c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny Copyright (C) Jan Zeleny <jzeleny@redhat.com> 2011
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny This program is free software; you can redistribute it and/or modify
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny it under the terms of the GNU General Public License as published by
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny the Free Software Foundation; either version 3 of the License, or
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny (at your option) any later version.
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny This program is distributed in the hope that it will be useful,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny GNU General Public License for more details.
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny You should have received a copy of the GNU General Public License
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
9651a27ec14f3a378e861ca39852480f37f1ef08Michal Zidek#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#else /* BUILD_SSH */
9651a27ec14f3a378e861ca39852480f37f1ef08Michal Zidek#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#endif /* BUILD_SSH */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#else /* BUILD_AUTOFS */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#else /* BUILD_SSH */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#endif /* BUILD_SSH */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#endif /* BUILD_AUTOFS */
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnikstatic errno_t search_autofsmaps(TALLOC_CTX *mem_ctx,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek size_t *msgs_count, struct ldb_message ***msgs);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cechstatic void free_input_values(struct input_values *values);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cechstatic bool is_filter_valid(struct cache_tool_ctx *ctx,
643b48013c1f556530eb2a89a8baf4aa40357278Jakub Hrozekstatic errno_t init_domains(struct cache_tool_ctx *ctx,
643b48013c1f556530eb2a89a8baf4aa40357278Jakub Hrozek const char *domain);
643b48013c1f556530eb2a89a8baf4aa40357278Jakub Hrozekstatic errno_t init_context(int argc, const char *argv[],
e2640b7a0ccfe2b00311d20ae18006ccc82a834cLukas Slebodnikstatic errno_t invalidate_entry(TALLOC_CTX *ctx,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidekstatic errno_t update_all_filters(struct cache_tool_ctx *tctx,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čechstatic int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech const char *name);
57a924e71230ea360b19a88e0d5818cf01017161Petr Čechstatic int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech const char *name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Error initializing context for the application\n");
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek dinfo = get_next_domain(dinfo, SSS_GND_DESCEND)) {
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek /* Update list of subdomains for this domain */
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek ret = sysdb_update_subdomains(dinfo, tctx->confdb);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to update subdomains for domain %s.\n", dinfo->name);
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update filters for each domain */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to update filters.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Could not start the transaction!\n");
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_USER,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_GROUP,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_NETGROUP,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_SERVICE,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_AUTOFSMAP,
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B skipped &= !invalidate_entries(tctx, dinfo, TYPE_SSH_HOST,
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech skipped &= !invalidate_entries(tctx, dinfo, TYPE_SUDO_RULE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Could not commit the transaction!\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to cancel transaction\n");
69f6f2ed116d1c987851bfcc410cf2bdd1b0cc97Michal Zidek if (skipped == true) {
69f6f2ed116d1c987851bfcc410cf2bdd1b0cc97Michal Zidek ERROR("No cache object matched the specified search\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to clear memory cache.\n");
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cechstatic void free_input_values(struct input_values *values)
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidekstatic errno_t update_filter(struct cache_tool_ctx *tctx,
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek /* Nothing to do */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory.\n");
d2791a492d8f0a9df73fc7a683b3f712abf80f3fSumit Bose ret = sss_parse_name(tmp_ctx, dinfo->names, name,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sss_parse_name failed\n");
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose if (parsed_domain != NULL && strcasecmp(dinfo->name, parsed_domain) != 0) {
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose /* We were able to parse the domain from given fqdn, but it
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose * does not match with currently processed domain. */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek if (!dinfo->case_sensitive && !force_case_sensitivity) {
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek use_name = sss_tc_utf8_str_tolower(tmp_ctx, parsed_name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory\n");
281748ae307a1842d55712335acbe54821793de5Jakub Hrozek use_name = sss_create_internal_fqname(tmp_ctx, use_name, dinfo->name);
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose ret = sss_filter_sanitize_for_dom(tmp_ctx, use_name, dinfo,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to sanitize the given name.\n");
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose if (!dinfo->case_sensitive && !force_case_sensitivity) {
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)(%s=%s))",
c246e2315cb8df1e347bec3b728f91b0c1264f93Sumit Bose filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, sanitized);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory\n");
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek/* This function updates all filters for specified domain using this
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek * domains regex to parse string into domain and name (if exists). */
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidekstatic errno_t update_all_filters(struct cache_tool_ctx *tctx,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update user filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->user_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update group filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->group_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update netgroup filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->netgroup_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update service filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->service_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update autofs filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->autofs_name,
281748ae307a1842d55712335acbe54821793de5Jakub Hrozek "(&(objectclass="SYSDB_AUTOFS_MAP_OC")(%s=%s))",
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B /* Update ssh host filter */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B ret = update_filter(tctx, dinfo, tctx->ssh_host_name,
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech /* Update sudo rule filter */
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech ret = update_filter(tctx, dinfo, tctx->sudo_rule_name,
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek if (!filter) return false;
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik ret = search_autofsmaps(ctx, dinfo, filter, attrs, &msg_count, &msgs);
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#else /* BUILD_SSH */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#endif /* BUILD_SSH */
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech#else /* BUILD_SUDO */
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech#endif /* BUILD_SUDO */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "'%s' %s: Not found in domain '%s'\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov type_string, name ? name : "", dinfo->name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Searching for %s in domain %s with filter %s failed\n",
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek return false;
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek for (i = 0; i < msg_count; i++) {
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek c_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
b07a3b729892d2bc2ffa73d93de95e19003cc6c8Pavel Reichl "Something bad happened, can't find attribute %s\n",
b07a3b729892d2bc2ffa73d93de95e19003cc6c8Pavel Reichl ERROR("Couldn't invalidate %1$s\n", type_string);
e2640b7a0ccfe2b00311d20ae18006ccc82a834cLukas Slebodnik ret = invalidate_entry(ctx, dinfo, c_name, entry_type);
b07a3b729892d2bc2ffa73d93de95e19003cc6c8Pavel Reichl "Couldn't invalidate %s %s\n", type_string, c_name);
b07a3b729892d2bc2ffa73d93de95e19003cc6c8Pavel Reichl ERROR("Couldn't invalidate %1$s %2$s\n", type_string, c_name);
e2640b7a0ccfe2b00311d20ae18006ccc82a834cLukas Slebodnikstatic errno_t invalidate_entry(TALLOC_CTX *ctx,
30ee051025753b63ceb19d3b83c44019a19554a1Jakub Hrozek /* For users, we also need to reset the initgroups
30ee051025753b63ceb19d3b83c44019a19554a1Jakub Hrozek * cache expiry */
4c08db0fb0dda3d27b1184248ca5c800d7ce23f0Michal Zidek ret = sysdb_set_user_attr(domain, name, sys_attrs,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech /* WARNING: Direct writing to persistent cache!! */
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech ret = sysdb_invalidate_user_cache_entry(domain, name);
4c08db0fb0dda3d27b1184248ca5c800d7ce23f0Michal Zidek ret = sysdb_set_group_attr(domain, name, sys_attrs,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech /* WARNING: Direct writing to persistent cache!! */
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech ret = sysdb_invalidate_group_cache_entry(domain, name);
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek ret = sysdb_set_netgroup_attr(domain, name, sys_attrs,
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#else /* BUILD_SSH */
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#endif /* BUILD_SSH */
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech#else /* BUILD_SUDO */
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech#endif /* BUILD_SUDO */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Could not set entry attributes\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not add expiration time to attributes\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Could not create sysdb attributes\n");
643b48013c1f556530eb2a89a8baf4aa40357278Jakub Hrozekstatic errno_t init_domains(struct cache_tool_ctx *ctx,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny /* Connect to the conf db */
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ret = confdb_init(ctx, &ctx->confdb, confdb_path);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not initialize connection to the confdb\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not initialize connection to the sysdb\n");
72aa8e7b1d234b6b68446d42efa1cff22b70c81bSimo Sorce ret = confdb_get_domains(ctx->confdb, &ctx->domains);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Could not initialize domains\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not initialize connection to the sysdb\n");
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (dinfo = ctx->domains; dinfo; dinfo = get_next_domain(dinfo, 0)) {
d2791a492d8f0a9df73fc7a683b3f712abf80f3fSumit Bose ret = sss_names_init(ctx, ctx->confdb, dinfo->name, &dinfo->names);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sss_names_init() failed\n");
643b48013c1f556530eb2a89a8baf4aa40357278Jakub Hrozekstatic errno_t init_context(int argc, const char *argv[],
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &debug,
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "user", 'u', POPT_ARG_STRING, &(values.user), 0,
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "group", 'g', POPT_ARG_STRING, &(values.group), 0,
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "netgroup", 'n', POPT_ARG_STRING, &(values.netgroup), 0,
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "service", 's', POPT_ARG_STRING, &(values.service), 0,
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "autofs-map", 'a', POPT_ARG_STRING, &(values.map), 0,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek { "autofs-maps", 'A', POPT_ARG_NONE, NULL, 'a',
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek#endif /* BUILD_AUTOFS */
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "ssh-host", 'h', POPT_ARG_STRING, &(values.ssh_host), 0,
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B#endif /* BUILD_SSH */
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech { "sudo-rule", 'r', POPT_ARG_STRING, &(values.sudo_rule), 0,
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech#endif /* BUILD_SUDO */
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech { "domain", 'd', POPT_ARG_STRING, &(values.domain), 0,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny _("Only invalidate entries from a particular domain"), NULL },
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "set_locale failed (%d): %s\n", ret, strerror(ret));
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny pc = poptGetContext(NULL, argc, argv, long_options, 0);
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech#endif /* BUILD_SUDO */
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
1330390c698ca0802200725df43356557aa633a2Justin Stephenson _("Unexpected argument(s) provided, options that "
1330390c698ca0802200725df43356557aa633a2Justin Stephenson "invalidate a single object only accept a single "
1330390c698ca0802200725df43356557aa633a2Justin Stephenson "provided argument.\n"),
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if (idb == INVALIDATE_NONE && !values.user && !values.group &&
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech !values.netgroup && !values.service && !values.map &&
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek _("Please select at least one object to invalidate\n"),
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not allocate memory for tools context\n");
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ctx->user_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ctx->group_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech ctx->group_name = talloc_strdup(ctx, values.group);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ctx->netgroup_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech ctx->netgroup_name = talloc_strdup(ctx, values.netgroup);
e3ce042be3a6c66aa720fc139f557b065ae6dc5eSimo Sorce ctx->service_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech ctx->service_name = talloc_strdup(ctx, values.service);
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek ctx->autofs_filter = talloc_asprintf(ctx, "(&(objectclass=%s)(%s=*))",
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech ctx->autofs_name = talloc_strdup(ctx, values.map);
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62fWilliam B ctx->ssh_host_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech ctx->ssh_host_name = talloc_strdup(ctx, values.ssh_host);
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech ctx->sudo_rule_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech ctx->sudo_rule_name = talloc_strdup(ctx, values.sudo_rule);
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if (is_filter_valid(ctx, &values, idb) == false) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Construction of filters failed\n");
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ERROR("Could not open domain %1$s. If the domain is a subdomain "
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek "(trusted domain), use fully qualified name instead of "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Initialization of sysdb connections failed\n");
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cechstatic bool is_filter_valid(struct cache_tool_ctx *ctx,
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if ((idb & INVALIDATE_USERS) && ctx->user_filter == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if ((idb & INVALIDATE_GROUPS) && ctx->group_filter == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if ((idb & INVALIDATE_NETGROUPS) && ctx->netgroup_filter == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if ((idb & INVALIDATE_SERVICES) && ctx->service_filter == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if ((idb & INVALIDATE_AUTOFSMAPS) && ctx->autofs_filter == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if ((idb & INVALIDATE_SSH_HOSTS) && ctx->ssh_host_filter == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if (values->netgroup && ctx->netgroup_name == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if (values->service && ctx->service_name == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech if (values->ssh_host && ctx->ssh_host_name == NULL) {
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return false;
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech if (values->sudo_rule && ctx->sudo_rule_name == NULL) {
fd3cbf6bfe86a245d7e90d2a355794eb9c70d525Petr Cech return false;
be6d25ea38ddda232175aab5e297d8c6cb223551Petr Cech return true;
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek size_t *msgs_count, struct ldb_message ***msgs)
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek return sysdb_search_custom(mem_ctx, domain, sub_filter,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek#endif /* BUILD_AUTOFS */
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech/* WARNING: Direct writing to persistent cache!! */
57a924e71230ea360b19a88e0d5818cf01017161Petr Čechstatic int sysdb_invalidate_user_cache_entry(struct sss_domain_info *domain,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech const char *name)
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech return sysdb_invalidate_cache_entry(domain, name, true);
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech/* WARNING: Direct writing to persistent cache!! */
57a924e71230ea360b19a88e0d5818cf01017161Petr Čechstatic int sysdb_invalidate_group_cache_entry(struct sss_domain_info *domain,
57a924e71230ea360b19a88e0d5818cf01017161Petr Čech const char *name)