diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-07-29 15:24:34 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-08 00:38:31 +0200 |
commit | db440b3ba6b848010cf2a1fe9f76db394ce860da (patch) | |
tree | b0ff5035e0bde88366c2b96bf87a5d3c60e52483 /src/responder | |
parent | ada4d12f2e625ad553c6944b7d84bff144c31398 (diff) | |
download | sssd-db440b3ba6b848010cf2a1fe9f76db394ce860da.tar.gz sssd-db440b3ba6b848010cf2a1fe9f76db394ce860da.tar.bz2 sssd-db440b3ba6b848010cf2a1fe9f76db394ce860da.zip |
NSS: Clear cached netgroups if a request comes in from the sss_cache
In order for sss_cache to work correctly, we must also signal the nss
responder to invalidate the hash table requests.
https://fedorahosted.org/sssd/ticket/1759
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/nss/nsssrv.c | 21 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_netgroup.c | 30 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_netgroup.h | 3 |
3 files changed, 54 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 7bc49e3e..253756d1 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -56,12 +56,15 @@ static int nss_clear_memcache(DBusMessage *message, struct sbus_connection *conn); +static int nss_clear_netgroup_hash_table(DBusMessage *message, + struct sbus_connection *conn); struct sbus_method monitor_nss_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache}, + { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table}, { NULL, NULL } }; @@ -132,6 +135,24 @@ done: return monitor_common_pong(message, conn); } +static int nss_clear_netgroup_hash_table(DBusMessage *message, + struct sbus_connection *conn) +{ + errno_t ret; + struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), + struct resp_ctx); + struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; + + ret = nss_orphan_netgroups(nctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Could not invalidate netgroups\n")); + return ret; + } + + return monitor_common_pong(message, conn); +} + static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells) { int i = 0; diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index e1d3a052..a1c41968 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -1031,3 +1031,33 @@ netgroup_hash_delete_cb(hash_entry_t *item, * table */ netgr->lookup_table = NULL; } + +errno_t nss_orphan_netgroups(struct nss_ctx *nctx) +{ + int hret; + unsigned long mcount; + unsigned long i; + hash_key_t *netgroups; + + if (!nctx || !nctx->netgroups) { + return EINVAL; + } + + hret = hash_keys(nctx->netgroups, &mcount, &netgroups); + if (hret != HASH_SUCCESS) { + return EIO; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("Removing netgroups from memory cache.\n")); + + for (i = 0; i < mcount; i++) { + /* netgroup entry will be deleted by setnetgrent_result_timeout */ + hret = hash_delete(nctx->netgroups, &netgroups[i]); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n")); + continue; + } + } + + return EOK; +} diff --git a/src/responder/nss/nsssrv_netgroup.h b/src/responder/nss/nsssrv_netgroup.h index a909abed..ddeb35df 100644 --- a/src/responder/nss/nsssrv_netgroup.h +++ b/src/responder/nss/nsssrv_netgroup.h @@ -33,4 +33,7 @@ int nss_cmd_endnetgrent(struct cli_ctx *cctx); void netgroup_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt); + +errno_t nss_orphan_netgroups(struct nss_ctx *nctx); + #endif /* NSSRV_NETGROUP_H_ */ |