From 21633dc4ad13c0ebae0f2b4e4f4188556202113e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 12 Oct 2017 10:42:41 +0200 Subject: [PATCH 25/31] NSS: add support for SSS_NSS_EX_FLAG_NO_CACHE If SSS_NSS_EX_FLAG_NO_CACHE is set the object is refresh by directly looking it up in the backend. Related to https://pagure.io/SSSD/sssd/issue/2478 Reviewed-by: Jakub Hrozek (cherry picked from commit ac6b267ff3df6d0417062a128ec16b184ea2c1b7) --- src/responder/nss/nss_cmd.c | 8 ++++ src/sss_client/idmap/sss_nss_ex.c | 71 ++++++++++++++++++++---------------- src/sss_client/idmap/sss_nss_idmap.h | 4 ++ 3 files changed, 52 insertions(+), 31 deletions(-) diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index 974eaccc93cea3a330007735676da69eb9b84141..c5ddd2f2cc2122cd169ea991b94a14eb5bad095f 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -92,6 +92,10 @@ static errno_t nss_getby_name(struct cli_ctx *cli_ctx, goto done; } + if ((flags & SSS_NSS_EX_FLAG_NO_CACHE) != 0) { + cache_req_data_set_bypass_cache(data, true); + } + subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, memcache, rawname, 0); if (subreq == NULL) { @@ -152,6 +156,10 @@ static errno_t nss_getby_id(struct cli_ctx *cli_ctx, goto done; } + if ((flags & SSS_NSS_EX_FLAG_NO_CACHE) != 0) { + cache_req_data_set_bypass_cache(data, true); + } + subreq = nss_get_object_send(cmd_ctx, cli_ctx->ev, cli_ctx, data, memcache, NULL, id); if (subreq == NULL) { diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c index dc7610a4e528b5126f0d25d84cd3c1a22f683b75..edb3ea652ef7032b76c8f815b9f83fe185a669ea 100644 --- a/src/sss_client/idmap/sss_nss_ex.c +++ b/src/sss_client/idmap/sss_nss_ex.c @@ -115,42 +115,51 @@ int sss_get_ex(struct nss_input *inp, uint32_t flags, unsigned int timeout) size_t c; gid_t *new_groups; size_t idx; + bool skip_mc = false; - ret = sss_nss_mc_get(inp); - switch (ret) { - case 0: - return 0; - case ERANGE: - return ERANGE; - case ENOENT: - /* fall through, we need to actively ask the parent - * if no entry is found */ - break; - default: - /* if using the mmaped cache failed, - * fall back to socket based comms */ - break; + if ((flags & SSS_NSS_EX_FLAG_NO_CACHE) != 0) { + skip_mc = true; + } + + if (!skip_mc) { + ret = sss_nss_mc_get(inp); + switch (ret) { + case 0: + return 0; + case ERANGE: + return ERANGE; + case ENOENT: + /* fall through, we need to actively ask the parent + * if no entry is found */ + break; + default: + /* if using the mmaped cache failed, + * fall back to socket based comms */ + break; + } } sss_nss_timedlock(timeout, &time_left); - /* previous thread might already initialize entry in mmap cache */ - ret = sss_nss_mc_get(inp); - switch (ret) { - case 0: - ret = 0; - goto out; - case ERANGE: - ret = ERANGE; - goto out; - case ENOENT: - /* fall through, we need to actively ask the parent - * if no entry is found */ - break; - default: - /* if using the mmaped cache failed, - * fall back to socket based comms */ - break; + if (!skip_mc) { + /* previous thread might already initialize entry in mmap cache */ + ret = sss_nss_mc_get(inp); + switch (ret) { + case 0: + ret = 0; + goto out; + case ERANGE: + ret = ERANGE; + goto out; + case ENOENT: + /* fall through, we need to actively ask the parent + * if no entry is found */ + break; + default: + /* if using the mmaped cache failed, + * fall back to socket based comms */ + break; + } } ret = sss_nss_make_request_timeout(inp->cmd, &inp->rd, time_left, diff --git a/src/sss_client/idmap/sss_nss_idmap.h b/src/sss_client/idmap/sss_nss_idmap.h index 2334b6cb3fb8ef62e4ce3a7187c7affaeaa034e7..1649830afbb80c617fd339f054aef8bc8e585fb9 100644 --- a/src/sss_client/idmap/sss_nss_idmap.h +++ b/src/sss_client/idmap/sss_nss_idmap.h @@ -169,6 +169,10 @@ void sss_nss_free_kv(struct sss_nss_kv *kv_list); #define SSS_NSS_EX_FLAG_NO_FLAGS 0 +/** Always request data from the server side, client must be privileged to do + * so, see nss_trusted_users option in man sssd.conf for details */ +#define SSS_NSS_EX_FLAG_NO_CACHE (1 << 0) + #ifdef IPA_389DS_PLUGIN_HELPER_CALLS /** -- 2.13.6