diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2010-03-12 16:52:26 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-03-15 07:41:22 -0400 |
| commit | e8634ae63d8ee1f313ad93352c9266ebfce77aae (patch) | |
| tree | f13ce827e549ebd3985bc51f3dc9848fb98e4f64 | |
| parent | 1a4425f519abdc355ba4de480d667c2d3eb1d1c1 (diff) | |
| download | sssd-e8634ae63d8ee1f313ad93352c9266ebfce77aae.tar.gz sssd-e8634ae63d8ee1f313ad93352c9266ebfce77aae.tar.xz sssd-e8634ae63d8ee1f313ad93352c9266ebfce77aae.zip | |
Flush NSCD cache after modifying local database
Fixes: #221
| -rw-r--r-- | src/Makefile.am | 3 | ||||
| -rw-r--r-- | src/conf_macros.m4 | 14 | ||||
| -rw-r--r-- | src/configure.ac | 2 | ||||
| -rw-r--r-- | src/external/nscd.m4 | 9 | ||||
| -rw-r--r-- | src/monitor/monitor.c | 9 | ||||
| -rw-r--r-- | src/monitor/monitor.h | 5 | ||||
| -rw-r--r-- | src/tools/nscd.c | 89 | ||||
| -rw-r--r-- | src/tools/sss_sync_ops.c | 15 | ||||
| -rw-r--r-- | src/tools/tools_util.h | 8 |
9 files changed, 153 insertions, 1 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 4bedaa9ef..6d46cdab5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -246,7 +246,8 @@ SSSD_RESPONDER_OBJ = \ SSSD_TOOLS_OBJ = \ tools/sss_sync_ops.c \ tools/tools_util.c \ - tools/files.c + tools/files.c \ + tools/nscd.c SSSD_RESOLV_OBJ = \ resolv/async_resolv.c diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 index 6323db27d..315a06433 100644 --- a/src/conf_macros.m4 +++ b/src/conf_macros.m4 @@ -217,3 +217,17 @@ AC_DEFUN([WITH_TEST_DIR], AC_DEFINE_UNQUOTED(TEST_DIR, "$with_test_dir", [Directory used for 'make check' temporary files]) ]) +AC_DEFUN([WITH_NSCD], + [ AC_ARG_WITH([nscd], + [AC_HELP_STRING([--with-nscd], + [Whether to attempt to flush nscd cache after local domain operations [yes]] + ) + ], + [], + with_nscd=yes + ) + if test x"$with_nscd" == xyes; then + AC_DEFINE_UNQUOTED(HAVE_NSCD, 1, [flush nscd cache after local domain operations]) + fi + ]) + diff --git a/src/configure.ac b/src/configure.ac index da718eefa..b79bef3e6 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -71,6 +71,7 @@ WITH_XML_CATALOG WITH_KRB5_PLUGIN_PATH WITH_PYTHON_BINDINGS WITH_SELINUX +WITH_NSCD m4_include([external/platform.m4]) m4_include([external/pkg.m4]) @@ -92,6 +93,7 @@ m4_include([external/sizes.m4]) m4_include([external/python.m4]) m4_include([external/selinux.m4]) m4_include([external/crypto.m4]) +m4_include([external/nscd.m4]) m4_include([util/signal.m4]) PKG_CHECK_MODULES([DBUS],[dbus-1]) diff --git a/src/external/nscd.m4 b/src/external/nscd.m4 new file mode 100644 index 000000000..f9f54c582 --- /dev/null +++ b/src/external/nscd.m4 @@ -0,0 +1,9 @@ +AC_PATH_PROG(NSCD, nscd) +AC_MSG_CHECKING(for nscd) +if test -x "$NSCD"; then + AC_DEFINE_UNQUOTED([NSCD_PATH], "$NSCD", [The path to nscd, if available]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no. Manipulating nscd cache will not be available.) +fi + diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 56a74fba6..5dff8922d 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -2257,6 +2257,15 @@ int main(int argc, const char *argv[]) } } + /* Warn if nscd seems to be running */ + ret = check_file(NSCD_SOCKET_PATH, -1, -1, -1, CHECK_SOCK, NULL); + if (ret == EOK) { + DEBUG(0, ("WARNING: nscd appears to be running\n")); + ERROR("nscd socket was detected. As nscd caching capabilities " + "may conflict with SSSD, it is recommended to not run " + "nscd in parallel with SSSD\n"); + } + /* Parse config file, fail if cannot be done */ ret = load_configuration(tmp_ctx, config_file, &monitor); if (ret != EOK) { diff --git a/src/monitor/monitor.h b/src/monitor/monitor.h index 78e10ef1f..54ce39431 100644 --- a/src/monitor/monitor.h +++ b/src/monitor/monitor.h @@ -25,6 +25,11 @@ #define RESOLV_CONF_PATH "/etc/resolv.conf" #define CONFIG_FILE_POLL_INTERVAL 5 /* seconds */ +/* for detecting if NSCD is running */ +#ifndef NSCD_SOCKET_PATH +#define NSCD_SOCKET_PATH "/var/run/nscd/socket" +#endif + typedef int (*monitor_reconf_fn) (struct config_file_ctx *file_ctx, const char *filename); diff --git a/src/tools/nscd.c b/src/tools/nscd.c new file mode 100644 index 000000000..992f8dadd --- /dev/null +++ b/src/tools/nscd.c @@ -0,0 +1,89 @@ +/* + SSSD + + nscd.c + + Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <talloc.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/wait.h> + +#include "config.h" +#include "util/util.h" +#include "tools/tools_util.h" + +#ifndef NSCD_RELOAD_ARG +#define NSCD_RELOAD_ARG "-i" +#endif + +#if defined(NSCD_PATH) && defined(HAVE_NSCD) +int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db) +{ + char *cmd = NULL; + const char *service; + int ret; + + switch(flush_db) { + case NSCD_DB_PASSWD: + service = "passwd"; + break; + + case NSCD_DB_GROUP: + service = "group"; + break; + + default: + DEBUG(1, ("Unknown nscd database\n")); + ret = EINVAL; + goto done; + } + + cmd = talloc_asprintf(mem_ctx, "%s %s %s", NSCD_PATH, + NSCD_RELOAD_ARG, + service); + if (!cmd) { + ret = ENOMEM; + goto done; + } + + ret = system(cmd); + if (ret) { + if (ret == -1) { + DEBUG(1, ("system(3) failed\n")); + ret = EFAULT; + goto done; + } + /* The flush fails if nscd is not running, so do not care + * about the return code */ + DEBUG(8, ("Error flushing cache, perhaps nscd is not running\n")); + } + + + ret = EOK; +done: + talloc_free(cmd); + return ret; +} + +#else /* defined(NSCD_PATH) && defined(HAVE_NSCD) */ +int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db) +{ + return EOK; +} +#endif diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c index 25b8ac7a5..498be2849 100644 --- a/src/tools/sss_sync_ops.c +++ b/src/tools/sss_sync_ops.c @@ -1301,6 +1301,9 @@ int useradd(TALLOC_CTX *mem_ctx, SYNC_LOOP(res, ret); + flush_nscd_cache(mem_ctx, NSCD_DB_PASSWD); + flush_nscd_cache(mem_ctx, NSCD_DB_GROUP); + talloc_free(res); return ret; } @@ -1349,6 +1352,9 @@ int userdel(TALLOC_CTX *mem_ctx, SYNC_LOOP(res, ret); + flush_nscd_cache(mem_ctx, NSCD_DB_PASSWD); + flush_nscd_cache(mem_ctx, NSCD_DB_GROUP); + talloc_free(res); return ret; } @@ -1397,6 +1403,9 @@ int usermod(TALLOC_CTX *mem_ctx, SYNC_LOOP(res, ret); + flush_nscd_cache(mem_ctx, NSCD_DB_PASSWD); + flush_nscd_cache(mem_ctx, NSCD_DB_GROUP); + talloc_free(res); return ret; } @@ -1445,6 +1454,8 @@ int groupadd(TALLOC_CTX *mem_ctx, SYNC_LOOP(res, ret); + flush_nscd_cache(mem_ctx, NSCD_DB_GROUP); + talloc_free(res); return ret; } @@ -1493,6 +1504,8 @@ int groupdel(TALLOC_CTX *mem_ctx, SYNC_LOOP(res, ret); + flush_nscd_cache(mem_ctx, NSCD_DB_GROUP); + talloc_free(res); return ret; } @@ -1541,6 +1554,8 @@ int groupmod(TALLOC_CTX *mem_ctx, SYNC_LOOP(res, ret); + flush_nscd_cache(mem_ctx, NSCD_DB_GROUP); + talloc_free(res); return ret; } diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h index a643e739f..a2b5c783b 100644 --- a/src/tools/tools_util.h +++ b/src/tools/tools_util.h @@ -105,4 +105,12 @@ int copy_tree(const char *src_root, int selinux_file_context(const char *dst_name); int reset_selinux_file_context(void); +/* from nscd.c */ +enum nscd_db { + NSCD_DB_PASSWD, + NSCD_DB_GROUP +}; + +int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db); + #endif /* __TOOLS_UTIL_H__ */ |