From 11d0cb5bec7e023ed1903487af42d417d64dd2e9 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 15 Jan 2013 07:05:56 +0100
Subject: NSS: invalidate memcache user entry on initgr, too

https://fedorahosted.org/sssd/ticket/1757

When the user entry was missing completely after initgroups, we would
never invalidate the user entry from cache. This led to dangling cache
entried in memory cache if the user was removed from the server while
still being in memory cache.
---
 src/responder/nss/nsssrv_cmd.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/responder/nss')

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 29a1028a6..a1646d805 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -3411,6 +3411,7 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx,
     TALLOC_CTX *tmp_ctx = NULL;
     struct sss_domain_info *dom;
     struct ldb_result *res;
+    struct sized_string delete_name;
     bool changed = false;
     uint32_t id;
     uint32_t gids[gnum];
@@ -3449,6 +3450,16 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx,
     memcpy(gids, groups, gnum * sizeof(uint32_t));
 
     if (ret == ENOENT || res->count == 0) {
+        /* The user is gone. Invalidate the mc record */
+        to_sized_string(&delete_name, name);
+        ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, &delete_name);
+        if (ret != EOK && ret != ENOENT) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  ("Internal failure in memory cache code: %d [%s]\n",
+                  ret, strerror(ret)));
+        }
+
+        /* Also invalidate his groups */
         changed = true;
     } else {
         /* we skip the first entry, it's the user itself */
-- 
cgit