diff options
author | Petr Čech <pcech@redhat.com> | 2017-02-14 12:07:19 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-08 12:36:56 +0100 |
commit | 57a924e71230ea360b19a88e0d5818cf01017161 (patch) | |
tree | a046c67a239f969f1183a876c182d35eccbf2f52 /src/tools | |
parent | 4358d76475f0292461a2a479d2149472db103c1d (diff) | |
download | sssd-57a924e71230ea360b19a88e0d5818cf01017161.tar.gz sssd-57a924e71230ea360b19a88e0d5818cf01017161.tar.xz sssd-57a924e71230ea360b19a88e0d5818cf01017161.zip |
sss_cache: User/groups invalidation in domain cache
When a group/users are invalidated from sss_cache, the group/user
information in domain and timestamps cache are inconsistent with
regard to dataExpireTimestamp attribute.
This patch fixes the problem by explicitly invalidating the domain
cache's entry when the timestamp cache entry is invalidated
by sss_cache call. There is one new function:
* sysdb_invalidate_cache_entry()
provided for this purpose and used only in sss_cache utility.
Resolves:
https://fedorahosted.org/sssd/ticket/3164
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Diffstat (limited to 'src/tools')
-rw-r--r-- | src/tools/sss_cache.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index f1d08937f..59e49a8aa 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -134,6 +134,10 @@ static bool invalidate_entries(TALLOC_CTX *ctx, const char *filter, const char *name); static errno_t update_all_filters(struct cache_tool_ctx *tctx, struct sss_domain_info *dinfo); +static int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain, + const char *name); +static int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain, + const char *name); int main(int argc, const char *argv[]) { @@ -533,10 +537,18 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx, ret = sysdb_set_user_attr(domain, name, sys_attrs, SYSDB_MOD_REP); + if (ret != EOK) break; + + /* WARNING: Direct writing to persistent cache!! */ + ret = sysdb_invalidate_user_cache_entry(domain, name); break; case TYPE_GROUP: ret = sysdb_set_group_attr(domain, name, sys_attrs, SYSDB_MOD_REP); + if (ret != EOK) break; + + /* WARNING: Direct writing to persistent cache!! */ + ret = sysdb_invalidate_group_cache_entry(domain, name); break; case TYPE_NETGROUP: ret = sysdb_set_netgroup_attr(domain, name, sys_attrs, @@ -934,3 +946,17 @@ search_autofsmaps(TALLOC_CTX *mem_ctx, return ENOSYS; #endif /* BUILD_AUTOFS */ } + +/* WARNING: Direct writing to persistent cache!! */ +static int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain, + const char *name) +{ + return sysdb_invalidate_cache_entry(domain, name, true); +} + +/* WARNING: Direct writing to persistent cache!! */ +static int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain, + const char *name) +{ + return sysdb_invalidate_cache_entry(domain, name, false); +} |