From 640edac4287ccbd373fb0b5711b49cfb076bf6e0 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mar 14 2019 21:04:30 +0000 Subject: NEGCACHE: repopulate negative cache after get_domains If SSSD starts offline the responders might only know about the configured domain because the sub-domains have not been discovered yet. As a result the permanent negative cache is only populated for the configured domain. If later the system goes online and the sub-domains are discovered or a new sub-domain was discovered at runtime the permanent negative cache is currently not created for those domains. This patch repopulates the negative cache for all known domains to the end of the get_domains request. Related to https://pagure.io/SSSD/sssd/issue/3983 Reviewed-by: Jakub Hrozek --- diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index bf43bbf..b8ccfdd 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -296,7 +296,7 @@ sss_dp_get_domains_process(struct tevent_req *subreq) } if (state->dom == NULL) { - /* All domains were local */ + /* No more domains to check, refreshing the active configuration */ set_time_of_last_request(state->rctx); ret = sss_resp_populate_cr_domains(state->rctx); if (ret != EOK) { @@ -308,6 +308,13 @@ sss_dp_get_domains_process(struct tevent_req *subreq) sss_resp_update_certmaps(state->rctx); + ret = sss_ncache_reset_repopulate_permanent(state->rctx, + state->rctx->ncache); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sss_ncache_reset_repopulate_permanent failed, ignored.\n"); + } + tevent_req_done(req); return; }