From beb07d2f45856d4f3135f173cce551a2aa878f57 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: May 11 2016 10:50:25 +0000 Subject: RESPONDER: Removing neg_timeout from pam responder It removes neg_timeout parameter from struct pam_ctx. Timeout is handled by context of negative cache internally. This patch additioanlly removes neg_timeout from struct cache_req_state. Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina --- diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index a9af150..1ad1412 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -912,7 +912,6 @@ static struct tevent_req *cache_req_cache_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, struct cache_req *cr) { @@ -929,7 +928,6 @@ static struct tevent_req *cache_req_cache_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->rctx = rctx; state->ncache = ncache; - state->neg_timeout = neg_timeout; state->cache_refresh_percent = cache_refresh_percent; state->cr = cr; @@ -1126,7 +1124,6 @@ struct cache_req_state { struct tevent_context *ev; struct resp_ctx *rctx; struct sss_nc_ctx *ncache; - int neg_timeout; int cache_refresh_percent; struct cache_req *cr; @@ -1150,7 +1147,6 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, struct cache_req_data *data) @@ -1170,7 +1166,6 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->rctx = rctx; state->ncache = ncache; - state->neg_timeout = neg_timeout; state->cache_refresh_percent = cache_refresh_percent; state->cr = cr = cache_req_create(state, rctx, data); if (state->cr == NULL) { @@ -1320,7 +1315,7 @@ static errno_t cache_req_next_domain(struct tevent_req *req) } subreq = cache_req_cache_send(state, state->ev, state->rctx, - state->ncache, state->neg_timeout, + state->ncache, state->cache_refresh_percent, state->cr); if (subreq == NULL) { @@ -1432,14 +1427,13 @@ cache_req_steal_data_and_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, struct cache_req_data *data) { struct tevent_req *req; - req = cache_req_send(mem_ctx, ev, rctx, ncache, neg_timeout, + req = cache_req_send(mem_ctx, ev, rctx, ncache, cache_refresh_percent, domain, data); if (req == NULL) { talloc_zfree(data); @@ -1456,7 +1450,6 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *name) @@ -1469,8 +1462,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, - domain, data); + cache_refresh_percent, domain, data); } struct tevent_req * @@ -1478,7 +1470,6 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, uid_t uid) @@ -1491,8 +1482,7 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, - domain, data); + cache_refresh_percent, domain, data); } struct tevent_req * @@ -1500,7 +1490,6 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *pem_cert) @@ -1513,7 +1502,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, + cache_refresh_percent, domain, data); } @@ -1522,7 +1511,6 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *name) @@ -1535,8 +1523,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, - domain, data); + cache_refresh_percent, domain, data); } struct tevent_req * @@ -1544,7 +1531,6 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, gid_t gid) @@ -1557,8 +1543,7 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, - domain, data); + cache_refresh_percent, domain, data); } struct tevent_req * @@ -1566,7 +1551,6 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *name) @@ -1579,8 +1563,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, - domain, data); + cache_refresh_percent, domain, data); } struct tevent_req * @@ -1598,7 +1581,7 @@ cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL, - 0, 0, domain, data); + 0, domain, data); } struct tevent_req * @@ -1616,7 +1599,7 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL, - 0, 0, domain, data); + 0, domain, data); } struct tevent_req * @@ -1624,7 +1607,6 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *sid, @@ -1638,6 +1620,5 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - neg_timeout, cache_refresh_percent, - domain, data); + cache_refresh_percent, domain, data); } diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h index fbbc1e5..69fbaf4 100644 --- a/src/responder/common/responder_cache_req.h +++ b/src/responder/common/responder_cache_req.h @@ -68,7 +68,6 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, struct cache_req_data *data); @@ -84,7 +83,6 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *name); @@ -97,7 +95,6 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, uid_t uid); @@ -107,13 +104,12 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, struct tevent_req * cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct resp_ctx *rctx, - struct sss_nc_ctx *ncache, - int neg_timeout, - int cache_refresh_percent, - const char *domain, - const char *pem_cert); + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int cache_refresh_percent, + const char *domain, + const char *pem_cert); #define cache_req_user_by_cert_recv(mem_ctx, req, _result, _domain, _name) \ cache_req_recv(mem_ctx, req, _result, _domain, _name) @@ -123,7 +119,6 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *name); @@ -136,7 +131,6 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, gid_t gid); @@ -149,7 +143,6 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *name); @@ -182,7 +175,6 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, - int neg_timeout, int cache_refresh_percent, const char *domain, const char *sid, diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c index 08f34b7..411cebc 100644 --- a/src/responder/ifp/ifp_groups.c +++ b/src/responder/ifp/ifp_groups.c @@ -118,8 +118,7 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req, } req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - NULL, name); + ctx->ncache, 0, NULL, name); if (req == NULL) { return ENOMEM; } @@ -189,8 +188,7 @@ int ifp_groups_find_by_id(struct sbus_request *sbus_req, } req = cache_req_group_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - NULL, id); + ctx->ncache, 0, NULL, id); if (req == NULL) { return ENOMEM; } @@ -528,8 +526,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx, } subreq = cache_req_group_by_name_send(state, ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - domain->name, name); + ctx->ncache, 0, domain->name, name); if (subreq == NULL) { ret = ENOMEM; goto immediately; @@ -607,8 +604,7 @@ errno_t resolv_ghosts_step(struct tevent_req *req) } subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx, - state->ctx->ncache, state->ctx->neg_timeout, - 0, state->domain->name, + state->ctx->ncache, 0, state->domain->name, state->ghosts[state->index]); if (subreq == NULL) { return ENOMEM; diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c index e542e81..f362ea2 100644 --- a/src/responder/ifp/ifp_users.c +++ b/src/responder/ifp/ifp_users.c @@ -99,8 +99,7 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req, } req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - NULL, name); + ctx->ncache, 0, NULL, name); if (req == NULL) { return ENOMEM; } @@ -170,8 +169,7 @@ int ifp_users_find_by_id(struct sbus_request *sbus_req, } req = cache_req_user_by_id_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - NULL, id); + ctx->ncache, 0, NULL, id); if (req == NULL) { return ENOMEM; } @@ -257,8 +255,7 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data, } req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - NULL, derb64); + ctx->ncache, 0, NULL, derb64); if (req == NULL) { return ENOMEM; } @@ -654,8 +651,7 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req, } req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->ncache, ctx->neg_timeout, 0, - domain->name, username); + ctx->ncache, 0, domain->name, username); if (req == NULL) { return ENOMEM; } diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index 2c0ceb8..d1855eb 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -514,8 +514,7 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq) } subreq = cache_req_send(state, state->rctx->ev, state->rctx, - state->ncache, state->neg_timeout, 0, - state->domname, data); + state->ncache, 0, state->domname, data); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index bebd6ba..8f54041 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -198,7 +198,6 @@ static errno_t pac_resolve_user_sid_next(struct pac_req_ctx *pr_ctx) req = cache_req_object_by_sid_send(pr_ctx, pr_ctx->cctx->ev, pr_ctx->cctx->rctx, pr_ctx->pac_ctx->ncache, - pr_ctx->pac_ctx->neg_timeout, 0, pr_ctx->dom->name, pr_ctx->user_sid_str, pw_attrs); diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 4c41517..78521e8 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -251,12 +251,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, pam_dp_reconnect_init, iter); } - /* Set up the negative cache */ - ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, - CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15, - &pctx->neg_timeout); - if (ret != EOK) goto done; - /* Set up the PAM identity timeout */ ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_ID_TIMEOUT, 5, diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index b44e1c3..a4d2ae6 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -34,7 +34,6 @@ typedef void (pam_dp_callback_t)(struct pam_auth_req *preq); struct pam_ctx { struct resp_ctx *rctx; struct sss_nc_ctx *ncache; - int neg_timeout; time_t id_timeout; hash_table_t *id_table; size_t trusted_uids_count; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index fb0cbbb..6fd9345 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1247,8 +1247,7 @@ static void pam_forwarder_cert_cb(struct tevent_req *req) req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx, - pctx->ncache, pctx->neg_timeout, - 0, NULL, cert); + pctx->ncache, 0, NULL, cert); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n"); ret = ENOMEM; diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index 61f0426..b981a32 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -457,9 +457,7 @@ struct tevent_req *sudosrv_get_rules_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "Running initgroups for [%s]\n", username); subreq = cache_req_initgr_by_name_send(state, ev, sudo_ctx->rctx, - sudo_ctx->ncache, - sudo_ctx->neg_timeout, - 0, NULL, username); + sudo_ctx->ncache, 0, NULL, username); if (subreq == NULL) { ret = ENOMEM; goto immediately; diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c index 679e2c1..6c13500 100644 --- a/src/tests/cmocka/test_responder_cache_req.c +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -72,7 +72,7 @@ struct test_group { check_leaks_push(req_mem_ctx); \ \ req = send_fn(req_mem_ctx, ctx->tctx->ev, ctx->rctx, \ - ctx->ncache, 10, crp, \ + ctx->ncache, crp, \ (dom == NULL ? NULL : dom->name), lookup); \ assert_non_null(req); \ tevent_req_set_callback(req, done_fn, ctx); \ @@ -367,7 +367,7 @@ static void run_object_by_sid(struct cache_req_test_ctx *test_ctx, check_leaks_push(req_mem_ctx); req = cache_req_object_by_sid_send(req_mem_ctx, test_ctx->tctx->ev, - test_ctx->rctx, test_ctx->ncache, 10, cache_refresh_percent, + test_ctx->rctx, test_ctx->ncache, cache_refresh_percent, (domain == NULL ? NULL : domain->name), sid, attrs); assert_non_null(req); tevent_req_set_callback(req, cache_req_object_by_sid_test_done, test_ctx); @@ -589,7 +589,7 @@ void test_user_by_name_multiple_domains_parse(void **state) check_leaks_push(req_mem_ctx); req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, - test_ctx->rctx, test_ctx->ncache, 10, 0, + test_ctx->rctx, test_ctx->ncache, 0, NULL, fqn); assert_non_null(req); tevent_req_set_callback(req, cache_req_user_by_name_test_done, test_ctx); @@ -1089,7 +1089,7 @@ void test_group_by_name_multiple_domains_parse(void **state) mock_parse_inp(name, "responder_cache_req_test_d", ERR_OK); req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, - test_ctx->rctx, test_ctx->ncache, 10, 0, + test_ctx->rctx, test_ctx->ncache, 0, NULL, fqn); assert_non_null(req); tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx);