diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/monitor/monitor.c | 12 | ||||
-rw-r--r-- | src/monitor/monitor_interfaces.h | 1 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.c | 77 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.c | 46 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.h | 5 | ||||
-rw-r--r-- | src/tools/sss_cache.c | 26 | ||||
-rw-r--r-- | src/util/util.h | 2 |
7 files changed, 166 insertions, 3 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 50b2e952..a9422787 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -51,6 +51,7 @@ #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "monitor/monitor_interfaces.h" +#include "responder/nss/nsssrv.h" #ifdef USE_KEYRING #include <keyutils.h> @@ -701,6 +702,10 @@ static int service_signal_rotate(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_ROTATE); } +static int service_signal_clear_memcache(struct mt_svc *svc) +{ + return service_signal(svc, MON_CLI_METHOD_CLEAR_MEMCACHE); +} static int check_domain_ranges(struct sss_domain_info *domains) { @@ -1177,10 +1182,15 @@ static void monitor_hup(struct tevent_context *ev, DEBUG(1, ("Received SIGHUP.\n")); - /* Signal all services to rotate debug files */ + /* Send D-Bus message to other services to rotate their logs. + * NSS service receives also message to clear memory caches. */ for(cur_svc = ctx->svc_list; cur_svc; cur_svc = cur_svc->next) { service_signal_rotate(cur_svc); + if (!strcmp(NSS_SBUS_SERVICE_NAME, cur_svc->name)) { + service_signal_clear_memcache(cur_svc); + } } + } static int monitor_cleanup(void) diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index 51ac254c..abe90503 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -45,6 +45,7 @@ #define MON_CLI_METHOD_OFFLINE "goOffline" /* Applicable only to providers */ #define MON_CLI_METHOD_RESET_OFFLINE "resetOffline" /* Applicable only to providers */ #define MON_CLI_METHOD_ROTATE "rotateLogs" +#define MON_CLI_METHOD_CLEAR_MEMCACHE "clearMemcache" #define SSSD_SERVICE_PIPE "private/sbus-monitor" diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 64267e86..5fa72494 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -51,10 +51,14 @@ #define SHELL_REALLOC_INCREMENT 5 #define SHELL_REALLOC_MAX 50 +static int nss_clear_memcache(DBusMessage *message, + struct sbus_connection *conn); + struct sbus_method monitor_nss_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, + { MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache}, { NULL, NULL } }; @@ -66,6 +70,65 @@ struct sbus_interface monitor_nss_interface = { NULL }; +static int nss_clear_memcache(DBusMessage *message, + struct sbus_connection *conn) +{ + errno_t ret; + int memcache_timeout; + struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), + struct resp_ctx); + struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; + + ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG); + if (ret != 0) { + ret = errno; + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_FUNC, + ("CLEAR_MC_FLAG not found. Nothing to do.\n")); + goto done; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to unlink file: %s.\n", + strerror(ret))); + return ret; + } + } + + /* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */ + + ret = confdb_get_int(rctx->cdb, + CONFDB_NSS_CONF_ENTRY, + CONFDB_MEMCACHE_TIMEOUT, + 300, &memcache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Unable to get memory cache entry timeout.\n")); + return ret; + } + + /* TODO: read cache sizes from configuration */ + DEBUG(SSSDBG_TRACE_FUNC, ("Clearing memory caches.\n")); + ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, + (time_t) memcache_timeout, + &nctx->pwd_mc_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("passwd mmap cache invalidation failed\n")); + return ret; + } + + ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, + (time_t) memcache_timeout, + &nctx->grp_mc_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("group mmap cache invalidation failed\n")); + return ret; + } + +done: + return monitor_common_pong(message, conn); +} + static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells) { int i = 0; @@ -328,6 +391,16 @@ int nss_process_init(TALLOC_CTX *mem_ctx, } /* create mmap caches */ + /* Remove the CLEAR_MC_FLAG file if exists. */ + ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG); + if (ret != 0 && errno != ENOENT) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to unlink file [%s]. This can cause memory cache to " + "be purged when next log rotation is requested. %d: %s\n", + SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, ret, strerror(ret))); + } + ret = confdb_get_int(nctx->rctx->cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_MEMCACHE_TIMEOUT, @@ -339,14 +412,14 @@ int nss_process_init(TALLOC_CTX *mem_ctx, /* TODO: read cache sizes from configuration */ ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD, - 50000, (time_t)memcache_timeout, + SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, &nctx->pwd_mc_ctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("passwd mmap cache is DISABLED\n")); } ret = sss_mmap_cache_init(nctx, "group", SSS_MC_GROUP, - 50000, (time_t)memcache_timeout, + SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, &nctx->grp_mc_ctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("group mmap cache is DISABLED\n")); diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 07498a9b..f4025647 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -725,3 +725,49 @@ done: return ret; } +errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, size_t n_elem, + time_t timeout, struct sss_mc_ctx **mc_ctx) +{ + errno_t ret; + TALLOC_CTX* tmp_ctx = NULL; + char *name; + enum sss_mc_type type; + + if (mc_ctx == NULL || (*mc_ctx) == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Unable to re-init unitialized memory cache.\n")); + return EINVAL; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); + return ENOMEM; + } + + name = talloc_strdup(tmp_ctx, (*mc_ctx)->name); + if (name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); + ret = ENOMEM; + goto done; + } + + type = (*mc_ctx)->type; + ret = talloc_free(*mc_ctx); + if (ret != 0) { + /* This can happen only if destructor is associated with this + * context */ + DEBUG(SSSDBG_MINOR_FAILURE, ("Destructor asociated with memory" + " context failed.\n")); + } + + ret = sss_mmap_cache_init(mem_ctx, name, type, n_elem, timeout, mc_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to re-initialize mmap cache.\n")); + goto done; + } + +done: + talloc_free(tmp_ctx); + return ret; +} diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h index 81241b24..2a0712c8 100644 --- a/src/responder/nss/nsssrv_mmap_cache.h +++ b/src/responder/nss/nsssrv_mmap_cache.h @@ -22,6 +22,8 @@ #ifndef _NSSSRV_MMAP_CACHE_H_ #define _NSSSRV_MMAP_CACHE_H_ +#define SSS_MC_CACHE_ELEMENTS 50000 + struct sss_mc_ctx; enum sss_mc_type { @@ -48,4 +50,7 @@ errno_t sss_mmap_cache_gr_store(struct sss_mc_ctx *mcc, gid_t gid, size_t memnum, char *membuf, size_t memsize); +errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, size_t n_elem, + time_t timeout, struct sss_mc_ctx **mc_ctx); + #endif /* _NSSSRV_MMAP_CACHE_H_ */ diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 950ff1c1..73d99651 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -100,6 +100,7 @@ int main(int argc, const char *argv[]) struct sysdb_ctx *sysdb; int i; bool skipped; + FILE *clear_mc_flag; ret = init_context(argc, argv, &tctx); if (ret != EOK) { @@ -141,6 +142,31 @@ int main(int argc, const char *argv[]) ERROR("No cache object matched the specified search\n"); ret = ENOENT; goto done; + } else { + /*Local cache changed -> signal monitor to invalidate fastcache */ + clear_mc_flag = fopen(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, "w"); + if (clear_mc_flag == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to create clear_mc_flag file. " + "Memory cache will not be cleared.\n")); + goto done; + } + ret = fclose(clear_mc_flag); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + ("Unable to close file descriptor: %s\n", + strerror(ret))); + goto done; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("Sending SIGHUP to monitor.\n")); + ret = signal_sssd(SIGHUP); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to send SIGHUP to monitor.\n")); + goto done; + } } } diff --git a/src/util/util.h b/src/util/util.h index 685702fc..df739ab6 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -54,6 +54,8 @@ typedef int errno_t; #define ENUM_INDICATOR "*" +#define CLEAR_MC_FLAG "clear_mc_flag" + extern const char *debug_prg_name; extern int debug_level; extern int debug_timestamps; |