109 lines
4.4 KiB
Diff
109 lines
4.4 KiB
Diff
From 931a3a8fe35897552da09d6c0ca90b373538c094 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
|
|
Date: Mon, 18 Jan 2016 22:02:55 +0100
|
|
Subject: [PATCH 51/86] NSS: do not skip cache check for netgoups
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When refresh_expired_interval was not zero,
|
|
the NSS responder only refreshed netgroup cache
|
|
using background periodic task and ignored
|
|
SYSDB_CACHE_EXPIRE attribute.
|
|
|
|
With this behaviour it was impossible to
|
|
get new netgroup from remote server even
|
|
after sss_cache tool was used to expire
|
|
existing entry in the cache.
|
|
|
|
Resolves:
|
|
https://fedorahosted.org/sssd/ticket/2912
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
(cherry picked from commit 1b8858b1611db5048592f477059ca5ad66d7ceb1)
|
|
(cherry picked from commit 66c6bf86da1241c3253d23aa7e68850d6ec14d15)
|
|
---
|
|
src/responder/nss/nsssrv_cmd.c | 47 +++++++++++++++++++++---------------------
|
|
1 file changed, 23 insertions(+), 24 deletions(-)
|
|
|
|
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
|
index b8bd6425e2c937ce6008fd6663fe0312ad68f01e..c6f8284571be382dad5dfda651a25e4df6a14cb1 100644
|
|
--- a/src/responder/nss/nsssrv_cmd.c
|
|
+++ b/src/responder/nss/nsssrv_cmd.c
|
|
@@ -579,10 +579,9 @@ static int nss_cmd_getpw_send_reply(struct nss_dom_ctx *dctx, bool filter)
|
|
return EOK;
|
|
}
|
|
|
|
-/* Currently only refreshing expired netgroups is supported. */
|
|
static bool
|
|
is_refreshed_on_bg(enum sss_dp_acct_type req_type,
|
|
- enum sss_dp_acct_type refresh_expired_interval)
|
|
+ uint32_t refresh_expired_interval)
|
|
{
|
|
if (refresh_expired_interval == 0) {
|
|
return false;
|
|
@@ -590,6 +589,8 @@ is_refreshed_on_bg(enum sss_dp_acct_type req_type,
|
|
|
|
switch (req_type) {
|
|
case SSS_DP_NETGR:
|
|
+ case SSS_DP_USER:
|
|
+ case SSS_DP_GROUP:
|
|
return true;
|
|
default:
|
|
return false;
|
|
@@ -753,31 +754,29 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
|
|
get_dp_name_and_id(dctx->cmdctx, dctx->domain, req_type, opt_name, opt_id,
|
|
&name, &id);
|
|
|
|
- /* if we have any reply let's check cache validity, but ignore netgroups
|
|
- * if refresh_expired_interval is set (which implies that another method
|
|
- * is used to refresh netgroups)
|
|
- */
|
|
+ /* if we have any reply let's check cache validity */
|
|
if (res->count > 0) {
|
|
- if (is_refreshed_on_bg(req_type,
|
|
- dctx->domain->refresh_expired_interval)) {
|
|
- ret = EOK;
|
|
+ bool refreshed_on_bg;
|
|
+ uint32_t bg_refresh_interval = dctx->domain->refresh_expired_interval;
|
|
+
|
|
+ if (req_type == SSS_DP_INITGROUPS) {
|
|
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
|
|
+ SYSDB_INITGR_EXPIRE,
|
|
+ 0);
|
|
} else {
|
|
- if (req_type == SSS_DP_INITGROUPS) {
|
|
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
|
|
- SYSDB_INITGR_EXPIRE,
|
|
- 0);
|
|
- } else {
|
|
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
|
|
- SYSDB_CACHE_EXPIRE,
|
|
- 0);
|
|
- }
|
|
-
|
|
- /* if we have any reply let's check cache validity */
|
|
- ret = sss_cmd_check_cache(res->msgs[0],
|
|
- nctx->cache_refresh_percent,
|
|
- cacheExpire);
|
|
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
|
|
+ SYSDB_CACHE_EXPIRE,
|
|
+ 0);
|
|
}
|
|
- if (ret == EOK) {
|
|
+
|
|
+ /* Check if background refresh is enabled for this entry */
|
|
+ refreshed_on_bg = is_refreshed_on_bg(req_type, bg_refresh_interval);
|
|
+
|
|
+ /* if we have any reply let's check cache validity */
|
|
+ ret = sss_cmd_check_cache(res->msgs[0],
|
|
+ nctx->cache_refresh_percent,
|
|
+ cacheExpire);
|
|
+ if (ret == EOK || (ret == EAGAIN && refreshed_on_bg)) {
|
|
DEBUG(SSSDBG_TRACE_FUNC, "Cached entry is valid, returning..\n");
|
|
return EOK;
|
|
} else if (ret != EAGAIN && ret != ENOENT) {
|
|
--
|
|
2.5.0
|
|
|