summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/confdb/confdb.c53
-rw-r--r--src/confdb/confdb.h10
-rw-r--r--src/config/SSSDConfig.py4
-rwxr-xr-xsrc/config/SSSDConfigTest.py8
-rw-r--r--src/config/etc/sssd.api.conf5
-rw-r--r--src/man/sssd.conf.5.xml53
-rw-r--r--src/providers/ipa/ipa_common.c1
-rw-r--r--src/providers/ipa/ipa_common.h2
-rw-r--r--src/providers/ipa/ipa_id.c4
-rw-r--r--src/providers/ipa/ipa_id.h1
-rw-r--r--src/providers/ipa/ipa_netgroups.c12
-rw-r--r--src/providers/ldap/ldap_common.c1
-rw-r--r--src/providers/ldap/sdap.h1
-rw-r--r--src/providers/ldap/sdap_async_groups.c14
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c3
-rw-r--r--src/providers/ldap/sdap_async_services.c2
-rw-r--r--src/providers/ldap/sdap_async_users.c2
-rw-r--r--src/providers/proxy/proxy.h1
-rw-r--r--src/providers/proxy/proxy_id.c14
-rw-r--r--src/providers/proxy/proxy_init.c5
-rw-r--r--src/providers/proxy/proxy_netgroup.c3
-rw-r--r--src/providers/proxy/proxy_services.c6
-rw-r--r--src/responder/nss/nsssrv_netgroup.c2
23 files changed, 164 insertions, 43 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index f0a8caa9..8b3a046f 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -664,6 +664,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
struct ldb_dn *dn;
const char *tmp;
int ret, val;
+ uint32_t entry_cache_timeout;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
@@ -834,13 +835,61 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
goto done;
}
- ret = get_entry_as_uint32(res->msgs[0], &domain->entry_cache_timeout,
+ /* Get the global entry cache timeout setting */
+ ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout,
CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400);
if (ret != EOK) {
- DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Invalid value for [%s]\n",
+ CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT));
+ goto done;
+ }
+
+ /* Override the user cache timeout, if specified */
+ ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout,
+ CONFDB_DOMAIN_USER_CACHE_TIMEOUT,
+ entry_cache_timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Invalid value for [%s]\n",
+ CONFDB_DOMAIN_USER_CACHE_TIMEOUT));
+ goto done;
+ }
+
+ /* Override the group cache timeout, if specified */
+ ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout,
+ CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT,
+ entry_cache_timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Invalid value for [%s]\n",
+ CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT));
goto done;
}
+ /* Override the netgroup cache timeout, if specified */
+ ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout,
+ CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT,
+ entry_cache_timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Invalid value for [%s]\n",
+ CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT));
+ goto done;
+ }
+
+ /* Override the service cache timeout, if specified */
+ ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout,
+ CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT,
+ entry_cache_timeout);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Invalid value for [%s]\n",
+ CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT));
+ goto done;
+ }
+
+
ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid,
CONFDB_DOMAIN_OVERRIDE_GID, 0);
if (ret != EOK) {
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 7cfc73d2..7b5a2c94 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -124,6 +124,11 @@
#define CONFDB_DOMAIN_OVERRIDE_GID "override_gid"
#define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive"
+#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout"
+#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout"
+#define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout"
+#define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout"
+
/* Local Provider */
#define CONFDB_LOCAL_DEFAULT_SHELL "default_shell"
#define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory"
@@ -161,7 +166,10 @@ struct sss_domain_info {
gid_t override_gid;
const char *override_homedir;
- uint32_t entry_cache_timeout;
+ uint32_t user_timeout;
+ uint32_t group_timeout;
+ uint32_t netgroup_timeout;
+ uint32_t service_timeout;
struct sss_domain_info *next;
};
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index a26c4253..a789e785 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -93,6 +93,10 @@ option_strings = {
'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
'override_gid' : _('Override GID value from the identity provider with this value'),
'case_sensitive' : _('Treat usernames as case sensitive'),
+ 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'),
+ 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'),
+ 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'),
+ 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'),
# [provider/ipa]
'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index afc207c0..c44e6ba8 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -479,6 +479,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'filter_users',
'filter_groups',
'entry_cache_timeout',
+ 'entry_cache_user_timeout',
+ 'entry_cache_group_timeout',
+ 'entry_cache_netgroup_timeout',
+ 'entry_cache_service_timeout',
'lookup_family_order',
'account_cache_expiration',
'dns_resolver_timeout',
@@ -798,6 +802,10 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'filter_users',
'filter_groups',
'entry_cache_timeout',
+ 'entry_cache_user_timeout',
+ 'entry_cache_group_timeout',
+ 'entry_cache_netgroup_timeout',
+ 'entry_cache_service_timeout',
'account_cache_expiration',
'lookup_family_order',
'dns_resolver_timeout',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 34b67dec..8a5449c4 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -76,6 +76,11 @@ override_gid = int, None, false
case_sensitive = bool, None, false
override_homedir = str, None, false
+#Entry cache timeouts
+entry_cache_user_timeout = int, None, false
+entry_cache_group_timeout = int, None, false
+entry_cache_netgroup_timeout = int, None, false
+entry_cache_service_timeout = int, None, false
# Special providers
[provider/permit]
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index fee40a6a..94fc591a 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -692,6 +692,59 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>entry_cache_user_timeout (integer)</term>
+ <listitem>
+ <para>
+ How many seconds should nss_sss consider
+ user entries valid before asking the backend again
+ </para>
+ <para>
+ Default: entry_cache_timeout
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>entry_cache_group_timeout (integer)</term>
+ <listitem>
+ <para>
+ How many seconds should nss_sss consider
+ group entries valid before asking the backend again
+ </para>
+ <para>
+ Default: entry_cache_timeout
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>entry_cache_netgroup_timeout (integer)</term>
+ <listitem>
+ <para>
+ How many seconds should nss_sss consider
+ netgroup entries valid before asking the backend again
+ </para>
+ <para>
+ Default: entry_cache_timeout
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>entry_cache_service_timeout (integer)</term>
+ <listitem>
+ <para>
+ How many seconds should nss_sss consider
+ service entries valid before asking the backend again
+ </para>
+ <para>
+ Default: entry_cache_timeout
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>cache_credentials (bool)</term>
<listitem>
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index ba22830e..e8df5e15 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -70,7 +70,6 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
{ "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
{ "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER },
- { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER },
{ "ldap_tls_cacert", DP_OPT_STRING, { "/etc/ipa/ca.crt" }, NULL_STRING },
{ "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 9cbd993f..5bf1b7c9 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
/* the following defines are used to keep track of the options in the ldap
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 60
+#define IPA_OPTS_BASIC_TEST 59
#define IPA_OPTS_SVC_TEST 5
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index 7302a8da..7067f015 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -232,8 +232,8 @@ static void ipa_netgroup_get_connect_done(struct tevent_req *subreq)
return;
}
- subreq = ipa_get_netgroups_send(state, state->ev,
- state->sysdb, sdap_ctx->opts,
+ subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb,
+ state->domain, sdap_ctx->opts,
state->ctx->ipa_options,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h
index 04a6c2b8..3a8fdb44 100644
--- a/src/providers/ipa/ipa_id.h
+++ b/src/providers/ipa/ipa_id.h
@@ -34,6 +34,7 @@ void ipa_account_info_handler(struct be_req *breq);
struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
struct sdap_options *opts,
struct ipa_options *ipa_options,
struct sdap_handle *sh,
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
index 620f03cc..ad0a1ef3 100644
--- a/src/providers/ipa/ipa_netgroups.c
+++ b/src/providers/ipa/ipa_netgroups.c
@@ -39,6 +39,7 @@ struct ipa_get_netgroups_state {
struct ipa_options *ipa_opts;
struct sdap_handle *sh;
struct sysdb_ctx *sysdb;
+ struct sss_domain_info *dom;
const char **attrs;
int timeout;
@@ -64,6 +65,7 @@ struct ipa_get_netgroups_state {
static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
+ struct sss_domain_info *dom,
struct sdap_options *opts,
struct sysdb_attrs *attrs)
{
@@ -166,9 +168,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx,
DEBUG(6, ("Storing info for netgroup %s\n", name));
ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs,
- dp_opt_get_int(opts->basic,
- SDAP_ENTRY_CACHE_TIMEOUT),
- 0);
+ dom->netgroup_timeout, 0);
if (ret) goto fail;
return EOK;
@@ -185,6 +185,7 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state);
struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
struct sdap_options *opts,
struct ipa_options *ipa_options,
struct sdap_handle *sh,
@@ -208,6 +209,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx,
state->timeout = timeout;
state->base_filter = filter;
state->netgr_base_iter = 0;
+ state->dom = dom;
if (!ipa_options->id->netgroup_search_bases) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -976,8 +978,8 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state)
}
}
}
- ret = ipa_save_netgroup(state, state->sysdb, state->opts,
- state->netgroups[i]);
+ ret = ipa_save_netgroup(state, state->sysdb, state->dom,
+ state->opts, state->netgroups[i]);
if (ret != EOK) {
goto done;
}
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 38bd1b4f..737b9156 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -61,7 +61,6 @@ struct dp_option default_basic_opts[] = {
{ "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
{ "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER },
- { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER },
{ "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 7bf1805c..2e1dfa95 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -173,7 +173,6 @@ enum sdap_basic_opt {
SDAP_FORCE_UPPER_CASE_REALM,
SDAP_ENUM_REFRESH_TIMEOUT,
SDAP_CACHE_PURGE_TIMEOUT,
- SDAP_ENTRY_CACHE_TIMEOUT,
SDAP_TLS_CACERT,
SDAP_TLS_CACERTDIR,
SDAP_TLS_CERT,
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index f8936264..feb13db9 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -358,8 +358,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
ret = sdap_store_group_with_gid(ctx,
name, gid, group_attrs,
- dp_opt_get_int(opts->basic,
- SDAP_ENTRY_CACHE_TIMEOUT),
+ dom->group_timeout,
posix_group, now);
if (ret) goto fail;
@@ -430,8 +429,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
DEBUG(6, ("Storing members for group %s\n", name));
ret = sysdb_store_group(ctx, name, 0, group_attrs,
- dp_opt_get_int(opts->basic,
- SDAP_ENTRY_CACHE_TIMEOUT), now);
+ dom->group_timeout, now);
if (ret) goto fail;
return EOK;
@@ -1979,6 +1977,7 @@ immediate:
static errno_t sdap_nested_group_check_hash(struct sdap_nested_group_ctx *);
static errno_t sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
struct sdap_options *opts,
char *member_dn,
struct ldb_message ***_msgs,
@@ -2034,6 +2033,7 @@ static errno_t sdap_nested_group_process_deref_step(struct tevent_req *req)
}
ret = sdap_nested_group_check_cache(state, state->sysdb,
+ state->domain,
state->opts,
state->member_dn,
&msgs, &mtype);
@@ -2140,6 +2140,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
}
ret = sdap_nested_group_check_cache(state, state->sysdb,
+ state->domain,
state->opts,
state->member_dn,
&msgs, &mtype);
@@ -2233,6 +2234,7 @@ sdap_nested_group_check_hash(struct sdap_nested_group_ctx *state)
static errno_t
sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
struct sdap_options *opts,
char *dn,
struct ldb_message ***_msgs,
@@ -2293,9 +2295,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx,
create_time = ldb_msg_find_attr_as_uint64(msgs[0],
SYSDB_CREATE_TIME,
0);
- expiration = create_time +
- dp_opt_get_int(opts->basic,
- SDAP_ENTRY_CACHE_TIMEOUT);
+ expiration = create_time + dom->user_timeout;
} else {
/* Regular user, check if we need a refresh */
expiration = ldb_msg_find_attr_as_uint64(msgs[0],
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index f3a378f6..37aa2f11 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -128,8 +128,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
}
ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs,
- dp_opt_get_int(opts->basic,
- SDAP_ENTRY_CACHE_TIMEOUT), now);
+ dom->netgroup_timeout, now);
if (ret) goto fail;
if (_timestamp) {
diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c
index f414040b..bde5820d 100644
--- a/src/providers/ldap/sdap_async_services.c
+++ b/src/providers/ldap/sdap_async_services.c
@@ -458,7 +458,7 @@ sdap_save_service(TALLOC_CTX *mem_ctx,
goto done;
}
- cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT);
+ cache_timeout = dom->service_timeout;
ret = sysdb_store_service(sysdb, name, port, aliases, protocols,
svc_attrs, missing, cache_timeout, now);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 01168321..fa9c0a79 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -235,7 +235,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
}
- cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT);
+ cache_timeout = dom->user_timeout;
if (is_initgr) {
ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE,
diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h
index e9a550fd..3641d6ee 100644
--- a/src/providers/proxy/proxy.h
+++ b/src/providers/proxy/proxy.h
@@ -100,7 +100,6 @@ struct authtok_conv {
struct proxy_id_ctx {
struct be_ctx *be;
- int entry_cache_timeout;
struct proxy_nss_ops ops;
void *handle;
};
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index b11750f7..206af294 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -100,7 +100,7 @@ static int get_pw_name(TALLOC_CTX *mem_ctx,
break;
}
- ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout);
+ ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout);
if (ret) {
goto done;
}
@@ -263,7 +263,7 @@ static int get_pw_uid(TALLOC_CTX *mem_ctx,
break;
}
- ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout);
+ ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout);
if (ret) {
goto done;
}
@@ -394,7 +394,7 @@ again:
goto again; /* skip */
}
- ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout);
+ ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout);
if (ret) {
/* Do not fail completely on errors.
* Just report the failure to save and go on */
@@ -603,7 +603,7 @@ again:
break;
}
- ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout);
+ ret = save_group(sysdb, dom, grp, dom->group_timeout);
if (ret) {
goto done;
}
@@ -732,7 +732,7 @@ again:
break;
}
- ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout);
+ ret = save_group(sysdb, dom, grp, dom->group_timeout);
if (ret) {
goto done;
}
@@ -864,7 +864,7 @@ again:
goto again; /* skip */
}
- ret = save_group(sysdb, dom, grp, ctx->entry_cache_timeout);
+ ret = save_group(sysdb, dom, grp, dom->group_timeout);
if (ret) {
/* Do not fail completely on errors.
* Just report the failure to save and go on */
@@ -967,7 +967,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx,
break;
}
- ret = save_user(sysdb, !dom->case_sensitive, pwd, ctx->entry_cache_timeout);
+ ret = save_user(sysdb, !dom->case_sensitive, pwd, dom->user_timeout);
if (ret) {
goto done;
}
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index d43550bf..46b2e7c3 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -101,11 +101,6 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
}
ctx->be = bectx;
- ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path,
- CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 600,
- &ctx->entry_cache_timeout);
- if (ret != EOK) goto done;
-
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
CONFDB_PROXY_LIBNAME, NULL, &libname);
if (ret != EOK) goto done;
diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c
index c81e60c6..47a425b4 100644
--- a/src/providers/proxy/proxy_netgroup.c
+++ b/src/providers/proxy/proxy_netgroup.c
@@ -152,7 +152,8 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
}
ret = save_netgroup(sysdb, name, attrs,
- !dom->case_sensitive, ctx->entry_cache_timeout);
+ !dom->case_sensitive,
+ dom->netgroup_timeout);
if (ret != EOK) {
DEBUG(1, ("sysdb_add_netgroup failed.\n"));
goto done;
diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c
index 79508a21..e5654d75 100644
--- a/src/providers/proxy/proxy_services.c
+++ b/src/providers/proxy/proxy_services.c
@@ -138,7 +138,7 @@ get_serv_byname(struct proxy_id_ctx *ctx,
/* Results found. Save them into the cache */
ret = proxy_save_service(sysdb, result,
!dom->case_sensitive,
- ctx->entry_cache_timeout);
+ dom->service_timeout);
}
done:
@@ -191,7 +191,7 @@ get_serv_byport(struct proxy_id_ctx *ctx,
/* Results found. Save them into the cache */
ret = proxy_save_service(sysdb, result,
!dom->case_sensitive,
- ctx->entry_cache_timeout);
+ dom->service_timeout);
}
done:
@@ -339,7 +339,7 @@ again:
const_aliases,
protocols,
NULL, NULL,
- ctx->entry_cache_timeout,
+ dom->service_timeout,
now);
if (ret) {
/* Do not fail completely on errors.
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index 02b88c7b..2b9707ab 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -495,7 +495,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
name, dom->name));
netgr->ready = true;
netgr->found = true;
- set_netgr_lifetime(dom->entry_cache_timeout, step_ctx, netgr);
+ set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr);
return EOK;
}