dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0053-NSS-disable-midpoint-refresh-for-netgroups.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   d15e8100d4c40cc1d99137c8927769f1cd869156
  2.   SOURCES
  3.   0053-NSS-disable-midpoint-refresh-for-netgroups.patch
Blob History Raw
905b4d 
From ff71a9ad628ec66e36ccc7c9c49c1306fbe0d25c Mon Sep 17 00:00:00 2001
905b4d 
From: Pavel Reichl <preichl@redhat.com>
905b4d 
Date: Thu, 30 Oct 2014 17:02:45 +0000
905b4d 
Subject: [PATCH 53/64] NSS: disable midpoint refresh for netgroups
905b4d 
MIME-Version: 1.0
905b4d 
Content-Type: text/plain; charset=UTF-8
905b4d 
Content-Transfer-Encoding: 8bit
905b4d
905b4d 
Disable midpoint refresh for netgroups if periodical refresh of expired
905b4d 
netgroups is enabled (refresh_expired_interval)
905b4d
905b4d 
Resolves:
905b4d 
https://fedorahosted.org/sssd/ticket/2102
905b4d
905b4d 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
905b4d 
---
905b4d 
 src/responder/nss/nsssrv_cmd.c | 57 +++++++++++++++++++++++++++++++-----------
905b4d 
 1 file changed, 43 insertions(+), 14 deletions(-)
905b4d
905b4d 
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
905b4d 
index 9fca644be164e682f787bda61ea39afa8b703874..4ac5eb91eab80291e60afad2bf9c65edfbc21e7d 100644
905b4d 
--- a/src/responder/nss/nsssrv_cmd.c
905b4d 
+++ b/src/responder/nss/nsssrv_cmd.c
905b4d 
@@ -559,6 +559,25 @@ static int nss_cmd_getpw_send_reply(struct nss_dom_ctx *dctx, bool filter)
905b4d 
     return EOK;
905b4d 
 }
905b4d
905b4d 
+/* Currently only refreshing expired netgroups is supported. */
905b4d 
+static bool
905b4d 
+is_refreshed_on_bg(int req_type,
905b4d 
+                   enum sss_dp_acct_type refresh_expired_interval)
905b4d 
+{
905b4d 
+    if (refresh_expired_interval == 0) {
905b4d 
+        return false;
905b4d 
+    }
905b4d 
+
905b4d 
+    switch (req_type) {
905b4d 
+    case SSS_DP_NETGR:
905b4d 
+        return true;
905b4d 
+    default:
905b4d 
+        return false;
905b4d 
+    }
905b4d 
+
905b4d 
+    return false;
905b4d 
+}
905b4d 
+
905b4d 
 static void nsssrv_dp_send_acct_req_done(struct tevent_req *req);
905b4d
905b4d 
 /* FIXME: do not check res->count, but get in a msgs and check in parent */
905b4d 
@@ -585,25 +604,35 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
905b4d 
     if ((req_type == SSS_DP_USER || req_type == SSS_DP_NETGR) &&
905b4d 
             (res->count > 1)) {
905b4d 
         DEBUG(SSSDBG_CRIT_FAILURE,
905b4d 
-              "getpwXXX call returned more than one result!"
905b4d 
-                  " DB Corrupted?\n");
905b4d 
+              "getpwXXX call returned more than one result! DB Corrupted?\n");
905b4d 
         return ENOENT;
905b4d 
     }
905b4d
905b4d 
-    /* if we have any reply let's check cache validity */
905b4d 
+    /* if we have any reply let's check cache validity, but ignore netgroups
905b4d 
+     * if refresh_expired_interval is set (which implies that another method
905b4d 
+     * is used to refresh netgroups)
905b4d 
+     */
905b4d 
     if (res->count > 0) {
905b4d 
-        if (req_type == SSS_DP_INITGROUPS) {
905b4d 
-            cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
905b4d 
-                                                      SYSDB_INITGR_EXPIRE, 1);
905b4d 
-        }
905b4d 
-        if (cacheExpire == 0) {
905b4d 
-            cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
905b4d 
-                                                      SYSDB_CACHE_EXPIRE, 0);
905b4d 
-        }
905b4d 
+        if (is_refreshed_on_bg(req_type,
905b4d 
+                               dctx->domain->refresh_expired_interval)) {
905b4d 
+            ret = EOK;
905b4d 
+        } else {
905b4d 
+            if (req_type == SSS_DP_INITGROUPS) {
905b4d 
+                cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
905b4d 
+                                                          SYSDB_INITGR_EXPIRE,
905b4d 
+                                                          1);
905b4d 
+            }
905b4d 
+            if (cacheExpire == 0) {
905b4d 
+                cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
905b4d 
+                                                          SYSDB_CACHE_EXPIRE,
905b4d 
+                                                          0);
905b4d 
+            }
905b4d
905b4d 
-        /* if we have any reply let's check cache validity */
905b4d 
-        ret = sss_cmd_check_cache(res->msgs[0], nctx->cache_refresh_percent,
905b4d 
-                                  cacheExpire);
905b4d 
+            /* if we have any reply let's check cache validity */
905b4d 
+            ret = sss_cmd_check_cache(res->msgs[0],
905b4d 
+                                      nctx->cache_refresh_percent,
905b4d 
+                                      cacheExpire);
905b4d 
+        }
905b4d 
         if (ret == EOK) {
905b4d 
             DEBUG(SSSDBG_TRACE_FUNC, "Cached entry is valid, returning..\n");
905b4d 
             return EOK;
905b4d 
--
905b4d 
1.9.3
905b4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation