From 86f5491443de60c3656da343e6e36e7e3d6a0a9f Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 3 Aug 2016 18:48:04 +0200 Subject: [PATCH] SYSDB: Avoid optimisation with modifyTimestamp for users The usage of modifyTimestamp needn't be a reliable way for detecting of changes in user entry in LDAP. The authorisation need to rely current data from LDAP and therefore we will temporary disable optimisation with modifyTimestamp and we will rather rely on deep comparison of attributes. In he future, it might be changed and responders might control the optimization level. Resolves: https://fedorahosted.org/sssd/ticket/3110 --- src/db/sysdb_ops.c | 19 ------------------- src/tests/cmocka/test_sysdb_ts_cache.c | 14 -------------- 2 files changed, 33 deletions(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 67006c155098b9fde00a01d424014852c383a325..44fb5b70e6d33fffbca5824f831a3229254ecb57 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1101,16 +1101,6 @@ done: return ret; } -static errno_t sysdb_check_and_update_ts_usr(struct sss_domain_info *domain, - const char *grp_name, - struct sysdb_attrs *attrs, - uint64_t cache_timeout, - time_t now) -{ - return sysdb_check_and_update_ts_obj(domain, SYSDB_USER, grp_name, - attrs, cache_timeout, now); -} - static errno_t sysdb_check_and_update_ts_grp(struct sss_domain_info *domain, const char *grp_name, struct sysdb_attrs *attrs, @@ -2470,15 +2460,6 @@ int sysdb_store_user(struct sss_domain_info *domain, now = time(NULL); } - ret = sysdb_check_and_update_ts_usr(domain, name, attrs, - cache_timeout, now); - if (ret == EOK) { - DEBUG(SSSDBG_TRACE_LIBS, - "The user record of %s did not change, only updated " - "the timestamp cache\n", name); - return EOK; - } - tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c index aa857e7e4823d2d8ba1e1a794b3e2474876e9ab0..e950f88631e4c78573bbb7290edfe94b5ced57cd 100644 --- a/src/tests/cmocka/test_sysdb_ts_cache.c +++ b/src/tests/cmocka/test_sysdb_ts_cache.c @@ -980,20 +980,6 @@ static void test_sysdb_user_update(void **state) assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2); assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_2); - /* Update the same attrs and the same modifyTimestamp. - * Only the timestamp cache must be bumped */ - ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME, NULL, - TEST_USER_UID, TEST_USER_GID, TEST_USER_NAME, - "/home/"TEST_USER_NAME, "/bin/bash", NULL, - user_attrs, NULL, TEST_CACHE_TIMEOUT, - TEST_NOW_3); - assert_int_equal(ret, EOK); - - get_pw_timestamp_attrs(test_ctx, TEST_USER_NAME, - &cache_expire_sysdb, &cache_expire_ts); - assert_int_equal(cache_expire_sysdb, TEST_CACHE_TIMEOUT + TEST_NOW_2); - assert_int_equal(cache_expire_ts, TEST_CACHE_TIMEOUT + TEST_NOW_3); - /* Update with different modifyTimestamp but same attrs as previously * saved to the timestamp cache. We should detect the 'real' attributes * are the same and only bump the timestamp cache -- 2.9.2