From 3f6771275918477e2686063a1c08835d5aaae245 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Mon, 29 Jul 2013 15:24:34 +0200 Subject: NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759 --- src/responder/nss/nsssrv.c | 21 +++++++++++++++++++++ src/responder/nss/nsssrv_netgroup.c | 30 ++++++++++++++++++++++++++++++ src/responder/nss/nsssrv_netgroup.h | 3 +++ 3 files changed, 54 insertions(+) (limited to 'src/responder') diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index c6ff4f178..eea01f727 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -56,12 +56,15 @@ static int nss_clear_memcache(DBusMessage *message, struct sbus_connection *conn); +static int nss_clear_netgroup_hash_table(DBusMessage *message, + struct sbus_connection *conn); struct sbus_method monitor_nss_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache}, + { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table}, { NULL, NULL } }; @@ -132,6 +135,24 @@ done: return monitor_common_pong(message, conn); } +static int nss_clear_netgroup_hash_table(DBusMessage *message, + struct sbus_connection *conn) +{ + errno_t ret; + struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), + struct resp_ctx); + struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; + + ret = nss_orphan_netgroups(nctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Could not invalidate netgroups\n")); + return ret; + } + + return monitor_common_pong(message, conn); +} + static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells) { int i = 0; diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index d415d81c1..3f1fa8795 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -1021,3 +1021,33 @@ netgroup_hash_delete_cb(hash_entry_t *item, * table */ netgr->lookup_table = NULL; } + +errno_t nss_orphan_netgroups(struct nss_ctx *nctx) +{ + int hret; + unsigned long mcount; + unsigned long i; + hash_key_t *netgroups; + + if (!nctx || !nctx->netgroups) { + return EINVAL; + } + + hret = hash_keys(nctx->netgroups, &mcount, &netgroups); + if (hret != HASH_SUCCESS) { + return EIO; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("Removing netgroups from memory cache.\n")); + + for (i = 0; i < mcount; i++) { + /* netgroup entry will be deleted by setnetgrent_result_timeout */ + hret = hash_delete(nctx->netgroups, &netgroups[i]); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n")); + continue; + } + } + + return EOK; +} diff --git a/src/responder/nss/nsssrv_netgroup.h b/src/responder/nss/nsssrv_netgroup.h index a909abed3..ddeb35df6 100644 --- a/src/responder/nss/nsssrv_netgroup.h +++ b/src/responder/nss/nsssrv_netgroup.h @@ -33,4 +33,7 @@ int nss_cmd_endnetgrent(struct cli_ctx *cctx); void netgroup_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt); + +errno_t nss_orphan_netgroups(struct nss_ctx *nctx); + #endif /* NSSRV_NETGROUP_H_ */ -- cgit