|
 |
5fca41 |
From fb3f1af38edff257d603da165e0d64d12d92644e Mon Sep 17 00:00:00 2001
|
|
|
5fca41 |
From: Tomas Halman <thalman@redhat.com>
|
|
|
5fca41 |
Date: Sun, 16 Dec 2018 08:46:24 +0100
|
|
|
5fca41 |
Subject: [PATCH] CACHE: SSSD doesn't clear cache entries
|
|
|
5fca41 |
MIME-Version: 1.0
|
|
|
5fca41 |
Content-Type: text/plain; charset=UTF-8
|
|
|
5fca41 |
Content-Transfer-Encoding: 8bit
|
|
|
5fca41 |
|
|
|
5fca41 |
Once object is in cache it is refreshed when it is expired and
|
|
|
5fca41 |
requested by the system. Object ID is not checked before refresh,
|
|
|
5fca41 |
but config parameter ldap_(min|max)_id could be changed by admin.
|
|
|
5fca41 |
We should check object ID and not refresh objects outside min/max
|
|
|
5fca41 |
ID interval.
|
|
|
5fca41 |
|
|
|
5fca41 |
Resolves:
|
|
|
5fca41 |
https://pagure.io/SSSD/sssd/issue/3905
|
|
|
5fca41 |
|
|
|
5fca41 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
5fca41 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
5fca41 |
(cherry picked from commit d2adfcf54c3a37aeda675aec3ba3d174061fac1a)
|
|
|
5fca41 |
---
|
|
|
5fca41 |
.../common/cache_req/cache_req_search.c | 29 +++++++++++++++++++
|
|
|
5fca41 |
1 file changed, 29 insertions(+)
|
|
|
5fca41 |
|
|
|
5fca41 |
diff --git a/src/responder/common/cache_req/cache_req_search.c b/src/responder/common/cache_req/cache_req_search.c
|
|
|
5fca41 |
index 7423feb63..873214503 100644
|
|
|
5fca41 |
--- a/src/responder/common/cache_req/cache_req_search.c
|
|
|
5fca41 |
+++ b/src/responder/common/cache_req/cache_req_search.c
|
|
|
5fca41 |
@@ -25,6 +25,7 @@
|
|
|
5fca41 |
#include "util/util.h"
|
|
|
5fca41 |
#include "responder/common/cache_req/cache_req_private.h"
|
|
|
5fca41 |
#include "responder/common/cache_req/cache_req_plugin.h"
|
|
|
5fca41 |
+#include "db/sysdb.h"
|
|
|
5fca41 |
|
|
|
5fca41 |
static errno_t cache_req_search_ncache(struct cache_req *cr)
|
|
|
5fca41 |
{
|
|
|
5fca41 |
@@ -169,6 +170,30 @@ done:
|
|
|
5fca41 |
return ret;
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
+static int
|
|
|
5fca41 |
+cache_req_should_be_in_cache(struct cache_req *cr,
|
|
|
5fca41 |
+ struct ldb_result *result)
|
|
|
5fca41 |
+{
|
|
|
5fca41 |
+ id_t id = 0;
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ if (result == NULL || result->count != 1) {
|
|
|
5fca41 |
+ /* can't decide so keep it */
|
|
|
5fca41 |
+ return EOK;
|
|
|
5fca41 |
+ }
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ id = ldb_msg_find_attr_as_uint(result->msgs[0], SYSDB_UIDNUM, 0);
|
|
|
5fca41 |
+ if (id && OUT_OF_ID_RANGE(id, cr->domain->id_min, cr->domain->id_max)) {
|
|
|
5fca41 |
+ return ERR_ID_OUTSIDE_RANGE;
|
|
|
5fca41 |
+ }
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ id = ldb_msg_find_attr_as_uint(result->msgs[0], SYSDB_GIDNUM, 0);
|
|
|
5fca41 |
+ if (id && OUT_OF_ID_RANGE(id, cr->domain->id_min, cr->domain->id_max)) {
|
|
|
5fca41 |
+ return ERR_ID_OUTSIDE_RANGE;
|
|
|
5fca41 |
+ }
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ return EOK;
|
|
|
5fca41 |
+}
|
|
|
5fca41 |
+
|
|
|
5fca41 |
static errno_t cache_req_search_cache(TALLOC_CTX *mem_ctx,
|
|
|
5fca41 |
struct cache_req *cr,
|
|
|
5fca41 |
struct ldb_result **_result)
|
|
|
5fca41 |
@@ -191,6 +216,10 @@ static errno_t cache_req_search_cache(TALLOC_CTX *mem_ctx,
|
|
|
5fca41 |
ret = ENOENT;
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
+ if (ret == EOK) {
|
|
|
5fca41 |
+ ret = cache_req_should_be_in_cache(cr, result);
|
|
|
5fca41 |
+ }
|
|
|
5fca41 |
+
|
|
|
5fca41 |
switch (ret) {
|
|
|
5fca41 |
case EOK:
|
|
|
5fca41 |
if (cr->plugin->only_one_result && result->count > 1) {
|
|
|
5fca41 |
--
|
|
|
5fca41 |
2.20.1
|
|
|
5fca41 |
|