summaryrefslogtreecommitdiff
path: root/src/responder/nss
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2012-12-05 17:40:43 +0000
committerJakub Hrozek <jhrozek@redhat.com>2012-12-05 23:01:37 +0100
commitebba1aa6b9783daa0d530e9f5e307f7be17d3cd3 (patch)
tree2fafadfee6c92db06905a7053a6a0c8503b049ee /src/responder/nss
parent8088274b2389b76f4be581736e55f26a8322fad1 (diff)
downloadsssd-ebba1aa6b9783daa0d530e9f5e307f7be17d3cd3.tar.gz
sssd-ebba1aa6b9783daa0d530e9f5e307f7be17d3cd3.tar.bz2
sssd-ebba1aa6b9783daa0d530e9f5e307f7be17d3cd3.zip
Hook to perform a mmap cache update from sssd_nss
This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
Diffstat (limited to 'src/responder/nss')
-rw-r--r--src/responder/nss/nsssrv.c15
-rw-r--r--src/responder/nss/nsssrv_cmd.c100
-rw-r--r--src/responder/nss/nsssrv_private.h3
3 files changed, 118 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index e01bd1a4..8694edaf 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -33,6 +33,7 @@
#include "popt.h"
#include "util/util.h"
#include "responder/nss/nsssrv.h"
+#include "responder/nss/nsssrv_private.h"
#include "responder/nss/nsssrv_mmap_cache.h"
#include "responder/common/negcache.h"
#include "db/sysdb.h"
@@ -280,7 +281,21 @@ done:
return ret;
}
+static int nss_update_memcache(DBusMessage *message,
+ struct sbus_connection *conn)
+{
+ struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn),
+ struct resp_ctx);
+ struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
+
+ nss_update_pw_memcache(nctx);
+ nss_update_gr_memcache(nctx);
+
+ return EOK;
+}
+
static struct sbus_method nss_dp_methods[] = {
+ { DP_REV_METHOD_UPDATE_CACHE, nss_update_memcache },
{ NULL, NULL }
};
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index db1efdd2..2397fb38 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -107,6 +107,56 @@ struct setent_ctx {
* PASSWD db related functions
***************************************************************************/
+void nss_update_pw_memcache(struct nss_ctx *nctx)
+{
+ struct sss_domain_info *dom;
+ struct ldb_result *res;
+ uint64_t exp;
+ struct sized_string key;
+ const char *id;
+ time_t now;
+ int ret;
+ int i;
+
+ now = time(NULL);
+
+ for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) {
+ ret = sysdb_enumpwent(nctx, dom->sysdb, &res);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to enumerate users for domain [%s]\n", dom->name));
+ continue;
+ }
+
+ for (i = 0; i < res->count; i++) {
+ exp = ldb_msg_find_attr_as_uint64(res->msgs[i],
+ SYSDB_CACHE_EXPIRE, 0);
+ if (exp >= now) {
+ continue;
+ }
+
+ /* names require more manipulation (build up fqname conditionally),
+ * but uidNumber is unique and always resolvable too, so we use
+ * that to update the cache, as it points to the same entry */
+ id = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_UIDNUM, NULL);
+ if (!id) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to find uidNumber in %s.\n",
+ ldb_dn_get_linearized(res->msgs[i]->dn)));
+ continue;
+ }
+ to_sized_string(&key, id);
+
+ ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, &key);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Internal failure in memory cache code: %d [%s]\n",
+ ret, strerror(ret)));
+ }
+ }
+ }
+}
+
static gid_t get_gid_override(struct ldb_message *msg,
struct sss_domain_info *dom)
{
@@ -1746,6 +1796,56 @@ done:
* GROUP db related functions
***************************************************************************/
+void nss_update_gr_memcache(struct nss_ctx *nctx)
+{
+ struct sss_domain_info *dom;
+ struct ldb_result *res;
+ uint64_t exp;
+ struct sized_string key;
+ const char *id;
+ time_t now;
+ int ret;
+ int i;
+
+ now = time(NULL);
+
+ for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) {
+ ret = sysdb_enumgrent(nctx, dom->sysdb, &res);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to enumerate users for domain [%s]\n", dom->name));
+ continue;
+ }
+
+ for (i = 0; i < res->count; i++) {
+ exp = ldb_msg_find_attr_as_uint64(res->msgs[i],
+ SYSDB_CACHE_EXPIRE, 0);
+ if (exp >= now) {
+ continue;
+ }
+
+ /* names require more manipulation (build up fqname conditionally),
+ * but uidNumber is unique and always resolvable too, so we use
+ * that to update the cache, as it points to the same entry */
+ id = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_GIDNUM, NULL);
+ if (!id) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to find gidNumber in %s.\n",
+ ldb_dn_get_linearized(res->msgs[i]->dn)));
+ continue;
+ }
+ to_sized_string(&key, id);
+
+ ret = sss_mmap_cache_gr_invalidate(nctx->grp_mc_ctx, &key);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Internal failure in memory cache code: %d [%s]\n",
+ ret, strerror(ret)));
+ }
+ }
+ }
+}
+
#define GID_ROFFSET 0
#define MNUM_ROFFSET sizeof(uint32_t)
#define STRS_ROFFSET 2*sizeof(uint32_t)
diff --git a/src/responder/nss/nsssrv_private.h b/src/responder/nss/nsssrv_private.h
index f1d47c3b..c5889311 100644
--- a/src/responder/nss/nsssrv_private.h
+++ b/src/responder/nss/nsssrv_private.h
@@ -123,4 +123,7 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
sss_dp_callback_t callback,
void *pvt);
+void nss_update_pw_memcache(struct nss_ctx *nctx);
+void nss_update_gr_memcache(struct nss_ctx *nctx);
+
#endif /* NSSSRV_PRIVATE_H_ */