Univention Bugzilla – Attachment 6995 Details for
Bug 38823
Add cache filter mechanism
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Issue #2387: Add Listener cache filter
0001-Issue-2387-Add-Listener-cache-filter.patch (text/plain), 6.75 KB, created by
Philipp Hahn
on 2015-07-02 16:06 CEST
(
hide
)
Description:
Issue #2387: Add Listener cache filter
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2015-07-02 16:06 CEST
Size:
6.75 KB
patch
obsolete
>From a642e9566afa4833b71e14852ac469710097c5a3 Mon Sep 17 00:00:00 2001 >Message-Id: <a642e9566afa4833b71e14852ac469710097c5a3.1435845928.git.hahn@univention.de> >From: Philipp Hahn <hahn@univention.de> >Date: Thu, 2 Jul 2015 13:57:40 +0000 >Subject: [PATCH] Issue #2387: Add Listener cache filter >Organization: Univention GmbH, Bremen, Germany > >Add UCRV "listener/cache/filter" to prevent certain LDAP objects from >being stored in the local Listener cache. > >Beware: Certain functionality like moving objects will work reliable for >those objects, so be careful on which objects get black-listed. > >git-svn-id: svn+in8://mail.univention.de/var/univention/svn/dev@3578 ae5adf9b-a26c-40de-88c9-2f0554b1ae1e >--- > univention-directory-listener/debian/changelog | 6 ++++++ > ...y-listener.univention-config-registry-variables | 6 ++++++ > univention-directory-listener/src/Makefile | 4 ++-- > univention-directory-listener/src/cache.c | 22 ++++++++++++++++++++++ > univention-directory-listener/src/handlers.c | 4 ++-- > univention-directory-listener/src/utils.h | 5 +++++ > 6 files changed, 43 insertions(+), 4 deletions(-) > >diff --git a/univention-directory-listener/debian/changelog b/univention-directory-listener/debian/changelog >index 14b45b1..167ffe1 100644 >--- a/univention-directory-listener/debian/changelog >+++ b/univention-directory-listener/debian/changelog >@@ -1,3 +1,9 @@ >+univention-directory-listener (12.0.1-12) unstable; urgency=low >+ >+ * Issue #2387: Implement local cache filter >+ >+ -- Philipp Hahn <hahn@univention.de> Wed, 01 Jul 2015 17:07:10 +0200 >+ > univention-directory-listener (12.0.1-11) unstable; urgency=low > > * create /etc/ldap/rootpw.conf if missing >diff --git a/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables b/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables >index 6e6d8dc..8bc1586 100644 >--- a/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables >+++ b/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables >@@ -27,3 +27,9 @@ Description[de]=Ist diese Variable auf 'yes' gesetzt, führt der Univention Dire > Description[en]=If this variable is set to 'yes', the Univention Directory Listener performs consistency checks to prevent a user name being added into a group multiple times. These checks can be deactivated by setting the variables 'listener/memberuid/skip' and 'listener/uniquemember/skip' to 'no'. > Type=str > Categories=service-ln >+ >+[listener/cache/filter] >+Description[de]=LDAP filter string, um das lokale Cachen zu verhindern. >+Description[en]=LDAP filter string to prevent local caching >+Type=str >+Categories=service-ln >diff --git a/univention-directory-listener/src/Makefile b/univention-directory-listener/src/Makefile >index 06dacd8..45482de 100644 >--- a/univention-directory-listener/src/Makefile >+++ b/univention-directory-listener/src/Makefile >@@ -32,12 +32,12 @@ > CC=gcc > DB_LDADD=-ldb3 > DB_CFLAGS=-I/usr/include/db3 -DWITH_DB3 >-DB_OBJS=cache.o cache_entry.o cache_lowlevel.o base64.o >+DB_OBJS=cache.o cache_entry.o cache_lowlevel.o base64.o filter.o > > CFLAGS=-g -Wall -Werror -D_FILE_OFFSET_BITS=64 $(DB_CFLAGS) > LDADD=-g -luniventiondebug > LISTENER_LDADD=$(LDADD) -luniventionpolicy -lldap -lpython2.6 $(DB_LDADD) >-LISTENER_OBJS=main.o notifier.o transfile.o handlers.o cache.o cache_entry.o cache_lowlevel.o change.o network.o filter.o signals.o base64.o select_server.o >+LISTENER_OBJS=main.o notifier.o transfile.o handlers.o change.o network.o signals.o select_server.o $(DB_OBJS) > DUMP_LDADD=$(LDADD) -lldap -luniventionconfig $(DB_LDADD) > DUMP_OBJS=dump.o dump_signals.o $(DB_OBJS) > DEMO_LDADD=$(LDADD) -luniventionconfig >diff --git a/univention-directory-listener/src/cache.c b/univention-directory-listener/src/cache.c >index 3e2d514..329728e 100644 >--- a/univention-directory-listener/src/cache.c >+++ b/univention-directory-listener/src/cache.c >@@ -71,6 +71,7 @@ > #include <stdbool.h> > > #include <univention/debug.h> >+#include <univention/config.h> > > #include "common.h" > #include "cache.h" >@@ -78,6 +79,8 @@ > #include "cache_entry.h" > #include "network.h" > #include "signals.h" >+#include "filter.h" >+#include "utils.h" > > #define MASTER_KEY "__master__" > #define MASTER_KEY_SIZE (sizeof MASTER_KEY) >@@ -94,6 +97,20 @@ DB_ENV *dbenvp; > #endif > static FILE *lock_fp=NULL; > >+static struct filter cache_filter; >+static struct filter *cache_filters[] = {&cache_filter, NULL}; >+ >+static void setup_cache_filter(void) { >+ cache_filter.filter = univention_config_get_string("listener/cache/filter"); >+ if (cache_filter.filter && cache_filter.filter[0]) { >+ cache_filter.base = univention_config_get_string("ldap/base"); >+ cache_filter.scope = LDAP_SCOPE_SUBTREE; >+ } else { >+ FREE(cache_filter.filter); >+ FREE(cache_filter.base); >+ } >+} >+ > #ifdef WITH_DB42 > static void cache_panic_call(DB_ENV *dbenvp, int errval) > { >@@ -192,6 +209,7 @@ int cache_init(void) > } > dbp->set_errcall(dbp, cache_error_message); > #endif >+ setup_cache_filter(); > return 0; > } > >@@ -429,6 +447,10 @@ int cache_update_entry_lower(NotifierID id, char *dn, CacheEntry *entry) > char *lower_dn; > int rv = 0; > >+ /* IN8 Issue 2387: Skip caching certain entries matching LDAP filter */ >+ if (cache_filter.filter && cache_entry_ldap_filter_match(cache_filters, dn, entry)) >+ return rv; >+ > lower_dn = _convert_to_lower(dn); > rv = cache_update_entry(id, lower_dn, entry); > >diff --git a/univention-directory-listener/src/handlers.c b/univention-directory-listener/src/handlers.c >index 12df56e..405ca66 100644 >--- a/univention-directory-listener/src/handlers.c >+++ b/univention-directory-listener/src/handlers.c >@@ -88,7 +88,7 @@ static PyObject* module_import(char *filename) > > namep = strrchr(filename, '.'); > if ((namep != NULL) && (strcmp(namep, ".pyo") == 0)) { >- long magic; >+ __attribute__((unused)) long magic; > > magic = PyMarshal_ReadLongFromFile(fp); > /* we should probably check the magic here */ >@@ -936,7 +936,7 @@ int handlers_set_data_all(char *key, char *value) > { > Handler *handler; > PyObject *argtuple; >- int rv = 1; >+ __attribute__((unused)) int rv = 1; > > univention_debug(UV_DEBUG_LISTENER, UV_DEBUG_INFO, "setting data for all handlers: key=%s value=%s", key, strcmp("bindpw", key) ? value : "<HIDDEN>"); > >diff --git a/univention-directory-listener/src/utils.h b/univention-directory-listener/src/utils.h >index bd18d39..e59b58f 100644 >--- a/univention-directory-listener/src/utils.h >+++ b/univention-directory-listener/src/utils.h >@@ -4,6 +4,11 @@ > #include <ldap.h> > > >+#define FREE(ptr) \ >+ free(ptr); \ >+ ptr = NULL; >+ >+ > static inline bool BERSTREQ(const struct berval *ber, const char *str, size_t len) { > return ber->bv_len == len && memcmp(ber->bv_val, str, len) == 0; > } >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 38823
: 6995 |
7027
|
7182