summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2013-07-29 15:24:34 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-08 11:13:41 +0200
commit3f6771275918477e2686063a1c08835d5aaae245 (patch)
treeafa690ccba59c91f60b0520d22f2ddd6efecb1f9
parent6eb816852316f878e5c7aaac9b4ec7578621852a (diff)
downloadsssd-3f6771275918477e2686063a1c08835d5aaae245.tar.gz
sssd-3f6771275918477e2686063a1c08835d5aaae245.tar.xz
sssd-3f6771275918477e2686063a1c08835d5aaae245.zip
NSS: Clear cached netgroups if a request comes in from the sss_cachesssd-1.9.2-97.el6
In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759
-rw-r--r--src/monitor/monitor.c1
-rw-r--r--src/responder/nss/nsssrv.c21
-rw-r--r--src/responder/nss/nsssrv_netgroup.c30
-rw-r--r--src/responder/nss/nsssrv_netgroup.h3
4 files changed, 55 insertions, 0 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 86125241d..bf729e653 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -1349,6 +1349,7 @@ static void monitor_hup(struct tevent_context *ev,
service_signal_rotate(cur_svc);
if (!strcmp(NSS_SBUS_SERVICE_NAME, cur_svc->name)) {
service_signal_clear_memcache(cur_svc);
+ service_signal_clear_enum_cache(cur_svc);
}
if (!strcmp(SSS_AUTOFS_SBUS_SERVICE_NAME, cur_svc->name)) {
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index c6ff4f178..eea01f727 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -56,12 +56,15 @@
static int nss_clear_memcache(DBusMessage *message,
struct sbus_connection *conn);
+static int nss_clear_netgroup_hash_table(DBusMessage *message,
+ struct sbus_connection *conn);
struct sbus_method monitor_nss_methods[] = {
{ MON_CLI_METHOD_PING, monitor_common_pong },
{ MON_CLI_METHOD_RES_INIT, monitor_common_res_init },
{ MON_CLI_METHOD_ROTATE, responder_logrotate },
{ MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache},
+ { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table},
{ NULL, NULL }
};
@@ -132,6 +135,24 @@ done:
return monitor_common_pong(message, conn);
}
+static int nss_clear_netgroup_hash_table(DBusMessage *message,
+ struct sbus_connection *conn)
+{
+ errno_t ret;
+ struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn),
+ struct resp_ctx);
+ struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
+
+ ret = nss_orphan_netgroups(nctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Could not invalidate netgroups\n"));
+ return ret;
+ }
+
+ return monitor_common_pong(message, conn);
+}
+
static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
{
int i = 0;
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index d415d81c1..3f1fa8795 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -1021,3 +1021,33 @@ netgroup_hash_delete_cb(hash_entry_t *item,
* table */
netgr->lookup_table = NULL;
}
+
+errno_t nss_orphan_netgroups(struct nss_ctx *nctx)
+{
+ int hret;
+ unsigned long mcount;
+ unsigned long i;
+ hash_key_t *netgroups;
+
+ if (!nctx || !nctx->netgroups) {
+ return EINVAL;
+ }
+
+ hret = hash_keys(nctx->netgroups, &mcount, &netgroups);
+ if (hret != HASH_SUCCESS) {
+ return EIO;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC, ("Removing netgroups from memory cache.\n"));
+
+ for (i = 0; i < mcount; i++) {
+ /* netgroup entry will be deleted by setnetgrent_result_timeout */
+ hret = hash_delete(nctx->netgroups, &netgroups[i]);
+ if (hret != HASH_SUCCESS) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n"));
+ continue;
+ }
+ }
+
+ return EOK;
+}
diff --git a/src/responder/nss/nsssrv_netgroup.h b/src/responder/nss/nsssrv_netgroup.h
index a909abed3..ddeb35df6 100644
--- a/src/responder/nss/nsssrv_netgroup.h
+++ b/src/responder/nss/nsssrv_netgroup.h
@@ -33,4 +33,7 @@ int nss_cmd_endnetgrent(struct cli_ctx *cctx);
void netgroup_hash_delete_cb(hash_entry_t *item,
hash_destroy_enum deltype, void *pvt);
+
+errno_t nss_orphan_netgroups(struct nss_ctx *nctx);
+
#endif /* NSSRV_NETGROUP_H_ */