From 499e4d63fe57875338777f0ac4455693307b4c56 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 30 Mar 2009 19:28:18 -0400 Subject: Add a more flexible way to parse and filter names. A new nss_parse_name function uses pcre to parse names, this makes it possible, in future, to make the filter user configurable. Add a new filter mechanism to filter out users that uses the negative cache by setting a permanet negative entry. Rework the entry points where the negative cache is checked for. --- server/responder/nss/nsssrv_nc.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'server/responder/nss/nsssrv_nc.h') diff --git a/server/responder/nss/nsssrv_nc.h b/server/responder/nss/nsssrv_nc.h index acc9170c..c0fa197c 100644 --- a/server/responder/nss/nsssrv_nc.h +++ b/server/responder/nss/nsssrv_nc.h @@ -35,12 +35,17 @@ int nss_ncache_check_group(struct nss_nc_ctx *ctx, int ttl, int nss_ncache_check_uid(struct nss_nc_ctx *ctx, int ttl, uid_t uid); int nss_ncache_check_gid(struct nss_nc_ctx *ctx, int ttl, gid_t gid); -/* add a new neg-cache entry setting the timestamp to "now" */ -int nss_ncache_set_user(struct nss_nc_ctx *ctx, +/* add a new neg-cache entry setting the timestamp to "now" unless + * "permanent" is set to true, in which case the timestamps is set to 0 + * and the negative cache never expires (used to permanently filter out + * users and groups) */ +int nss_ncache_set_user(struct nss_nc_ctx *ctx, bool permanent, const char *domain, const char *name); -int nss_ncache_set_group(struct nss_nc_ctx *ctx, +int nss_ncache_set_group(struct nss_nc_ctx *ctx, bool permanent, const char *domain, const char *name); -int nss_ncache_set_uid(struct nss_nc_ctx *ctx, uid_t uid); -int nss_ncache_set_gid(struct nss_nc_ctx *ctx, gid_t gid); +int nss_ncache_set_uid(struct nss_nc_ctx *ctx, bool permanent, uid_t uid); +int nss_ncache_set_gid(struct nss_nc_ctx *ctx, bool permanent, gid_t gid); + +int nss_ncache_reset_permament(struct nss_nc_ctx *ctx); #endif /* _NSS_NEG_CACHE_H_ */ -- cgit