diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-15 07:05:56 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-16 16:57:16 +0100 |
commit | 0c517cb7fe642795f8c23f0df2cef6ba81e079e8 (patch) | |
tree | 9adc76e842841e21852577280fe359e218a404d3 | |
parent | 58e37bf06ce31227e18e7ff0f74675b56933843e (diff) | |
download | sssd-0c517cb7fe642795f8c23f0df2cef6ba81e079e8.tar.gz sssd-0c517cb7fe642795f8c23f0df2cef6ba81e079e8.tar.xz sssd-0c517cb7fe642795f8c23f0df2cef6ba81e079e8.zip |
NSS: invalidate memcache user entry on initgr, too
https://fedorahosted.org/sssd/ticket/1757
When the user entry was missing completely after initgroups, we would
never invalidate the user entry from cache. This led to dangling cache
entried in memory cache if the user was removed from the server while
still being in memory cache.
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 63d82e22c..b1db367ee 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -3410,6 +3410,7 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx, TALLOC_CTX *tmp_ctx = NULL; struct sss_domain_info *dom; struct ldb_result *res; + struct sized_string delete_name; bool changed = false; uint32_t id; uint32_t gids[gnum]; @@ -3448,6 +3449,16 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx, memcpy(gids, groups, gnum * sizeof(uint32_t)); if (ret == ENOENT || res->count == 0) { + /* The user is gone. Invalidate the mc record */ + to_sized_string(&delete_name, name); + ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, &delete_name); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Internal failure in memory cache code: %d [%s]\n", + ret, strerror(ret))); + } + + /* Also invalidate his groups */ changed = true; } else { /* we skip the first entry, it's the user itself */ |