summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/responder/nss/nsssrv.c45
-rw-r--r--server/responder/nss/nsssrv.h2
-rw-r--r--server/responder/nss/nsssrv_cmd.c10
3 files changed, 46 insertions, 11 deletions
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index c1bfb969..f639de74 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -431,6 +431,37 @@ done:
return retval;
}
+static int nss_get_config(struct nss_ctx *nctx)
+{
+ int ret;
+
+ ret = confdb_get_int(nctx->cdb, nctx, NSS_SRV_CONFIG,
+ "EnumCacheTimeout", 120,
+ &nctx->enum_cache_timeout);
+ if (ret != EOK) goto done;
+
+ ret = confdb_get_int(nctx->cdb, nctx, NSS_SRV_CONFIG,
+ "EntryCacheTimeout", 600,
+ &nctx->enum_cache_timeout);
+ if (ret != EOK) goto done;
+
+ ret = confdb_get_int(nctx->cdb, nctx, NSS_SRV_CONFIG,
+ "EntryNegativeTimeout", 15,
+ &nctx->enum_cache_timeout);
+ if (ret != EOK) goto done;
+
+ ret = confdb_get_param(nctx->cdb, nctx, NSS_SRV_CONFIG,
+ "filterUsers", &nctx->filter_users);
+ if (ret != EOK) goto done;
+
+ ret = confdb_get_param(nctx->cdb, nctx, NSS_SRV_CONFIG,
+ "filterGroups", &nctx->filter_groups);
+ if (ret != EOK) goto done;
+
+done:
+ return ret;
+}
+
int nss_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
@@ -470,10 +501,9 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
return ret;
}
- /* after all initializations we are ready to listen on our socket */
- ret = set_unix_socket(nctx);
+ ret = nss_get_config(nctx);
if (ret != EOK) {
- DEBUG(0, ("fatal error initializing socket\n"));
+ DEBUG(0, ("fatal error getting nss config\n"));
return ret;
}
@@ -483,9 +513,12 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
return ret;
}
- nctx->expire_time = 120; /* FIXME: read from conf */
- nctx->cache_timeout = 600; /* FIXME: read from conf */
- nctx->neg_timeout = 15; /* FIXME: read from conf */
+ /* after all initializations we are ready to listen on our socket */
+ ret = set_unix_socket(nctx);
+ if (ret != EOK) {
+ DEBUG(0, ("fatal error initializing socket\n"));
+ return ret;
+ }
DEBUG(1, ("NSS Initialization complete\n"));
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index 954ae8f2..479c6caf 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -69,7 +69,7 @@ struct nss_ctx {
int neg_timeout;
struct nss_nc_ctx *ncache;
- int expire_time;
+ int enum_cache_timeout;
time_t last_user_enum;
time_t last_group_enum;
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index ebd4adae..498825ea 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -962,8 +962,9 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
}
/* do not query backends if we have a recent enumeration */
- if (cctx->nctx->expire_time) {
- if (cctx->nctx->last_user_enum + cctx->nctx->expire_time > now) {
+ if (cctx->nctx->enum_cache_timeout) {
+ if (cctx->nctx->last_user_enum +
+ cctx->nctx->enum_cache_timeout > now) {
cached = true;
}
}
@@ -2002,8 +2003,9 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
}
/* do not query backends if we have a recent enumeration */
- if (cctx->nctx->expire_time) {
- if (cctx->nctx->last_group_enum + cctx->nctx->expire_time > now) {
+ if (cctx->nctx->enum_cache_timeout) {
+ if (cctx->nctx->last_group_enum +
+ cctx->nctx->enum_cache_timeout > now) {
cached = true;
}
}