From 3a21103f61bf9b60256cc2d0da54b757b634319f Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Sat, 24 Oct 2009 13:36:34 -0400
Subject: Move responsibility for entry expiration timeout

The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
---
 server/responder/nss/nsssrv.c     | 10 ----------
 server/responder/nss/nsssrv.h     |  1 -
 server/responder/nss/nsssrv_cmd.c | 16 ++++++++--------
 server/responder/pam/pamsrv_cmd.c | 11 ++++-------
 4 files changed, 12 insertions(+), 26 deletions(-)

(limited to 'server/responder')

diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 9e93c069..272cd38b 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -91,11 +91,6 @@ static int nss_get_config(struct nss_ctx *nctx,
                          &nctx->enum_cache_timeout);
     if (ret != EOK) goto done;
 
-    ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
-                         CONFDB_NSS_ENTRY_CACHE_TIMEOUT, 600,
-                         &nctx->cache_timeout);
-    if (ret != EOK) goto done;
-
     ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
                          CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
                          &nctx->neg_timeout);
@@ -111,11 +106,6 @@ static int nss_get_config(struct nss_ctx *nctx,
                          CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT, 0,
                          &nctx->cache_refresh_timeout);
     if (ret != EOK) goto done;
-    if (nctx->cache_refresh_timeout >= nctx->cache_timeout) {
-        DEBUG(0,("Configuration error: EntryCacheNoWaitRefreshTimeout exceeds"
-                 "EntryCacheTimeout. Disabling feature.\n"));
-        nctx->cache_refresh_timeout = 0;
-    }
     if (nctx->cache_refresh_timeout < 0) {
         DEBUG(0,("Configuration error: EntryCacheNoWaitRefreshTimeout is"
                  "invalid. Disabling feature.\n"));
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index 14d2aad4..0c2ea487 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -47,7 +47,6 @@ struct nss_ctx {
     int neg_timeout;
     struct nss_nc_ctx *ncache;
 
-    int cache_timeout;
     int cache_refresh_timeout;
 
     int enum_cache_timeout;
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index ebfd1d56..3d4226fb 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -281,6 +281,7 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
     int refresh_timeout;
     time_t now;
     uint64_t lastUpdate;
+    uint64_t cacheExpire;
     struct nss_cmd_ctx *cmdctx = dctx->cmdctx;
     struct cli_ctx *cctx = cmdctx->cctx;
     bool call_provider = false;
@@ -297,13 +298,14 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
         } else if ((req_type == SSS_DP_GROUP) ||
                    ((req_type == SSS_DP_USER) && (res->count == 1))) {
 
-            timeout = nctx->cache_timeout;
             refresh_timeout = nctx->cache_refresh_timeout;
             now = time(NULL);
 
             lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0],
                                                      SYSDB_LAST_UPDATE, 0);
-            if (lastUpdate + timeout < now) {
+            cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+                                                      SYSDB_CACHE_EXPIRE, 0);
+            if (cacheExpire < now) {
                 /* This is a cache miss. We need to get the updated user
                  * information before returning it.
                  */
@@ -2906,7 +2908,7 @@ static void nss_cmd_getinit_callback(void *ptr, int status,
     struct sysdb_ctx *sysdb;
     struct nss_ctx *nctx;
     int timeout;
-    uint64_t lastUpdate;
+    uint64_t cacheExpire;
     uint8_t *body;
     size_t blen;
     bool call_provider = false;
@@ -2932,11 +2934,9 @@ static void nss_cmd_getinit_callback(void *ptr, int status,
             break;
 
         case 1:
-            timeout = nctx->cache_timeout;
-
-            lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0],
-                                                     SYSDB_LAST_UPDATE, 0);
-            if (lastUpdate + timeout < time(NULL)) {
+            cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+                                                      SYSDB_CACHE_EXPIRE, 0);
+            if (cacheExpire < time(NULL)) {
                 call_provider = true;
             }
             break;
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
index db59279c..699ec91a 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -798,10 +798,9 @@ static void pam_check_user_callback(void *ptr, int status,
     struct pam_auth_req *preq = talloc_get_type(ptr, struct pam_auth_req);
     struct sss_domain_info *dom;
     struct sysdb_ctx *sysdb;
-    uint64_t lastUpdate;
+    uint64_t cacheExpire;
     bool call_provider = false;
     time_t timeout;
-    time_t cache_timeout;
     int ret;
 
     if (status != LDB_SUCCESS) {
@@ -819,11 +818,9 @@ static void pam_check_user_callback(void *ptr, int status,
             break;
 
         case 1:
-            cache_timeout = 30; /* FIXME: read from conf */
-
-            lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0],
-                                                     SYSDB_LAST_UPDATE, 0);
-            if (lastUpdate + cache_timeout < time(NULL)) {
+            cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0],
+                                                      SYSDB_CACHE_EXPIRE, 0);
+            if (cacheExpire < time(NULL)) {
                 call_provider = true;
             }
             break;
-- 
cgit