diff options
| author | Michal Židek <mzidek@redhat.com> | 2017-10-19 16:42:19 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-10-24 15:13:23 +0200 |
| commit | ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4 (patch) | |
| tree | dc9eb072a7d66f37fc535f44b7e84ce65a09a043 | |
| parent | 878b0d42aca5839fdc1d97a68ce181e280f1ed7b (diff) | |
| download | sssd-ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4.tar.gz sssd-ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4.tar.xz sssd-ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4.zip | |
NSS: Specify memcache_timeout=0 semantics
With this patch the memcache files will not be created when
memcache_timeout is set to zero.
Resolves:
https://pagure.io/SSSD/sssd/issue/3496
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/responder/nss/nsssrv.c | 6 | ||||
| -rw-r--r-- | src/tests/intg/test_memory_cache.py | 59 |
2 files changed, 65 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 21dd19822..32bfcd69b 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -277,6 +277,12 @@ static int setup_memcaches(struct nss_ctx *nctx) return ret; } + if (memcache_timeout == 0) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Fast in-memory cache will not be initialized."); + return EOK; + } + /* TODO: read cache sizes from configuration */ ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD, SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py index c7ba72490..cac9feb00 100644 --- a/src/tests/intg/test_memory_cache.py +++ b/src/tests/intg/test_memory_cache.py @@ -207,6 +207,32 @@ def fqname_case_insensitive_rfc2307(request, ldap_conn): return None +@pytest.fixture +def zero_timeout_rfc2307(request, ldap_conn): + load_data_to_ldap(request, ldap_conn) + + conf = unindent("""\ + [sssd] + domains = LDAP + services = nss + + [nss] + memcache_timeout = 0 + + [domain/LDAP] + ldap_auth_disable_tls_never_use_in_production = true + ldap_schema = rfc2307 + id_provider = ldap + auth_provider = ldap + sudo_provider = ldap + ldap_uri = {ldap_conn.ds_inst.ldap_url} + ldap_search_base = {ldap_conn.ds_inst.base_dn} + """).format(**locals()) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + return None + + def test_getpwnam(ldap_conn, sanity_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -778,3 +804,36 @@ def test_removed_mc(ldap_conn, sanity_rfc2307): grp.getgrnam('group1') with pytest.raises(KeyError): grp.getgrgid(2001) + + +def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): + """ + Test that the memory cache is not created at all with memcache_timeout=0 + """ + # No memory cache files must be created + assert len(os.listdir(config.MCACHE_PATH)) == 0 + + ent.assert_passwd_by_name( + 'user1', + dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + ent.assert_passwd_by_uid( + 1001, + dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + + ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) + ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) + stop_sssd() + + # sssd is stopped; so the memory cache should not be used + # in long living clients (py.test in this case) + with pytest.raises(KeyError): + pwd.getpwnam('user1') + with pytest.raises(KeyError): + pwd.getpwuid(1001) + + with pytest.raises(KeyError): + grp.getgrnam('group1') + with pytest.raises(KeyError): + grp.getgrgid(2001) |