diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-21 13:23:30 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-21 16:09:41 +0100 |
commit | 7a92ae1598735ff69e36c72a7be60292ccad41d3 (patch) | |
tree | a30e457879c93bd459ff415ed044428b81e0a5b9 /src/tools/tools_mc_util.c | |
parent | 2234d49c8a307ee4f11cc544c862a359f76b44ad (diff) | |
download | sssd-7a92ae1598735ff69e36c72a7be60292ccad41d3.tar.gz sssd-7a92ae1598735ff69e36c72a7be60292ccad41d3.tar.xz sssd-7a92ae1598735ff69e36c72a7be60292ccad41d3.zip |
TOOLS: invalidate parent groups in memory cache, too
https://fedorahosted.org/sssd/ticket/1775
In addition to invalidating the group being added to when adding a
member group/user, we also need to invalidate all its parent groups,
otherwise this getgrnam("parent") wouldn't report the members newly
added to its child groups.
Diffstat (limited to 'src/tools/tools_mc_util.c')
-rw-r--r-- | src/tools/tools_mc_util.c | 68 |
1 files changed, 65 insertions, 3 deletions
diff --git a/src/tools/tools_mc_util.c b/src/tools/tools_mc_util.c index 45b145d21..d623c48c3 100644 --- a/src/tools/tools_mc_util.c +++ b/src/tools/tools_mc_util.c @@ -22,6 +22,7 @@ #include <talloc.h> #include <fcntl.h> +#include "db/sysdb.h" #include "util/util.h" #include "tools/tools_util.h" #include "util/mmap_cache.h" @@ -241,7 +242,67 @@ errno_t sss_mc_refresh_group(const char *groupname) return sss_mc_refresh_ent(groupname, SSS_TOOLS_GROUP); } -errno_t sss_mc_refresh_grouplist(char **groupnames) +errno_t sss_mc_refresh_nested_group(struct tools_ctx *tctx, + const char *name) +{ + errno_t ret; + struct ldb_message *msg; + struct ldb_message_element *el; + const char *attrs[] = { SYSDB_MEMBEROF, + SYSDB_NAME, + NULL }; + size_t i; + char *parent_name; + + ret = sss_mc_refresh_group(name); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Cannot refresh group %s from memory cache\n", name)); + /* try to carry on */ + } + + ret = sysdb_search_group_by_name(tctx, tctx->sysdb, tctx->local, + name, attrs, &msg); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, + ("Search failed: %s (%d)\n", strerror(ret), ret)); + return ret; + } + + el = ldb_msg_find_element(msg, SYSDB_MEMBEROF); + if (!el || el->num_values == 0) { + DEBUG(SSSDBG_TRACE_INTERNAL, ("Group %s has no parents\n", name)); + talloc_free(msg); + return EOK; + } + + /* This group is nested. We need to invalidate all its parents, too */ + for (i=0; i < el->num_values; i++) { + ret = sysdb_group_dn_name(tctx->sysdb, tctx, + (const char *) el->values[i].data, + &parent_name); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Malformed DN [%s]? Skipping\n", + (const char *) el->values[i].data)); + talloc_free(parent_name); + continue; + } + + ret = sss_mc_refresh_group(parent_name); + talloc_free(parent_name); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Cannot refresh group %s from memory cache\n", name)); + /* try to carry on */ + } + } + + talloc_free(msg); + return EOK; +} + +errno_t sss_mc_refresh_grouplist(struct tools_ctx *tctx, + char **groupnames) { int i; errno_t ret; @@ -250,10 +311,11 @@ errno_t sss_mc_refresh_grouplist(char **groupnames) if (!groupnames) return EOK; for (i = 0; groupnames[i]; i++) { - ret = sss_mc_refresh_group(groupnames[i]); + ret = sss_mc_refresh_nested_group(tctx, groupnames[i]); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, - ("Cannot refresh group %s from memory cache\n")); + ("Cannot refresh group %s from memory cache\n", + groupnames[i])); failed = true; continue; } |