URL: https://github.com/SSSD/sssd/pull/153 Author: celestian Title: #153: SYSDB: Changing dataExpireTimestamp in domain cache Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/153/head:pr153 git checkout pr153
From e7fbe957500d3e4d528f09c1dae089808108c2ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com> Date: Tue, 14 Feb 2017 12:07:19 +0100 Subject: [PATCH] sss_cache: User/groups invalidation in domain cache When a group/users are invalidated from sss_cache, the group/user information in domain and timestamps cache are inconsistent with regard to dataExpireTimestamp attribute. This patch fixes it. So if you use sss_cache for invalidating user/groups the information in domain and timestamp cache is the same. Resolves: https://fedorahosted.org/sssd/ticket/314 --- src/db/sysdb.h | 7 +++++ src/db/sysdb_ops.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/tools/sss_cache.c | 6 ++++ 3 files changed, 95 insertions(+) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 809ca35..dcff84f 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -868,6 +868,13 @@ int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx, const char **attrs, struct ldb_message **msg); +/* Invalidate user entry in domain cache */ +int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain, + const char *name); + +/* Invalidate group entry in domain cache */ +int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain, + const char *name); /* Replace entry attrs */ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, struct ldb_dn *entry_dn, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 7f6c127..741b270 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -5006,3 +5006,85 @@ errno_t sysdb_mark_entry_as_expired_ldb_val(struct sss_domain_info *dom, talloc_free(tmp_ctx); return ret; } + +enum sysdb_entry_type { + TYPE_USER=0, + TYPE_GROUP +}; + +static int sysdb_invalidate_cache_entry(struct sss_domain_info *domain, + const char *name, + int entry_type) +{ + TALLOC_CTX *tmp_ctx; + struct sysdb_ctx *sysdb = domain->sysdb; + struct ldb_dn *entry_dn = NULL; + struct sysdb_attrs *attrs = NULL; + bool sysdb_write = true; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + switch (entry_type) { + case TYPE_USER: + entry_dn = sysdb_user_dn(tmp_ctx, domain, name); + break; + case TYPE_GROUP: + entry_dn = sysdb_group_dn(tmp_ctx, domain, name); + break; + default: + DEBUG(SSSDBG_MINOR_FAILURE, "Wrong sysdb_entry_type.\n"); + } + if (entry_dn == NULL) { + ret = ENOMEM; + goto done; + } + + attrs = sysdb_new_attrs(tmp_ctx); + if (attrs == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not create sysdb attributes\n"); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, 1); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not add expiration time to attributes\n"); + ret = ENOMEM; + goto done; + } + + sysdb_write = sysdb_entry_attrs_diff(sysdb, entry_dn, attrs, SYSDB_MOD_REP); + if (sysdb_write == true) { + ret = sysdb_set_cache_entry_attr(sysdb->ldb, entry_dn, + attrs, SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set attrs for %s, %d [%s]\n", + ldb_dn_get_linearized(entry_dn), + ret, sss_strerror(ret)); + } else { + DEBUG(SSSDBG_FUNC_DATA, "Cache entry [%s] has been invalidated.\n", + ldb_dn_get_linearized(entry_dn)); + } + } + +done: + talloc_zfree(tmp_ctx); + return ret; +} + +int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain, + const char *name) +{ + return sysdb_invalidate_cache_entry(domain, name, TYPE_USER); +} + +int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain, + const char *name) +{ + return sysdb_invalidate_cache_entry(domain, name, TYPE_GROUP); +} diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index f1d0893..42f3b54 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -533,10 +533,16 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx, ret = sysdb_set_user_attr(domain, name, sys_attrs, SYSDB_MOD_REP); + if (ret != EOK) break; + + ret = sysdb_invalidate_user_cache_entry(domain, name); break; case TYPE_GROUP: ret = sysdb_set_group_attr(domain, name, sys_attrs, SYSDB_MOD_REP); + if (ret != EOK) break; + + ret = sysdb_invalidate_group_cache_entry(domain, name); break; case TYPE_NETGROUP: ret = sysdb_set_netgroup_attr(domain, name, sys_attrs,
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org