|
 |
b2d430 |
From acb2de04987b163d602aa02155b34c50bce93584 Mon Sep 17 00:00:00 2001
|
|
|
b2d430 |
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
b2d430 |
Date: Mon, 8 Aug 2016 13:55:52 +0200
|
|
|
b2d430 |
Subject: [PATCH 79/82] NSS: Do not check local users with disabled
|
|
|
b2d430 |
local_negative_timeout
|
|
|
b2d430 |
|
|
|
b2d430 |
sssd_nss can set different negative timeout for local users
|
|
|
b2d430 |
and groups. However, checking whether user/group is local
|
|
|
b2d430 |
is quite expensive operation. We can avoid such operations
|
|
|
b2d430 |
if local_negative_timeout is not set.
|
|
|
b2d430 |
|
|
|
b2d430 |
This fix improve performance(40%) of lookup non-existing
|
|
|
b2d430 |
entries in offline mode and with disabled local_negative_timeout.
|
|
|
b2d430 |
|
|
|
b2d430 |
sh$ cat pok.sh
|
|
|
b2d430 |
for i in {1..10000}; do
|
|
|
b2d430 |
getent passwd -s sss temp$i
|
|
|
b2d430 |
getent group -s sss temp$i
|
|
|
b2d430 |
done
|
|
|
b2d430 |
|
|
|
b2d430 |
#without patch
|
|
|
b2d430 |
sh $time /bin/bash pok.sh
|
|
|
b2d430 |
real 0m41.534s
|
|
|
b2d430 |
user 0m3.580s
|
|
|
b2d430 |
sys 0m14.202s
|
|
|
b2d430 |
|
|
|
b2d430 |
#with patch
|
|
|
b2d430 |
sh $time /bin/bash pok.sh
|
|
|
b2d430 |
real 0m26.686s
|
|
|
b2d430 |
user 0m3.292s
|
|
|
b2d430 |
sys 0m13.165s
|
|
|
b2d430 |
|
|
|
b2d430 |
Resolves:
|
|
|
b2d430 |
https://fedorahosted.org/sssd/ticket/3122
|
|
|
b2d430 |
|
|
|
b2d430 |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
b2d430 |
---
|
|
|
b2d430 |
src/responder/common/negcache.c | 45 ++++++++++++++++++++++++-----------------
|
|
|
b2d430 |
1 file changed, 27 insertions(+), 18 deletions(-)
|
|
|
b2d430 |
|
|
|
b2d430 |
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
|
|
|
b2d430 |
index dfeb0d483e4db34cb2f25e1f82884611a707aabe..5b7ad69f432518be94b88e92e24265add722c852 100644
|
|
|
b2d430 |
--- a/src/responder/common/negcache.c
|
|
|
b2d430 |
+++ b/src/responder/common/negcache.c
|
|
|
b2d430 |
@@ -143,7 +143,7 @@ done:
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str,
|
|
|
b2d430 |
- bool permanent, bool is_local)
|
|
|
b2d430 |
+ bool permanent, bool use_local_negative)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
TDB_DATA key;
|
|
|
b2d430 |
TDB_DATA data;
|
|
|
b2d430 |
@@ -157,15 +157,16 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str,
|
|
|
b2d430 |
if (permanent) {
|
|
|
b2d430 |
timest = talloc_strdup(ctx, "0");
|
|
|
b2d430 |
} else {
|
|
|
b2d430 |
- if (is_local == true && ctx->local_timeout > 0) {
|
|
|
b2d430 |
- timell = (unsigned long long int)time(NULL) + ctx->local_timeout;
|
|
|
b2d430 |
+ if (use_local_negative == true && ctx->local_timeout > ctx->timeout) {
|
|
|
b2d430 |
+ timell = ctx->local_timeout;
|
|
|
b2d430 |
} else {
|
|
|
b2d430 |
- if (ctx->timeout > 0) {
|
|
|
b2d430 |
- timell = (unsigned long long int)time(NULL) + ctx->timeout;
|
|
|
b2d430 |
- } else {
|
|
|
b2d430 |
+ /* EOK is tested in cwrap based unit test */
|
|
|
b2d430 |
+ if (ctx->timeout == 0) {
|
|
|
b2d430 |
return EOK;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
+ timell = ctx->timeout;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
+ timell += (unsigned long long int)time(NULL);
|
|
|
b2d430 |
timest = talloc_asprintf(ctx, "%llu", timell);
|
|
|
b2d430 |
}
|
|
|
b2d430 |
if (!timest) return ENOMEM;
|
|
|
b2d430 |
@@ -457,7 +458,7 @@ int sss_ncache_check_cert(struct sss_nc_ctx *ctx, const char *cert)
|
|
|
b2d430 |
static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
const char *domain, const char *name)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
- bool is_local;
|
|
|
b2d430 |
+ bool use_local_negative = false;
|
|
|
b2d430 |
char *str;
|
|
|
b2d430 |
int ret;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -466,8 +467,10 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name);
|
|
|
b2d430 |
if (!str) return ENOMEM;
|
|
|
b2d430 |
|
|
|
b2d430 |
- is_local = is_user_local_by_name(name);
|
|
|
b2d430 |
- ret = sss_ncache_set_str(ctx, str, permanent, is_local);
|
|
|
b2d430 |
+ if (ctx->local_timeout > 0) {
|
|
|
b2d430 |
+ use_local_negative = is_user_local_by_name(name);
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
b2d430 |
|
|
|
b2d430 |
talloc_free(str);
|
|
|
b2d430 |
return ret;
|
|
|
b2d430 |
@@ -476,7 +479,7 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
const char *domain, const char *name)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
- bool is_local;
|
|
|
b2d430 |
+ bool use_local_negative = false;
|
|
|
b2d430 |
char *str;
|
|
|
b2d430 |
int ret;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -485,8 +488,10 @@ static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name);
|
|
|
b2d430 |
if (!str) return ENOMEM;
|
|
|
b2d430 |
|
|
|
b2d430 |
- is_local = is_group_local_by_name(name);
|
|
|
b2d430 |
- ret = sss_ncache_set_str(ctx, str, permanent, is_local);
|
|
|
b2d430 |
+ if (ctx->local_timeout > 0) {
|
|
|
b2d430 |
+ use_local_negative = is_group_local_by_name(name);
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
b2d430 |
|
|
|
b2d430 |
talloc_free(str);
|
|
|
b2d430 |
return ret;
|
|
|
b2d430 |
@@ -550,7 +555,7 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
struct sss_domain_info *dom, uid_t uid)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
- bool is_local;
|
|
|
b2d430 |
+ bool use_local_negative = false;
|
|
|
b2d430 |
char *str;
|
|
|
b2d430 |
int ret;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -562,8 +567,10 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
}
|
|
|
b2d430 |
if (!str) return ENOMEM;
|
|
|
b2d430 |
|
|
|
b2d430 |
- is_local = is_user_local_by_uid(uid);
|
|
|
b2d430 |
- ret = sss_ncache_set_str(ctx, str, permanent, is_local);
|
|
|
b2d430 |
+ if (ctx->local_timeout > 0) {
|
|
|
b2d430 |
+ use_local_negative = is_user_local_by_uid(uid);
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
b2d430 |
|
|
|
b2d430 |
talloc_free(str);
|
|
|
b2d430 |
return ret;
|
|
|
b2d430 |
@@ -572,7 +579,7 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
struct sss_domain_info *dom, gid_t gid)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
- bool is_local;
|
|
|
b2d430 |
+ bool use_local_negative = false;
|
|
|
b2d430 |
char *str;
|
|
|
b2d430 |
int ret;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -584,8 +591,10 @@ int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
b2d430 |
}
|
|
|
b2d430 |
if (!str) return ENOMEM;
|
|
|
b2d430 |
|
|
|
b2d430 |
- is_local = is_group_local_by_gid(gid);
|
|
|
b2d430 |
- ret = sss_ncache_set_str(ctx, str, permanent, is_local);
|
|
|
b2d430 |
+ if (ctx->local_timeout > 0) {
|
|
|
b2d430 |
+ use_local_negative = is_group_local_by_gid(gid);
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
b2d430 |
|
|
|
b2d430 |
talloc_free(str);
|
|
|
b2d430 |
return ret;
|
|
|
b2d430 |
--
|
|
|
b2d430 |
2.4.11
|
|
|
b2d430 |
|