From 3fb1ee96f508784d7e06f079111d4d32d401a99b Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Mon, 21 Sep 2015 10:26:20 -0400
Subject: confdb: warn if memcache_timeout > than entry_cache
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Only group and user records are cached in memory cache so only timeouts
for those are checked.

Resolves:
https://fedorahosted.org/sssd/ticket/2176

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/confdb/confdb.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index c097aad77..d811f7cbf 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -827,6 +827,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
     uint32_t entry_cache_timeout;
     char *default_domain;
     bool fqnames_default = false;
+    int memcache_timeout;
 
     tmp_ctx = talloc_new(mem_ctx);
     if (!tmp_ctx) return ENOMEM;
@@ -851,6 +852,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         goto done;
     }
 
+    ret = confdb_get_int(cdb,
+                         CONFDB_NSS_CONF_ENTRY,
+                         CONFDB_MEMCACHE_TIMEOUT,
+                         300, &memcache_timeout);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Unable to get memory cache entry timeout.\n");
+        goto done;
+    }
+
     domain = talloc_zero(mem_ctx, struct sss_domain_info);
     if (!domain) {
         ret = ENOMEM;
@@ -1078,6 +1089,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         goto done;
     }
 
+    if (domain->user_timeout < memcache_timeout) {
+        DEBUG(SSSDBG_CONF_SETTINGS,
+              "%s is less than %s. User records will not be updated before "
+              "memory cache entry expires.\n",
+              CONFDB_DOMAIN_USER_CACHE_TIMEOUT, CONFDB_MEMCACHE_TIMEOUT);
+    }
+
     /* Override the group cache timeout, if specified */
     ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout,
                               CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT,
@@ -1089,6 +1107,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         goto done;
     }
 
+    if (domain->group_timeout < memcache_timeout) {
+        DEBUG(SSSDBG_CONF_SETTINGS,
+              "%s is less than %s. Group records will not be updated before "
+              "memory cache entry expires.\n",
+              CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT, CONFDB_MEMCACHE_TIMEOUT);
+    }
+
     /* Override the netgroup cache timeout, if specified */
     ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout,
                               CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT,
-- 
cgit