diff options
author | Petr Cech <pcech@redhat.com> | 2016-05-05 11:16:14 -0400 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-10 18:42:25 +0200 |
commit | e7ccfb139388c947ec2dee16cfe3005f5643b90d (patch) | |
tree | adf642cd84332a6afafa90a70919117ecefbb5f0 /src/responder/common/negcache.c | |
parent | acf7cee13f07b368b0ccae69776309f7f69cbca1 (diff) | |
download | sssd-e7ccfb139388c947ec2dee16cfe3005f5643b90d.tar.gz sssd-e7ccfb139388c947ec2dee16cfe3005f5643b90d.tar.xz sssd-e7ccfb139388c947ec2dee16cfe3005f5643b90d.zip |
RESPONDERS: Negative caching of local users
This patch adds new option 'neg_cache_locals_timeout' into section
of NSS responder. It allows negative caching of local groups and
users. Default value is 0 which means no caching.
Resolves:
https://fedorahosted.org/sssd/ticket/2928
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder/common/negcache.c')
-rw-r--r-- | src/responder/common/negcache.c | 45 |
1 files changed, 32 insertions, 13 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 1488c12a8..025455238 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -21,6 +21,7 @@ #include "util/util.h" #include "confdb/confdb.h" +#include "responder/common/negcache_files.h" #include "responder/common/responder.h" #include "responder/common/negcache.h" #include <fcntl.h> @@ -40,6 +41,7 @@ struct sss_nc_ctx { struct tdb_context *tdb; uint32_t timeout; + uint32_t local_timeout; }; typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool, @@ -59,8 +61,8 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret) return EOK; } -int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, - struct sss_nc_ctx **_ctx) +int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, + uint32_t local_timeout, struct sss_nc_ctx **_ctx) { struct sss_nc_ctx *ctx; @@ -73,6 +75,7 @@ int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, if (!ctx->tdb) return errno; ctx->timeout = timeout; + ctx->local_timeout = local_timeout; *_ctx = ctx; return EOK; @@ -139,8 +142,8 @@ done: return ret; } -static int sss_ncache_set_str(struct sss_nc_ctx *ctx, - char *str, bool permanent) +static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str, + bool permanent, bool is_local) { TDB_DATA key; TDB_DATA data; @@ -154,7 +157,15 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx, if (permanent) { timest = talloc_strdup(ctx, "0"); } else { - timell = (unsigned long long int)time(NULL) + ctx->timeout; + if (is_local == true && ctx->local_timeout > 0) { + timell = (unsigned long long int)time(NULL) + ctx->local_timeout; + } else { + if (ctx->timeout > 0) { + timell = (unsigned long long int)time(NULL) + ctx->timeout; + } else { + return EOK; + } + } timest = talloc_asprintf(ctx, "%llu", timell); } if (!timest) return ENOMEM; @@ -300,7 +311,7 @@ static int sss_ncache_set_service_int(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_SERVICE_PREFIX, domain, name); if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent, false); talloc_free(str); return ret; @@ -446,6 +457,7 @@ int sss_ncache_check_cert(struct sss_nc_ctx *ctx, const char *cert) static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { + bool is_local; char *str; int ret; @@ -454,7 +466,8 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name); if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + is_local = is_user_local_by_name(name); + ret = sss_ncache_set_str(ctx, str, permanent, is_local); talloc_free(str); return ret; @@ -463,6 +476,7 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { + bool is_local; char *str; int ret; @@ -471,7 +485,8 @@ static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name); if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + is_local = is_group_local_by_name(name); + ret = sss_ncache_set_str(ctx, str, permanent, is_local); talloc_free(str); return ret; @@ -488,7 +503,7 @@ static int sss_ncache_set_netgr_int(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_NETGROUP_PREFIX, domain, name); if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent, false); talloc_free(str); return ret; @@ -535,6 +550,7 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, uid_t uid) { + bool is_local; char *str; int ret; @@ -546,7 +562,8 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, } if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + is_local = is_user_local_by_uid(uid); + ret = sss_ncache_set_str(ctx, str, permanent, is_local); talloc_free(str); return ret; @@ -555,6 +572,7 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, gid_t gid) { + bool is_local; char *str; int ret; @@ -566,7 +584,8 @@ int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, } if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + is_local = is_group_local_by_gid(gid); + ret = sss_ncache_set_str(ctx, str, permanent, is_local); talloc_free(str); return ret; @@ -580,7 +599,7 @@ int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid) str = talloc_asprintf(ctx, "%s/%s", NC_SID_PREFIX, sid); if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent, false); talloc_free(str); return ret; @@ -595,7 +614,7 @@ int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s", NC_CERT_PREFIX, cert); if (!str) return ENOMEM; - ret = sss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent, false); talloc_free(str); return ret; |