_ctx, netgr);
 
     ret = EOK;
@@ -587,7 +587,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
                   "Failed to convert results into entries\n");
             netgr->ready = true;
             netgr->found = false;
-            lifetime = sss_ncache_get_timeout(step_ctx->nctx->ncache);
+            lifetime = sss_ncache_get_timeout(step_ctx->nctx->rctx->ncache);
             set_netgr_lifetime(lifetime, step_ctx, netgr);
             ret = EIO;
             goto done;
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index 213d2926b3abb87d0b95ebcc6836e87b0df15754..05f9d52fad299bc4621d0890c95a10d9b8cd842d 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -174,7 +174,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
          /* If we're looking up by name */
          if (service_name) {
              /* Check the negative cache */
-             ret = sss_ncache_check_service(nctx->ncache, dom,
+             ret = sss_ncache_check_service(nctx->rctx->ncache, dom,
                                             SVC_NAME_CASED, SVC_PROTO_CASED);
              /* If negatively cached, return we didn't find it */
              if (ret == EEXIST) {
@@ -213,7 +213,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
                                        &state->res);
          } else { /* Looking up by port */
              /* Check the negative cache */
-             ret = sss_ncache_check_service_port(nctx->ncache, dom, port,
+             ret = sss_ncache_check_service_port(nctx->rctx->ncache, dom, port,
                                                  SVC_PROTO_CASED);
              /* If negatively cached, return we didn't find it */
              if (ret == EEXIST) {
@@ -262,7 +262,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
              } else {
                  /* No provider to check. Set the negative cache here */
                  if (state->name) {
-                     ret = sss_ncache_set_service_name(nctx->ncache, false,
+                     ret = sss_ncache_set_service_name(nctx->rctx->ncache, false,
                                                        dom,
                                                        SVC_NAME_CASED,
                                                        SVC_PROTO_CASED);
@@ -275,7 +275,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
                                 SVC_NAME_CASED, SVC_PROTO_CASED);
                      }
                  } else {
-                     ret = sss_ncache_set_service_port(nctx->ncache, false,
+                     ret = sss_ncache_set_service_port(nctx->rctx->ncache, false,
                                                        dom,
                                                        state->port,
                                                        SVC_PROTO_CASED);
@@ -510,7 +510,7 @@ static void lookup_service_done(struct tevent_req *subreq)
          * Set the negative cache
          */
         if (state->name) {
-            ret = sss_ncache_set_service_name(nctx->ncache, false,
+            ret = sss_ncache_set_service_name(nctx->rctx->ncache, false,
                                               dom,
                                               SVC_NAME_CASED,
                                               SVC_PROTO_CASED);
@@ -523,7 +523,7 @@ static void lookup_service_done(struct tevent_req *subreq)
                        SVC_NAME_CASED, SVC_PROTO_CASED);
             }
         } else {
-            ret = sss_ncache_set_service_port(nctx->ncache, false,
+            ret = sss_ncache_set_service_port(nctx->rctx->ncache, false,
                                               dom,
                                               state->port,
                                               SVC_PROTO_CASED);
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index 99d61fbc646e86de8fdb775dce3e062ce5b66b8a..e309ce6456ddaa425568d263964e7a01a653eaf5 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -71,7 +71,6 @@ static struct nss_ctx *
 mock_nctx(TALLOC_CTX *mem_ctx)
 {
     struct nss_ctx *nctx;
-    errno_t ret;
     enum idmap_error_code err;
 
     nctx = talloc_zero(mem_ctx, struct nss_ctx);
@@ -79,11 +78,6 @@ mock_nctx(TALLOC_CTX *mem_ctx)
         return NULL;
     }
 
-    ret = sss_ncache_init(nctx, SHORTSPAN, &nctx->ncache);
-    if (ret != EOK) {
-        talloc_free(nctx);
-        return NULL;
-    }
     nctx->pwfield = discard_const("*");
 
     err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 9471e51bd8203a2112e300b3590e5b313df9494a..3064a96ea30633b5d65a874b16f7a17d9b87101e 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -62,7 +62,6 @@ struct nss_ctx *
 mock_nctx(TALLOC_CTX *mem_ctx)
 {
     struct nss_ctx *nctx;
-    errno_t ret;
     enum idmap_error_code err;
 
     nctx = talloc_zero(mem_ctx, struct nss_ctx);
@@ -70,11 +69,6 @@ mock_nctx(TALLOC_CTX *mem_ctx)
         return NULL;
     }
 
-    ret = sss_ncache_init(nctx, 10, &nctx->ncache);
-    if (ret != EOK) {
-        talloc_free(nctx);
-        return NULL;
-    }
     nctx->pwfield = discard_const("*");
 
     err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
-- 
2.5.5

>From c4393245babd4177cc4dddc94367e5493449f4bf Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Wed, 4 May 2016 13:36:53 -0400
Subject: [PATCH 3/6] RESPONDER: Removing ncache from ifp_ctx

This patch switches ncache from ifp_ctx to resp_ctx.
---
 src/responder/ifp/ifp_groups.c  |  9 +++++----
 src/responder/ifp/ifp_private.h |  1 -
 src/responder/ifp/ifp_users.c   |  9 +++++----
 src/responder/ifp/ifpsrv.c      | 11 -----------
 src/responder/ifp/ifpsrv_cmd.c  |  4 ++--
 5 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
index 411cebc12079e01b05d341ca98f159f30d9395a1..1c1f1a7705ed6384c23ebe4a7aebf2b6e5ee1edb 100644
--- a/src/responder/ifp/ifp_groups.c
+++ b/src/responder/ifp/ifp_groups.c
@@ -118,7 +118,7 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req,
     }
 
     req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
-                                       ctx->ncache, 0, NULL, name);
+                                       ctx->rctx->ncache, 0, NULL, name);
     if (req == NULL) {
         return ENOMEM;
     }
@@ -188,7 +188,7 @@ int ifp_groups_find_by_id(struct sbus_request *sbus_req,
     }
 
     req = cache_req_group_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx,
-                                     ctx->ncache, 0, NULL, id);
+                                     ctx->rctx->ncache, 0, NULL, id);
     if (req == NULL) {
         return ENOMEM;
     }
@@ -526,7 +526,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx,
     }
 
     subreq = cache_req_group_by_name_send(state, ev, ctx->rctx,
-                                          ctx->ncache, 0, domain->name, name);
+                                          ctx->rctx->ncache, 0, domain->name, name);
     if (subreq == NULL) {
         ret = ENOMEM;
         goto immediately;
@@ -604,7 +604,8 @@ errno_t resolv_ghosts_step(struct tevent_req *req)
     }
 
     subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx,
-                                   state->ctx->ncache, 0, state->domain->name,
+                                   state->ctx->rctx->ncache, 0,
+                                   state->domain->name,
                                    state->ghosts[state->index]);
     if (subreq == NULL) {
         return ENOMEM;
diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h
index 9eacdbb9e43a17db4800eb0eb12cdc3e4f130741..24e60df48f6525348cecee7f31bc69751b287108 100644
--- a/src/responder/ifp/ifp_private.h
+++ b/src/responder/ifp/ifp_private.h
@@ -39,7 +39,6 @@ struct sysbus_ctx {
 struct ifp_ctx {
     struct resp_ctx *rctx;
     struct sss_names_ctx *snctx;
-    struct sss_nc_ctx *ncache;
 
     struct sysbus_ctx *sysbus;
     const char **user_whitelist;
diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
index f362ea289be2a2188b588ebaf69c1d98d432c29f..e16ee65009666e8866027bb8e42cdc777ebeed31 100644
--- a/src/responder/ifp/ifp_users.c
+++ b/src/responder/ifp/ifp_users.c
@@ -99,7 +99,7 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req,
     }
 
     req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
-                                      ctx->ncache, 0, NULL, name);
+                                      ctx->rctx->ncache, 0, NULL, name);
     if (req == NULL) {
         return ENOMEM;
     }
@@ -169,7 +169,7 @@ int ifp_users_find_by_id(struct sbus_request *sbus_req,
     }
 
     req = cache_req_user_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx,
-                                    ctx->ncache, 0, NULL, id);
+                                    ctx->rctx->ncache, 0, NULL, id);
     if (req == NULL) {
         return ENOMEM;
     }
@@ -255,7 +255,7 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data,
     }
 
     req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx,
-                                      ctx->ncache, 0, NULL, derb64);
+                                      ctx->rctx->ncache, 0, NULL, derb64);
     if (req == NULL) {
         return ENOMEM;
     }
@@ -651,7 +651,8 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req,
     }
 
     req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
-                                        ctx->ncache, 0, domain->name, username);
+                                        ctx->rctx->ncache, 0, domain->name,
+                                        username);
     if (req == NULL) {
         return ENOMEM;
     }
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index 55a182143b82c7eedfa4f4619adc6ab1de73bf4d..879e00c8ed78751bb37d5d5a019ff1c7bc03966d 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -227,7 +227,6 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
     struct be_conn *iter;
     int ret;
     int max_retries;
-    uint32_t neg_timeout;
     char *uid_str;
     char *attr_list_str;
     char *wildcard_limit_str;
@@ -283,16 +282,6 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
         goto fail;
     }
 
-    /* Set up the negative cache */
-    ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
-    if (ret != EOK) goto fail;
-
-    ret = sss_ncache_init(rctx, neg_timeout, &ifp_ctx->ncache);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n");
-        goto fail;
-    }
-
     ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx,
                             CONFDB_IFP_CONF_ENTRY, CONFDB_IFP_USER_ATTR_LIST,
                             NULL, &attr_list_str);
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index c50f51763fdf5cfcf941c8be76333ddafe9023b5..27a9d6a1ef0bc9622e8df6a5888e861f5ed4dbe4 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -91,7 +91,7 @@ int ifp_user_get_attr(struct sbus_request *dbus_req, void *data)
           attr_req->name, ireq->dbus_req->client);
 
     req = ifp_user_get_attr_send(ireq, ifp_ctx->rctx,
-                                 ifp_ctx->ncache, SSS_DP_USER,
+                                 ifp_ctx->rctx->ncache, SSS_DP_USER,
                                  attr_req->name, attr_req->attrs);
     if (req == NULL) {
         return sbus_request_finish(dbus_req, NULL);
@@ -320,7 +320,7 @@ int ifp_user_get_groups(struct sbus_request *dbus_req,
           group_req->name, group_req->ireq->dbus_req->client);
 
     req = ifp_user_get_attr_send(ireq, ifp_ctx->rctx,
-                                 ifp_ctx->ncache, SSS_DP_INITGROUPS,
+                                 ifp_ctx->rctx->ncache, SSS_DP_INITGROUPS,
                                  group_req->name, group_req->attrs);
     if (req == NULL) {
         return sbus_request_finish(dbus_req, NULL);
-- 
2.5.5

>From 87b9367afcc2f248353a1d1103536d7a76588111 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Thu, 5 May 2016 04:46:50 -0400
Subject: [PATCH 4/6] RESPONDER: Removing ncache from pac_ctx

This patch switches ncache from pac_ctx to resp_ctx.
---
 src/responder/pac/pacsrv.c     | 11 -----------
 src/responder/pac/pacsrv.h     |  2 --
 src/responder/pac/pacsrv_cmd.c |  2 +-
 3 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index f2cc7f95a6928db0b070ec96f1ff5f691193c64a..b4b033b68a847ed6058fbe8364cf362a950f0782 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -111,7 +111,6 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
     struct be_conn *iter;
     struct pac_ctx *pac_ctx;
     int ret, max_retries;
-    uint32_t neg_timeout;
     enum idmap_error_code err;
     int fd_limit;
     char *uid_str;
@@ -196,16 +195,6 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
     }
     responder_set_fd_limit(fd_limit);
 
-    ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
-    if (ret != EOK) goto fail;
-
-    ret = sss_ncache_init(pac_ctx, neg_timeout, &pac_ctx->ncache);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_FATAL_FAILURE,
-              "Failed to initializing negative cache\n");
-        goto fail;
-    }
-
     ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY,
                          CONFDB_PAC_LIFETIME, 300,
                          &pac_ctx->pac_lifetime);
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index b2899bff2273f20b7f6cff109f605c1740175799..aea16f39ff41bf1c718f99c9bd448dc7aedf7e47 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -35,8 +35,6 @@ struct pac_ctx {
     struct dom_sid *my_dom_sid;
     struct local_mapping_ranges *range_map;
     int pac_lifetime;
-
-    struct sss_nc_ctx *ncache;
 };
 
 struct sss_cmd_table *get_pac_cmds(void);
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 8f5404150f79164200851345251bda85e828fd9d..0e2b25c3367a3babab8042d9d6917804f0e2fdb8 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -197,7 +197,7 @@ static errno_t pac_resolve_user_sid_next(struct pac_req_ctx *pr_ctx)
 
     req = cache_req_object_by_sid_send(pr_ctx, pr_ctx->cctx->ev,
                                        pr_ctx->cctx->rctx,
-                                       pr_ctx->pac_ctx->ncache,
+                                       pr_ctx->pac_ctx->rctx->ncache,
                                        0, pr_ctx->dom->name,
                                        pr_ctx->user_sid_str,
                                        pw_attrs);
-- 
2.5.5

>From 18fee4d016f043d2237f0ad10c06cfe0a9db7bb2 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Thu, 5 May 2016 05:12:48 -0400
Subject: [PATCH 5/6] RESPONDER: Removing ncache from pam_ctx

This patch switches ncache from pam_ctx to resp_ctx.
---
 src/responder/pam/pamsrv.c      | 15 ++-------------
 src/responder/pam/pamsrv.h      |  1 -
 src/responder/pam/pamsrv_cmd.c  | 10 ++++++----
 src/tests/cmocka/test_pam_srv.c |  3 ---
 4 files changed, 8 insertions(+), 21 deletions(-)

diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 78521e895fc50abed679293f67d050d0a609867a..6596ccd755e46e2fa8a50c52099add57031827ed 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -191,7 +191,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
     struct be_conn *iter;
     struct pam_ctx *pctx;
     int ret, max_retries;
-    uint32_t neg_timeout;
     int id_timeout;
     int fd_limit;
 
@@ -259,17 +258,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
 
     pctx->id_timeout = (size_t)id_timeout;
 
-    ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
-    if (ret != EOK) goto done;
-
-    ret = sss_ncache_init(pctx, neg_timeout, &pctx->ncache);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_FATAL_FAILURE,
-              "fatal error initializing negative cache\n");
-        goto done;
-    }
-
-    ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx);
+    ret = sss_ncache_prepopulate(pctx->rctx->ncache, cdb, pctx->rctx);
     if (ret != EOK) {
         goto done;
     }
@@ -296,7 +285,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
     }
     responder_set_fd_limit(fd_limit);
 
-    ret = schedule_get_domains_task(rctx, rctx->ev, rctx, pctx->ncache);
+    ret = schedule_get_domains_task(rctx, rctx->ev, rctx, pctx->rctx->ncache);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
         goto done;
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
index a4d2ae69eb4093da1566748198a6f644c528a857..e686d03a4a2ab19614dd9231f7874abf0688fa2c 100644
--- a/src/responder/pam/pamsrv.h
+++ b/src/responder/pam/pamsrv.h
@@ -33,7 +33,6 @@ typedef void (pam_dp_callback_t)(struct pam_auth_req *preq);
 
 struct pam_ctx {
     struct resp_ctx *rctx;
-    struct sss_nc_ctx *ncache;
     time_t id_timeout;
     hash_table_t *id_table;
     size_t trusted_uids_count;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 6fd934509090cd35d0c552a036e058a301a54773..a25d2ef6408598d291236c907b5702b8b2b3fbe2 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1142,7 +1142,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
                 goto done;
             }
 
-            ncret = sss_ncache_check_user(pctx->ncache, preq->domain, pd->user);
+            ncret = sss_ncache_check_user(pctx->rctx->ncache,
+                                          preq->domain, pd->user);
             if (ncret == EEXIST) {
                 /* User found in the negative cache */
                 ret = ENOENT;
@@ -1154,7 +1155,8 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
                  dom = get_next_domain(dom, 0)) {
                 if (dom->fqnames) continue;
 
-                ncret = sss_ncache_check_user(pctx->ncache, dom, pd->user);
+                ncret = sss_ncache_check_user(pctx->rctx->ncache,
+                                              dom, pd->user);
                 if (ncret == ENOENT) {
                     /* User not found in the negative cache
                      * Proceed with PAM actions
@@ -1247,7 +1249,7 @@ static void pam_forwarder_cert_cb(struct tevent_req *req)
 
 
     req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx,
-                                      pctx->ncache, 0, NULL, cert);
+                                      pctx->rctx->ncache, 0, NULL, cert);
     if (req == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n");
         ret = ENOMEM;
@@ -1504,7 +1506,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
         if (ret == ENOENT) {
             if (preq->check_provider == false) {
                 /* set negative cache only if not result of cache check */
-                ret = sss_ncache_set_user(pctx->ncache, false, dom, name);
+                ret = sss_ncache_set_user(pctx->rctx->ncache, false, dom, name);
                 if (ret != EOK) {
                     /* Should not be fatal, just slower next time */
                     DEBUG(SSSDBG_MINOR_FAILURE,
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index d88d9a03681189ffe731827550e375d203e5982d..1e3ac542cf4610cd411f7b335930d8e1a1753e89 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -177,9 +177,6 @@ struct pam_ctx *mock_pctx(TALLOC_CTX *mem_ctx)
     pctx = talloc_zero(mem_ctx, struct pam_ctx);
     assert_non_null(pctx);
 
-    ret = sss_ncache_init(pctx, 10, &pctx->ncache);
-    assert_int_equal(ret, EOK);
-
     ret = sss_hash_create(pctx, 10, &pctx->id_table);
     assert_int_equal(ret, EOK);
 
-- 
2.5.5

>From 21d79db14d1633e727b9d0992dd43488fc0d2c50 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Thu, 5 May 2016 05:26:00 -0400
Subject: [PATCH 6/6] RESPONDER: Removing ncache from sudo_ctx

This patch switches ncache from sudo_ctx to resp_ctx.
---
 src/responder/sudo/sudosrv.c               | 13 +------------
 src/responder/sudo/sudosrv_get_sudorules.c |  3 ++-
 src/responder/sudo/sudosrv_private.h       |  2 --
 3 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index cf131853d16314356e18063972812f56ccbb4386..73c91b1f820ed686336a12b3613b81a406a53073 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -90,7 +90,6 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
     struct be_conn *iter;
     int ret;
     int max_retries;
-    uint32_t neg_timeout;
 
     sudo_cmds = get_sudo_cmds();
     ret = sss_process_init(mem_ctx, ev, cdb,
@@ -115,20 +114,10 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
         goto fail;
     }
 
-    ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
-    if (ret != EOK) goto fail;
-
-    ret = sss_ncache_init(rctx, neg_timeout, &sudo_ctx->ncache);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_FATAL_FAILURE,
-              "fatal error initializing ncache\n");
-        goto fail;
-    }
-
     sudo_ctx->rctx = rctx;
     sudo_ctx->rctx->pvt_ctx = sudo_ctx;
 
-    sss_ncache_prepopulate(sudo_ctx->ncache, sudo_ctx->rctx->cdb, rctx);
+    sss_ncache_prepopulate(sudo_ctx->rctx->ncache, sudo_ctx->rctx->cdb, rctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
               "failed to set ncache for sudo's filter_users\n");
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index b981a3252a5d2ad48c302515292863b6ebb31ec1..9095d77ba022ce0f4c6c830ca142a2cdebce8670 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -457,7 +457,8 @@ struct tevent_req *sudosrv_get_rules_send(TALLOC_CTX *mem_ctx,
     DEBUG(SSSDBG_TRACE_FUNC, "Running initgroups for [%s]\n", username);
 
     subreq = cache_req_initgr_by_name_send(state, ev, sudo_ctx->rctx,
-                                           sudo_ctx->ncache, 0, NULL, username);
+                                           sudo_ctx->rctx->ncache, 0, NULL,
+                                           username);
     if (subreq == NULL) {
         ret = ENOMEM;
         goto immediately;
diff --git a/src/responder/sudo/sudosrv_private.h b/src/responder/sudo/sudosrv_private.h
index a44d724ed488415ffb6f7d0276614eee017f98a1..94f3c4458ab20e64db3e0bfce726d5d30a70a202 100644
--- a/src/responder/sudo/sudosrv_private.h
+++ b/src/responder/sudo/sudosrv_private.h
@@ -43,8 +43,6 @@ enum sss_sudo_type {
 struct sudo_ctx {
     struct resp_ctx *rctx;
 
-    struct sss_nc_ctx *ncache;
-
     /*
      * options
      */
-- 
2.5.5

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to