From f23a358915cfa27669c019fe0df21cce8851459e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Thu, 19 Oct 2017 16:42:19 +0200 Subject: [PATCH 02/21] NSS: Specify memcache_timeout=0 semantics MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this patch the memcache files will not be created when memcache_timeout is set to zero. Resolves: https://pagure.io/SSSD/sssd/issue/3496 Reviewed-by: Sumit Bose Reviewed-by: Pavel Březina Reviewed-by: Fabiano Fidêncio Reviewed-by: Jakub Hrozek (cherry picked from commit ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4) --- src/responder/nss/nsssrv.c | 6 ++++ src/tests/intg/test_memory_cache.py | 59 +++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 21dd198226da6cf14d7db4941806048662970fed..32bfcd69bbb9b35e9932b70a826c4f99ab6a07f3 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -277,6 +277,12 @@ static int setup_memcaches(struct nss_ctx *nctx) return ret; } + if (memcache_timeout == 0) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Fast in-memory cache will not be initialized."); + return EOK; + } + /* TODO: read cache sizes from configuration */ ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD, SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py index c7ba72490174a6ec2257f9d317ac96b35c674779..cac9feb00459957650c5e455db1b2712e17ccd68 100644 --- a/src/tests/intg/test_memory_cache.py +++ b/src/tests/intg/test_memory_cache.py @@ -207,6 +207,32 @@ def fqname_case_insensitive_rfc2307(request, ldap_conn): return None +@pytest.fixture +def zero_timeout_rfc2307(request, ldap_conn): + load_data_to_ldap(request, ldap_conn) + + conf = unindent("""\ + [sssd] + domains = LDAP + services = nss + + [nss] + memcache_timeout = 0 + + [domain/LDAP] + ldap_auth_disable_tls_never_use_in_production = true + ldap_schema = rfc2307 + id_provider = ldap + auth_provider = ldap + sudo_provider = ldap + ldap_uri = {ldap_conn.ds_inst.ldap_url} + ldap_search_base = {ldap_conn.ds_inst.base_dn} + """).format(**locals()) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + return None + + def test_getpwnam(ldap_conn, sanity_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -778,3 +804,36 @@ def test_removed_mc(ldap_conn, sanity_rfc2307): grp.getgrnam('group1') with pytest.raises(KeyError): grp.getgrgid(2001) + + +def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): + """ + Test that the memory cache is not created at all with memcache_timeout=0 + """ + # No memory cache files must be created + assert len(os.listdir(config.MCACHE_PATH)) == 0 + + ent.assert_passwd_by_name( + 'user1', + dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + ent.assert_passwd_by_uid( + 1001, + dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + + ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) + ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) + stop_sssd() + + # sssd is stopped; so the memory cache should not be used + # in long living clients (py.test in this case) + with pytest.raises(KeyError): + pwd.getpwnam('user1') + with pytest.raises(KeyError): + pwd.getpwuid(1001) + + with pytest.raises(KeyError): + grp.getgrnam('group1') + with pytest.raises(KeyError): + grp.getgrgid(2001) -- 2.13.5