AC_ARG_WITH(nscd,
[AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
[with_nscd=$withval], [with_nscd=yes])
+AC_ARG_WITH(sssd,
+ [AC_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
+ [with_sssd=$withval], [with_sssd=yes])
AC_ARG_WITH(group-name-max-length,
[AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
[AC_MSG_ERROR([posix_spawn is needed for nscd support])])
fi
+if test "$with_sssd" = "yes"; then
+ AC_CHECK_FUNC(posix_spawn,
+ [AC_DEFINE(USE_SSSD, 1, [Define to support flushing of sssd caches])],
+ [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
+fi
+
dnl Check for some functions in libc first, only if not found check for
dnl other libraries. This should prevent linking libnsl if not really
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
echo " S/Key support: $with_skey"
echo " SHA passwords encryption: $with_sha_crypt"
echo " nscd support: $with_nscd"
+echo " sssd support: $with_sssd"
echo " subordinate IDs support: $enable_subids"
echo
lockpw.c \
nscd.c \
nscd.h \
+ sssd.c \
+ sssd.h \
pam_defs.h \
port.c \
port.h \
#include <stdio.h>
#include <signal.h>
#include "nscd.h"
+#include "sssd.h"
#ifdef WITH_TCB
#include <tcb.h>
#endif /* WITH_TCB */
if (nscd_need_reload) {
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
nscd_need_reload = false;
}
#ifdef HAVE_LCKPWDF
--- /dev/null
+/* Author: Peter Vrabec <pvrabec@redhat.com> */
+
+#include <config.h>
+#ifdef USE_SSSD
+
+#include <stdio.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include "exitcodes.h"
+#include "defines.h"
+#include "prototypes.h"
+#include "sssd.h"
+
+#define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache.\n"
+
+int sssd_flush_cache (int dbflags)
+{
+ int status, code, rv;
+ const char *cmd = "/usr/sbin/sss_cache";
+ char *sss_cache_args = NULL;
+ const char *spawnedArgs[] = {"sss_cache", NULL, NULL};
+ const char *spawnedEnv[] = {NULL};
+ int i = 0;
+
+ sss_cache_args = malloc(4);
+ if (sss_cache_args == NULL) {
+ return -1;
+ }
+
+ sss_cache_args[i++] = '-';
+ if (dbflags & SSSD_DB_PASSWD) {
+ sss_cache_args[i++] = 'U';
+ }
+ if (dbflags & SSSD_DB_GROUP) {
+ sss_cache_args[i++] = 'G';
+ }
+ sss_cache_args[i++] = '\0';
+ if (i == 2) {
+ /* Neither passwd nor group, nothing to do */
+ free(sss_cache_args);
+ return 0;
+ }
+ spawnedArgs[1] = sss_cache_args;
+
+ rv = run_command (cmd, spawnedArgs, spawnedEnv, &status);
+ free(sss_cache_args);
+ if (rv != 0) {
+ /* run_command writes its own more detailed message. */
+ (void) fprintf (stderr, _(MSG_SSSD_FLUSH_CACHE_FAILED), Prog);
+ return -1;
+ }
+
+ code = WEXITSTATUS (status);
+ if (!WIFEXITED (status)) {
+ (void) fprintf (stderr,
+ _("%s: sss_cache did not terminate normally (signal %d)\n"),
+ Prog, WTERMSIG (status));
+ return -1;
+ } else if (code == E_CMD_NOTFOUND) {
+ /* sss_cache is not installed, or it is installed but uses an
+ interpreter that is missing. Probably the former. */
+ return 0;
+ } else if (code != 0) {
+ (void) fprintf (stderr, _("%s: sss_cache exited with status %d\n"),
+ Prog, code);
+ (void) fprintf (stderr, _(MSG_SSSD_FLUSH_CACHE_FAILED), Prog);
+ return -1;
+ }
+
+ return 0;
+}
+#else /* USE_SSSD */
+extern int errno; /* warning: ANSI C forbids an empty source file */
+#endif /* USE_SSSD */
+
--- /dev/null
+#ifndef _SSSD_H_
+#define _SSSD_H_
+
+#define SSSD_DB_PASSWD 0x001
+#define SSSD_DB_GROUP 0x002
+
+/*
+ * sssd_flush_cache - flush specified service buffer in sssd cache
+ */
+#ifdef USE_SSSD
+extern int sssd_flush_cache (int dbflags);
+#else
+#define sssd_flush_cache(service) (0)
+#endif
+
+#endif
+
#include "defines.h"
#include "getdef.h"
#include "nscd.h"
+#include "sssd.h"
#ifdef USE_PAM
#include "pam_defs.h"
#endif
SYSLOG ((LOG_INFO, "changed user '%s' information", user));
nscd_flush_cache ("passwd");
+ sssd_flush_cache (SSSD_DB_PASSWD);
closelog ();
exit (E_SUCCESS);
#endif /* ACCT_TOOLS_SETUID */
#include "defines.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "groupio.h"
#ifdef SHADOWGRP
close_files ();
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
return (0);
}
#endif /* USE_PAM */
#include "defines.h"
#include "nscd.h"
+#include "sssd.h"
#include "getdef.h"
#include "prototypes.h"
#include "pwio.h"
}
nscd_flush_cache ("passwd");
+ sssd_flush_cache (SSSD_DB_PASSWD);
return (0);
}
#include "defines.h"
#include "getdef.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
SYSLOG ((LOG_INFO, "changed user '%s' shell to '%s'", user, loginsh));
nscd_flush_cache ("passwd");
+ sssd_flush_cache (SSSD_DB_PASSWD);
closelog ();
exit (E_SUCCESS);
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
close_files ();
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
exit (E_SUCCESS);
}
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
close_files ();
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
return E_SUCCESS;
}
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
close_files ();
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
return E_SUCCESS;
}
#include "groupio.h"
#include "pwio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
close_files ();
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
return E_SUCCESS;
}
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
close_files (changed);
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
/*
* Tell the user what we did and exit.
#include <unistd.h>
#include <getopt.h>
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
/*@-exitarg@*/
#include "exitcodes.h"
}
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
return 0;
}
#include <grp.h>
#include <getopt.h>
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
/*@-exitarg@*/
#include "exitcodes.h"
}
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_GROUP);
return 0;
}
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "pwio.h"
#include "sgroupio.h"
#include "shadowio.h"
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
#ifdef USE_PAM
unsigned int i;
#include "defines.h"
#include "getdef.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
SYSLOG ((LOG_INFO, "password for '%s' changed by '%s'", name, myname));
closelog ();
#include "shadowio.h"
#include "getdef.h"
#include "nscd.h"
+#include "sssd.h"
#ifdef WITH_TCB
#include "tcbfuncs.h"
#endif /* WITH_TCB */
close_files (changed);
nscd_flush_cache ("passwd");
+ sssd_flush_cache (SSSD_DB_PASSWD);
/*
* Tell the user what we did and exit.
#include "pwio.h"
#include "shadowio.h"
#include "nscd.h"
+#include "sssd.h"
/*
* exit status values
}
nscd_flush_cache ("passwd");
+ sssd_flush_cache (SSSD_DB_PASSWD);
return E_SUCCESS;
}
#include <getopt.h>
#include "defines.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
}
nscd_flush_cache ("passwd");
+ sssd_flush_cache (SSSD_DB_PASSWD);
return 0;
}
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return E_SUCCESS;
}
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
}
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
#ifdef WITH_SELINUX
if (Zflg) {
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
+#include "sssd.h"
#include "prototypes.h"
#include "pwio.h"
#include "sgroupio.h"
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return E_SUCCESS;
}
projects / thirdparty / shadow.git / commitdiff
