NEGCACHE: Adding timeout to struct sss_nc_ctx

It adds timeout of negative cache to handling
struct sss_nc_ctx.

There is one change in API of negatice cache:
 * int sss_ncache_init(TALLOC_CTX *memctx,
                       uint32_t timeout,  <----- new
                       struct sss_nc_ctx **_ctx);

There is also one new function in common/responder:
*  errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
                                                 uint32_t *ncache_timeout);

Resolves:
https://fedorahosted.org/sssd/ticket/2317

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

4 files changed, 39 insertions, 2 deletions

diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 1617bf8c5..57d196902 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -39,6 +39,7 @@
 
 struct sss_nc_ctx {
     struct tdb_context *tdb;
+    uint32_t timeout;
 };
 
 typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool,
@@ -58,7 +59,8 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret)
     return EOK;
 }
 
-int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx)
+int sss_ncache_init(TALLOC_CTX *memctx,  uint32_t timeout,
+                    struct sss_nc_ctx **_ctx)
 {
     struct sss_nc_ctx *ctx;
 
@@ -70,6 +72,8 @@ int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx)
     ctx->tdb = tdb_open("memcache", 0, TDB_INTERNAL, O_RDWR|O_CREAT, 0);
     if (!ctx->tdb) return errno;
 
+    ctx->timeout = timeout;
+
     *_ctx = ctx;
     return EOK;
 };
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 46e66d503..bad8e5109 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -25,7 +25,8 @@
 struct sss_nc_ctx;
 
 /* init the in memory negative cache */
-int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx);
+int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
+                    struct sss_nc_ctx **_ctx);
 
 /* check if the user is expired according to the passed in time to live */
 int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl,
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 1fa6fc60c..56ff2b3ec 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -344,4 +344,8 @@ errno_t sss_parse_inp_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 
 const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,
                                 const char **defaults);
+
+errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
+                                              uint32_t *ncache_timeout);
+
 #endif /* __SSS_RESPONDER_H__ */
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 982318647..639356749 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -1082,3 +1082,31 @@ void responder_set_fd_limit(rlim_t fd_limit)
                "Proceeding with system values\n");
     }
 }
+
+errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
+                                              uint32_t *ncache_timeout)
+{
+    int value;
+    int ret;
+
+    ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
+                         CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
+                         &value);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Fatal failure of setup negative cache timeout.\n");
+        ret = ENOENT;
+        goto done;
+    }
+
+    if (value < 0) {
+        ret = EINVAL;
+        goto done;
+    }
+
+    *ncache_timeout = value;
+    ret = EOK;
+
+done:
+    return ret;
+}