[SSSD] [sssd PR#153][synchronized] sss_cache: User/groups invalidation in domain cache

Wed, 15 Feb 2017 06:18:13 -0800 

   URL: https://github.com/SSSD/sssd/pull/153
Author: celestian
 Title: #153: sss_cache: User/groups invalidation in domain cache
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/153/head:pr153
git checkout pr153

From c57806eba2005014cce3d8c28d91c0143b867170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com>
Date: Tue, 14 Feb 2017 12:07:19 +0100
Subject: [PATCH] sss_cache: User/groups invalidation in domain cache

When a group/users are invalidated from sss_cache, the group/user
information in domain and timestamps cache are inconsistent with
regard to dataExpireTimestamp attribute.

This patch fixes it. So if you use sss_cache for invalidating
user/groups the information in domain and timestamp cache is the same.

Resolves:
https://fedorahosted.org/sssd/ticket/314
---
 src/db/sysdb.h        |  7 +++++
 src/db/sysdb_ops.c    | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/tools/sss_cache.c |  6 ++++
 3 files changed, 93 insertions(+)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 809ca35..dcff84f 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -868,6 +868,13 @@ int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
                                   const char **attrs,
                                   struct ldb_message **msg);
 
+/* Invalidate user entry in domain cache */
+int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain,
+                                      const char *name);
+
+/* Invalidate group entry in domain cache */
+int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain,
+                                       const char *name);
 /* Replace entry attrs */
 int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
                          struct ldb_dn *entry_dn,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7f6c127..aafaa2a 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -5006,3 +5006,83 @@ errno_t sysdb_mark_entry_as_expired_ldb_val(struct sss_domain_info *dom,
     talloc_free(tmp_ctx);
     return ret;
 }
+
+enum sysdb_entry_type {
+    TYPE_USER=0,
+    TYPE_GROUP
+};
+
+static int sysdb_invalidate_cache_entry(struct sss_domain_info *domain,
+                                        const char *name,
+                                        int entry_type)
+{
+    TALLOC_CTX *tmp_ctx;
+    struct sysdb_ctx *sysdb = domain->sysdb;
+    struct ldb_dn *entry_dn = NULL;
+    struct sysdb_attrs *attrs = NULL;
+    bool sysdb_write = true;
+    errno_t ret;
+
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) {
+        return ENOMEM;
+    }
+
+    switch (entry_type) {
+        case TYPE_USER:
+            entry_dn = sysdb_user_dn(tmp_ctx, domain, name);
+            break;
+        case TYPE_GROUP:
+            entry_dn = sysdb_group_dn(tmp_ctx, domain, name);
+            break;
+        default:
+            DEBUG(SSSDBG_MINOR_FAILURE, "Wrong sysdb_entry_type.\n");
+    }
+    if (entry_dn == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    attrs = sysdb_new_attrs(tmp_ctx);
+    if (attrs == NULL) {
+        DEBUG(SSSDBG_MINOR_FAILURE, "Could not create sysdb attributes\n");
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, 1);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Could not add expiration time to attributes\n");
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = sysdb_set_cache_entry_attr(sysdb->ldb, entry_dn,
+                                     attrs, SYSDB_MOD_REP);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set attrs for %s, %d [%s]\n",
+                                    ldb_dn_get_linearized(entry_dn),
+                                    ret, sss_strerror(ret));
+        goto done;
+    }
+
+    DEBUG(SSSDBG_FUNC_DATA, "Cache entry [%s] has been invalidated.\n",
+                            ldb_dn_get_linearized(entry_dn));
+
+done:
+    talloc_zfree(tmp_ctx);
+    return ret;
+}
+
+int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain,
+                                      const char *name)
+{
+    return sysdb_invalidate_cache_entry(domain, name, TYPE_USER);
+}
+
+int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain,
+                                       const char *name)
+{
+    return sysdb_invalidate_cache_entry(domain, name, TYPE_GROUP);
+}
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index f1d0893..42f3b54 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -533,10 +533,16 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx,
 
                     ret = sysdb_set_user_attr(domain, name, sys_attrs,
                                               SYSDB_MOD_REP);
+                    if (ret != EOK) break;
+
+                    ret = sysdb_invalidate_user_cache_entry(domain, name);
                     break;
                 case TYPE_GROUP:
                     ret = sysdb_set_group_attr(domain, name, sys_attrs,
                                                SYSDB_MOD_REP);
+                    if (ret != EOK) break;
+
+                    ret = sysdb_invalidate_group_cache_entry(domain, name);
                     break;
                 case TYPE_NETGROUP:
                     ret = sysdb_set_netgroup_attr(domain, name, sys_attrs,

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to