sss_cache.c revision 4fcc50e133f90cd4c5931a3ac48c84cb628b16fc
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen Copyright (C) Jan Zeleny <jzeleny@redhat.com> 2011
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen This program is free software; you can redistribute it and/or modify
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen it under the terms of the GNU General Public License as published by
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen the Free Software Foundation; either version 3 of the License, or
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen (at your option) any later version.
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen This program is distributed in the hope that it will be useful,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen GNU General Public License for more details.
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen You should have received a copy of the GNU General Public License
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen INVALIDATE_NETGROUPS | INVALIDATE_SERVICES | \
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen#define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenstatic errno_t search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen size_t *msgs_count, struct ldb_message ***msgs);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenerrno_t init_domains(struct cache_tool_ctx *ctx, const char *domain);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenerrno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenstatic errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenstatic bool invalidate_entries(TALLOC_CTX *ctx,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenstatic errno_t update_all_filters(struct cache_tool_ctx *tctx,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ("Error initializing context for the application\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen for (dinfo = tctx->domains; dinfo; dinfo = get_next_domain(dinfo, true)) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen /* Update list of subdomains for this domain */
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen ("Failed to update subdomains for domain %s.\n", dinfo->name));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen /* Update filters for each domain */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to update filters.\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ("Could not start the transaction!\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_USER,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_GROUP,
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_NETGROUP,
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_SERVICE,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_AUTOFSMAP,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ("Could not commit the transaction!\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ("Failed to cancel transaction\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen if (skipped == true) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ERROR("No cache object matched the specified search\n");
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to clear memory cache.\n"));
21fed972adb354b92771eefad27f8ac8cbd5dd45Timo Sirainenstatic errno_t update_filter(struct cache_tool_ctx *tctx,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen /* Nothing to do */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = sss_parse_name(tmp_ctx, tctx->nctx, name,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("sss_parse_name failed\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen if (!dinfo->case_sensitive && !force_case_sensitivity) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen use_name = sss_tc_utf8_str_tolower(tmp_ctx, parsed_name);
9ab0786966c0afa8fa09a2faff7c067bc388e694Timo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen use_name = sss_get_domain_name(tmp_ctx, use_name, dinfo);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen if (!strcasecmp(dinfo->name, parsed_domain)) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen /* We were able to parse the domain from given fqdn, but it
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen * does not match with currently processed domain. */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, name);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen/* This function updates all filters for specified domain using this
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen * domains regex to parse string into domain and name (if exists). */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenstatic errno_t update_all_filters(struct cache_tool_ctx *tctx,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = sss_names_init(tctx, tctx->confdb, dinfo->parent->name,
21fed972adb354b92771eefad27f8ac8cbd5dd45Timo Sirainen ret = sss_names_init(tctx, tctx->confdb, dinfo->name, &tctx->nctx);
148a8396be2c1cf7d2aaa55566f7f7dea05388ddTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("sss_names_init() failed\n"));
148a8396be2c1cf7d2aaa55566f7f7dea05388ddTimo Sirainen /* Update user filter */
148a8396be2c1cf7d2aaa55566f7f7dea05388ddTimo Sirainen ret = update_filter(tctx, dinfo, tctx->user_name,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen /* Update group filter */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = update_filter(tctx, dinfo, tctx->group_name,
21fed972adb354b92771eefad27f8ac8cbd5dd45Timo Sirainen /* Update netgroup filter */
21fed972adb354b92771eefad27f8ac8cbd5dd45Timo Sirainen ret = update_filter(tctx, dinfo, tctx->netgroup_name,
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38Timo Sirainen tctx->update_netgroup_filter, "(%s=%s)", false,
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38Timo Sirainen /* Update service filter */
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38Timo Sirainen ret = update_filter(tctx, dinfo, tctx->service_name,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen tctx->update_service_filter, "(%s=%s)", false,
21fed972adb354b92771eefad27f8ac8cbd5dd45Timo Sirainen /* Update autofs filter */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = update_filter(tctx, dinfo, tctx->autofs_name,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen "(&(objectclass="SYSDB_AUTOFS_MAP_OC")(%s=%s))", true,
6c6b1e9fd9ab19249e73f5269931d01d831e4346Timo Sirainenstatic bool invalidate_entries(TALLOC_CTX *ctx,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen if (!filter) return false;
21fed972adb354b92771eefad27f8ac8cbd5dd45Timo Sirainen ret = sysdb_search_netgroups(ctx, sysdb, dinfo,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(SSSDBG_TRACE_FUNC, ("'%s' %s: Not found in domain '%s'\n",
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ("Searching for %s in domain %s with filter %s failed\n",
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38Timo Sirainen return false;
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen for (i = 0; i < msg_count; i++) {
6c6b1e9fd9ab19249e73f5269931d01d831e4346Timo Sirainen c_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38Timo Sirainen ("Something bad happened, can't find attribute %s", SYSDB_NAME));
c2c0c1e5d2e97ae114ad83d8cb486b0aab23ac38Timo Sirainen ERROR("Couldn't invalidate %1$s", type_string);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = invalidate_entry(ctx, sysdb, dinfo, c_name, entry_type);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ("Couldn't invalidate %s %s", type_string, c_name));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ERROR("Couldn't invalidate %1$s %2$s", type_string, c_name);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainenstatic errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = sysdb_set_user_attr(sysdb, domain, name, sys_attrs,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = sysdb_set_group_attr(sysdb, domain, name, sys_attrs,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ret = sysdb_set_netgroup_attr(sysdb, domain, name,
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen DEBUG(3, ("Could not set entry attributes\n"));
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen DEBUG(3, ("Could not add expiration time to attributes\n"));
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen DEBUG(3, ("Could not create sysdb attributes\n"));
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainenerrno_t init_domains(struct cache_tool_ctx *ctx, const char *domain)
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE);
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen /* Connect to the conf db */
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen ret = confdb_init(ctx, &ctx->confdb, confdb_path);
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen DEBUG(1, ("Could not initialize connection to the confdb\n"));
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen DEBUG(1, ("Could not initialize connection to the sysdb\n"));
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen ret = confdb_get_domains(ctx->confdb, &ctx->domains);
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen DEBUG(1, ("Could not initialize connection to the sysdb\n"));
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainenerrno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx)
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &debug,
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen { "everything", 'E', POPT_ARG_NONE, NULL, 'e',
1c4f8e4c4e5f3a5f05692a2d5c57f96a5b612f3dTimo Sirainen _("Invalidate all cached entries except for sudo rules"), NULL },
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen { "netgroup", 'n', POPT_ARG_STRING, &netgroup, 0,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen { "service", 's', POPT_ARG_STRING, &service, 0,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen { "autofs-map", 'a', POPT_ARG_STRING, &map, 0,
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen _("Invalidate particular autofs map"), NULL },
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen { "autofs-maps", 'A', POPT_ARG_NONE, NULL, 'a',
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen#endif /* BUILD_AUTOFS */
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen _("Only invalidate entries from a particular domain"), NULL },
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret)));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen pc = poptGetContext(NULL, argc, argv, long_options, 0);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen if (idb == INVALIDATE_NONE && !user && !group &&
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen _("Please select at least one object to invalidate\n"),
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx = talloc_zero(NULL, struct cache_tool_ctx);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen DEBUG(1, ("Could not allocate memory for tools context\n"));
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->user_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen } else if (user) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->group_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen } else if (group) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->netgroup_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->netgroup_name = talloc_strdup(ctx, netgroup);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->service_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen } else if (service) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->service_name = talloc_strdup(ctx, service);
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ctx->autofs_filter = talloc_asprintf(ctx, "(&(objectclass=%s)(%s=*))",
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen } else if (map) {
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen if (((idb & INVALIDATE_USERS) && !ctx->user_filter) ||
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ((idb & INVALIDATE_GROUPS) && !ctx->group_filter) ||
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ((idb & INVALIDATE_NETGROUPS) && !ctx->netgroup_filter) ||
e98de01b5644c88b6053e2921eb5e9a506fe263fTimo Sirainen ((idb & INVALIDATE_SERVICES) && !ctx->service_filter) ||
goto fini;
if (domain) {
goto fini;
fini:
return ret;
static errno_t
#ifdef BUILD_AUTOFS
return ENOSYS;