NSS: Clear cached netgroups if a request comes in from the sss_cache

In order for sss_cache to work correctly, we must also signal the nss
responder to invalidate the hash table requests.

https://fedorahosted.org/sssd/ticket/1759

1 files changed, 21 insertions, 0 deletions

diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 7bc49e3ef..253756d1b 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -56,12 +56,15 @@
 
 static int nss_clear_memcache(DBusMessage *message,
                               struct sbus_connection *conn);
+static int nss_clear_netgroup_hash_table(DBusMessage *message,
+                                         struct sbus_connection *conn);
 
 struct sbus_method monitor_nss_methods[] = {
     { MON_CLI_METHOD_PING, monitor_common_pong },
     { MON_CLI_METHOD_RES_INIT, monitor_common_res_init },
     { MON_CLI_METHOD_ROTATE, responder_logrotate },
     { MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache},
+    { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table},
     { NULL, NULL }
 };
 
@@ -132,6 +135,24 @@ done:
     return monitor_common_pong(message, conn);
 }
 
+static int nss_clear_netgroup_hash_table(DBusMessage *message,
+                                         struct sbus_connection *conn)
+{
+    errno_t ret;
+    struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn),
+                                            struct resp_ctx);
+    struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
+
+    ret = nss_orphan_netgroups(nctx);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              ("Could not invalidate netgroups\n"));
+        return ret;
+    }
+
+    return monitor_common_pong(message, conn);
+}
+
 static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
 {
     int i = 0;