URL: https://github.com/SSSD/sssd/pull/762 Author: sumit-bose Title: #762: responder: fix domain lookup refresh timeout Action: opened
PR body: """ Currently the timeout to check for new domains is reset whenever there is a request with an unknown domain name. If those requests happen more then once a minute (the default timeout) the timeout is always reset before it can expire and as a result the domain list is never refreshed. If SSSD starts offline with an empty domain list the NSS responder might never be able to resolve sub-domain users or groups even if the backend has switched to the online state and already refreshed the domain list. Related to https://pagure.io/SSSD/sssd/issue/3967 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/762/head:pr762 git checkout pr762
From 8b5659c75d1bb20fbf92b0eb4cae5c8fa6992322 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 25 Feb 2019 11:32:32 +0100 Subject: [PATCH] responder: fix domain lookup refresh timeout Currently the timeout to check for new domains is reset whenever there is a request with an unknown domain name. If those requests happen more then once a minute (the default timeout) the timeout is always reset before it can expire and as a result the domain list is never refreshed. If SSSD starts offline with an empty domain list the NSS responder might never be able to resolve sub-domain users or groups even if the backend has switched to the online state and already refreshed the domain list. Related to https://pagure.io/SSSD/sssd/issue/3967 --- src/responder/common/responder_get_domains.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index 7222a1ea7a..b60d0e0232 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -163,6 +163,7 @@ struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; struct tevent_req *subreq; struct sss_dp_get_domains_state *state; + bool refresh_timeout = false; req = tevent_req_create(mem_ctx, &state, struct sss_dp_get_domains_state); if (req == NULL) { @@ -187,6 +188,7 @@ struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, goto immediately; } } + refresh_timeout = true; state->rctx = rctx; if (hint != NULL) { @@ -228,7 +230,9 @@ struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, immediately: if (ret == EOK) { - set_time_of_last_request(rctx); + if (refresh_timeout) { + set_time_of_last_request(rctx); + } tevent_req_done(req); } else { tevent_req_error(req, ret);
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org