From acb2de04987b163d602aa02155b34c50bce93584 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Mon, 8 Aug 2016 13:55:52 +0200 Subject: [PATCH 79/82] NSS: Do not check local users with disabled local_negative_timeout sssd_nss can set different negative timeout for local users and groups. However, checking whether user/group is local is quite expensive operation. We can avoid such operations if local_negative_timeout is not set. This fix improve performance(40%) of lookup non-existing entries in offline mode and with disabled local_negative_timeout. sh$ cat pok.sh for i in {1..10000}; do getent passwd -s sss temp$i getent group -s sss temp$i done #without patch sh $time /bin/bash pok.sh real 0m41.534s user 0m3.580s sys 0m14.202s #with patch sh $time /bin/bash pok.sh real 0m26.686s user 0m3.292s sys 0m13.165s Resolves: https://fedorahosted.org/sssd/ticket/3122 Reviewed-by: Petr Cech --- src/responder/common/negcache.c | 45 ++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index dfeb0d483e4db34cb2f25e1f82884611a707aabe..5b7ad69f432518be94b88e92e24265add722c852 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -143,7 +143,7 @@ done: } static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str, - bool permanent, bool is_local) + bool permanent, bool use_local_negative) { TDB_DATA key; TDB_DATA data; @@ -157,15 +157,16 @@ static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str, if (permanent) { timest = talloc_strdup(ctx, "0"); } else { - if (is_local == true && ctx->local_timeout > 0) { - timell = (unsigned long long int)time(NULL) + ctx->local_timeout; + if (use_local_negative == true && ctx->local_timeout > ctx->timeout) { + timell = ctx->local_timeout; } else { - if (ctx->timeout > 0) { - timell = (unsigned long long int)time(NULL) + ctx->timeout; - } else { + /* EOK is tested in cwrap based unit test */ + if (ctx->timeout == 0) { return EOK; } + timell = ctx->timeout; } + timell += (unsigned long long int)time(NULL); timest = talloc_asprintf(ctx, "%llu", timell); } if (!timest) return ENOMEM; @@ -457,7 +458,7 @@ int sss_ncache_check_cert(struct sss_nc_ctx *ctx, const char *cert) static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { - bool is_local; + bool use_local_negative = false; char *str; int ret; @@ -466,8 +467,10 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name); if (!str) return ENOMEM; - is_local = is_user_local_by_name(name); - ret = sss_ncache_set_str(ctx, str, permanent, is_local); + if (ctx->local_timeout > 0) { + use_local_negative = is_user_local_by_name(name); + } + ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative); talloc_free(str); return ret; @@ -476,7 +479,7 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { - bool is_local; + bool use_local_negative = false; char *str; int ret; @@ -485,8 +488,10 @@ static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name); if (!str) return ENOMEM; - is_local = is_group_local_by_name(name); - ret = sss_ncache_set_str(ctx, str, permanent, is_local); + if (ctx->local_timeout > 0) { + use_local_negative = is_group_local_by_name(name); + } + ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative); talloc_free(str); return ret; @@ -550,7 +555,7 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, uid_t uid) { - bool is_local; + bool use_local_negative = false; char *str; int ret; @@ -562,8 +567,10 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, } if (!str) return ENOMEM; - is_local = is_user_local_by_uid(uid); - ret = sss_ncache_set_str(ctx, str, permanent, is_local); + if (ctx->local_timeout > 0) { + use_local_negative = is_user_local_by_uid(uid); + } + ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative); talloc_free(str); return ret; @@ -572,7 +579,7 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, gid_t gid) { - bool is_local; + bool use_local_negative = false; char *str; int ret; @@ -584,8 +591,10 @@ int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, } if (!str) return ENOMEM; - is_local = is_group_local_by_gid(gid); - ret = sss_ncache_set_str(ctx, str, permanent, is_local); + if (ctx->local_timeout > 0) { + use_local_negative = is_group_local_by_gid(gid); + } + ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative); talloc_free(str); return ret; -- 2.4.11