From d3925525068798e92cee1da95dbee0f838b2f36f Mon Sep 17 00:00:00 2001

From: Lukas Slebodnik <lslebodn@redhat.com>

Date: Wed, 3 Aug 2016 18:48:04 +0200

Subject: [PATCH 82/82] SYSDB: Avoid optimisation with modifyTimestamp for

 users

The usage of modifyTimestamp needn't be a reliable way

for detecting of changes in user entry in LDAP.

The authorisation need to rely current data from LDAP

and therefore we will temporary disable optimisation with

modifyTimestamp and we will rather rely on deep comparison

of attributes. In he future, it might be changed and

responders might control the optimization level.

Resolves:

https://fedorahosted.org/sssd/ticket/3110

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

(cherry picked from commit 00f3c5cd03625357e226552084e499965512bf53)

---

 src/db/sysdb_ops.c                     | 19 -------------------

 src/tests/cmocka/test_sysdb_ts_cache.c | 14 --------------

 2 files changed, 33 deletions(-)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c

index 67006c155098b9fde00a01d424014852c383a325..44fb5b70e6d33fffbca5824f831a3229254ecb57 100644

--- a/src/db/sysdb_ops.c

+++ b/src/db/sysdb_ops.c

@@ -1101,16 +1101,6 @@ done:

     return ret;

 }

-static errno_t sysdb_check_and_update_ts_usr(struct sss_domain_info *domain,

-                                             const char *grp_name,

-                                             struct sysdb_attrs *attrs,

-                                             uint64_t cache_timeout,

-                                             time_t now)

-{

-    return sysdb_check_and_update_ts_obj(domain, SYSDB_USER, grp_name,

-                                         attrs, cache_timeout, now);

-}

-

 static errno_t sysdb_check_and_update_ts_grp(struct sss_domain_info *domain,

                                              const char *grp_name,

                                              struct sysdb_attrs *attrs,

@@ -2470,15 +2460,6 @@ int sysdb_store_user(struct sss_domain_info *domain,

         now = time(NULL);

     }

-    ret = sysdb_check_and_update_ts_usr(domain, name, attrs,

-                                        cache_timeout, now);

-    if (ret == EOK) {

-        DEBUG(SSSDBG_TRACE_LIBS,

-              "The user record of %s did not change, only updated "

-              "the timestamp cache\n", name);

-        return EOK;

-    }

-

     tmp_ctx = talloc_new(NULL);

     if (!tmp_ctx) {

         return ENOMEM;

diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c

index aa857e7e4823d2d8ba1e1a794b3e2474876e9ab0..e950f88631e4c78573bbb7290edfe94b5ced57cd 100644

--- a/src/tests/cmocka/test_sysdb_ts_cache.c

+++ b/src/tests/cmocka/test_sysdb_ts_cache.c

@@ -980,20 +980,6 @@ static void test_sysdb_user_update(void **state)

     assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2);

     assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_2);

-    /* Update the same attrs and the same modifyTimestamp.

-     * Only the timestamp cache must be bumped */

-    ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME, NULL,

-                           TEST_USER_UID, TEST_USER_GID, TEST_USER_NAME,

-                           "/home/"TEST_USER_NAME, "/bin/bash", NULL,

-                           user_attrs, NULL, TEST_CACHE_TIMEOUT,

-                           TEST_NOW_3);

-    assert_int_equal(ret, EOK);

-

-    get_pw_timestamp_attrs(test_ctx, TEST_USER_NAME,

-                           &cache_expire_sysdb, &cache_expire_ts);

-    assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2);

-    assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_3);

-

     /* Update with different modifyTimestamp but same attrs as previously

      * saved to the timestamp cache. We should detect the 'real' attributes

      * are the same and only bump the timestamp cache

-- 

2.4.11