From e8634ae63d8ee1f313ad93352c9266ebfce77aae Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mar 15 2010 11:41:22 +0000
Subject: Flush NSCD cache after modifying local database


Fixes: #221

---

diff --git a/src/Makefile.am b/src/Makefile.am
index 4bedaa9..6d46cda 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -246,7 +246,8 @@ SSSD_RESPONDER_OBJ = \
 SSSD_TOOLS_OBJ = \
     tools/sss_sync_ops.c \
     tools/tools_util.c \
-    tools/files.c
+    tools/files.c \
+    tools/nscd.c
 
 SSSD_RESOLV_OBJ = \
     resolv/async_resolv.c
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 6323db2..315a064 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -217,3 +217,17 @@ AC_DEFUN([WITH_TEST_DIR],
     AC_DEFINE_UNQUOTED(TEST_DIR, "$with_test_dir", [Directory used for 'make check' temporary files])
   ])
 
+AC_DEFUN([WITH_NSCD],
+  [ AC_ARG_WITH([nscd],
+                [AC_HELP_STRING([--with-nscd],
+                                [Whether to attempt to flush nscd cache after local domain operations [yes]]
+                               )
+                ],
+                [],
+                with_nscd=yes
+               )
+    if test x"$with_nscd" == xyes; then
+        AC_DEFINE_UNQUOTED(HAVE_NSCD, 1, [flush nscd cache after local domain operations])
+    fi
+  ])
+
diff --git a/src/configure.ac b/src/configure.ac
index da718ee..b79bef3 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -71,6 +71,7 @@ WITH_XML_CATALOG
 WITH_KRB5_PLUGIN_PATH
 WITH_PYTHON_BINDINGS
 WITH_SELINUX
+WITH_NSCD
 
 m4_include([external/platform.m4])
 m4_include([external/pkg.m4])
@@ -92,6 +93,7 @@ m4_include([external/sizes.m4])
 m4_include([external/python.m4])
 m4_include([external/selinux.m4])
 m4_include([external/crypto.m4])
+m4_include([external/nscd.m4])
 m4_include([util/signal.m4])
 
 PKG_CHECK_MODULES([DBUS],[dbus-1])
diff --git a/src/external/nscd.m4 b/src/external/nscd.m4
new file mode 100644
index 0000000..f9f54c5
--- /dev/null
+++ b/src/external/nscd.m4
@@ -0,0 +1,9 @@
+AC_PATH_PROG(NSCD, nscd)
+AC_MSG_CHECKING(for nscd)
+if test -x "$NSCD"; then
+  AC_DEFINE_UNQUOTED([NSCD_PATH], "$NSCD", [The path to nscd, if available])
+  AC_MSG_RESULT(yes)
+else
+  AC_MSG_RESULT(no. Manipulating nscd cache will not be available.)
+fi
+
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 56a74fb..5dff892 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2257,6 +2257,15 @@ int main(int argc, const char *argv[])
         }
     }
 
+    /* Warn if nscd seems to be running */
+    ret = check_file(NSCD_SOCKET_PATH, -1, -1, -1, CHECK_SOCK, NULL);
+    if (ret == EOK) {
+        DEBUG(0, ("WARNING: nscd appears to be running\n"));
+        ERROR("nscd socket was detected.  As nscd caching capabilities "
+              "may conflict with SSSD, it is recommended to not run "
+              "nscd in parallel with SSSD\n");
+    }
+
     /* Parse config file, fail if cannot be done */
     ret = load_configuration(tmp_ctx, config_file, &monitor);
     if (ret != EOK) {
diff --git a/src/monitor/monitor.h b/src/monitor/monitor.h
index 78e10ef..54ce394 100644
--- a/src/monitor/monitor.h
+++ b/src/monitor/monitor.h
@@ -25,6 +25,11 @@
 #define RESOLV_CONF_PATH "/etc/resolv.conf"
 #define CONFIG_FILE_POLL_INTERVAL 5 /* seconds */
 
+/* for detecting if NSCD is running */
+#ifndef NSCD_SOCKET_PATH
+#define NSCD_SOCKET_PATH "/var/run/nscd/socket"
+#endif
+
 typedef int (*monitor_reconf_fn) (struct config_file_ctx *file_ctx,
                                   const char *filename);
 
diff --git a/src/tools/nscd.c b/src/tools/nscd.c
new file mode 100644
index 0000000..992f8da
--- /dev/null
+++ b/src/tools/nscd.c
@@ -0,0 +1,89 @@
+/*
+   SSSD
+
+   nscd.c
+
+   Copyright (C) Jakub Hrozek <jhrozek@redhat.com>        2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <talloc.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include "config.h"
+#include "util/util.h"
+#include "tools/tools_util.h"
+
+#ifndef NSCD_RELOAD_ARG
+#define NSCD_RELOAD_ARG "-i"
+#endif
+
+#if defined(NSCD_PATH) && defined(HAVE_NSCD)
+int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db)
+{
+    char *cmd = NULL;
+    const char *service;
+    int ret;
+
+    switch(flush_db) {
+        case NSCD_DB_PASSWD:
+            service = "passwd";
+            break;
+
+        case NSCD_DB_GROUP:
+            service = "group";
+            break;
+
+        default:
+            DEBUG(1, ("Unknown nscd database\n"));
+            ret = EINVAL;
+            goto done;
+    }
+
+    cmd = talloc_asprintf(mem_ctx, "%s %s %s", NSCD_PATH,
+                                               NSCD_RELOAD_ARG,
+                                               service);
+    if (!cmd) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = system(cmd);
+    if (ret) {
+        if (ret == -1) {
+            DEBUG(1, ("system(3) failed\n"));
+            ret = EFAULT;
+            goto done;
+        }
+        /* The flush fails if nscd is not running, so do not care
+         * about the return code */
+        DEBUG(8, ("Error flushing cache, perhaps nscd is not running\n"));
+    }
+
+
+    ret = EOK;
+done:
+    talloc_free(cmd);
+    return ret;
+}
+
+#else   /* defined(NSCD_PATH) && defined(HAVE_NSCD) */
+int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db)
+{
+    return EOK;
+}
+#endif
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index 25b8ac7..498be28 100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
@@ -1301,6 +1301,9 @@ int useradd(TALLOC_CTX *mem_ctx,
 
     SYNC_LOOP(res, ret);
 
+    flush_nscd_cache(mem_ctx, NSCD_DB_PASSWD);
+    flush_nscd_cache(mem_ctx, NSCD_DB_GROUP);
+
     talloc_free(res);
     return ret;
 }
@@ -1349,6 +1352,9 @@ int userdel(TALLOC_CTX *mem_ctx,
 
     SYNC_LOOP(res, ret);
 
+    flush_nscd_cache(mem_ctx, NSCD_DB_PASSWD);
+    flush_nscd_cache(mem_ctx, NSCD_DB_GROUP);
+
     talloc_free(res);
     return ret;
 }
@@ -1397,6 +1403,9 @@ int usermod(TALLOC_CTX *mem_ctx,
 
     SYNC_LOOP(res, ret);
 
+    flush_nscd_cache(mem_ctx, NSCD_DB_PASSWD);
+    flush_nscd_cache(mem_ctx, NSCD_DB_GROUP);
+
     talloc_free(res);
     return ret;
 }
@@ -1445,6 +1454,8 @@ int groupadd(TALLOC_CTX *mem_ctx,
 
     SYNC_LOOP(res, ret);
 
+    flush_nscd_cache(mem_ctx, NSCD_DB_GROUP);
+
     talloc_free(res);
     return ret;
 }
@@ -1493,6 +1504,8 @@ int groupdel(TALLOC_CTX *mem_ctx,
 
     SYNC_LOOP(res, ret);
 
+    flush_nscd_cache(mem_ctx, NSCD_DB_GROUP);
+
     talloc_free(res);
     return ret;
 }
@@ -1541,6 +1554,8 @@ int groupmod(TALLOC_CTX *mem_ctx,
 
     SYNC_LOOP(res, ret);
 
+    flush_nscd_cache(mem_ctx, NSCD_DB_GROUP);
+
     talloc_free(res);
     return ret;
 }
diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h
index a643e73..a2b5c78 100644
--- a/src/tools/tools_util.h
+++ b/src/tools/tools_util.h
@@ -105,4 +105,12 @@ int copy_tree(const char *src_root,
 int selinux_file_context(const char *dst_name);
 int reset_selinux_file_context(void);
 
+/* from nscd.c */
+enum nscd_db {
+    NSCD_DB_PASSWD,
+    NSCD_DB_GROUP
+};
+
+int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db);
+
 #endif  /* __TOOLS_UTIL_H__ */