summaryrefslogtreecommitdiff
path: root/src/responder
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2013-07-29 15:24:34 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-08 00:38:31 +0200
commitdb440b3ba6b848010cf2a1fe9f76db394ce860da (patch)
treeb0ff5035e0bde88366c2b96bf87a5d3c60e52483 /src/responder
parentada4d12f2e625ad553c6944b7d84bff144c31398 (diff)
downloadsssd-db440b3ba6b848010cf2a1fe9f76db394ce860da.tar.gz
sssd-db440b3ba6b848010cf2a1fe9f76db394ce860da.tar.bz2
sssd-db440b3ba6b848010cf2a1fe9f76db394ce860da.zip
NSS: Clear cached netgroups if a request comes in from the sss_cache
In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/nss/nsssrv.c21
-rw-r--r--src/responder/nss/nsssrv_netgroup.c30
-rw-r--r--src/responder/nss/nsssrv_netgroup.h3
3 files changed, 54 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 7bc49e3e..253756d1 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -56,12 +56,15 @@
static int nss_clear_memcache(DBusMessage *message,
struct sbus_connection *conn);
+static int nss_clear_netgroup_hash_table(DBusMessage *message,
+ struct sbus_connection *conn);
struct sbus_method monitor_nss_methods[] = {
{ MON_CLI_METHOD_PING, monitor_common_pong },
{ MON_CLI_METHOD_RES_INIT, monitor_common_res_init },
{ MON_CLI_METHOD_ROTATE, responder_logrotate },
{ MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache},
+ { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table},
{ NULL, NULL }
};
@@ -132,6 +135,24 @@ done:
return monitor_common_pong(message, conn);
}
+static int nss_clear_netgroup_hash_table(DBusMessage *message,
+ struct sbus_connection *conn)
+{
+ errno_t ret;
+ struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn),
+ struct resp_ctx);
+ struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
+
+ ret = nss_orphan_netgroups(nctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Could not invalidate netgroups\n"));
+ return ret;
+ }
+
+ return monitor_common_pong(message, conn);
+}
+
static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
{
int i = 0;
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index e1d3a052..a1c41968 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -1031,3 +1031,33 @@ netgroup_hash_delete_cb(hash_entry_t *item,
* table */
netgr->lookup_table = NULL;
}
+
+errno_t nss_orphan_netgroups(struct nss_ctx *nctx)
+{
+ int hret;
+ unsigned long mcount;
+ unsigned long i;
+ hash_key_t *netgroups;
+
+ if (!nctx || !nctx->netgroups) {
+ return EINVAL;
+ }
+
+ hret = hash_keys(nctx->netgroups, &mcount, &netgroups);
+ if (hret != HASH_SUCCESS) {
+ return EIO;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC, ("Removing netgroups from memory cache.\n"));
+
+ for (i = 0; i < mcount; i++) {
+ /* netgroup entry will be deleted by setnetgrent_result_timeout */
+ hret = hash_delete(nctx->netgroups, &netgroups[i]);
+ if (hret != HASH_SUCCESS) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n"));
+ continue;
+ }
+ }
+
+ return EOK;
+}
diff --git a/src/responder/nss/nsssrv_netgroup.h b/src/responder/nss/nsssrv_netgroup.h
index a909abed..ddeb35df 100644
--- a/src/responder/nss/nsssrv_netgroup.h
+++ b/src/responder/nss/nsssrv_netgroup.h
@@ -33,4 +33,7 @@ int nss_cmd_endnetgrent(struct cli_ctx *cctx);
void netgroup_hash_delete_cb(hash_entry_t *item,
hash_destroy_enum deltype, void *pvt);
+
+errno_t nss_orphan_netgroups(struct nss_ctx *nctx);
+
#endif /* NSSRV_NETGROUP_H_ */