From 3a21103f61bf9b60256cc2d0da54b757b634319f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 24 Oct 2009 13:36:34 -0400 Subject: Move responsibility for entry expiration timeout The providers are now responsible for determining how long a cached entry is considered valid. The default is the same as before (600s) --- server/providers/ipa/ipa_common.c | 8 ++++---- server/providers/ipa/ipa_common.h | 2 +- server/providers/ldap/ldap_common.c | 2 +- server/providers/ldap/sdap.h | 2 +- server/providers/ldap/sdap_async.c | 12 +++++++++--- server/providers/proxy.c | 30 ++++++++++++++++++++++-------- 6 files changed, 38 insertions(+), 18 deletions(-) (limited to 'server/providers') diff --git a/server/providers/ipa/ipa_common.c b/server/providers/ipa/ipa_common.c index e87373f52..83f3f6760 100644 --- a/server/providers/ipa/ipa_common.c +++ b/server/providers/ipa/ipa_common.c @@ -34,7 +34,7 @@ struct dp_option ipa_basic_opts[] = { { "ipa_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ipa_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ipa_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, - { "ipa_stale_time", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, + { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, }; struct dp_option ipa_def_ldap_opts[] = { @@ -56,7 +56,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, - { "ldap_stale_time", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, + { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, @@ -322,9 +322,9 @@ int ipa_get_id_options(TALLOC_CTX *memctx, dp_opt_get_int(ipa_opts->basic, IPA_ENUM_REFRESH_TIMEOUT)); ret = dp_opt_set_int(ipa_opts->id->basic, - SDAP_STALE_TIME, + SDAP_ENTRY_CACHE_TIMEOUT, dp_opt_get_int(ipa_opts->basic, - IPA_STALE_TIME)); + IPA_ENTRY_CACHE_TIMEOUT)); ret = sdap_get_map(ipa_opts->id, cdb, conf_path, diff --git a/server/providers/ipa/ipa_common.h b/server/providers/ipa/ipa_common.h index f7d3ab8cb..83ce48876 100644 --- a/server/providers/ipa/ipa_common.h +++ b/server/providers/ipa/ipa_common.h @@ -36,7 +36,7 @@ enum ipa_basic_opt { IPA_OPT_TIMEOUT, IPA_OFFLINE_TIMEOUT, IPA_ENUM_REFRESH_TIMEOUT, - IPA_STALE_TIME, + IPA_ENTRY_CACHE_TIMEOUT, IPA_OPTS_BASIC /* opts counter */ }; diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c index bb836c1ee..beb48a417 100644 --- a/server/providers/ldap/ldap_common.c +++ b/server/providers/ldap/ldap_common.c @@ -43,7 +43,7 @@ struct dp_option default_basic_opts[] = { { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, - { "ldap_stale_time", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, + { "entry_cache_timoeut", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h index 3768015b8..8ae9d0381 100644 --- a/server/providers/ldap/sdap.h +++ b/server/providers/ldap/sdap.h @@ -106,7 +106,7 @@ enum sdap_basic_opt { SDAP_OFFLINE_TIMEOUT, SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, - SDAP_STALE_TIME, + SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_ID_TLS, diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c index 140f3faec..28e4fa4f1 100644 --- a/server/providers/ldap/sdap_async.c +++ b/server/providers/ldap/sdap_async.c @@ -1509,7 +1509,9 @@ static struct tevent_req *sdap_save_user_send(TALLOC_CTX *memctx, subreq = sysdb_store_user_send(state, state->ev, state->handle, state->dom, state->name, pwd, uid, gid, gecos, homedir, shell, - user_attrs); + user_attrs, + dp_opt_get_int(opts->basic, + SDAP_ENTRY_CACHE_TIMEOUT)); if (!subreq) { ret = ENOMEM; goto fail; @@ -1933,7 +1935,9 @@ static struct tevent_req *sdap_set_grpmem_send(TALLOC_CTX *memctx, subreq = sysdb_store_group_send(memctx, ev, handle, dom, gm->name, 0, - member_users, member_groups, NULL); + member_users, member_groups, NULL, + dp_opt_get_int(opts->basic, + SDAP_ENTRY_CACHE_TIMEOUT)); /* steal members on subreq, * so they are freed when the request is finished */ @@ -2132,7 +2136,9 @@ static struct tevent_req *sdap_save_group_send(TALLOC_CTX *memctx, state->handle, state->dom, state->name, gid, member_users, member_groups, - group_attrs); + group_attrs, + dp_opt_get_int(opts->basic, + SDAP_ENTRY_CACHE_TIMEOUT)); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/server/providers/proxy.c b/server/providers/proxy.c index e3b31c3dd..bce6a75ae 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -58,6 +58,7 @@ struct proxy_nss_ops { struct proxy_ctx { struct be_ctx *be; + int entry_cache_timeout; struct proxy_nss_ops ops; }; @@ -415,7 +416,8 @@ static void get_pw_name_process(struct tevent_req *subreq) state->pwd->pw_gid, state->pwd->pw_gecos, state->pwd->pw_dir, - state->pwd->pw_shell, NULL); + state->pwd->pw_shell, + NULL, ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -607,7 +609,8 @@ static void get_pw_uid_process(struct tevent_req *subreq) state->pwd->pw_gid, state->pwd->pw_gecos, state->pwd->pw_dir, - state->pwd->pw_shell, NULL); + state->pwd->pw_shell, + NULL, ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -829,7 +832,8 @@ again: state->pwd->pw_gid, state->pwd->pw_gecos, state->pwd->pw_dir, - state->pwd->pw_shell, NULL); + state->pwd->pw_shell, + NULL, ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1000,7 +1004,8 @@ again: state->domain, state->grp->gr_name, state->grp->gr_gid, - members, NULL, NULL); + members, NULL, NULL, + ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1214,7 +1219,8 @@ again: state->domain, state->grp->gr_name, state->grp->gr_gid, - members, NULL, NULL); + members, NULL, NULL, + ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1442,7 +1448,8 @@ again: state->domain, state->grp->gr_name, state->grp->gr_gid, - members, NULL, NULL); + members, NULL, NULL, + ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1582,7 +1589,8 @@ static void get_initgr_process(struct tevent_req *subreq) state->pwd->pw_gid, state->pwd->pw_gecos, state->pwd->pw_dir, - state->pwd->pw_shell, NULL); + state->pwd->pw_shell, + NULL, ctx->entry_cache_timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1893,7 +1901,8 @@ again: state->grp->gr_name, state->grp->gr_gid, (const char **)state->grp->gr_mem, - NULL, NULL); + NULL, NULL, + ctx->entry_cache_timeout); if (!subreq) { ret = ENOMEM; goto fail; @@ -2233,6 +2242,11 @@ int sssm_proxy_init(struct be_ctx *bectx, } ctx->be = bectx; + ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, + CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600, + &ctx->entry_cache_timeout); + if (ret != EOK) goto done; + ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; -- cgit