File 141030-2-NSS-disable-midpoint-refresh-for-netgroups.patch of Package sssd.openSUSE_Leap_42.1_Update
From f933190722886ff23eab8148b473915908bc8c23 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Thu, 30 Oct 2014 17:02:45 +0000
Subject: [PATCH] NSS: disable midpoint refresh for netgroups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Disable midpoint refresh for netgroups if periodical refresh of expired
netgroups is enabled (refresh_expired_interval)
Resolves:
https://fedorahosted.org/sssd/ticket/2102
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
diff -rupN sssd-1.11.5.1-original/src/responder/nss/nsssrv_cmd.c sssd-1.11.5.1-patched/src/responder/nss/nsssrv_cmd.c
--- sssd-1.11.5.1-original/src/responder/nss/nsssrv_cmd.c 2017-01-31 16:57:41.492342926 +0100
+++ sssd-1.11.5.1-patched/src/responder/nss/nsssrv_cmd.c 2017-01-31 16:59:45.089663171 +0100
@@ -502,6 +502,25 @@ static int nss_cmd_getpw_send_reply(stru
return EOK;
}
+/* Currently only refreshing expired netgroups is supported. */
+static bool
+is_refreshed_on_bg(int req_type,
+ enum sss_dp_acct_type refresh_expired_interval)
+{
+ if (refresh_expired_interval == 0) {
+ return false;
+ }
+
+ switch (req_type) {
+ case SSS_DP_NETGR:
+ return true;
+ default:
+ return false;
+ }
+
+ return false;
+}
+
static void nsssrv_dp_send_acct_req_done(struct tevent_req *req);
/* FIXME: do not check res->count, but get in a msgs and check in parent */
@@ -531,20 +550,32 @@ errno_t check_cache(struct nss_dom_ctx *
return ENOENT;
}
- /* if we have any reply let's check cache validity */
+ /* if we have any reply let's check cache validity, but ignore netgroups
+ * if refresh_expired_interval is set (which implies that another method
+ * is used to refresh netgroups)
+ */
if (res->count > 0) {
- if (req_type == SSS_DP_INITGROUPS) {
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
- SYSDB_INITGR_EXPIRE, 1);
- }
- if (cacheExpire == 0) {
- cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
- SYSDB_CACHE_EXPIRE, 0);
+ if (is_refreshed_on_bg(req_type,
+ dctx->domain->refresh_expired_interval)) {
+ ret = EOK;
+ } else {
+ if (req_type == SSS_DP_INITGROUPS) {
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_INITGR_EXPIRE,
+ 1);
+ }
+ if (cacheExpire == 0) {
+ cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_CACHE_EXPIRE,
+ 0);
+ }
+
+ /* if we have any reply let's check cache validity */
+ ret = sss_cmd_check_cache(res->msgs[0],
+ nctx->cache_refresh_percent,
+ cacheExpire);
}
- /* if we have any reply let's check cache validity */
- ret = sss_cmd_check_cache(res->msgs[0], nctx->cache_refresh_percent,
- cacheExpire);
if (ret == EOK) {
DEBUG(SSSDBG_TRACE_FUNC, ("Cached entry is valid, returning..\n"));
return EOK;