diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-15 07:54:03 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-16 17:09:13 +0100 |
| commit | 63ffa1e7725126e0bddebc89d6e41806e989855c (patch) | |
| tree | 2df995757bd7d9775feb27cfabaa59b02be1d8f6 | |
| parent | 6ef827a32006cc1a92b5c987d1918aa89b04c379 (diff) | |
| download | sssd-63ffa1e7725126e0bddebc89d6e41806e989855c.tar.gz sssd-63ffa1e7725126e0bddebc89d6e41806e989855c.tar.xz sssd-63ffa1e7725126e0bddebc89d6e41806e989855c.zip | |
Invalidate user entry even if there are no groups
Related to https://fedorahosted.org/sssd/ticket/1757
Previously we would optimize the mc invalidate code for cases where the
user was a member of some groups. But if the user was removed from the
server while being in memory cache, we would only invalidate the mc
record if he was a member of at least one supplementary group.
| -rw-r--r-- | src/providers/data_provider_be.c | 12 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 7 |
2 files changed, 8 insertions, 11 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index ce16aeb69..b261bf8d4 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -669,9 +669,9 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) if (ret && ret != ENOENT) { return ret; } - /* if the user is completely missing or has no group memberships - * at all there is no need to contact NSS, it would be a noop */ - if (ret == ENOENT || res->count == 0 || res->count == 1) { + /* if the user is completely missing there is no need to contact NSS, + * it would be a noop */ + if (ret == ENOENT || res->count == 0) { /* yet unknown, ignore */ return EOK; } @@ -680,7 +680,7 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) if (!pr) { return ENOMEM; } - pr->groups = talloc_array(pr, gid_t, res->count - 1); + pr->groups = talloc_array(pr, gid_t, res->count); if (!pr->groups) { return ENOMEM; } @@ -696,7 +696,9 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) if (!pr->domain) { return ENOMEM; } - for (pr->gnum = 0, i = 1; i < res->count; i++) { + /* The first GID is the primary so it might be duplicated + * later in the list */ + for (pr->gnum = 0, i = 0; i < res->count; i++) { pr->groups[pr->gnum] = ldb_msg_find_attr_as_uint(res->msgs[i], SYSDB_GIDNUM, 0); /* if 0 it may be a non-posix group, so we skip it */ diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 0a51fbe89..5b7420832 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -3416,11 +3416,6 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx, int ret; int i, j; - if (gnum == 0) { - /* there are no groups to invalidate in any case, just return */ - return; - } - for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) { if (strcasecmp(dom->name, domain) == 0) { break; @@ -3461,7 +3456,7 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx, changed = true; } else { /* we skip the first entry, it's the user itself */ - for (i = 1; i < res->count; i++) { + for (i = 0; i < res->count; i++) { id = ldb_msg_find_attr_as_uint(res->msgs[i], SYSDB_GIDNUM, 0); if (id == 0) { /* probably non-posix group, skip */ |