diff options
author | Michal Židek <mzidek@redhat.com> | 2016-01-18 22:02:55 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-01-21 15:50:41 +0100 |
commit | 1b8858b1611db5048592f477059ca5ad66d7ceb1 (patch) | |
tree | 49e05175d459a9436126a764504ee1d63e5540bf /src/responder | |
parent | 7ac503a73a26abe49f9f7d175c74df705380898d (diff) | |
download | sssd-1b8858b1611db5048592f477059ca5ad66d7ceb1.tar.gz sssd-1b8858b1611db5048592f477059ca5ad66d7ceb1.tar.xz sssd-1b8858b1611db5048592f477059ca5ad66d7ceb1.zip |
NSS: do not skip cache check for netgoups
When refresh_expired_interval was not zero,
the NSS responder only refreshed netgroup cache
using background periodic task and ignored
SYSDB_CACHE_EXPIRE attribute.
With this behaviour it was impossible to
get new netgroup from remote server even
after sss_cache tool was used to expire
existing entry in the cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2912
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 47 |
1 files changed, 23 insertions, 24 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index d6ac9dc28..9fa74710d 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -579,10 +579,9 @@ static int nss_cmd_getpw_send_reply(struct nss_dom_ctx *dctx, bool filter) return EOK; } -/* Currently only refreshing expired netgroups is supported. */ static bool is_refreshed_on_bg(enum sss_dp_acct_type req_type, - enum sss_dp_acct_type refresh_expired_interval) + uint32_t refresh_expired_interval) { if (refresh_expired_interval == 0) { return false; @@ -590,6 +589,8 @@ is_refreshed_on_bg(enum sss_dp_acct_type req_type, switch (req_type) { case SSS_DP_NETGR: + case SSS_DP_USER: + case SSS_DP_GROUP: return true; default: return false; @@ -753,31 +754,29 @@ errno_t check_cache(struct nss_dom_ctx *dctx, get_dp_name_and_id(dctx->cmdctx, dctx->domain, req_type, opt_name, opt_id, &name, &id); - /* if we have any reply let's check cache validity, but ignore netgroups - * if refresh_expired_interval is set (which implies that another method - * is used to refresh netgroups) - */ + /* if we have any reply let's check cache validity */ if (res->count > 0) { - if (is_refreshed_on_bg(req_type, - dctx->domain->refresh_expired_interval)) { - ret = EOK; - } else { - if (req_type == SSS_DP_INITGROUPS) { - cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], - SYSDB_INITGR_EXPIRE, - 0); - } else { - cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], - SYSDB_CACHE_EXPIRE, - 0); - } + bool refreshed_on_bg; + uint32_t bg_refresh_interval = dctx->domain->refresh_expired_interval; - /* if we have any reply let's check cache validity */ - ret = sss_cmd_check_cache(res->msgs[0], - nctx->cache_refresh_percent, - cacheExpire); + if (req_type == SSS_DP_INITGROUPS) { + cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_INITGR_EXPIRE, + 0); + } else { + cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_CACHE_EXPIRE, + 0); } - if (ret == EOK) { + + /* Check if background refresh is enabled for this entry */ + refreshed_on_bg = is_refreshed_on_bg(req_type, bg_refresh_interval); + + /* if we have any reply let's check cache validity */ + ret = sss_cmd_check_cache(res->msgs[0], + nctx->cache_refresh_percent, + cacheExpire); + if (ret == EOK || (ret == EAGAIN && refreshed_on_bg)) { DEBUG(SSSDBG_TRACE_FUNC, "Cached entry is valid, returning..\n"); return EOK; } else if (ret != EAGAIN && ret != ENOENT) { |