Attachment 6995 Details for Bug 38823

[patch] Issue #2387: Add Listener cache filter

0001-Issue-2387-Add-Listener-cache-filter.patch (text/plain), 6.75 KB, created by Philipp Hahn on 2015-07-02 16:06 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Philipp Hahn

Created: 2015-07-02 16:06 CEST

Size: 6.75 KB

patch

obsolete

>From a642e9566afa4833b71e14852ac469710097c5a3 Mon Sep 17 00:00:00 2001
>Message-Id: <a642e9566afa4833b71e14852ac469710097c5a3.1435845928.git.hahn@univention.de>
>From: Philipp Hahn <hahn@univention.de>
>Date: Thu, 2 Jul 2015 13:57:40 +0000
>Subject: [PATCH] Issue #2387: Add Listener cache filter
>Organization: Univention GmbH, Bremen, Germany
>
>Add UCRV "listener/cache/filter" to prevent certain LDAP objects from
>being stored in the local Listener cache.
>
>Beware: Certain functionality like moving objects will work reliable for
>those objects, so be careful on which objects get black-listed.
>
>git-svn-id: svn+in8://mail.univention.de/var/univention/svn/dev@3578 ae5adf9b-a26c-40de-88c9-2f0554b1ae1e
>---
> univention-directory-listener/debian/changelog     |  6 ++++++
> ...y-listener.univention-config-registry-variables |  6 ++++++
> univention-directory-listener/src/Makefile         |  4 ++--
> univention-directory-listener/src/cache.c          | 22 ++++++++++++++++++++++
> univention-directory-listener/src/handlers.c       |  4 ++--
> univention-directory-listener/src/utils.h          |  5 +++++
> 6 files changed, 43 insertions(+), 4 deletions(-)
>
>diff --git a/univention-directory-listener/debian/changelog b/univention-directory-listener/debian/changelog
>index 14b45b1..167ffe1 100644
>--- a/univention-directory-listener/debian/changelog
>+++ b/univention-directory-listener/debian/changelog
>@@ -1,3 +1,9 @@
>+univention-directory-listener (12.0.1-12) unstable; urgency=low
>+
>+  * Issue #2387: Implement local cache filter
>+
>+ -- Philipp Hahn <hahn@univention.de>  Wed, 01 Jul 2015 17:07:10 +0200
>+
> univention-directory-listener (12.0.1-11) unstable; urgency=low
> 
>   * create /etc/ldap/rootpw.conf if missing 
>diff --git a/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables b/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables
>index 6e6d8dc..8bc1586 100644
>--- a/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables
>+++ b/univention-directory-listener/debian/univention-directory-listener.univention-config-registry-variables
>@@ -27,3 +27,9 @@ Description[de]=Ist diese Variable auf 'yes' gesetzt, fÃ¼hrt der Univention Dire
> Description[en]=If this variable is set to 'yes', the Univention Directory Listener performs consistency checks to prevent a user name being added into a group multiple times. These checks can be deactivated by setting the variables 'listener/memberuid/skip' and 'listener/uniquemember/skip' to 'no'.
> Type=str
> Categories=service-ln
>+
>+[listener/cache/filter]
>+Description[de]=LDAP filter string, um das lokale Cachen zu verhindern.
>+Description[en]=LDAP filter string to prevent local caching
>+Type=str
>+Categories=service-ln
>diff --git a/univention-directory-listener/src/Makefile b/univention-directory-listener/src/Makefile
>index 06dacd8..45482de 100644
>--- a/univention-directory-listener/src/Makefile
>+++ b/univention-directory-listener/src/Makefile
>@@ -32,12 +32,12 @@
> CC=gcc
> DB_LDADD=-ldb3
> DB_CFLAGS=-I/usr/include/db3 -DWITH_DB3
>-DB_OBJS=cache.o cache_entry.o cache_lowlevel.o base64.o
>+DB_OBJS=cache.o cache_entry.o cache_lowlevel.o base64.o filter.o
> 
> CFLAGS=-g -Wall -Werror -D_FILE_OFFSET_BITS=64 $(DB_CFLAGS)
> LDADD=-g -luniventiondebug
> LISTENER_LDADD=$(LDADD) -luniventionpolicy -lldap -lpython2.6 $(DB_LDADD)
>-LISTENER_OBJS=main.o notifier.o transfile.o handlers.o cache.o cache_entry.o cache_lowlevel.o change.o network.o filter.o signals.o base64.o select_server.o
>+LISTENER_OBJS=main.o notifier.o transfile.o handlers.o change.o network.o signals.o select_server.o $(DB_OBJS)
> DUMP_LDADD=$(LDADD) -lldap -luniventionconfig $(DB_LDADD)
> DUMP_OBJS=dump.o dump_signals.o $(DB_OBJS)
> DEMO_LDADD=$(LDADD) -luniventionconfig
>diff --git a/univention-directory-listener/src/cache.c b/univention-directory-listener/src/cache.c
>index 3e2d514..329728e 100644
>--- a/univention-directory-listener/src/cache.c
>+++ b/univention-directory-listener/src/cache.c
>@@ -71,6 +71,7 @@
> #include <stdbool.h>
> 
> #include <univention/debug.h>
>+#include <univention/config.h>
> 
> #include "common.h"
> #include "cache.h"
>@@ -78,6 +79,8 @@
> #include "cache_entry.h"
> #include "network.h"
> #include "signals.h"
>+#include "filter.h"
>+#include "utils.h"
> 
> #define MASTER_KEY "__master__"
> #define MASTER_KEY_SIZE (sizeof MASTER_KEY)
>@@ -94,6 +97,20 @@ DB_ENV *dbenvp;
> #endif
> static FILE *lock_fp=NULL;
> 
>+static struct filter cache_filter;
>+static struct filter *cache_filters[] = {&cache_filter, NULL};
>+
>+static void setup_cache_filter(void) {
>+	cache_filter.filter = univention_config_get_string("listener/cache/filter");
>+	if (cache_filter.filter && cache_filter.filter[0]) {
>+		cache_filter.base = univention_config_get_string("ldap/base");
>+		cache_filter.scope = LDAP_SCOPE_SUBTREE;
>+	} else {
>+		FREE(cache_filter.filter);
>+		FREE(cache_filter.base);
>+	}
>+}
>+
> #ifdef WITH_DB42
> static void cache_panic_call(DB_ENV *dbenvp, int errval)
> {
>@@ -192,6 +209,7 @@ int cache_init(void)
> 	}
> 	dbp->set_errcall(dbp, cache_error_message);
> #endif
>+	setup_cache_filter();
> 	return 0;
> }
> 
>@@ -429,6 +447,10 @@ int cache_update_entry_lower(NotifierID id, char *dn, CacheEntry *entry)
> 	char *lower_dn;
> 	int rv = 0;
> 
>+	/* IN8 Issue 2387: Skip caching certain entries matching LDAP filter */
>+	if (cache_filter.filter && cache_entry_ldap_filter_match(cache_filters, dn, entry))
>+		return rv;
>+
> 	lower_dn = _convert_to_lower(dn);
> 	rv = cache_update_entry(id, lower_dn, entry);
> 
>diff --git a/univention-directory-listener/src/handlers.c b/univention-directory-listener/src/handlers.c
>index 12df56e..405ca66 100644
>--- a/univention-directory-listener/src/handlers.c
>+++ b/univention-directory-listener/src/handlers.c
>@@ -88,7 +88,7 @@ static PyObject* module_import(char *filename)
> 
> 	namep = strrchr(filename, '.');
> 	if ((namep != NULL) && (strcmp(namep, ".pyo") == 0)) {
>-		long magic;
>+		__attribute__((unused)) long magic;
> 
> 		magic = PyMarshal_ReadLongFromFile(fp);
> 		/* we should probably check the magic here */
>@@ -936,7 +936,7 @@ int handlers_set_data_all(char *key, char *value)
> {
> 	Handler *handler;
> 	PyObject *argtuple;
>-	int rv = 1;
>+	__attribute__((unused))  int rv = 1;
> 
> 	univention_debug(UV_DEBUG_LISTENER, UV_DEBUG_INFO, "setting data for all handlers: key=%s  value=%s", key, strcmp("bindpw", key) ? value : "<HIDDEN>");
> 
>diff --git a/univention-directory-listener/src/utils.h b/univention-directory-listener/src/utils.h
>index bd18d39..e59b58f 100644
>--- a/univention-directory-listener/src/utils.h
>+++ b/univention-directory-listener/src/utils.h
>@@ -4,6 +4,11 @@
> #include <ldap.h>
> 
> 
>+#define FREE(ptr) \
>+	free(ptr); \
>+	ptr = NULL;
>+
>+
> static inline bool BERSTREQ(const struct berval *ber, const char *str, size_t len) {
> 	return ber->bv_len == len && memcmp(ber->bv_val, str, len) == 0;
> }
>-- 
>1.9.1
>

Actions: View | Diff

Attachments on bug 38823: 6995 | 7027 | 7182