This patch makes several changes, making the code more manageable by reducing the places we need to look for cache values, as well as improving the granularity of our cache settings.
1) Add four new options: entry_cache_user_timeout, entry_cache_group_timeout, entry_cache_netgroup_timeout and entry_cache_service_timeout. If they are unspecified, they will be populated internally with the value of entry_cache_timeout (or its default in turn of 5400). 2) These new cache values are stored as members of the sss_domain_info structure, which we have available pretty much everywhere in the providers. 3) It removes 'entry_cache_timeout' from the dp_opt lists for both the LDAP and IPA identity providers, in preference to the sss_domain_info structure. 4) The proxy provider no longer reads the entry_cache_timeout into its own proxy_id_ctx either, in preference to the sss_domain_info structure. There are also two minor additional fixes I included while adding these features. There were two places in the code where we were incorrectly using the entry_cache_timeout as the timeout value of an LDAP operation. Thus, it was possible to be stuck waiting 90 minutes (by default) for an LDAP server to reply. (This was only possible during nested group processing on FreeIPA servers, I believe).
From 8bf2c5e4b15ed5567a3a821936cd96e586281213 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Thu, 2 Feb 2012 20:19:04 -0500 Subject: [PATCH] NSS: Add individual timeouts for entry types https://fedorahosted.org/sssd/ticket/1016 --- src/confdb/confdb.c | 53 ++++++++++++++++++++++++++- src/confdb/confdb.h | 10 +++++- src/config/SSSDConfig.py | 4 ++ src/config/SSSDConfigTest.py | 8 ++++ src/config/etc/sssd.api.conf | 5 +++ src/providers/ipa/ipa_common.h | 2 +- src/providers/ipa/ipa_id.c | 4 +- src/providers/ipa/ipa_id.h | 1 + src/providers/ipa/ipa_netgroups.c | 12 ++++--- src/providers/ldap/ldap_common.c | 1 - src/providers/ldap/sdap.h | 1 - src/providers/ldap/sdap_async_groups.c | 16 ++++---- src/providers/ldap/sdap_async_initgroups.c | 2 +- src/providers/ldap/sdap_async_netgroups.c | 3 +- src/providers/ldap/sdap_async_services.c | 2 +- src/providers/ldap/sdap_async_users.c | 2 +- src/providers/proxy/proxy.h | 1 - src/providers/proxy/proxy_id.c | 14 ++++---- src/providers/proxy/proxy_init.c | 5 --- src/providers/proxy/proxy_netgroup.c | 3 +- src/providers/proxy/proxy_services.c | 6 ++-- src/responder/nss/nsssrv_netgroup.c | 2 +- 22 files changed, 113 insertions(+), 44 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index f0a8caa9de6e2f5021b3e4086944ecf63d05cdff..8b3a046f35e4a8c62c100a1c72ad8a3736cd5412 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -664,6 +664,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, struct ldb_dn *dn; const char *tmp; int ret, val; + uint32_t entry_cache_timeout; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -834,13 +835,61 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - ret = get_entry_as_uint32(res->msgs[0], &domain->entry_cache_timeout, + /* Get the global entry cache timeout setting */ + ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); if (ret != EOK) { - DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); goto done; } + /* Override the user cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout, + CONFDB_DOMAIN_USER_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_USER_CACHE_TIMEOUT)); + goto done; + } + + /* Override the group cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout, + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the netgroup cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout, + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT)); + goto done; + } + + /* Override the service cache timeout, if specified */ + ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout, + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT, + entry_cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Invalid value for [%s]\n", + CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT)); + goto done; + } + + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 7cfc73d2b8a9dd61c796fcc14d69c778dc2a0227..7b5a2c945d23e8a48060413c710f8043236672fa 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -124,6 +124,11 @@ #define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" #define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive" +#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout" +#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout" +#define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout" +#define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout" + /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" #define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" @@ -161,7 +166,10 @@ struct sss_domain_info { gid_t override_gid; const char *override_homedir; - uint32_t entry_cache_timeout; + uint32_t user_timeout; + uint32_t group_timeout; + uint32_t netgroup_timeout; + uint32_t service_timeout; struct sss_domain_info *next; }; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index a26c42534c553167ab5d5fc5068fc82fc2e059b2..a789e785b898772f41985501a3d97392d9f8b971 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -93,6 +93,10 @@ option_strings = { 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), 'case_sensitive' : _('Treat usernames as case sensitive'), + 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'), + 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index afc207c096cc0d79bdffd9eb7b9d8af7adf4c137..c44e6ba8f1723ef7eb95120109f4b0986a0bf330 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -479,6 +479,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', @@ -798,6 +802,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'filter_users', 'filter_groups', 'entry_cache_timeout', + 'entry_cache_user_timeout', + 'entry_cache_group_timeout', + 'entry_cache_netgroup_timeout', + 'entry_cache_service_timeout', 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 34b67dec32ad56f1d22813de01f9ecd0db6346a1..8a5449c4c7053ea3a8f3a95789fd71e2bf4dc555 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -76,6 +76,11 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false +#Entry cache timeouts +entry_cache_user_timeout = int, None, false +entry_cache_group_timeout = int, None, false +entry_cache_netgroup_timeout = int, None, false +entry_cache_service_timeout = int, None, false # Special providers [provider/permit] diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 9cbd993f547e76d53e6d46747c7181fe6592061a..5bf1b7c9d49641db755171dffa52ca8a6ec9d8ed 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 60 +#define IPA_OPTS_BASIC_TEST 59 #define IPA_OPTS_SVC_TEST 5 diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 7302a8da07fc2f521e7269e7b08ea9ac2cff9050..7067f015e4b4b914d3520b62404c31e1ef8d251c 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -232,8 +232,8 @@ static void ipa_netgroup_get_connect_done(struct tevent_req *subreq) return; } - subreq = ipa_get_netgroups_send(state, state->ev, - state->sysdb, sdap_ctx->opts, + subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb, + state->domain, sdap_ctx->opts, state->ctx->ipa_options, sdap_id_op_handle(state->op), state->attrs, state->filter, diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 04a6c2b8aaad024e55a71af39d486bd863313524..3a8fdb44d19d599aa1cec8e65b2e341f87e1b1a9 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -34,6 +34,7 @@ void ipa_account_info_handler(struct be_req *breq); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 620f03cc8e97addd87628d26a79b49158f82e251..ad0a1ef36ab11fa7c7b8a36629bb3ca82f29dc37 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -39,6 +39,7 @@ struct ipa_get_netgroups_state { struct ipa_options *ipa_opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; + struct sss_domain_info *dom; const char **attrs; int timeout; @@ -64,6 +65,7 @@ struct ipa_get_netgroups_state { static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, + struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs) { @@ -166,9 +168,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), - 0); + dom->netgroup_timeout, 0); if (ret) goto fail; return EOK; @@ -185,6 +185,7 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, @@ -208,6 +209,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, state->timeout = timeout; state->base_filter = filter; state->netgr_base_iter = 0; + state->dom = dom; if (!ipa_options->id->netgroup_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -976,8 +978,8 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) } } } - ret = ipa_save_netgroup(state, state->sysdb, state->opts, - state->netgroups[i]); + ret = ipa_save_netgroup(state, state->sysdb, state->dom, + state->opts, state->netgroups[i]); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 38bd1b4f3d2e82057e60e97a9ad420974a200057..737b9156c863c94b7a6ac030b9bddb11d124460f 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -61,7 +61,6 @@ struct dp_option default_basic_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 7bf1805c1798752e87d30e8173ea1b7c4944078b..2e1dfa959d5c6117cae00eb0752c9e31daef1d2f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -173,7 +173,6 @@ enum sdap_basic_opt { SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, SDAP_CACHE_PURGE_TIMEOUT, - SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_TLS_CERT, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index fe5dbd49a159c0ca4f57d60b7f69a8792e9a42c9..feb13db98bceb11098d3827e674dba8f94258f76 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -358,8 +358,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_store_group_with_gid(ctx, name, gid, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), + dom->group_timeout, posix_group, now); if (ret) goto fail; @@ -430,8 +429,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, DEBUG(6, ("Storing members for group %s\n", name)); ret = sysdb_store_group(ctx, name, 0, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->group_timeout, now); if (ret) goto fail; return EOK; @@ -1979,6 +1977,7 @@ immediate: static errno_t sdap_nested_group_check_hash(struct sdap_nested_group_ctx *); static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *member_dn, struct ldb_message ***_msgs, @@ -2034,6 +2033,7 @@ static errno_t sdap_nested_group_process_deref_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2140,6 +2140,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2233,6 +2234,7 @@ sdap_nested_group_check_hash(struct sdap_nested_group_ctx *state) static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *dn, struct ldb_message ***_msgs, @@ -2293,9 +2295,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, create_time = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CREATE_TIME, 0); - expiration = create_time + - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT); + expiration = create_time + dom->user_timeout; } else { /* Regular user, check if we need a refresh */ expiration = ldb_msg_find_attr_as_uint64(msgs[0], @@ -2401,7 +2401,7 @@ sdap_nested_group_process_deref_call(struct tevent_req *req) state->opts->user_map[SDAP_AT_USER_NAME].name; sdap_attrs[SDAP_OPTS_GROUP + 1] = NULL; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->derefctx->orig_dn, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index a769b100557b2d685cb022f09bea0d70ccfe3bb3..964f5b0a0f36951a7bf863b8e1f565e3e77407cf 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -808,7 +808,7 @@ static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req) SDAP_OPTS_GROUP, &sdap_attrs); if (ret != EOK) goto fail; - timeout = dp_opt_get_int(state->opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->orig_dn, diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 0888c7e2fcf03d0b133bcf93ad017086aedffe16..3491c7eb0f0b90b6a38dcfcca84a7eae5b9eaece 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -128,8 +128,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, } ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->netgroup_timeout, now); if (ret) goto fail; if (_timestamp) { diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index f414040bc08cfaf81fc01e22699f238989f48778..bde5820d28c8dba4029a81fc541b90678aba9523 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -458,7 +458,7 @@ sdap_save_service(TALLOC_CTX *mem_ctx, goto done; } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->service_timeout; ret = sysdb_store_service(sysdb, name, port, aliases, protocols, svc_attrs, missing, cache_timeout, now); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 01168321951fa9d14f4b58d891cb922c6c44d2c2..fa9c0a799d363a32f95c1a6ef5ef94afe3033b83 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -235,7 +235,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->user_timeout; if (is_initgr) { ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index e9a550fdb990eaa3a7078a25b35238694f5e73e9..3641d6ee544c69982d23e1f675c40da69b8de604 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -100,7 +100,6 @@ struct authtok_conv { struct proxy_id_ctx { struct be_ctx *be; - int entry_cache_timeout; struct proxy_nss_ops ops; void *handle; }; diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index b11750f736f44e1a9bc9de16d90f7db8beaacbf6..206af294f1870b9a89de2ebee4e5f5a68b2fa3e5 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -100,7 +100,7 @@ static int get_pw_name(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -263,7 +263,7 @@ static int get_pw_uid(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -394,7 +394,7 @@ again: goto again; /* skip */ } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -603,7 +603,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -732,7 +732,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -864,7 +864,7 @@ again: goto again; /* skip */ } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -967,7 +967,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index d43550bfaff0792b29b849f51b3714e4b27c3e55..46b2e7c36e5515b737c1f0e4e887ad5897b8d332 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -101,11 +101,6 @@ int sssm_proxy_id_init(struct be_ctx *bectx, } ctx->be = bectx; - ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, - CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600, - &ctx->entry_cache_timeout); - if (ret != EOK) goto done; - ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c81e60c61be9404fb16e2f4e3d422fb383ed161c..47a425b4673f2ec59c067385101b5ee3666ca0dd 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -152,7 +152,8 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, } ret = save_netgroup(sysdb, name, attrs, - !dom->case_sensitive, ctx->entry_cache_timeout); + !dom->case_sensitive, + dom->netgroup_timeout); if (ret != EOK) { DEBUG(1, ("sysdb_add_netgroup failed.\n")); goto done; diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c index 79508a219b6eb9c4ae8af4f5f2e6d21ff3d75e57..e5654d75b9cd2b06f75e5994c4cddcb8a175ba3d 100644 --- a/src/providers/proxy/proxy_services.c +++ b/src/providers/proxy/proxy_services.c @@ -138,7 +138,7 @@ get_serv_byname(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -191,7 +191,7 @@ get_serv_byport(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -339,7 +339,7 @@ again: const_aliases, protocols, NULL, NULL, - ctx->entry_cache_timeout, + dom->service_timeout, now); if (ret) { /* Do not fail completely on errors. diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index 093329fa3cc95e60bea52f1a6150818bc2cb0c4a..5311b4b479c39a15007e52c3431b041a118529ce 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -494,7 +494,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) name, dom->name)); netgr->ready = true; netgr->found = true; - set_netgr_lifetime(dom->entry_cache_timeout, step_ctx, netgr); + set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr); return EOK; } -- 1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
