diff options
-rw-r--r-- | server/responder/nss/nsssrv.c | 45 | ||||
-rw-r--r-- | server/responder/nss/nsssrv.h | 2 | ||||
-rw-r--r-- | server/responder/nss/nsssrv_cmd.c | 10 |
3 files changed, 46 insertions, 11 deletions
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c index c1bfb969..f639de74 100644 --- a/server/responder/nss/nsssrv.c +++ b/server/responder/nss/nsssrv.c @@ -431,6 +431,37 @@ done: return retval; } +static int nss_get_config(struct nss_ctx *nctx) +{ + int ret; + + ret = confdb_get_int(nctx->cdb, nctx, NSS_SRV_CONFIG, + "EnumCacheTimeout", 120, + &nctx->enum_cache_timeout); + if (ret != EOK) goto done; + + ret = confdb_get_int(nctx->cdb, nctx, NSS_SRV_CONFIG, + "EntryCacheTimeout", 600, + &nctx->enum_cache_timeout); + if (ret != EOK) goto done; + + ret = confdb_get_int(nctx->cdb, nctx, NSS_SRV_CONFIG, + "EntryNegativeTimeout", 15, + &nctx->enum_cache_timeout); + if (ret != EOK) goto done; + + ret = confdb_get_param(nctx->cdb, nctx, NSS_SRV_CONFIG, + "filterUsers", &nctx->filter_users); + if (ret != EOK) goto done; + + ret = confdb_get_param(nctx->cdb, nctx, NSS_SRV_CONFIG, + "filterGroups", &nctx->filter_groups); + if (ret != EOK) goto done; + +done: + return ret; +} + int nss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) @@ -470,10 +501,9 @@ int nss_process_init(TALLOC_CTX *mem_ctx, return ret; } - /* after all initializations we are ready to listen on our socket */ - ret = set_unix_socket(nctx); + ret = nss_get_config(nctx); if (ret != EOK) { - DEBUG(0, ("fatal error initializing socket\n")); + DEBUG(0, ("fatal error getting nss config\n")); return ret; } @@ -483,9 +513,12 @@ int nss_process_init(TALLOC_CTX *mem_ctx, return ret; } - nctx->expire_time = 120; /* FIXME: read from conf */ - nctx->cache_timeout = 600; /* FIXME: read from conf */ - nctx->neg_timeout = 15; /* FIXME: read from conf */ + /* after all initializations we are ready to listen on our socket */ + ret = set_unix_socket(nctx); + if (ret != EOK) { + DEBUG(0, ("fatal error initializing socket\n")); + return ret; + } DEBUG(1, ("NSS Initialization complete\n")); diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h index 954ae8f2..479c6caf 100644 --- a/server/responder/nss/nsssrv.h +++ b/server/responder/nss/nsssrv.h @@ -69,7 +69,7 @@ struct nss_ctx { int neg_timeout; struct nss_nc_ctx *ncache; - int expire_time; + int enum_cache_timeout; time_t last_user_enum; time_t last_group_enum; diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index ebd4adae..498825ea 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -962,8 +962,9 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate) } /* do not query backends if we have a recent enumeration */ - if (cctx->nctx->expire_time) { - if (cctx->nctx->last_user_enum + cctx->nctx->expire_time > now) { + if (cctx->nctx->enum_cache_timeout) { + if (cctx->nctx->last_user_enum + + cctx->nctx->enum_cache_timeout > now) { cached = true; } } @@ -2002,8 +2003,9 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate) } /* do not query backends if we have a recent enumeration */ - if (cctx->nctx->expire_time) { - if (cctx->nctx->last_group_enum + cctx->nctx->expire_time > now) { + if (cctx->nctx->enum_cache_timeout) { + if (cctx->nctx->last_group_enum + + cctx->nctx->enum_cache_timeout > now) { cached = true; } } |