diff options
| author | Petr Cech <pcech@redhat.com> | 2016-04-22 04:27:47 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-05-11 12:49:45 +0200 |
| commit | 39d36216a1692eee6cc5359f6c7ccaa7789be76d (patch) | |
| tree | 41aca8c466b35959ba9f9302b4f943b23e55bc87 /src/responder | |
| parent | 73dd89c3fb361dab43b4802510f4c64d282dbde1 (diff) | |
| download | sssd-39d36216a1692eee6cc5359f6c7ccaa7789be76d.tar.gz sssd-39d36216a1692eee6cc5359f6c7ccaa7789be76d.tar.xz sssd-39d36216a1692eee6cc5359f6c7ccaa7789be76d.zip | |
NEGCACHE: Adding timeout to struct sss_nc_ctx
It adds timeout of negative cache to handling
struct sss_nc_ctx.
There is one change in API of negatice cache:
* int sss_ncache_init(TALLOC_CTX *memctx,
uint32_t timeout, <----- new
struct sss_nc_ctx **_ctx);
There is also one new function in common/responder:
* errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb,
uint32_t *ncache_timeout);
Resolves:
https://fedorahosted.org/sssd/ticket/2317
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder')
| -rw-r--r-- | src/responder/common/negcache.c | 6 | ||||
| -rw-r--r-- | src/responder/common/negcache.h | 3 | ||||
| -rw-r--r-- | src/responder/common/responder.h | 4 | ||||
| -rw-r--r-- | src/responder/common/responder_common.c | 28 | ||||
| -rw-r--r-- | src/responder/ifp/ifpsrv.c | 6 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.c | 6 | ||||
| -rw-r--r-- | src/responder/pac/pacsrv.c | 6 | ||||
| -rw-r--r-- | src/responder/pam/pamsrv.c | 6 | ||||
| -rw-r--r-- | src/responder/sudo/sudosrv.c | 6 |
9 files changed, 64 insertions, 7 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 1617bf8c5..57d196902 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -39,6 +39,7 @@ struct sss_nc_ctx { struct tdb_context *tdb; + uint32_t timeout; }; typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool, @@ -58,7 +59,8 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret) return EOK; } -int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx) +int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, + struct sss_nc_ctx **_ctx) { struct sss_nc_ctx *ctx; @@ -70,6 +72,8 @@ int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx) ctx->tdb = tdb_open("memcache", 0, TDB_INTERNAL, O_RDWR|O_CREAT, 0); if (!ctx->tdb) return errno; + ctx->timeout = timeout; + *_ctx = ctx; return EOK; }; diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index 46e66d503..bad8e5109 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -25,7 +25,8 @@ struct sss_nc_ctx; /* init the in memory negative cache */ -int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx); +int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, + struct sss_nc_ctx **_ctx); /* check if the user is expired according to the passed in time to live */ int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 1fa6fc60c..56ff2b3ec 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -344,4 +344,8 @@ errno_t sss_parse_inp_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, const char **defaults); + +errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb, + uint32_t *ncache_timeout); + #endif /* __SSS_RESPONDER_H__ */ diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 982318647..639356749 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1082,3 +1082,31 @@ void responder_set_fd_limit(rlim_t fd_limit) "Proceeding with system values\n"); } } + +errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb, + uint32_t *ncache_timeout) +{ + int value; + int ret; + + ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15, + &value); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Fatal failure of setup negative cache timeout.\n"); + ret = ENOENT; + goto done; + } + + if (value < 0) { + ret = EINVAL; + goto done; + } + + *ncache_timeout = value; + ret = EOK; + +done: + return ret; +} diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index 83e5ad395..969dbcd31 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -227,6 +227,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, struct be_conn *iter; int ret; int max_retries; + uint32_t neg_timeout; char *uid_str; char *attr_list_str; char *wildcard_limit_str; @@ -290,7 +291,10 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = sss_ncache_init(rctx, &ifp_ctx->ncache); + ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout); + if (ret != EOK) goto fail; + + ret = sss_ncache_init(rctx, neg_timeout, &ifp_ctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n"); goto fail; diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index d8eff7968..5dfee5a32 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -416,6 +416,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, enum idmap_error_code err; int hret; int fd_limit; + uint32_t neg_timeout; nss_cmds = get_nss_cmds(); @@ -440,7 +441,10 @@ int nss_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = sss_ncache_init(rctx, &nctx->ncache); + ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout); + if (ret != EOK) goto fail; + + ret = sss_ncache_init(rctx, neg_timeout, &nctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing negative cache\n"); diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 683dca7b9..d58350631 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -111,6 +111,7 @@ int pac_process_init(TALLOC_CTX *mem_ctx, struct be_conn *iter; struct pac_ctx *pac_ctx; int ret, max_retries; + uint32_t neg_timeout; enum idmap_error_code err; int fd_limit; char *uid_str; @@ -205,7 +206,10 @@ int pac_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = sss_ncache_init(pac_ctx, &pac_ctx->ncache); + ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout); + if (ret != EOK) goto fail; + + ret = sss_ncache_init(pac_ctx, neg_timeout, &pac_ctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to initializing negative cache\n"); diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index a63b52ec1..4c41517f9 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -191,6 +191,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, struct be_conn *iter; struct pam_ctx *pctx; int ret, max_retries; + uint32_t neg_timeout; int id_timeout; int fd_limit; @@ -264,7 +265,10 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, pctx->id_timeout = (size_t)id_timeout; - ret = sss_ncache_init(pctx, &pctx->ncache); + ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout); + if (ret != EOK) goto done; + + ret = sss_ncache_init(pctx, neg_timeout, &pctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing negative cache\n"); diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index ff5d92e70..6cee1678c 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -90,6 +90,7 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, struct be_conn *iter; int ret; int max_retries; + uint32_t neg_timeout; sudo_cmds = get_sudo_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, @@ -114,7 +115,10 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = sss_ncache_init(rctx, &sudo_ctx->ncache); + ret = responder_get_neg_timeout_from_confdb(cdb, &neg_timeout); + if (ret != EOK) goto fail; + + ret = sss_ncache_init(rctx, neg_timeout, &sudo_ctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ncache\n"); |