diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-15 07:54:03 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-16 16:57:16 +0100 |
commit | a1fb964f1d216427c8215a92a59f722f08a07426 (patch) | |
tree | 80c447d40e21202dae59f3c25d7a946d6e7423f9 | |
parent | 0c517cb7fe642795f8c23f0df2cef6ba81e079e8 (diff) | |
download | sssd-a1fb964f1d216427c8215a92a59f722f08a07426.tar.gz sssd-a1fb964f1d216427c8215a92a59f722f08a07426.tar.bz2 sssd-a1fb964f1d216427c8215a92a59f722f08a07426.zip |
Invalidate user entry even if there are no groups
Related to https://fedorahosted.org/sssd/ticket/1757
Previously we would optimize the mc invalidate code for cases where the
user was a member of some groups. But if the user was removed from the
server while being in memory cache, we would only invalidate the mc
record if he was a member of at least one supplementary group.
-rw-r--r-- | src/providers/data_provider_be.c | 12 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 7 |
2 files changed, 8 insertions, 11 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 452979c0..789071f7 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -669,9 +669,9 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) if (ret && ret != ENOENT) { return ret; } - /* if the user is completely missing or has no group memberships - * at all there is no need to contact NSS, it would be a noop */ - if (ret == ENOENT || res->count == 0 || res->count == 1) { + /* if the user is completely missing there is no need to contact NSS, + * it would be a noop */ + if (ret == ENOENT || res->count == 0) { /* yet unknown, ignore */ return EOK; } @@ -680,7 +680,7 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) if (!pr) { return ENOMEM; } - pr->groups = talloc_array(pr, gid_t, res->count - 1); + pr->groups = talloc_array(pr, gid_t, res->count); if (!pr->groups) { return ENOMEM; } @@ -696,7 +696,9 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) if (!pr->domain) { return ENOMEM; } - for (pr->gnum = 0, i = 1; i < res->count; i++) { + /* The first GID is the primary so it might be duplicated + * later in the list */ + for (pr->gnum = 0, i = 0; i < res->count; i++) { pr->groups[pr->gnum] = ldb_msg_find_attr_as_uint(res->msgs[i], SYSDB_GIDNUM, 0); /* if 0 it may be a non-posix group, so we skip it */ diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index b1db367e..b2dae4a3 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -3417,11 +3417,6 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx, int ret; int i, j; - if (gnum == 0) { - /* there are no groups to invalidate in any case, just return */ - return; - } - for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) { if (strcasecmp(dom->name, domain) == 0) { break; @@ -3462,7 +3457,7 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx, changed = true; } else { /* we skip the first entry, it's the user itself */ - for (i = 1; i < res->count; i++) { + for (i = 0; i < res->count; i++) { id = ldb_msg_find_attr_as_uint(res->msgs[i], SYSDB_GIDNUM, 0); if (id == 0) { /* probably non-posix group, skip */ |