From 18774778804904b301f4c137d131fb5b41599a18 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 3 Aug 2016 18:48:04 +0200 Subject: [PATCH] SYSDB: Avoid optimisation with modifyTimestamp for users The usage of modifyTimestamp needn't be a reliable way for detecting of changes in user entry in LDAP. The authorisation need to rely current data from LDAP and therefore we will temporary disable optimisation with modifyTimestamp and we will rather rely on deep comparison of attributes. In he future, it might be changed and responders might control the optimization level. Resolves: https://fedorahosted.org/sssd/ticket/3110 --- src/db/sysdb_ops.c | 19 ------------------- src/tests/cmocka/test_sysdb_ts_cache.c | 14 -------------- 2 files changed, 33 deletions(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ed177d1730723a61e01167a75a0baca6d81252f8..93b7705ceaaab800beecef8df77f211f12e56306 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1101,16 +1101,6 @@ done: return ret; } -static errno_t sysdb_check_and_update_ts_usr(struct sss_domain_info *domain, - const char *grp_name, - struct sysdb_attrs *attrs, - uint64_t cache_timeout, - time_t now) -{ - return sysdb_check_and_update_ts_obj(domain, SYSDB_USER, grp_name, - attrs, cache_timeout, now); -} - static errno_t sysdb_check_and_update_ts_grp(struct sss_domain_info *domain, const char *grp_name, struct sysdb_attrs *attrs, @@ -2465,15 +2455,6 @@ int sysdb_store_user(struct sss_domain_info *domain, errno_t sret = EOK; bool in_transaction = false; - ret = sysdb_check_and_update_ts_usr(domain, name, attrs, - cache_timeout, now); - if (ret == EOK) { - DEBUG(SSSDBG_TRACE_LIBS, - "The user record of %s did not change, only updated " - "the timestamp cache\n", name); - return EOK; - } - tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c index d5492299647f54e379ea3f305ccc1501c7f6c79f..82bc770354fd226b0a6441b05c1b59834747f16e 100644 --- a/src/tests/cmocka/test_sysdb_ts_cache.c +++ b/src/tests/cmocka/test_sysdb_ts_cache.c @@ -980,20 +980,6 @@ static void test_sysdb_user_update(void **state) assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2); assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_2); - /* Update the same attrs and the same modifyTimestamp. - * Only the timestamp cache must be bumped */ - ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME, NULL, - TEST_USER_UID, TEST_USER_GID, TEST_USER_NAME, - "/home/"TEST_USER_NAME, "/bin/bash", NULL, - user_attrs, NULL, TEST_CACHE_TIMEOUT, - TEST_NOW_3); - assert_int_equal(ret, EOK); - - get_pw_timestamp_attrs(test_ctx, TEST_USER_NAME, - &cache_expire_sysdb, &cache_expire_ts); - assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2); - assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_3); - /* Update with different modifyTimestamp but same attrs as previously * saved to the timestamp cache. We should detect the 'real' attributes * are the same and only bump the timestamp cache -- 2.9.2