diff options
| -rw-r--r-- | src/confdb/confdb.h | 1 | ||||
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
| -rw-r--r-- | src/man/sssd.conf.5.xml | 12 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.c | 14 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.c | 4 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.h | 2 |
7 files changed, 30 insertions, 5 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 2468f7e5..5893897f 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -86,6 +86,7 @@ #define CONFDB_NSS_ALLOWED_SHELL "allowed_shells" #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" #define CONFDB_NSS_DEFAULT_SHELL "default_shell" +#define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout" /* PAM */ #define CONFDB_PAM_CONF_ENTRY "config/pam" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 1f59bd9c..74bdde1d 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -68,6 +68,7 @@ option_strings = { 'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'), 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'), 'default_shell': _('Shell to use if the provider does not list one'), + 'memcache_timeout': _('How long will be in-memory cache records valid'), # [pam] 'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'), diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index a1caa7b5..e09a8bf0 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -38,6 +38,7 @@ vetoed_shells = list, str, false shell_fallback = str, None, false default_shell = str, None, false get_domains_timeout = int, None, false +memcache_timeout = int, None, false [pam] # Authentication service diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 8eaeb13c..c946c6e1 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -543,6 +543,18 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>memcache_timeout (int)</term> + <listitem> + <para> + Specifies time in seconds for which records + in the in-memory cache will be valid + </para> + <para> + Default: 300 + </para> + </listitem> + </varlistentry> </variablelist> </refsect2> <refsect2 id='PAM'> diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 9cb4a569..85bf6dc8 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -262,6 +262,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, struct sss_cmd_table *nss_cmds; struct be_conn *iter; struct nss_ctx *nctx; + int memcache_timeout; int ret, max_retries; int hret; int fd_limit; @@ -323,16 +324,25 @@ int nss_process_init(TALLOC_CTX *mem_ctx, } /* create mmap caches */ + ret = confdb_get_int(nctx->rctx->cdb, + CONFDB_NSS_CONF_ENTRY, + CONFDB_MEMCACHE_TIMEOUT, + 300, &memcache_timeout); + if (ret != EOK) { + DEBUG(0, ("Failed to set up automatic reconnection\n")); + return ret; + } + /* TODO: read cache sizes from configuration */ ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD, - 50000, + 50000, (time_t)memcache_timeout, &nctx->pwd_mc_ctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("passwd mmap cache is DISABLED")); } ret = sss_mmap_cache_init(nctx, "group", SSS_MC_GROUP, - 50000, + 50000, (time_t)memcache_timeout, &nctx->grp_mc_ctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("group mmap cache is DISABLED")); diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index e60d0619..07498a9b 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -602,7 +602,7 @@ static void sss_mc_header_update(struct sss_mc_ctx *mc_ctx, int status) errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, enum sss_mc_type type, size_t n_elem, - struct sss_mc_ctx **mcc) + time_t timeout, struct sss_mc_ctx **mcc) { struct sss_mc_ctx *mc_ctx = NULL; unsigned int rseed; @@ -634,7 +634,7 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, mc_ctx->type = type; - mc_ctx->valid_time_slot = 300; /* 5 min. FIXME: parametrize */ + mc_ctx->valid_time_slot = timeout; mc_ctx->file = talloc_asprintf(mc_ctx, "%s/%s", SSS_NSS_MCACHE_DIR, name); diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h index 72fcf220..81241b24 100644 --- a/src/responder/nss/nsssrv_mmap_cache.h +++ b/src/responder/nss/nsssrv_mmap_cache.h @@ -32,7 +32,7 @@ enum sss_mc_type { errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, enum sss_mc_type type, size_t n_elem, - struct sss_mc_ctx **mcc); + time_t valid_time, struct sss_mc_ctx **mcc); errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx *mcc, struct sized_string *name, |