sss_cache: User/groups invalidation in domain cache

When a group/users are invalidated from sss_cache, the group/user information in domain and timestamps cache are inconsistent with regard to dataExpireTimestamp attribute. This patch fixes the problem by explicitly invalidating the domain cache's entry when the timestamp cache entry is invalidated by sss_cache call. There is one new function: * sysdb_invalidate_cache_entry() provided for this purpose and used only in sss_cache utility. Resolves: https://fedorahosted.org/sssd/ticket/3164 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
author: Petr Čech <pcech@redhat.com> 2017-02-14 12:07:19 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2017-03-08 12:36:56 +0100
commit: 57a924e71230ea360b19a88e0d5818cf01017161 (patch)
tree: a046c67a239f969f1183a876c182d35eccbf2f52 /src/tools
parent: 4358d76475f0292461a2a479d2149472db103c1d (diff)
download: sssd-57a924e71230ea360b19a88e0d5818cf01017161.tar.gz
sssd-57a924e71230ea360b19a88e0d5818cf01017161.tar.xz
sssd-57a924e71230ea360b19a88e0d5818cf01017161.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index f1d08937f..59e49a8aa 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -134,6 +134,10 @@ static bool invalidate_entries(TALLOC_CTX *ctx,
                                const char *filter, const char *name);
 static errno_t update_all_filters(struct cache_tool_ctx *tctx,
                                   struct sss_domain_info *dinfo);
+static int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain,
+                                             const char *name);
+static int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain,
+                                              const char *name);
 
 int main(int argc, const char *argv[])
 {
@@ -533,10 +537,18 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx,
 
                     ret = sysdb_set_user_attr(domain, name, sys_attrs,
                                               SYSDB_MOD_REP);
+                    if (ret != EOK) break;
+
+                    /* WARNING: Direct writing to persistent cache!! */
+                    ret = sysdb_invalidate_user_cache_entry(domain, name);
                     break;
                 case TYPE_GROUP:
                     ret = sysdb_set_group_attr(domain, name, sys_attrs,
                                                SYSDB_MOD_REP);
+                    if (ret != EOK) break;
+
+                    /* WARNING: Direct writing to persistent cache!! */
+                    ret = sysdb_invalidate_group_cache_entry(domain, name);
                     break;
                 case TYPE_NETGROUP:
                     ret = sysdb_set_netgroup_attr(domain, name, sys_attrs,
@@ -934,3 +946,17 @@ search_autofsmaps(TALLOC_CTX *mem_ctx,
     return ENOSYS;
 #endif  /* BUILD_AUTOFS */
 }
+
+/* WARNING: Direct writing to persistent cache!! */
+static int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain,
+                                             const char *name)
+{
+    return sysdb_invalidate_cache_entry(domain, name, true);
+}
+
+/* WARNING: Direct writing to persistent cache!! */
+static int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain,
+                                              const char *name)
+{
+    return sysdb_invalidate_cache_entry(domain, name, false);
+}
author	Petr Čech <pcech@redhat.com>	2017-02-14 12:07:19 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2017-03-08 12:36:56 +0100
commit	57a924e71230ea360b19a88e0d5818cf01017161 (patch)
tree	a046c67a239f969f1183a876c182d35eccbf2f52 /src/tools
parent	4358d76475f0292461a2a479d2149472db103c1d (diff)
download	sssd-57a924e71230ea360b19a88e0d5818cf01017161.tar.gz sssd-57a924e71230ea360b19a88e0d5818cf01017161.tar.xz sssd-57a924e71230ea360b19a88e0d5818cf01017161.zip