sss_cache.c revision d2791a492d8f0a9df73fc7a683b3f712abf80f3f
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny Copyright (C) Jan Zeleny <jzeleny@redhat.com> 2011
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny This program is free software; you can redistribute it and/or modify
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny it under the terms of the GNU General Public License as published by
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny the Free Software Foundation; either version 3 of the License, or
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny (at your option) any later version.
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny This program is distributed in the hope that it will be useful,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny GNU General Public License for more details.
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny You should have received a copy of the GNU General Public License
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
9651a27ec14f3a378e861ca39852480f37f1ef08Michal Zidek#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
9651a27ec14f3a378e861ca39852480f37f1ef08Michal Zidek#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnikstatic errno_t search_autofsmaps(TALLOC_CTX *mem_ctx,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek size_t *msgs_count, struct ldb_message ***msgs);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zelenyerrno_t init_domains(struct cache_tool_ctx *ctx, const char *domain);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zelenyerrno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx);
e2640b7a0ccfe2b00311d20ae18006ccc82a834cLukas Slebodnikstatic errno_t invalidate_entry(TALLOC_CTX *ctx,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidekstatic errno_t update_all_filters(struct cache_tool_ctx *tctx,
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek ("Error initializing context for the application\n"));
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek for (dinfo = tctx->domains; dinfo; dinfo = get_next_domain(dinfo, true)) {
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek /* Update list of subdomains for this domain */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ("Failed to update subdomains for domain %s.\n", dinfo->name));
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update filters for each domain */
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to update filters.\n"));
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ("Could not start the transaction!\n"));
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_USER,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_GROUP,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_NETGROUP,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_SERVICE,
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik skipped &= !invalidate_entries(tctx, dinfo, TYPE_AUTOFSMAP,
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ("Could not commit the transaction!\n"));
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ("Failed to cancel transaction\n"));
69f6f2ed116d1c987851bfcc410cf2bdd1b0cc97Michal Zidek if (skipped == true) {
69f6f2ed116d1c987851bfcc410cf2bdd1b0cc97Michal Zidek ERROR("No cache object matched the specified search\n");
a290ace39af184d878568e17588b6b2210aea63fMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to clear memory cache.\n"));
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidekstatic errno_t update_filter(struct cache_tool_ctx *tctx,
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek /* Nothing to do */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n"));
d2791a492d8f0a9df73fc7a683b3f712abf80f3fSumit Bose ret = sss_parse_name(tmp_ctx, dinfo->names, name,
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("sss_parse_name failed\n"));
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek if (!dinfo->case_sensitive && !force_case_sensitivity) {
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek use_name = sss_tc_utf8_str_tolower(tmp_ctx, parsed_name);
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
02d1cb8935d5c9b57cd05dfdbfe6ed38e0d61c28Jakub Hrozek use_name = sss_get_domain_name(tmp_ctx, use_name, dinfo);
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek /* We were able to parse the domain from given fqdn, but it
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek * does not match with currently processed domain. */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, name);
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek/* This function updates all filters for specified domain using this
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek * domains regex to parse string into domain and name (if exists). */
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidekstatic errno_t update_all_filters(struct cache_tool_ctx *tctx,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update user filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->user_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update group filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->group_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update netgroup filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->netgroup_name,
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek tctx->update_netgroup_filter, "(%s=%s)", false,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update service filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->service_name,
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek /* Update autofs filter */
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ret = update_filter(tctx, dinfo, tctx->autofs_name,
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek "(&(objectclass="SYSDB_AUTOFS_MAP_OC")(%s=%s))", true,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny const char *c_name;
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek if (!filter) return false;
78c4b29420855b9f5384cd5e052fc9369c57d899Lukas Slebodnik ret = search_autofsmaps(ctx, dinfo, filter, attrs, &msg_count, &msgs);
eeee8d4e089830d337f217ec4921421ab448a8ecMichal Zidek DEBUG(SSSDBG_TRACE_FUNC, ("'%s' %s: Not found in domain '%s'\n",
eeee8d4e089830d337f217ec4921421ab448a8ecMichal Zidek ("Searching for %s in domain %s with filter %s failed\n",
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek return false;
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek for (i = 0; i < msg_count; i++) {
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek c_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek ("Something bad happened, can't find attribute %s", SYSDB_NAME));
e2640b7a0ccfe2b00311d20ae18006ccc82a834cLukas Slebodnik ret = invalidate_entry(ctx, dinfo, c_name, entry_type);
2eaf2045b5b55cdaff6ae5704225cf9a75b16950Simo Sorce ("Couldn't invalidate %s %s", type_string, c_name));
2eaf2045b5b55cdaff6ae5704225cf9a75b16950Simo Sorce ERROR("Couldn't invalidate %1$s %2$s", type_string, c_name);
e2640b7a0ccfe2b00311d20ae18006ccc82a834cLukas Slebodnikstatic errno_t invalidate_entry(TALLOC_CTX *ctx,
4c08db0fb0dda3d27b1184248ca5c800d7ce23f0Michal Zidek ret = sysdb_set_user_attr(domain, name, sys_attrs,
4c08db0fb0dda3d27b1184248ca5c800d7ce23f0Michal Zidek ret = sysdb_set_group_attr(domain, name, sys_attrs,
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek ret = sysdb_set_netgroup_attr(domain, name, sys_attrs,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(3, ("Could not add expiration time to attributes\n"));
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(3, ("Could not create sysdb attributes\n"));
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozekerrno_t init_domains(struct cache_tool_ctx *ctx, const char *domain)
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny /* Connect to the conf db */
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ret = confdb_init(ctx, &ctx->confdb, confdb_path);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(1, ("Could not initialize connection to the confdb\n"));
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(1, ("Could not initialize connection to the sysdb\n"));
72aa8e7b1d234b6b68446d42efa1cff22b70c81bSimo Sorce ret = confdb_get_domains(ctx->confdb, &ctx->domains);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(1, ("Could not initialize connection to the sysdb\n"));
d2791a492d8f0a9df73fc7a683b3f712abf80f3fSumit Bose for (dinfo = ctx->domains; dinfo; dinfo = get_next_domain(dinfo, false)) {
d2791a492d8f0a9df73fc7a683b3f712abf80f3fSumit Bose ret = sss_names_init(ctx, ctx->confdb, dinfo->name, &dinfo->names);
d2791a492d8f0a9df73fc7a683b3f712abf80f3fSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, ("sss_names_init() failed\n"));
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zelenyerrno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx)
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &debug,
898c4f965aeea2aa029ad56b9e9f48abce17a582Yuri Chornoivan _("Invalidate all cached entries except for sudo rules"), NULL },
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny { "netgroup", 'n', POPT_ARG_STRING, &netgroup, 0,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek { "service", 's', POPT_ARG_STRING, &service, 0,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek { "autofs-maps", 'A', POPT_ARG_NONE, NULL, 'a',
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek#endif /* BUILD_AUTOFS */
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny _("Only invalidate entries from a particular domain"), NULL },
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret)));
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny pc = poptGetContext(NULL, argc, argv, long_options, 0);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek if (idb == INVALIDATE_NONE && !user && !group &&
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek _("Please select at least one object to invalidate\n"),
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(1, ("Could not allocate memory for tools context\n"));
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ctx->user_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny } else if (user) {
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ctx->group_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny } else if (group) {
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ctx->netgroup_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny } else if (netgroup) {
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek ctx->netgroup_name = talloc_strdup(ctx, netgroup);
e3ce042be3a6c66aa720fc139f557b065ae6dc5eSimo Sorce ctx->service_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek } else if (service) {
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek ctx->service_name = talloc_strdup(ctx, service);
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek ctx->autofs_filter = talloc_asprintf(ctx, "(&(objectclass=%s)(%s=*))",
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek } else if (map) {
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek if (((idb & INVALIDATE_USERS) && !ctx->user_filter) ||
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek ((idb & INVALIDATE_GROUPS) && !ctx->group_filter) ||
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek ((idb & INVALIDATE_NETGROUPS) && !ctx->netgroup_filter) ||
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek ((idb & INVALIDATE_SERVICES) && !ctx->service_filter) ||
d27d11b360b92f1728206802005bb3da359e1ea4Michal Zidek ((idb & INVALIDATE_AUTOFSMAPS) && !ctx->autofs_filter) ||
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek (user && !ctx->user_name) || (group && !ctx->group_name) ||
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek (netgroup && !ctx->netgroup_name) || (map && !ctx->autofs_name) ||
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek ERROR("Could not open domain %1$s. If the domain is a subdomain "
72bb31d9a093bff7b8c7f973b057ed4e9e41d4caMichal Zidek "(trusted domain), use fully qualified name instead of "
da0b829a2002987339aadaa01b85adbb5ddba20dJakub Hrozek ("Initialization of sysdb connections failed\n"));
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek size_t *msgs_count, struct ldb_message ***msgs)
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek return sysdb_search_custom(mem_ctx, domain, sub_filter,
82b5429d1438392c45e70a0f84dd4d0f5fa1a171Jakub Hrozek#endif /* BUILD_AUTOFS */