diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-03 15:33:00 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-04 08:27:16 -0500 |
| commit | bd92e8ee315d4da9350b9ef0358c88a7b54aeebe (patch) | |
| tree | ffc81e481eb3547a0d6aeec5ff01511559536471 /src/providers | |
| parent | f393e23f264a299868a12bec40a390a7ecd65d10 (diff) | |
| download | sssd-bd92e8ee315d4da9350b9ef0358c88a7b54aeebe.tar.gz sssd-bd92e8ee315d4da9350b9ef0358c88a7b54aeebe.tar.xz sssd-bd92e8ee315d4da9350b9ef0358c88a7b54aeebe.zip | |
NSS: Add individual timeouts for entry types
https://fedorahosted.org/sssd/ticket/1016
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 2 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_id.c | 4 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_id.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_netgroups.c | 12 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 14 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_netgroups.c | 3 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_services.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_users.c | 2 | ||||
| -rw-r--r-- | src/providers/proxy/proxy.h | 1 | ||||
| -rw-r--r-- | src/providers/proxy/proxy_id.c | 14 | ||||
| -rw-r--r-- | src/providers/proxy/proxy_init.c | 5 | ||||
| -rw-r--r-- | src/providers/proxy/proxy_netgroup.c | 3 | ||||
| -rw-r--r-- | src/providers/proxy/proxy_services.c | 6 |
16 files changed, 33 insertions, 39 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index ba22830e1..e8df5e152 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -70,7 +70,6 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, { "/etc/ipa/ca.crt" }, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 9cbd993f5..5bf1b7c9d 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 60 +#define IPA_OPTS_BASIC_TEST 59 #define IPA_OPTS_SVC_TEST 5 diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 7302a8da0..7067f015e 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -232,8 +232,8 @@ static void ipa_netgroup_get_connect_done(struct tevent_req *subreq) return; } - subreq = ipa_get_netgroups_send(state, state->ev, - state->sysdb, sdap_ctx->opts, + subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb, + state->domain, sdap_ctx->opts, state->ctx->ipa_options, sdap_id_op_handle(state->op), state->attrs, state->filter, diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 04a6c2b8a..3a8fdb44d 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -34,6 +34,7 @@ void ipa_account_info_handler(struct be_req *breq); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 620f03cc8..ad0a1ef36 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -39,6 +39,7 @@ struct ipa_get_netgroups_state { struct ipa_options *ipa_opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; + struct sss_domain_info *dom; const char **attrs; int timeout; @@ -64,6 +65,7 @@ struct ipa_get_netgroups_state { static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, + struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs) { @@ -166,9 +168,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), - 0); + dom->netgroup_timeout, 0); if (ret) goto fail; return EOK; @@ -185,6 +185,7 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, @@ -208,6 +209,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, state->timeout = timeout; state->base_filter = filter; state->netgr_base_iter = 0; + state->dom = dom; if (!ipa_options->id->netgroup_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -976,8 +978,8 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) } } } - ret = ipa_save_netgroup(state, state->sysdb, state->opts, - state->netgroups[i]); + ret = ipa_save_netgroup(state, state->sysdb, state->dom, + state->opts, state->netgroups[i]); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 38bd1b4f3..737b9156c 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -61,7 +61,6 @@ struct dp_option default_basic_opts[] = { { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, - { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 7bf1805c1..2e1dfa959 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -173,7 +173,6 @@ enum sdap_basic_opt { SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, SDAP_CACHE_PURGE_TIMEOUT, - SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_TLS_CERT, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index f89362647..feb13db98 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -358,8 +358,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_store_group_with_gid(ctx, name, gid, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), + dom->group_timeout, posix_group, now); if (ret) goto fail; @@ -430,8 +429,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, DEBUG(6, ("Storing members for group %s\n", name)); ret = sysdb_store_group(ctx, name, 0, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->group_timeout, now); if (ret) goto fail; return EOK; @@ -1979,6 +1977,7 @@ immediate: static errno_t sdap_nested_group_check_hash(struct sdap_nested_group_ctx *); static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *member_dn, struct ldb_message ***_msgs, @@ -2034,6 +2033,7 @@ static errno_t sdap_nested_group_process_deref_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2140,6 +2140,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) } ret = sdap_nested_group_check_cache(state, state->sysdb, + state->domain, state->opts, state->member_dn, &msgs, &mtype); @@ -2233,6 +2234,7 @@ sdap_nested_group_check_hash(struct sdap_nested_group_ctx *state) static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, struct sdap_options *opts, char *dn, struct ldb_message ***_msgs, @@ -2293,9 +2295,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, create_time = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CREATE_TIME, 0); - expiration = create_time + - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT); + expiration = create_time + dom->user_timeout; } else { /* Regular user, check if we need a refresh */ expiration = ldb_msg_find_attr_as_uint64(msgs[0], diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index f3a378f64..37aa2f112 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -128,8 +128,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, } ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT), now); + dom->netgroup_timeout, now); if (ret) goto fail; if (_timestamp) { diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index f414040bc..bde5820d2 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -458,7 +458,7 @@ sdap_save_service(TALLOC_CTX *mem_ctx, goto done; } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->service_timeout; ret = sysdb_store_service(sysdb, name, port, aliases, protocols, svc_attrs, missing, cache_timeout, now); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 011683219..fa9c0a799 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -235,7 +235,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT); + cache_timeout = dom->user_timeout; if (is_initgr) { ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index e9a550fdb..3641d6ee5 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -100,7 +100,6 @@ struct authtok_conv { struct proxy_id_ctx { struct be_ctx *be; - int entry_cache_timeout; struct proxy_nss_ops ops; void *handle; }; diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index b11750f73..206af294f 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -100,7 +100,7 @@ static int get_pw_name(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -263,7 +263,7 @@ static int get_pw_uid(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } @@ -394,7 +394,7 @@ again: goto again; /* skip */ } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -603,7 +603,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -732,7 +732,7 @@ again: break; } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { goto done; } @@ -864,7 +864,7 @@ again: goto again; /* skip */ } - ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout); + ret = save_group(sysdb, dom, grp, dom->group_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -967,7 +967,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx, break; } - ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout); + ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout); if (ret) { goto done; } diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index d43550bfa..46b2e7c36 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -101,11 +101,6 @@ int sssm_proxy_id_init(struct be_ctx *bectx, } ctx->be = bectx; - ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, - CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600, - &ctx->entry_cache_timeout); - if (ret != EOK) goto done; - ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index c81e60c61..47a425b46 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -152,7 +152,8 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, } ret = save_netgroup(sysdb, name, attrs, - !dom->case_sensitive, ctx->entry_cache_timeout); + !dom->case_sensitive, + dom->netgroup_timeout); if (ret != EOK) { DEBUG(1, ("sysdb_add_netgroup failed.\n")); goto done; diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c index 79508a219..e5654d75b 100644 --- a/src/providers/proxy/proxy_services.c +++ b/src/providers/proxy/proxy_services.c @@ -138,7 +138,7 @@ get_serv_byname(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -191,7 +191,7 @@ get_serv_byport(struct proxy_id_ctx *ctx, /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, result, !dom->case_sensitive, - ctx->entry_cache_timeout); + dom->service_timeout); } done: @@ -339,7 +339,7 @@ again: const_aliases, protocols, NULL, NULL, - ctx->entry_cache_timeout, + dom->service_timeout, now); if (ret) { /* Do not fail completely on errors. |