Invalidating initgroups memory cache by a single name does not work #4728

sssd-bot · 2020-05-02T13:49:17Z

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3718

Created at 2018-04-24 16:44:45 by jhrozek
Assigned to nobody

I found this bug while working on tests for the nss_ex interface, but even with the help of the design page, I'm not sure what would the best fix be, so I'm filing a ticket.

When a user is being invalidated from the initgroups memory cache, the sss_mmap_cache_invalidate function is passed the input name (e.g. user). Then the code goes to sss_mc_find_record where the name is used to generate the hash and the slot and an entry is found. But then we go to:

582         if (strcmp(key->str, t_key) == 0) {
583             break;
584         }

Which never matches, because the t_key is the unique name in case of the initgroup cache, so the comparison is always false..

There is a crude fix in PR #558 but it's probable that someone else will be doing a proper fix, so filing an issue is safer.

Comments

Comment from pbrezina at 2020-03-13 15:07:59

Metadata Update from @pbrezina:

Issue tagged with: Future milestone

The text was updated successfully, but these errors were encountered:

Initgroups MC uses 'lookup_name' as a primary key, not output format. Based on proposal by Jakub Hrozek in SSSD#558 Resolves: SSSD#4728

According to the https://sssd.io/contrib/mmap_cache.html#the-initgr-data one of keys should be a canonical name. Based on the proposal by Sumit Bose: SSSD#6128 (comment) Resolves: SSSD#4728

alexey-tikhonov · 2022-07-01T15:26:21Z

Pushed PR: #6128

master
- 810d922 - NSS: mem-cache: don't update domains other than the one where an entry was found.
- cceb136 - NSS: fix initgroups store key (one of)
- 7abc9cf - NSS: MC: no need to convert name to output format.
- 1690ae1 - NSS MS: trivial simplification
- ad7d1de - NSS MC: deleted misleading comment

sssd-bot added the Future milestone label May 2, 2020

alexey-tikhonov self-assigned this Jun 4, 2020

alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Apr 28, 2022

NSS: fix initgroups mem-cache invalidation

22ffeaf

Initgroups MC uses 'lookup_name' as a primary key, not output format. Based on proposal by Jakub Hrozek in SSSD#558 Resolves: SSSD#4728

alexey-tikhonov linked a pull request Apr 28, 2022 that will close this issue

NSS: fix initgroups mem-cache invalidation #6128

Closed

alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue May 2, 2022

NSS: fix initgroups mem-cache invalidation

e5609ba

Initgroups MC uses 'lookup_name' as a primary key, not output format. Based on proposal by Jakub Hrozek in SSSD#558 Resolves: SSSD#4728

alexey-tikhonov closed this as completed in cceb136 Jul 1, 2022

alexey-tikhonov added the Closed: Fixed Issue was closed as fixed. label Jul 1, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalidating initgroups memory cache by a single name does not work #4728

Invalidating initgroups memory cache by a single name does not work #4728

sssd-bot commented May 2, 2020

alexey-tikhonov commented Jul 1, 2022