Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
sssd.5306
160118-NSS-do-not-skip-cache-check-for-netgoups...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 160118-NSS-do-not-skip-cache-check-for-netgoups.patch of Package sssd.5306
From 1b8858b1611db5048592f477059ca5ad66d7ceb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com> Date: Mon, 18 Jan 2016 22:02:55 +0100 Subject: [PATCH] NSS: do not skip cache check for netgoups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When refresh_expired_interval was not zero, the NSS responder only refreshed netgroup cache using background periodic task and ignored SYSDB_CACHE_EXPIRE attribute. With this behaviour it was impossible to get new netgroup from remote server even after sss_cache tool was used to expire existing entry in the cache. Resolves: https://fedorahosted.org/sssd/ticket/2912 Reviewed-by: Pavel Březina <pbrezina@redhat.com> diff -rupN sssd-1.11.5.1-original/src/responder/nss/nsssrv_cmd.c sssd-1.11.5.1-patched/src/responder/nss/nsssrv_cmd.c --- sssd-1.11.5.1-original/src/responder/nss/nsssrv_cmd.c 2017-01-31 17:06:08.757779081 +0100 +++ sssd-1.11.5.1-patched/src/responder/nss/nsssrv_cmd.c 2017-01-31 17:09:11.343746682 +0100 @@ -502,10 +502,9 @@ static int nss_cmd_getpw_send_reply(stru return EOK; } -/* Currently only refreshing expired netgroups is supported. */ static bool is_refreshed_on_bg(int req_type, - enum sss_dp_acct_type refresh_expired_interval) + uint32_t refresh_expired_interval) { if (refresh_expired_interval == 0) { return false; @@ -513,6 +512,8 @@ is_refreshed_on_bg(int req_type, switch (req_type) { case SSS_DP_NETGR: + case SSS_DP_USER: + case SSS_DP_GROUP: return true; default: return false; @@ -550,33 +551,29 @@ errno_t check_cache(struct nss_dom_ctx * return ENOENT; } - /* if we have any reply let's check cache validity, but ignore netgroups - * if refresh_expired_interval is set (which implies that another method - * is used to refresh netgroups) - */ + /* if we have any reply let's check cache validity */ if (res->count > 0) { - if (is_refreshed_on_bg(req_type, - dctx->domain->refresh_expired_interval)) { - ret = EOK; + bool refreshed_on_bg; + uint32_t bg_refresh_interval = dctx->domain->refresh_expired_interval; + + if (req_type == SSS_DP_INITGROUPS) { + cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_INITGR_EXPIRE, + 0); } else { - if (req_type == SSS_DP_INITGROUPS) { - cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], - SYSDB_INITGR_EXPIRE, - 1); - } - if (cacheExpire == 0) { - cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], - SYSDB_CACHE_EXPIRE, - 0); - } - - /* if we have any reply let's check cache validity */ - ret = sss_cmd_check_cache(res->msgs[0], - nctx->cache_refresh_percent, - cacheExpire); + cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_CACHE_EXPIRE, + 0); } - if (ret == EOK) { + /* Check if background refresh is enabled for this entry */ + refreshed_on_bg = is_refreshed_on_bg(req_type, bg_refresh_interval); + + /* if we have any reply let's check cache validity */ + ret = sss_cmd_check_cache(res->msgs[0], + nctx->cache_refresh_percent, + cacheExpire); + if (ret == EOK || (ret == EAGAIN && refreshed_on_bg)) { DEBUG(SSSDBG_TRACE_FUNC, ("Cached entry is valid, returning..\n")); return EOK; } else if (ret != EAGAIN && ret != ENOENT) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
