Hi,
attached patch set resolves ticket [1].
It is a refactor of negative cache. I prepared patch set step by step,
so reviewer can do review simpler. If you prefer two bigger patches
please write me.
Notice: This patch set is applicable after [2]
[1] https://fedorahosted.org/sssd/ticket/2317
[2]
https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26506.html
Regards
--
Petr^4 Čech
>From cbb73503b07ef3776a72f90c6f4e2a34c9a3323a Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 04:27:47 -0400
Subject: [PATCH 1/8] NEGCACHE: Adding timeout to struct sss_nc_ctx
It adds timeout of negative cache to handling
struct sss_nc_ctx.
There is one change in API of negatice cache:
* int sss_ncache_init(TALLOC_CTX *memctx,
uint32_t timeout, <----- new
struct sss_nc_ctx **_ctx);
There is also one new function in common/responder:
* int responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
uint32_t *neg_timeout);
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/common/negcache.c | 6 +++++-
src/responder/common/negcache.h | 3 ++-
src/responder/common/responder.h | 4 ++++
src/responder/common/responder_common.c | 28 ++++++++++++++++++++++++++++
src/responder/ifp/ifpsrv.c | 6 +++++-
src/responder/nss/nsssrv.c | 6 +++++-
src/responder/pac/pacsrv.c | 6 +++++-
src/responder/pam/pamsrv.c | 6 +++++-
src/responder/sudo/sudosrv.c | 6 +++++-
src/tests/cmocka/test_negcache.c | 6 +++---
src/tests/cmocka/test_nss_srv.c | 2 +-
src/tests/cmocka/test_pam_srv.c | 2 +-
src/tests/cmocka/test_responder_cache_req.c | 4 ++--
13 files changed, 71 insertions(+), 14 deletions(-)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 1617bf8c5cf7d36e7091a000f6473d1bcfe44f3f..57d1969023d109a6e9ec88c95ae902a7e01f4e0d 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -39,6 +39,7 @@
struct sss_nc_ctx {
struct tdb_context *tdb;
+ uint32_t timeout;
};
typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool,
@@ -58,7 +59,8 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret)
return EOK;
}
-int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx)
+int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
+ struct sss_nc_ctx **_ctx)
{
struct sss_nc_ctx *ctx;
@@ -70,6 +72,8 @@ int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx)
ctx->tdb = tdb_open("memcache", 0, TDB_INTERNAL, O_RDWR|O_CREAT, 0);
if (!ctx->tdb) return errno;
+ ctx->timeout = timeout;
+
*_ctx = ctx;
return EOK;
};
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 46e66d503e45da0ee61735a17e88cbb84bd4ea49..bad8e5109de3b11672a3698dc91d1d1ee622376e 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -25,7 +25,8 @@
struct sss_nc_ctx;
/* init the in memory negative cache */
-int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx);
+int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
+ struct sss_nc_ctx **_ctx);
/* check if the user is expired according to the passed in time to live */
int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl,
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 1fa6fc60c62986a9b58c19f97c00e3ad0efc728e..fc07c60b776a291d33c28146db776bd7765c9c26 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -344,4 +344,8 @@ errno_t sss_parse_inp_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,
const char **defaults);
+
+int responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
+ uint32_t *neg_timeout);
+
#endif /* __SSS_RESPONDER_H__ */
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 982318647ee9ee7d6795621c03ad8cf53fb78f43..c55b55f15622d819c70357835a4561fd5efe5366 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -1082,3 +1082,31 @@ void responder_set_fd_limit(rlim_t fd_limit)
"Proceeding with system values\n");
}
}
+
+int responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
+ uint32_t *neg_timeout)
+{
+ int value;
+ int ret = EOK;
+
+ ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
+ &value);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Fatal failure of setup negative cache timeout.\n");
+ ret = ENOENT;
+ goto done;
+ }
+
+ if (value < 0) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ *neg_timeout = value;
+ ret = EOK;
+
+done:
+ return ret;
+}
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index 83e5ad3959aa75758402cb85b69bbc30fd4e5706..969dbcd31ff3df661b163845242c8390bb8f4bd2 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -227,6 +227,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
int ret;
int max_retries;
+ uint32_t neg_timeout;
char *uid_str;
char *attr_list_str;
char *wildcard_limit_str;
@@ -290,7 +291,10 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = sss_ncache_init(rctx, &ifp_ctx->ncache);
+ ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
+ if (ret != EOK) goto fail;
+
+ ret = sss_ncache_init(rctx, neg_timeout, &ifp_ctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n");
goto fail;
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index d8eff7968c4929663412aa56d08414689b921a22..5dfee5a3209b3c5056093fbfbdc54046136a2e5e 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -416,6 +416,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
enum idmap_error_code err;
int hret;
int fd_limit;
+ uint32_t neg_timeout;
nss_cmds = get_nss_cmds();
@@ -440,7 +441,10 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = sss_ncache_init(rctx, &nctx->ncache);
+ ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
+ if (ret != EOK) goto fail;
+
+ ret = sss_ncache_init(rctx, neg_timeout, &nctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"fatal error initializing negative cache\n");
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index 683dca7b980e191472794c411b4950a71340edb9..d58350631338f3fb6210ce80e4dc29a498f8954d 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -111,6 +111,7 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
struct pac_ctx *pac_ctx;
int ret, max_retries;
+ uint32_t neg_timeout;
enum idmap_error_code err;
int fd_limit;
char *uid_str;
@@ -205,7 +206,10 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = sss_ncache_init(pac_ctx, &pac_ctx->ncache);
+ ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
+ if (ret != EOK) goto fail;
+
+ ret = sss_ncache_init(pac_ctx, neg_timeout, &pac_ctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to initializing negative cache\n");
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index a63b52ec173342b6089adb5d7131cdc2d8a526d2..4c41517f95ba30e675ade020684d3f68378cd89b 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -191,6 +191,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
struct pam_ctx *pctx;
int ret, max_retries;
+ uint32_t neg_timeout;
int id_timeout;
int fd_limit;
@@ -264,7 +265,10 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
pctx->id_timeout = (size_t)id_timeout;
- ret = sss_ncache_init(pctx, &pctx->ncache);
+ ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
+ if (ret != EOK) goto done;
+
+ ret = sss_ncache_init(pctx, neg_timeout, &pctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"fatal error initializing negative cache\n");
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index ff5d92e7005db9f6e883c78cf1a6218e9a150e0a..6cee1678cb391a6b4708ef6671bd7e1194dd0a46 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -90,6 +90,7 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
struct be_conn *iter;
int ret;
int max_retries;
+ uint32_t neg_timeout;
sudo_cmds = get_sudo_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
@@ -114,7 +115,10 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = sss_ncache_init(rctx, &sudo_ctx->ncache);
+ ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
+ if (ret != EOK) goto fail;
+
+ ret = sss_ncache_init(rctx, neg_timeout, &sudo_ctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"fatal error initializing ncache\n");
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index 45dcd43c89f036aa758b0669f319ad13431efa9c..ba5824a15b1f84901309e2299c799d11a77c01f2 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -80,7 +80,7 @@ mock_nctx(TALLOC_CTX *mem_ctx)
return NULL;
}
- ret = sss_ncache_init(nctx, &nctx->ncache);
+ ret = sss_ncache_init(nctx, SHORTSPAN, &nctx->ncache);
if (ret != EOK) {
talloc_free(nctx);
return NULL;
@@ -140,7 +140,7 @@ static int setup(void **state)
ts = talloc(NULL, struct test_state);
assert_non_null(ts);
- ret = sss_ncache_init(ts, &ts->ctx);
+ ret = sss_ncache_init(ts, SHORTSPAN, &ts->ctx);
assert_int_equal(ret, EOK);
assert_non_null(ts->ctx);
@@ -164,7 +164,7 @@ static void test_sss_ncache_init(void **state)
memctx = talloc_new(NULL);
assert_non_null(memctx);
- ret = sss_ncache_init(memctx, &ctx );
+ ret = sss_ncache_init(memctx, SHORTSPAN, &ctx );
assert_int_equal(ret, EOK);
assert_non_null(ctx);
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index f05b55e461d9a058a4894800b2efae3417c8dc01..30df38b324f5a57d408fb52fc2c30c5577c8ef40 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -70,7 +70,7 @@ mock_nctx(TALLOC_CTX *mem_ctx)
return NULL;
}
- ret = sss_ncache_init(nctx, &nctx->ncache);
+ ret = sss_ncache_init(nctx, 10, &nctx->ncache);
if (ret != EOK) {
talloc_free(nctx);
return NULL;
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index 202e970a658c3a6d1daa0e87d1fc42ada541ad23..75c3ddcf5fd4a0a349e906cacfe1a64dc814375c 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -177,7 +177,7 @@ struct pam_ctx *mock_pctx(TALLOC_CTX *mem_ctx)
pctx = talloc_zero(mem_ctx, struct pam_ctx);
assert_non_null(pctx);
- ret = sss_ncache_init(pctx, &pctx->ncache);
+ ret = sss_ncache_init(pctx, 10, &pctx->ncache);
assert_int_equal(ret, EOK);
pctx->neg_timeout = 10;
diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
index fe1c4c0a5fd10413cd81a4219b69d934fcd486c5..679e2c1eb2ae2b81976c299daf4653230624a0e9 100644
--- a/src/tests/cmocka/test_responder_cache_req.c
+++ b/src/tests/cmocka/test_responder_cache_req.c
@@ -434,7 +434,7 @@ static int test_single_domain_setup(void **state)
test_ctx->tctx->dom, NULL);
assert_non_null(test_ctx->rctx);
- ret = sss_ncache_init(test_ctx, &test_ctx->ncache);
+ ret = sss_ncache_init(test_ctx, 10, &test_ctx->ncache);
assert_int_equal(ret, EOK);
check_leaks_push(test_ctx);
@@ -480,7 +480,7 @@ static int test_multi_domain_setup(void **state)
test_ctx->tctx->dom, NULL);
assert_non_null(test_ctx->rctx);
- ret = sss_ncache_init(test_ctx, &test_ctx->ncache);
+ ret = sss_ncache_init(test_ctx, 10, &test_ctx->ncache);
assert_int_equal(ret, EOK);
check_leaks_push(test_ctx);
--
2.5.5
From 5ff5d807180b431a28c259357c3c2409e3bd7921 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 06:39:11 -0400
Subject: [PATCH 2/8] NEGCACHE: Removing timeout from sss_ncache_check_*
It removes timeout parameter from check functions of negative cache.
Timeout is set ny init function and it is handled internally.
API change:
* int sss_ncache_check_...(struct sss_nc_ctx *ctx,
int ttl, <----- timeout vanished
struct sss_domain_info *dom,
...);
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/common/negcache.c | 89 +++++++++--------
src/responder/common/negcache.h | 28 +++---
src/responder/common/responder_cache_req.c | 20 ++--
src/responder/nss/nsssrv_cmd.c | 46 +++------
src/responder/nss/nsssrv_services.c | 13 +--
src/responder/pam/pamsrv_cmd.c | 6 +-
src/tests/cmocka/test_negcache.c | 147 +++++++++++++----------------
7 files changed, 153 insertions(+), 196 deletions(-)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 57d1969023d109a6e9ec88c95ae902a7e01f4e0d..d48402f8e0a419a83b624edf66f841a50294de26 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -78,7 +78,7 @@ int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
return EOK;
};
-static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl)
+static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str)
{
TDB_DATA key;
TDB_DATA data;
@@ -115,7 +115,7 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl)
goto done;
}
- if (timestamp + ttl >= time(NULL)) {
+ if (timestamp >= time(NULL)) {
/* still valid */
ret = EEXIST;
goto done;
@@ -140,6 +140,7 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx,
TDB_DATA key;
TDB_DATA data;
char *timest;
+ unsigned long long int timell;
int ret;
ret = string_to_tdb_data(str, &key);
@@ -148,8 +149,8 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx,
if (permanent) {
timest = talloc_strdup(ctx, "0");
} else {
- timest = talloc_asprintf(ctx, "%llu",
- (unsigned long long int)time(NULL));
+ timell = (unsigned long long int)time(NULL) + ctx->timeout;
+ timest = talloc_asprintf(ctx, "%llu", timell);
}
if (!timest) return ENOMEM;
@@ -171,8 +172,8 @@ done:
return ret;
}
-static int sss_ncache_check_user_int(struct sss_nc_ctx *ctx, int ttl,
- const char *domain, const char *name)
+static int sss_ncache_check_user_int(struct sss_nc_ctx *ctx, const char *domain,
+ const char *name)
{
char *str;
int ret;
@@ -182,13 +183,13 @@ static int sss_ncache_check_user_int(struct sss_nc_ctx *ctx, int ttl,
str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name);
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
-static int sss_ncache_check_group_int(struct sss_nc_ctx *ctx, int ttl,
+static int sss_ncache_check_group_int(struct sss_nc_ctx *ctx,
const char *domain, const char *name)
{
char *str;
@@ -199,13 +200,13 @@ static int sss_ncache_check_group_int(struct sss_nc_ctx *ctx, int ttl,
str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name);
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
-static int sss_ncache_check_netgr_int(struct sss_nc_ctx *ctx, int ttl,
+static int sss_ncache_check_netgr_int(struct sss_nc_ctx *ctx,
const char *domain, const char *name)
{
char *str;
@@ -216,14 +217,13 @@ static int sss_ncache_check_netgr_int(struct sss_nc_ctx *ctx, int ttl,
str = talloc_asprintf(ctx, "%s/%s/%s", NC_NETGROUP_PREFIX, domain, name);
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
static int sss_ncache_check_service_int(struct sss_nc_ctx *ctx,
- int ttl,
const char *domain,
const char *name)
{
@@ -238,16 +238,16 @@ static int sss_ncache_check_service_int(struct sss_nc_ctx *ctx,
name);
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
-typedef int (*ncache_check_byname_fn_t)(struct sss_nc_ctx *, int,
- const char *, const char *);
+typedef int (*ncache_check_byname_fn_t)(struct sss_nc_ctx *, const char *,
+ const char *);
-static int sss_cache_check_ent(struct sss_nc_ctx *ctx, int ttl,
+static int sss_cache_check_ent(struct sss_nc_ctx *ctx,
struct sss_domain_info *dom, const char *name,
ncache_check_byname_fn_t checker)
{
@@ -257,34 +257,31 @@ static int sss_cache_check_ent(struct sss_nc_ctx *ctx, int ttl,
if (dom->case_sensitive == false) {
lower = sss_tc_utf8_str_tolower(ctx, name);
if (!lower) return ENOMEM;
- ret = checker(ctx, ttl, dom->name, lower);
+ ret = checker(ctx, dom->name, lower);
talloc_free(lower);
} else {
- ret = checker(ctx, ttl, dom->name, name);
+ ret = checker(ctx, dom->name, name);
}
return ret;
}
-int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, const char *name)
+int sss_ncache_check_user(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name)
{
- return sss_cache_check_ent(ctx, ttl, dom, name,
- sss_ncache_check_user_int);
+ return sss_cache_check_ent(ctx, dom, name, sss_ncache_check_user_int);
}
-int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, const char *name)
+int sss_ncache_check_group(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name)
{
- return sss_cache_check_ent(ctx, ttl, dom, name,
- sss_ncache_check_group_int);
+ return sss_cache_check_ent(ctx, dom, name, sss_ncache_check_group_int);
}
-int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, const char *name)
+int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name)
{
- return sss_cache_check_ent(ctx, ttl, dom, name,
- sss_ncache_check_netgr_int);
+ return sss_cache_check_ent(ctx, dom, name, sss_ncache_check_netgr_int);
}
static int sss_ncache_set_service_int(struct sss_nc_ctx *ctx, bool permanent,
@@ -321,10 +318,8 @@ int sss_ncache_set_service_name(struct sss_nc_ctx *ctx, bool permanent,
return ret;
}
-int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom,
- const char *name,
- const char *proto)
+int sss_ncache_check_service(struct sss_nc_ctx *ctx,struct sss_domain_info *dom,
+ const char *name, const char *proto)
{
int ret;
char *service_and_protocol = talloc_asprintf(ctx, "%s:%s",
@@ -332,7 +327,7 @@ int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl,
proto ? proto : "<ANY>");
if (!service_and_protocol) return ENOMEM;
- ret = sss_cache_check_ent(ctx, ttl, dom, service_and_protocol,
+ ret = sss_cache_check_ent(ctx, dom, service_and_protocol,
sss_ncache_check_service_int);
talloc_free(service_and_protocol);
return ret;
@@ -355,7 +350,7 @@ int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent,
return ret;
}
-int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl,
+int sss_ncache_check_service_port(struct sss_nc_ctx *ctx,
struct sss_domain_info *dom,
uint16_t port,
const char *proto)
@@ -366,7 +361,7 @@ int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl,
proto ? proto : "<ANY>");
if (!service_and_protocol) return ENOMEM;
- ret = sss_cache_check_ent(ctx, ttl, dom, service_and_protocol,
+ ret = sss_cache_check_ent(ctx, dom, service_and_protocol,
sss_ncache_check_service_int);
talloc_free(service_and_protocol);
return ret;
@@ -374,8 +369,8 @@ int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl,
-int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, uid_t uid)
+int sss_ncache_check_uid(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ uid_t uid)
{
char *str;
int ret;
@@ -388,14 +383,14 @@ int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl,
}
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
-int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, gid_t gid)
+int sss_ncache_check_gid(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ gid_t gid)
{
char *str;
int ret;
@@ -408,13 +403,13 @@ int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl,
}
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
-int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid)
+int sss_ncache_check_sid(struct sss_nc_ctx *ctx, const char *sid)
{
char *str;
int ret;
@@ -422,13 +417,13 @@ int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid)
str = talloc_asprintf(ctx, "%s/%s", NC_SID_PREFIX, sid);
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
}
-int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert)
+int sss_ncache_check_cert(struct sss_nc_ctx *ctx, const char *cert)
{
char *str;
int ret;
@@ -436,7 +431,7 @@ int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert)
str = talloc_asprintf(ctx, "%s/%s", NC_CERT_PREFIX, cert);
if (!str) return ENOMEM;
- ret = sss_ncache_check_str(ctx, str, ttl);
+ ret = sss_ncache_check_str(ctx, str);
talloc_free(str);
return ret;
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index bad8e5109de3b11672a3698dc91d1d1ee622376e..8c805b24b2c4f7fe910dc7845ddb1c855b7136df 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -29,24 +29,24 @@ int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
struct sss_nc_ctx **_ctx);
/* check if the user is expired according to the passed in time to live */
-int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, const char *name);
-int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, const char *name);
-int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, const char *name);
-int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, uid_t uid);
-int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl,
- struct sss_domain_info *dom, gid_t gid);
-int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid);
-int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert);
+int sss_ncache_check_user(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name);
+int sss_ncache_check_group(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name);
+int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name);
+int sss_ncache_check_uid(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ uid_t uid);
+int sss_ncache_check_gid(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ gid_t gid);
+int sss_ncache_check_sid(struct sss_nc_ctx *ctx, const char *sid);
+int sss_ncache_check_cert(struct sss_nc_ctx *ctx, const char *cert);
-int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl,
+int sss_ncache_check_service(struct sss_nc_ctx *ctx,
struct sss_domain_info *dom,
const char *name,
const char *proto);
-int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl,
+int sss_ncache_check_service_port(struct sss_nc_ctx *ctx,
struct sss_domain_info *dom,
uint16_t port,
const char *proto);
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c
index dcb41d3631257912e0692736f25e168dc092f8d5..a9af150f21f4899296acb4dfdda45a21514edb53 100644
--- a/src/responder/common/responder_cache_req.c
+++ b/src/responder/common/responder_cache_req.c
@@ -529,8 +529,7 @@ cache_req_assume_upn(struct cache_req *cr)
}
static errno_t cache_req_check_ncache(struct cache_req *cr,
- struct sss_nc_ctx *ncache,
- int neg_timeout)
+ struct sss_nc_ctx *ncache)
{
errno_t ret = ERR_INTERNAL;
@@ -542,28 +541,26 @@ static errno_t cache_req_check_ncache(struct cache_req *cr,
case CACHE_REQ_USER_BY_UPN:
case CACHE_REQ_INITGROUPS:
case CACHE_REQ_INITGROUPS_BY_UPN:
- ret = sss_ncache_check_user(ncache, neg_timeout,
- cr->domain, cr->data->name.lookup);
+ ret = sss_ncache_check_user(ncache, cr->domain, cr->data->name.lookup);
break;
case CACHE_REQ_GROUP_BY_NAME:
- ret = sss_ncache_check_group(ncache, neg_timeout,
- cr->domain, cr->data->name.lookup);
+ ret = sss_ncache_check_group(ncache, cr->domain, cr->data->name.lookup);
break;
case CACHE_REQ_USER_BY_ID:
- ret = sss_ncache_check_uid(ncache, neg_timeout, NULL, cr->data->id);
+ ret = sss_ncache_check_uid(ncache, NULL, cr->data->id);
break;
case CACHE_REQ_GROUP_BY_ID:
- ret = sss_ncache_check_gid(ncache, neg_timeout, NULL, cr->data->id);
+ ret = sss_ncache_check_gid(ncache, NULL, cr->data->id);
break;
case CACHE_REQ_USER_BY_CERT:
- ret = sss_ncache_check_cert(ncache, neg_timeout, cr->data->cert);
+ ret = sss_ncache_check_cert(ncache, cr->data->cert);
break;
case CACHE_REQ_USER_BY_FILTER:
case CACHE_REQ_GROUP_BY_FILTER:
ret = EOK;
break;
case CACHE_REQ_OBJECT_BY_SID:
- ret = sss_ncache_check_sid(ncache, neg_timeout, cr->data->sid);
+ ret = sss_ncache_check_sid(ncache, cr->data->sid);
break;
}
@@ -937,8 +934,7 @@ static struct tevent_req *cache_req_cache_send(TALLOC_CTX *mem_ctx,
state->cr = cr;
/* Check negative cache first. */
- ret = cache_req_check_ncache(state->cr, state->ncache,
- state->neg_timeout);
+ ret = cache_req_check_ncache(state->cr, state->ncache);
if (ret == EEXIST) {
ret = ENOENT;
goto immediately;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index e8c4d0e1cf8afbf5db7a228605280a7a02b772ff..30daf4bc5791283f20c2d39725e487ac827347ce 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -408,9 +408,7 @@ static int fill_pwent(struct sss_packet *packet,
}
if (filter_users) {
- ncret = sss_ncache_check_user(nctx->ncache,
- nctx->neg_timeout,
- dom, orig_name);
+ ncret = sss_ncache_check_user(nctx->ncache, dom, orig_name);
if (ncret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"User [%s@%s] filtered out! (negative cache)\n",
@@ -1009,8 +1007,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
- dom, name);
+ ret = sss_ncache_check_user(nctx->ncache, dom, name);
/* if neg cached, return we didn't find it */
if (ret == EEXIST) {
@@ -1950,8 +1947,7 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
switch(dctx->cmdctx->cmd) {
case SSS_NSS_GETPWUID:
- ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, NULL,
- cmdctx->id);
+ ret = sss_ncache_check_uid(nctx->ncache, NULL, cmdctx->id);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Uid [%"PRIu32"] does not exist! (negative cache)\n",
@@ -1961,8 +1957,7 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
}
break;
case SSS_NSS_GETGRGID:
- ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, NULL,
- cmdctx->id);
+ ret = sss_ncache_check_gid(nctx->ncache, NULL, cmdctx->id);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Gid [%"PRIu32"] does not exist! (negative cache)\n",
@@ -1972,11 +1967,9 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx)
}
break;
case SSS_NSS_GETSIDBYID:
- ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, NULL,
- cmdctx->id);
+ ret = sss_ncache_check_uid(nctx->ncache, NULL, cmdctx->id);
if (ret != EEXIST) {
- ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout,
- NULL, cmdctx->id);
+ ret = sss_ncache_check_gid(nctx->ncache, NULL, cmdctx->id);
}
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
@@ -2830,9 +2823,7 @@ static int fill_members(struct sss_packet *packet,
}
if (nctx->filter_users_in_groups) {
- ret = sss_ncache_check_user(nctx->ncache,
- nctx->neg_timeout,
- dom, tmpstr);
+ ret = sss_ncache_check_user(nctx->ncache, dom, tmpstr);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Group [%s] member [%s@%s] filtered out!"
@@ -2988,8 +2979,7 @@ static int fill_grent(struct sss_packet *packet,
}
if (filter_groups) {
- ret = sss_ncache_check_group(nctx->ncache,
- nctx->neg_timeout, dom, orig_name);
+ ret = sss_ncache_check_group(nctx->ncache, dom, orig_name);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"Group [%s@%s] filtered out! (negative cache)\n",
@@ -3226,8 +3216,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* verify this group has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout,
- dom, name);
+ ret = sss_ncache_check_group(nctx->ncache, dom, name);
/* if neg cached, return we didn't find it */
if (ret == EEXIST) {
@@ -4344,8 +4333,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
- dom, name);
+ ret = sss_ncache_check_user(nctx->ncache, dom, name);
/* if neg cached, return we didn't find it */
if (ret == EEXIST) {
@@ -4554,11 +4542,9 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%"PRIu32"@%s]\n",
cmdctx->id, dom->name);
- ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, dom,
- cmdctx->id);
+ ret = sss_ncache_check_uid(nctx->ncache, dom, cmdctx->id);
if (ret == EEXIST) {
- ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, dom,
- cmdctx->id);
+ ret = sss_ncache_check_gid(nctx->ncache, dom, cmdctx->id);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"ID [%"PRIu32"] does not exist in [%s]! (negative cache)\n",
@@ -4609,12 +4595,10 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
/* verify this name has not yet been negatively cached, as user
* and groupm, or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
- dom, name);
+ ret = sss_ncache_check_user(nctx->ncache, dom, name);
if (ret == EEXIST) {
- ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout,
- dom, name);
+ ret = sss_ncache_check_group(nctx->ncache, dom, name);
if (ret == EEXIST) {
/* if neg cached, return we didn't find it */
DEBUG(SSSDBG_TRACE_FUNC,
@@ -4854,7 +4838,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
- ret = sss_ncache_check_sid(nctx->ncache, nctx->neg_timeout, cmdctx->secid);
+ ret = sss_ncache_check_sid(nctx->ncache, cmdctx->secid);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
"SID [%s] does not exist! (negative cache)\n", cmdctx->secid);
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index a9fdeb6c9dba7ac5480e2789fc0b8a37e1c2abe1..213d2926b3abb87d0b95ebcc6836e87b0df15754 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -174,11 +174,8 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* If we're looking up by name */
if (service_name) {
/* Check the negative cache */
- ret = sss_ncache_check_service(nctx->ncache,
- nctx->neg_timeout,
- dom,
- SVC_NAME_CASED,
- SVC_PROTO_CASED);
+ ret = sss_ncache_check_service(nctx->ncache, dom,
+ SVC_NAME_CASED, SVC_PROTO_CASED);
/* If negatively cached, return we didn't find it */
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
@@ -216,10 +213,8 @@ getserv_send(TALLOC_CTX *mem_ctx,
&state->res);
} else { /* Looking up by port */
/* Check the negative cache */
- ret = sss_ncache_check_service_port(nctx->ncache,
- nctx->neg_timeout,
- dom, port,
- SVC_PROTO_CASED);
+ ret = sss_ncache_check_service_port(nctx->ncache, dom, port,
+ SVC_PROTO_CASED);
/* If negatively cached, return we didn't find it */
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index d86807e79f98b04d9ab14505ad8b2e92677bd292..fb0cbbbea703cb88cfb7e5e84655d6b8a3144774 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1142,8 +1142,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
goto done;
}
- ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout,
- preq->domain, pd->user);
+ ncret = sss_ncache_check_user(pctx->ncache, preq->domain, pd->user);
if (ncret == EEXIST) {
/* User found in the negative cache */
ret = ENOENT;
@@ -1155,8 +1154,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
dom = get_next_domain(dom, 0)) {
if (dom->fqnames) continue;
- ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout,
- dom, pd->user);
+ ncret = sss_ncache_check_user(pctx->ncache, dom, pd->user);
if (ncret == ENOENT) {
/* User not found in the negative cache
* Proceed with PAM actions
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index ba5824a15b1f84901309e2299c799d11a77c01f2..d00e7c25bbe27feaa6449769eaa22ba16f5d908a 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -47,7 +47,6 @@
#define SID "S-1-2-3-4-5"
#define CERT "MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEuREVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0MjgxMDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoGA1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3XufbcnkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDtQhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+BciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHhP8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQYMBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGswaaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZIhvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeNuMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWpaxEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBVlBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ="
#define PROTO "TCP"
-#define LIFETIME 200
#define SHORTSPAN 1
#define NAME "foo_name"
#define TESTS_PATH "tp_" BASE_FILE_STEM
@@ -178,17 +177,16 @@ static void test_sss_ncache_init(void **state)
static void test_sss_ncache_uid(void **state)
{
uid_t uid;
- int ret, ttl;
+ int ret;
bool permanent;
struct test_state *ts;
- ttl = LIFETIME;
uid = getuid();
ts = talloc_get_type_abort(*state, struct test_state);
/* test when uid not present in database */
- ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, uid);
assert_int_equal(ret, ENOENT);
/* test when uid is present in database */
@@ -200,19 +198,18 @@ static void test_sss_ncache_uid(void **state)
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, uid);
assert_int_equal(ret, EEXIST);
- ttl = SHORTSPAN;
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, uid);
assert_int_equal(ret, EEXIST);
sleep(SHORTSPAN + 1);
- ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, uid);
assert_int_equal(ret, EEXIST);
permanent = false;
@@ -220,12 +217,12 @@ static void test_sss_ncache_uid(void **state)
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, uid);
assert_int_equal(ret, EEXIST);
sleep(SHORTSPAN + 1);
- ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, uid);
assert_int_equal(ret, ENOENT);
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
@@ -239,16 +236,15 @@ static void test_sss_ncache_uid(void **state)
static void test_sss_ncache_gid(void **state)
{
gid_t gid;
- int ret, ttl;
+ int ret;
bool permanent;
struct test_state *ts;
- ttl = LIFETIME;
gid = getgid();
ts = talloc_get_type_abort(*state, struct test_state);
/* test when gid is not present in database */
- ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
+ ret = sss_ncache_check_gid(ts->ctx, NULL, gid);
assert_int_equal(ret, ENOENT);
/* test when gid is present in database */
@@ -256,14 +252,14 @@ static void test_sss_ncache_gid(void **state)
ret = sss_ncache_set_gid(ts->ctx, permanent, NULL, gid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
+ ret = sss_ncache_check_gid(ts->ctx, NULL, gid);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_gid(ts->ctx, permanent, NULL, gid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
+ ret = sss_ncache_check_gid(ts->ctx, NULL, gid);
assert_int_equal(ret, EEXIST);
}
@@ -274,17 +270,16 @@ static void test_sss_ncache_gid(void **state)
*/
static void test_sss_ncache_sid(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
const char *sid = NULL;
struct test_state *ts;
- ttl = LIFETIME;
sid = SID;
ts = talloc_get_type_abort(*state, struct test_state);
/*test when sid in not present in database */
- ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
+ ret = sss_ncache_check_sid(ts->ctx, sid);
assert_int_equal(ret, ENOENT);
/* test when sid is present in database */
@@ -292,14 +287,14 @@ static void test_sss_ncache_sid(void **state)
ret = sss_ncache_set_sid(ts->ctx, permanent, sid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
+ ret = sss_ncache_check_sid(ts->ctx, sid);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_sid(ts->ctx, permanent, sid);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
+ ret = sss_ncache_check_sid(ts->ctx, sid);
assert_int_equal(ret, EEXIST);
}
@@ -309,17 +304,16 @@ static void test_sss_ncache_sid(void **state)
*/
static void test_sss_ncache_cert(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
const char *cert = NULL;
struct test_state *ts;
- ttl = LIFETIME;
cert = CERT;
ts = talloc_get_type_abort(*state, struct test_state);
/*test when cert in not present in database */
- ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+ ret = sss_ncache_check_cert(ts->ctx, cert);
assert_int_equal(ret, ENOENT);
/* test when cert is present in database */
@@ -327,14 +321,14 @@ static void test_sss_ncache_cert(void **state)
ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+ ret = sss_ncache_check_cert(ts->ctx, cert);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+ ret = sss_ncache_check_cert(ts->ctx, cert);
assert_int_equal(ret, EEXIST);
}
@@ -344,24 +338,23 @@ static void test_sss_ncache_cert(void **state)
*/
static void test_sss_ncache_user(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
- ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name is not present in database */
dom->case_sensitive = false;
- ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_user(ts->ctx, dom, name);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
- ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_user(ts->ctx, dom, name);
assert_int_equal(ret, ENOENT);
/* test when domain name is present in database */
@@ -369,14 +362,14 @@ static void test_sss_ncache_user(void **state)
ret = sss_ncache_set_user(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_user(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_user(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_user(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
}
@@ -386,24 +379,23 @@ static void test_sss_ncache_user(void **state)
*/
static void test_sss_ncache_group(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
- ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name is not present in database */
dom->case_sensitive = false;
- ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_group(ts->ctx, dom, name);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
- ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_group(ts->ctx, dom, name);
assert_int_equal(ret, ENOENT);
/* test when domain name is present in database */
@@ -411,14 +403,14 @@ static void test_sss_ncache_group(void **state)
ret = sss_ncache_set_group(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_group(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_group(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_group(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
}
@@ -428,24 +420,23 @@ static void test_sss_ncache_group(void **state)
*/
static void test_sss_ncache_netgr(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
- ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name is not present in database */
dom->case_sensitive = false;
- ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_netgr(ts->ctx, dom, name);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
- ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_netgr(ts->ctx, dom, name);
assert_int_equal(ret, ENOENT);
/* test when domain name is present in database */
@@ -453,14 +444,14 @@ static void test_sss_ncache_netgr(void **state)
ret = sss_ncache_set_netgr(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_netgr(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_netgr(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
+ ret = sss_ncache_check_netgr(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
}
@@ -470,24 +461,23 @@ static void test_sss_ncache_netgr(void **state)
*/
static void test_sss_ncache_service_name(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
- ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name and protocol are not present in database */
dom->case_sensitive = false;
- ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
+ ret = sss_ncache_check_service(ts->ctx, dom, name, PROTO);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
- ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
+ ret = sss_ncache_check_service(ts->ctx, dom, name, PROTO);
assert_int_equal(ret, ENOENT);
/* test when domain name and protocol are present in database */
@@ -495,14 +485,14 @@ static void test_sss_ncache_service_name(void **state)
ret = sss_ncache_set_service_name(ts->ctx, permanent, dom, name, PROTO);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
+ ret = sss_ncache_check_service(ts->ctx, dom, name, PROTO);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_service_name(ts->ctx, permanent, dom, name, PROTO);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
+ ret = sss_ncache_check_service(ts->ctx, dom, name, PROTO);
assert_int_equal(ret, EEXIST);
}
@@ -512,24 +502,23 @@ static void test_sss_ncache_service_name(void **state)
*/
static void test_sss_ncache_service_port(void **state)
{
- int ret, ttl;
+ int ret;
bool permanent;
struct test_state *ts;
struct sss_domain_info *dom;
- ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name, port and protocol are not present in database */
dom->case_sensitive = false;
- ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
+ ret = sss_ncache_check_service_port(ts->ctx, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
- ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
+ ret = sss_ncache_check_service_port(ts->ctx, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, ENOENT);
@@ -539,7 +528,7 @@ static void test_sss_ncache_service_port(void **state)
PROTO);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
+ ret = sss_ncache_check_service_port(ts->ctx, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, EEXIST);
@@ -548,7 +537,7 @@ static void test_sss_ncache_service_port(void **state)
PROTO);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
+ ret = sss_ncache_check_service_port(ts->ctx, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, EEXIST);
}
@@ -565,13 +554,13 @@ static void test_sss_ncache_reset_permanent(void **state)
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, 0);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, 0);
assert_int_equal(ret, EEXIST);
ret = sss_ncache_reset_permanent(ts->ctx);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, 0);
assert_int_equal(ret, ENOENT);
}
@@ -618,28 +607,28 @@ static void test_sss_ncache_prepopulate(void **state)
sleep(SHORTSPAN);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
+ ret = sss_ncache_check_user(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser2");
+ ret = sss_ncache_check_user(ncache, dom, "testuser2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser3");
+ ret = sss_ncache_check_user(ncache, dom, "testuser3");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup3");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser3@somedomain");
+ ret = sss_ncache_check_user(ncache, dom, "testuser3@somedomain");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3@somedomain");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup3@somedomain");
assert_int_equal(ret, ENOENT);
}
@@ -685,22 +674,22 @@ static void test_sss_ncache_default_domain_suffix(void **state)
ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
+ ret = sss_ncache_check_user(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser2");
+ ret = sss_ncache_check_user(ncache, dom, "testuser2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser3");
+ ret = sss_ncache_check_user(ncache, dom, "testuser3");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup3");
assert_int_equal(ret, ENOENT);
}
@@ -768,32 +757,32 @@ static void test_sss_ncache_reset_prepopulate(void **state)
dom2->names = dom->names;
/* First domain should not be known, the second not */
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
+ ret = sss_ncache_check_user(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
+ ret = sss_ncache_check_user(ncache, dom2, "testuser2");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
+ ret = sss_ncache_check_group(ncache, dom2, "testgroup2");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
assert_int_equal(ret, EOK);
/* First domain should not be known, the second not */
- ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
+ ret = sss_ncache_check_user(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
+ ret = sss_ncache_check_group(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
+ ret = sss_ncache_check_user(ncache, dom2, "testuser2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
+ ret = sss_ncache_check_group(ncache, dom2, "testgroup2");
assert_int_equal(ret, EEXIST);
}
int main(void)
--
2.5.5
>From 9d62bc65cc9748a9437e6026cbd1b32701f17781 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 07:10:15 -0400
Subject: [PATCH 3/8] NEGCACHE: Adding getter for timeout
It adds new function to negative cache API:
* int sss_ncache_get_timeout(struct sss_nc_ctx *ctx);
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/common/negcache.c | 5 +++++
src/responder/common/negcache.h | 2 ++
2 files changed, 7 insertions(+)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index d48402f8e0a419a83b624edf66f841a50294de26..1488c12a89e35b06bf00b60a2034ca7f9b64580b 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -78,6 +78,11 @@ int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
return EOK;
};
+uint32_t sss_ncache_get_timeout(struct sss_nc_ctx *ctx)
+{
+ return ctx->timeout;
+}
+
static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str)
{
TDB_DATA key;
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 8c805b24b2c4f7fe910dc7845ddb1c855b7136df..572c723cc5202dac26671458920cb85cdc208fd2 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -28,6 +28,8 @@ struct sss_nc_ctx;
int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
struct sss_nc_ctx **_ctx);
+uint32_t sss_ncache_get_timeout(struct sss_nc_ctx *ctx);
+
/* check if the user is expired according to the passed in time to live */
int sss_ncache_check_user(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
const char *name);
--
2.5.5
>From e70c840d412957643daa5a8beeec08edc0595dfd Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 08:05:06 -0400
Subject: [PATCH 4/8] RESPONDER: Removing neg_timeout from pam responder
It removes neg_timeout parameter from struct pam_ctx. Timeout is
handled by context of negative cache internally.
This patch additioanlly removes neg_timeout from struct cache_req_state.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/common/responder_cache_req.c | 41 ++++++++---------------------
src/responder/common/responder_cache_req.h | 20 +++++---------
src/responder/ifp/ifp_groups.c | 12 +++------
src/responder/ifp/ifp_users.c | 12 +++------
src/responder/ifp/ifpsrv_cmd.c | 3 +--
src/responder/pac/pacsrv_cmd.c | 1 -
src/responder/pam/pamsrv.c | 6 -----
src/responder/pam/pamsrv.h | 1 -
src/responder/pam/pamsrv_cmd.c | 3 +--
src/responder/sudo/sudosrv_get_sudorules.c | 4 +--
src/tests/cmocka/test_responder_cache_req.c | 8 +++---
11 files changed, 32 insertions(+), 79 deletions(-)
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c
index a9af150f21f4899296acb4dfdda45a21514edb53..1ad14128183a28edd2f953d9611ca26fb0c53397 100644
--- a/src/responder/common/responder_cache_req.c
+++ b/src/responder/common/responder_cache_req.c
@@ -912,7 +912,6 @@ static struct tevent_req *cache_req_cache_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
struct cache_req *cr)
{
@@ -929,7 +928,6 @@ static struct tevent_req *cache_req_cache_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->rctx = rctx;
state->ncache = ncache;
- state->neg_timeout = neg_timeout;
state->cache_refresh_percent = cache_refresh_percent;
state->cr = cr;
@@ -1126,7 +1124,6 @@ struct cache_req_state {
struct tevent_context *ev;
struct resp_ctx *rctx;
struct sss_nc_ctx *ncache;
- int neg_timeout;
int cache_refresh_percent;
struct cache_req *cr;
@@ -1150,7 +1147,6 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
struct cache_req_data *data)
@@ -1170,7 +1166,6 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->rctx = rctx;
state->ncache = ncache;
- state->neg_timeout = neg_timeout;
state->cache_refresh_percent = cache_refresh_percent;
state->cr = cr = cache_req_create(state, rctx, data);
if (state->cr == NULL) {
@@ -1320,7 +1315,7 @@ static errno_t cache_req_next_domain(struct tevent_req *req)
}
subreq = cache_req_cache_send(state, state->ev, state->rctx,
- state->ncache, state->neg_timeout,
+ state->ncache,
state->cache_refresh_percent,
state->cr);
if (subreq == NULL) {
@@ -1432,14 +1427,13 @@ cache_req_steal_data_and_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
struct cache_req_data *data)
{
struct tevent_req *req;
- req = cache_req_send(mem_ctx, ev, rctx, ncache, neg_timeout,
+ req = cache_req_send(mem_ctx, ev, rctx, ncache,
cache_refresh_percent, domain, data);
if (req == NULL) {
talloc_zfree(data);
@@ -1456,7 +1450,6 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *name)
@@ -1469,8 +1462,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
- domain, data);
+ cache_refresh_percent, domain, data);
}
struct tevent_req *
@@ -1478,7 +1470,6 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
uid_t uid)
@@ -1491,8 +1482,7 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
- domain, data);
+ cache_refresh_percent, domain, data);
}
struct tevent_req *
@@ -1500,7 +1490,6 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *pem_cert)
@@ -1513,7 +1502,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
+ cache_refresh_percent,
domain, data);
}
@@ -1522,7 +1511,6 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *name)
@@ -1535,8 +1523,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
- domain, data);
+ cache_refresh_percent, domain, data);
}
struct tevent_req *
@@ -1544,7 +1531,6 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
gid_t gid)
@@ -1557,8 +1543,7 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
- domain, data);
+ cache_refresh_percent, domain, data);
}
struct tevent_req *
@@ -1566,7 +1551,6 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *name)
@@ -1579,8 +1563,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
- domain, data);
+ cache_refresh_percent, domain, data);
}
struct tevent_req *
@@ -1598,7 +1581,7 @@ cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL,
- 0, 0, domain, data);
+ 0, domain, data);
}
struct tevent_req *
@@ -1616,7 +1599,7 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL,
- 0, 0, domain, data);
+ 0, domain, data);
}
struct tevent_req *
@@ -1624,7 +1607,6 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *sid,
@@ -1638,6 +1620,5 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- neg_timeout, cache_refresh_percent,
- domain, data);
+ cache_refresh_percent, domain, data);
}
diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h
index fbbc1e5309a030e2fdd81c790e2e223e10c6d453..69fbaf416e5eb2836f3d6eb241ac6db931d3b3a5 100644
--- a/src/responder/common/responder_cache_req.h
+++ b/src/responder/common/responder_cache_req.h
@@ -68,7 +68,6 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
struct cache_req_data *data);
@@ -84,7 +83,6 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *name);
@@ -97,7 +95,6 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
uid_t uid);
@@ -107,13 +104,12 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx,
struct tevent_req *
cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct resp_ctx *rctx,
- struct sss_nc_ctx *ncache,
- int neg_timeout,
- int cache_refresh_percent,
- const char *domain,
- const char *pem_cert);
+ struct tevent_context *ev,
+ struct resp_ctx *rctx,
+ struct sss_nc_ctx *ncache,
+ int cache_refresh_percent,
+ const char *domain,
+ const char *pem_cert);
#define cache_req_user_by_cert_recv(mem_ctx, req, _result, _domain, _name) \
cache_req_recv(mem_ctx, req, _result, _domain, _name)
@@ -123,7 +119,6 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *name);
@@ -136,7 +131,6 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
gid_t gid);
@@ -149,7 +143,6 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *name);
@@ -182,7 +175,6 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
- int neg_timeout,
int cache_refresh_percent,
const char *domain,
const char *sid,
diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
index 08f34b7a3634d9eb3963c556c4da380dd4dd8d85..411cebc12079e01b05d341ca98f159f30d9395a1 100644
--- a/src/responder/ifp/ifp_groups.c
+++ b/src/responder/ifp/ifp_groups.c
@@ -118,8 +118,7 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req,
}
req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- NULL, name);
+ ctx->ncache, 0, NULL, name);
if (req == NULL) {
return ENOMEM;
}
@@ -189,8 +188,7 @@ int ifp_groups_find_by_id(struct sbus_request *sbus_req,
}
req = cache_req_group_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- NULL, id);
+ ctx->ncache, 0, NULL, id);
if (req == NULL) {
return ENOMEM;
}
@@ -528,8 +526,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx,
}
subreq = cache_req_group_by_name_send(state, ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- domain->name, name);
+ ctx->ncache, 0, domain->name, name);
if (subreq == NULL) {
ret = ENOMEM;
goto immediately;
@@ -607,8 +604,7 @@ errno_t resolv_ghosts_step(struct tevent_req *req)
}
subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx,
- state->ctx->ncache, state->ctx->neg_timeout,
- 0, state->domain->name,
+ state->ctx->ncache, 0, state->domain->name,
state->ghosts[state->index]);
if (subreq == NULL) {
return ENOMEM;
diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
index e542e811c7a5384ddcd2a4bc93c2280ead1c0574..f362ea289be2a2188b588ebaf69c1d98d432c29f 100644
--- a/src/responder/ifp/ifp_users.c
+++ b/src/responder/ifp/ifp_users.c
@@ -99,8 +99,7 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req,
}
req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- NULL, name);
+ ctx->ncache, 0, NULL, name);
if (req == NULL) {
return ENOMEM;
}
@@ -170,8 +169,7 @@ int ifp_users_find_by_id(struct sbus_request *sbus_req,
}
req = cache_req_user_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- NULL, id);
+ ctx->ncache, 0, NULL, id);
if (req == NULL) {
return ENOMEM;
}
@@ -257,8 +255,7 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data,
}
req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- NULL, derb64);
+ ctx->ncache, 0, NULL, derb64);
if (req == NULL) {
return ENOMEM;
}
@@ -654,8 +651,7 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req,
}
req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->ncache, ctx->neg_timeout, 0,
- domain->name, username);
+ ctx->ncache, 0, domain->name, username);
if (req == NULL) {
return ENOMEM;
}
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index 399e83e0255700df5a24491a3eb33b4f92040ca7..00f0272bc1cf11a80603eed2ba60bda68ecf4a6c 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -514,8 +514,7 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq)
}
subreq = cache_req_send(state, state->rctx->ev, state->rctx,
- state->ncache, state->neg_timeout, 0,
- state->domname, data);
+ state->ncache, 0, state->domname, data);
if (subreq == NULL) {
tevent_req_error(req, ENOMEM);
return;
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index bebd6ba1994a252ec625ced540f2e7872477ff21..8f5404150f79164200851345251bda85e828fd9d 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -198,7 +198,6 @@ static errno_t pac_resolve_user_sid_next(struct pac_req_ctx *pr_ctx)
req = cache_req_object_by_sid_send(pr_ctx, pr_ctx->cctx->ev,
pr_ctx->cctx->rctx,
pr_ctx->pac_ctx->ncache,
- pr_ctx->pac_ctx->neg_timeout,
0, pr_ctx->dom->name,
pr_ctx->user_sid_str,
pw_attrs);
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 4c41517f95ba30e675ade020684d3f68378cd89b..78521e895fc50abed679293f67d050d0a609867a 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -251,12 +251,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
pam_dp_reconnect_init, iter);
}
- /* Set up the negative cache */
- ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
- &pctx->neg_timeout);
- if (ret != EOK) goto done;
-
/* Set up the PAM identity timeout */
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_ID_TIMEOUT, 5,
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
index b44e1c3378817aa169fa1fe8995bdb223f593cb0..a4d2ae69eb4093da1566748198a6f644c528a857 100644
--- a/src/responder/pam/pamsrv.h
+++ b/src/responder/pam/pamsrv.h
@@ -34,7 +34,6 @@ typedef void (pam_dp_callback_t)(struct pam_auth_req *preq);
struct pam_ctx {
struct resp_ctx *rctx;
struct sss_nc_ctx *ncache;
- int neg_timeout;
time_t id_timeout;
hash_table_t *id_table;
size_t trusted_uids_count;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index fb0cbbbea703cb88cfb7e5e84655d6b8a3144774..6fd934509090cd35d0c552a036e058a301a54773 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1247,8 +1247,7 @@ static void pam_forwarder_cert_cb(struct tevent_req *req)
req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx,
- pctx->ncache, pctx->neg_timeout,
- 0, NULL, cert);
+ pctx->ncache, 0, NULL, cert);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n");
ret = ENOMEM;
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 61f042670810a4566eadee9a0752c9dac96b6fb0..b981a3252a5d2ad48c302515292863b6ebb31ec1 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -457,9 +457,7 @@ struct tevent_req *sudosrv_get_rules_send(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_TRACE_FUNC, "Running initgroups for [%s]\n", username);
subreq = cache_req_initgr_by_name_send(state, ev, sudo_ctx->rctx,
- sudo_ctx->ncache,
- sudo_ctx->neg_timeout,
- 0, NULL, username);
+ sudo_ctx->ncache, 0, NULL, username);
if (subreq == NULL) {
ret = ENOMEM;
goto immediately;
diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
index 679e2c1eb2ae2b81976c299daf4653230624a0e9..6c13500cef9ec82dde9d97f97f7fb492fe0e3b8f 100644
--- a/src/tests/cmocka/test_responder_cache_req.c
+++ b/src/tests/cmocka/test_responder_cache_req.c
@@ -72,7 +72,7 @@ struct test_group {
check_leaks_push(req_mem_ctx); \
\
req = send_fn(req_mem_ctx, ctx->tctx->ev, ctx->rctx, \
- ctx->ncache, 10, crp, \
+ ctx->ncache, crp, \
(dom == NULL ? NULL : dom->name), lookup); \
assert_non_null(req); \
tevent_req_set_callback(req, done_fn, ctx); \
@@ -367,7 +367,7 @@ static void run_object_by_sid(struct cache_req_test_ctx *test_ctx,
check_leaks_push(req_mem_ctx);
req = cache_req_object_by_sid_send(req_mem_ctx, test_ctx->tctx->ev,
- test_ctx->rctx, test_ctx->ncache, 10, cache_refresh_percent,
+ test_ctx->rctx, test_ctx->ncache, cache_refresh_percent,
(domain == NULL ? NULL : domain->name), sid, attrs);
assert_non_null(req);
tevent_req_set_callback(req, cache_req_object_by_sid_test_done, test_ctx);
@@ -589,7 +589,7 @@ void test_user_by_name_multiple_domains_parse(void **state)
check_leaks_push(req_mem_ctx);
req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev,
- test_ctx->rctx, test_ctx->ncache, 10, 0,
+ test_ctx->rctx, test_ctx->ncache, 0,
NULL, fqn);
assert_non_null(req);
tevent_req_set_callback(req, cache_req_user_by_name_test_done, test_ctx);
@@ -1089,7 +1089,7 @@ void test_group_by_name_multiple_domains_parse(void **state)
mock_parse_inp(name, "responder_cache_req_test_d", ERR_OK);
req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev,
- test_ctx->rctx, test_ctx->ncache, 10, 0,
+ test_ctx->rctx, test_ctx->ncache, 0,
NULL, fqn);
assert_non_null(req);
tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx);
--
2.5.5
>From 2e9bc4d3ed9103e7ab85174d03cd2db3d33747c9 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 08:23:27 -0400
Subject: [PATCH 5/8] RESPONDER: Removing neg_timeout from pac_ctx
It removes neg_timeout parameter from pac responder. Timeout is handled
by internall structure of negative cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/pac/pacsrv.c | 10 ----------
src/responder/pac/pacsrv.h | 1 -
2 files changed, 11 deletions(-)
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index d58350631338f3fb6210ce80e4dc29a498f8954d..f2cc7f95a6928db0b070ec96f1ff5f691193c64a 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -196,16 +196,6 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- /* Set up the negative cache */
- ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
- &pac_ctx->neg_timeout);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Failed to setup negative cache timeout.\n");
- goto fail;
- }
-
ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
if (ret != EOK) goto fail;
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 3d9f07dcba3c8a03a3a29a8a95ff2ef0df24c80b..b2899bff2273f20b7f6cff109f605c1740175799 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -36,7 +36,6 @@ struct pac_ctx {
struct local_mapping_ranges *range_map;
int pac_lifetime;
- int neg_timeout;
struct sss_nc_ctx *ncache;
};
--
2.5.5
>From bf676582a0e67d33eab498506763ae4fdc52e3f2 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 08:36:32 -0400
Subject: [PATCH 6/8] RESPONDER: Removing neg_timeout from sudo resp.
Timout of negative cache is handled by context of negative cache. So
this parameter is not needed now.
Resolves:
https://fedorahosted.org/sssd/ticket/2137
---
src/responder/sudo/sudosrv.c | 9 ---------
src/responder/sudo/sudosrv_private.h | 1 -
2 files changed, 10 deletions(-)
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index 6cee1678cb391a6b4708ef6671bd7e1194dd0a46..cf131853d16314356e18063972812f56ccbb4386 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -128,15 +128,6 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
sudo_ctx->rctx = rctx;
sudo_ctx->rctx->pvt_ctx = sudo_ctx;
- ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
- &sudo_ctx->neg_timeout);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "fatal error getting ncache timeout\n");
- goto fail;
- }
-
sss_ncache_prepopulate(sudo_ctx->ncache, sudo_ctx->rctx->cdb, rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
diff --git a/src/responder/sudo/sudosrv_private.h b/src/responder/sudo/sudosrv_private.h
index 99eef03e950f88d9296dbf33e66c68f100523cc9..a44d724ed488415ffb6f7d0276614eee017f98a1 100644
--- a/src/responder/sudo/sudosrv_private.h
+++ b/src/responder/sudo/sudosrv_private.h
@@ -43,7 +43,6 @@ enum sss_sudo_type {
struct sudo_ctx {
struct resp_ctx *rctx;
- int neg_timeout;
struct sss_nc_ctx *ncache;
/*
--
2.5.5
>From c63ef0343401d86ad447e207b3911a76467a4254 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 08:52:35 -0400
Subject: [PATCH 7/8] RESPONDER: Removing neg_timeout from ifp repsonder
Timeout of negative cache is handled by context of negative cache
itself. This patch removes neg_timeout parameter from ifp_ctx and from
ifp_user_get_attr_state.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/ifp/ifp_private.h | 1 -
src/responder/ifp/ifpsrv.c | 7 -------
src/responder/ifp/ifpsrv_cmd.c | 12 ++++--------
3 files changed, 4 insertions(+), 16 deletions(-)
diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h
index 43519de6fef3033f1e47cecb787d6b02dc9c6e56..9eacdbb9e43a17db4800eb0eb12cdc3e4f130741 100644
--- a/src/responder/ifp/ifp_private.h
+++ b/src/responder/ifp/ifp_private.h
@@ -40,7 +40,6 @@ struct ifp_ctx {
struct resp_ctx *rctx;
struct sss_names_ctx *snctx;
struct sss_nc_ctx *ncache;
- int neg_timeout;
struct sysbus_ctx *sysbus;
const char **user_whitelist;
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index 969dbcd31ff3df661b163845242c8390bb8f4bd2..55a182143b82c7eedfa4f4619adc6ab1de73bf4d 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -284,13 +284,6 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
}
/* Set up the negative cache */
- ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
- &ifp_ctx->neg_timeout);
- if (ret != EOK) {
- goto fail;
- }
-
ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout);
if (ret != EOK) goto fail;
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index 00f0272bc1cf11a80603eed2ba60bda68ecf4a6c..c50f51763fdf5cfcf941c8be76333ddafe9023b5 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -35,7 +35,7 @@ struct ifp_attr_req {
static struct tevent_req *
ifp_user_get_attr_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
- struct sss_nc_ctx *ncache, int neg_timeout,
+ struct sss_nc_ctx *ncache,
enum sss_dp_acct_type search_type,
const char *inp, const char **attrs);
static errno_t ifp_user_get_attr_recv(TALLOC_CTX *mem_ctx,
@@ -91,8 +91,7 @@ int ifp_user_get_attr(struct sbus_request *dbus_req, void *data)
attr_req->name, ireq->dbus_req->client);
req = ifp_user_get_attr_send(ireq, ifp_ctx->rctx,
- ifp_ctx->ncache, ifp_ctx->neg_timeout,
- SSS_DP_USER,
+ ifp_ctx->ncache, SSS_DP_USER,
attr_req->name, attr_req->attrs);
if (req == NULL) {
return sbus_request_finish(dbus_req, NULL);
@@ -321,8 +320,7 @@ int ifp_user_get_groups(struct sbus_request *dbus_req,
group_req->name, group_req->ireq->dbus_req->client);
req = ifp_user_get_attr_send(ireq, ifp_ctx->rctx,
- ifp_ctx->ncache, ifp_ctx->neg_timeout,
- SSS_DP_INITGROUPS,
+ ifp_ctx->ncache, SSS_DP_INITGROUPS,
group_req->name, group_req->attrs);
if (req == NULL) {
return sbus_request_finish(dbus_req, NULL);
@@ -433,7 +431,6 @@ struct ifp_user_get_attr_state {
struct resp_ctx *rctx;
struct sss_nc_ctx *ncache;
- int neg_timeout;
};
static void ifp_user_get_attr_lookup(struct tevent_req *subreq);
@@ -441,7 +438,7 @@ static void ifp_user_get_attr_done(struct tevent_req *subreq);
static struct tevent_req *
ifp_user_get_attr_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
- struct sss_nc_ctx *ncache, int neg_timeout,
+ struct sss_nc_ctx *ncache,
enum sss_dp_acct_type search_type,
const char *inp, const char **attrs)
{
@@ -458,7 +455,6 @@ ifp_user_get_attr_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,
state->attrs = attrs;
state->rctx = rctx;
state->ncache = ncache;
- state->neg_timeout = neg_timeout;
state->search_type = search_type;
subreq = sss_parse_inp_send(req, rctx, inp);
--
2.5.5
>From 92d3f10e3ac07fc426accfdb70560db7ccc5fe1b Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 22 Apr 2016 09:19:57 -0400
Subject: [PATCH 8/8] RESPONDER: Removing neg_timeout from nss responder
Timeout of negative cahce is handled by internal negative cache
context. This patch removes neg_timeout from struct nss_ctx.
Resolves:
https://fedorahosted.org/sssd/ticket/2317
---
src/responder/common/responder_cache_req.c | 1 -
src/responder/nss/nsssrv.c | 5 -----
src/responder/nss/nsssrv.h | 1 -
src/responder/nss/nsssrv_netgroup.c | 7 +++++--
src/tests/cmocka/test_negcache.c | 1 -
src/tests/cmocka/test_nss_srv.c | 1 -
src/tests/cmocka/test_pam_srv.c | 2 --
7 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c
index 1ad14128183a28edd2f953d9611ca26fb0c53397..a3253a5efcfea014a01dc38e42ae2a4466dff1a2 100644
--- a/src/responder/common/responder_cache_req.c
+++ b/src/responder/common/responder_cache_req.c
@@ -896,7 +896,6 @@ struct cache_req_cache_state {
struct tevent_context *ev;
struct resp_ctx *rctx;
struct sss_nc_ctx *ncache;
- int neg_timeout;
int cache_refresh_percent;
struct cache_req *cr;
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 5dfee5a3209b3c5056093fbfbdc54046136a2e5e..363ee7bffac5a3fa61a9d81ae5821ed6ffaa50d7 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -230,11 +230,6 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->enum_cache_timeout);
if (ret != EOK) goto done;
- ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
- &nctx->neg_timeout);
- if (ret != EOK) goto done;
-
ret = confdb_get_bool(cdb, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_FILTER_USERS_IN_GROUPS, true,
&nctx->filter_users_in_groups);
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index e293e3b4d03582abf6abf07cce61d3b6fdebfcae..28e62b78acf85299c5d813182fca68ca964549d3 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -44,7 +44,6 @@ struct sss_mc_ctx;
struct nss_ctx {
struct resp_ctx *rctx;
- int neg_timeout;
struct sss_nc_ctx *ncache;
int cache_refresh_percent;
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index 383b44a2c9b1fb87d3abfdce071b226a561e22a7..cde3a207430c6e42cc71036242e04fce48ac94f5 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -433,6 +433,7 @@ static void set_netgr_lifetime(uint32_t lifetime,
static errno_t create_negcache_netgr(struct setent_step_ctx *step_ctx)
{
errno_t ret;
+ uint32_t lifetime;
struct getent_ctx *netgr;
/* Is there already netgroup with such name? */
@@ -466,7 +467,8 @@ static errno_t create_negcache_netgr(struct setent_step_ctx *step_ctx)
netgr->ready = true;
netgr->found = false;
- set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr);
+ lifetime = sss_ncache_get_timeout(step_ctx->nctx->ncache);
+ set_netgr_lifetime(lifetime, step_ctx, netgr);
ret = EOK;
@@ -585,7 +587,8 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
"Failed to convert results into entries\n");
netgr->ready = true;
netgr->found = false;
- set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr);
+ lifetime = sss_ncache_get_timeout(step_ctx->nctx->ncache);
+ set_netgr_lifetime(lifetime, step_ctx, netgr);
ret = EIO;
goto done;
}
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index d00e7c25bbe27feaa6449769eaa22ba16f5d908a..709bb21d64e48cf58f84bb58b20b36a5da9be283 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -84,7 +84,6 @@ mock_nctx(TALLOC_CTX *mem_ctx)
talloc_free(nctx);
return NULL;
}
- nctx->neg_timeout = 10;
nctx->pwfield = discard_const("*");
err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 30df38b324f5a57d408fb52fc2c30c5577c8ef40..9471e51bd8203a2112e300b3590e5b313df9494a 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -75,7 +75,6 @@ mock_nctx(TALLOC_CTX *mem_ctx)
talloc_free(nctx);
return NULL;
}
- nctx->neg_timeout = 10;
nctx->pwfield = discard_const("*");
err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index 75c3ddcf5fd4a0a349e906cacfe1a64dc814375c..d88d9a03681189ffe731827550e375d203e5982d 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -180,8 +180,6 @@ struct pam_ctx *mock_pctx(TALLOC_CTX *mem_ctx)
ret = sss_ncache_init(pctx, 10, &pctx->ncache);
assert_int_equal(ret, EOK);
- pctx->neg_timeout = 10;
-
ret = sss_hash_create(pctx, 10, &pctx->id_table);
assert_int_equal(ret, EOK);
--
2.5.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
