lists.arthurdejong.org
RSS feed

nss-pam-ldapd branch master updated. 0.9.0-14-g7c85202

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd branch master updated. 0.9.0-14-g7c85202



This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  7c85202ab49b005bf4a4fe5113ccaa9b25b584f9 (commit)
       via  e1b0399ee018d217cd50267cef03c28dfdb32fbf (commit)
       via  6054499f9a9952593ccadc83182e01d39ff62f12 (commit)
      from  d2e2e400e79c94c2e60f21ec61811dfe948924cc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7c85202ab49b005bf4a4fe5113ccaa9b25b584f9

commit 7c85202ab49b005bf4a4fe5113ccaa9b25b584f9
Merge: d2e2e40 e1b0399
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jul 26 15:05:40 2013 +0200

    Make cache invalidation more generic
    
    This changes the nscd_invalidate option into a more generic
    reconnect_invalidate and also allows clearing the nfsidmap cache.


http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=e1b0399ee018d217cd50267cef03c28dfdb32fbf

commit e1b0399ee018d217cd50267cef03c28dfdb32fbf
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jul 26 14:59:43 2013 +0200

    Rename nscd_invalidate option to reconnect_invalidate
    
    This also renames the internal nscd module to invalidator for both nslcd
    and pynslcd. The new invalidator module is now no longer nscd-specific.

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 9435e3a..482ad7b 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -818,8 +818,8 @@
      </listitem>
     </varlistentry>
 
-    <varlistentry id="nscd_invalidate"> <!-- since 0.9.0 -->
-     <term><option>nscd_invalidate</option>
+    <varlistentry id="reconnect_invalidate"> <!-- since 0.9.1, was 
nscd_invalidate in 0.9.0 -->
+     <term><option>reconnect_invalidate</option>
            
<replaceable>DB</replaceable>,<replaceable>DB</replaceable>,...</term>
      <listitem>
       <para>
diff --git a/nslcd/Makefile.am b/nslcd/Makefile.am
index 60560f8..4346f21 100644
--- a/nslcd/Makefile.am
+++ b/nslcd/Makefile.am
@@ -30,7 +30,7 @@ nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \
                 myldap.c myldap.h \
                 cfg.c cfg.h \
                 attmap.c attmap.h \
-                nsswitch.c nscd.c \
+                nsswitch.c invalidator.c \
                 config.c alias.c ether.c group.c host.c netgroup.c network.c \
                 passwd.c protocol.c rpc.c service.c shadow.c pam.c usermod.c
 nslcd_LDADD = ../common/libtio.a ../common/libdict.a \
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 381ddec..ec1237c 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -934,7 +934,7 @@ static void handle_pam_password_prohibit_message(
   cfg->pam_password_prohibit_message = value;
 }
 
-static void handle_nscd_invalidate(
+static void handle_reconnect_invalidate(
                 const char *filename, int lnr,
                 const char *keyword, char *line, struct ldap_config *cfg)
 {
@@ -963,7 +963,7 @@ static void handle_nscd_invalidate(
         log_log(LOG_ERR, "%s:%d: unknown map: '%s'", filename, lnr, name);
         exit(EXIT_FAILURE);
       }
-      cfg->nscd_invalidate[map] = 1;
+      cfg->reconnect_invalidate[map] = 1;
     }
   }
 }
@@ -1100,7 +1100,7 @@ static void cfg_defaults(struct ldap_config *cfg)
     cfg->pam_authz_searches[i] = NULL;
   cfg->pam_password_prohibit_message = NULL;
   for (i = 0; i < LM_NONE; i++)
-    cfg->nscd_invalidate[i] = 0;
+    cfg->reconnect_invalidate[i] = 0;
 }
 
 static void cfg_read(const char *filename, struct ldap_config *cfg)
@@ -1432,9 +1432,9 @@ static void cfg_read(const char *filename, struct 
ldap_config *cfg)
     {
       handle_pam_password_prohibit_message(filename, lnr, keyword, line, cfg);
     }
-    else if (strcasecmp(keyword, "nscd_invalidate") == 0)
+    else if (strcasecmp(keyword, "reconnect_invalidate") == 0)
     {
-      handle_nscd_invalidate(filename, lnr, keyword, line, cfg);
+      handle_reconnect_invalidate(filename, lnr, keyword, line, cfg);
     }
 #ifdef ENABLE_CONFIGFILE_CHECKING
     /* fallthrough */
@@ -1689,14 +1689,14 @@ static void cfg_dump(void)
   /* build a comma-separated list */
   buffer[0] = '\0';
   for (i = 0; i < LM_NONE ; i++)
-    if (nslcd_cfg->nscd_invalidate[i])
+    if (nslcd_cfg->reconnect_invalidate[i])
     {
       if (buffer[0] != '\0')
         strncat(buffer, ",", sizeof(buffer) - 1 - strlen(buffer));
       strncat(buffer, print_map(i), sizeof(buffer) - 1 - strlen(buffer));
     }
   if (buffer[0] != '\0')
-    log_log(LOG_DEBUG, "CFG: nscd_invalidate %s", buffer);
+    log_log(LOG_DEBUG, "CFG: reconnect_invalidate %s", buffer);
 }
 
 void cfg_init(const char *fname)
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index 4ec31ff..65b2058 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -126,7 +126,7 @@ struct ldap_config {
   int ignorecase; /* whether or not case should be ignored in lookups */
   char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the 
searches that should be performed to do autorisation checks */
   char *pam_password_prohibit_message;   /* whether password changing should 
be denied and user prompted with this message */
-  char nscd_invalidate[LM_NONE];  /* set to 1 if the corresponding map should 
be invalidated */
+  char reconnect_invalidate[LM_NONE];  /* set to 1 if the corresponding map 
should be invalidated */
 };
 
 /* this is a pointer to the global configuration, it should be available
diff --git a/nslcd/common.h b/nslcd/common.h
index a6c2c4d..fce92f6 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -141,11 +141,11 @@ void nsswitch_check_reload(void);
 int nsswitch_shadow_uses_ldap(void);
 
 /* start a child process that holds onto the original privileges with the
-   sole purpose of running nscd -i commands */
-int nscd_start_invalidator(void);
+   purpose of running external cache invalidation commands */
+int invalidator_start(void);
 
-/* signal nscd to invalidate the selected map */
-void nscd_invalidate(enum ldap_map_selector map);
+/* signal invalidator to invalidate the selected external cache */
+void invalidator_do(enum ldap_map_selector map);
 
 /* fallback definition of HOST_NAME_MAX */
 #ifndef HOST_NAME_MAX
diff --git a/nslcd/nscd.c b/nslcd/invalidator.c
similarity index 72%
rename from nslcd/nscd.c
rename to nslcd/invalidator.c
index 14a976c..03584eb 100644
--- a/nslcd/nscd.c
+++ b/nslcd/invalidator.c
@@ -1,5 +1,5 @@
 /*
-   nscd.c - functions for invalidating the nscd cache
+   invalidator.c - functions for invalidating external caches
 
    Copyright (C) 2013 Arthur de Jong
 
@@ -36,7 +36,7 @@
 #include "log.h"
 
 /* the write end of a pipe that is used to signal the child process
-   to call nscd to invalidate the cache */
+   to invalidate the cache */
 static int signalfd = -1;
 
 /* we have our own implementation because nscd could use different names */
@@ -61,16 +61,33 @@ static const char *map2name(enum ldap_map_selector map)
   }
 }
 
-/* invalidate the specified database in nscd */
+/* invalidate the specified database */
 static void exec_invalidate(const char *db)
 {
   pid_t cpid;
   int i, status;
   char *argv[4];
+  char cmdline[80];
 #ifdef HAVE_EXECVPE
   char *newenviron[] = { NULL };
 #endif
-  log_log(LOG_DEBUG, "nscd_invalidator: nscd -i %s", db);
+  /* build command line */
+  if (strcmp(db, "nfsidmap") == 0)
+  {
+    argv[0] = "nfsidmap";
+    argv[1] = "-c";
+    argv[2] = NULL;
+  }
+  else
+  {
+    argv[0] = "nscd";
+    argv[1] = "-i";
+    argv[2] = (char *)db;
+    argv[3] = NULL;
+  }
+  mysnprintf(cmdline, 80, "%s %s%s%s", argv[0], argv[1],
+             argv[2] != NULL ? " " : "", argv[2] != NULL ? argv[2] : "");
+  log_log(LOG_DEBUG, "invalidator: %s", cmdline);
   /* do fork/exec */
   switch (cpid=fork())
   {
@@ -83,20 +100,6 @@ static void exec_invalidate(const char *db)
         i = 32;
       for (; i >= 0; i--)
         close(i);
-      /* build command line */
-      if (strcmp(db, "nfsidmap") == 0)
-      {
-        argv[0] = "nfsidmap";
-        argv[1] = "-c";
-        argv[2] = NULL;
-      }
-      else
-      {
-        argv[0] = "nscd";
-        argv[1] = "-i";
-        argv[2] = (char *)db;
-        argv[3] = NULL;
-      }
       /* execute command */
 #ifdef HAVE_EXECVPE
       execvpe(argv[0], argv, newenviron);
@@ -108,7 +111,7 @@ static void exec_invalidate(const char *db)
       _exit(EXIT_FAILURE);
       break;
     case -1: /* we are the parent, but have an error */
-      log_log(LOG_ERR, "nscd_invalidator: fork() failed: %s", strerror(errno));
+      log_log(LOG_ERR, "invalidator: fork() failed: %s", strerror(errno));
       break;
     default: /* we are the parent */
       /* wait for child exit */
@@ -119,37 +122,37 @@ static void exec_invalidate(const char *db)
       }
       while ((i < 0) && (errno == EINTR));
       if (i < 0)
-        log_log(LOG_ERR, "nscd_invalidator: waitpid(%d) failed: %s", 
(int)cpid, strerror(errno));
+        log_log(LOG_ERR, "invalidator: waitpid(%d) failed: %s", (int)cpid, 
strerror(errno));
       else if (WIFEXITED(status))
       {
         i = WEXITSTATUS(status);
         if (i == 0)
-          log_log(LOG_DEBUG, "nscd_invalidator: nscd -i %s (pid %d) success",
-                  db, (int)cpid);
+          log_log(LOG_DEBUG, "invalidator: %s (pid %d) success",
+                  cmdline, (int)cpid);
         else
-          log_log(LOG_DEBUG, "nscd_invalidator: nscd -i %s (pid %d) failed 
(%d)",
-                  db, (int)cpid, i);
+          log_log(LOG_DEBUG, "invalidator: %s (pid %d) failed (%d)",
+                  cmdline, (int)cpid, i);
       }
       else if (WIFSIGNALED(status))
       {
         i = WTERMSIG(status);
-        log_log(LOG_ERR, "nscd_invalidator: nscd -i %s (pid %d) killed by %s 
(%d)",
-                db, (int)cpid, signame(i), i);
+        log_log(LOG_ERR, "invalidator: %s (pid %d) killed by %s (%d)",
+                cmdline, (int)cpid, signame(i), i);
       }
       else
-        log_log(LOG_ERR, "nscd_invalidator: nscd -i %s (pid %d) had unknown 
failure",
-                db, (int)cpid);
+        log_log(LOG_ERR, "invalidator: %s (pid %d) had unknown failure",
+                cmdline, (int)cpid);
       break;
   }
 }
 
 /* main loop for the invalidator process */
-static void nscd_handle_requests(int fd)
+static void handle_requests(int fd)
 {
   int i;
   uint8_t c;
   const char *db;
-  log_log(LOG_DEBUG, "nscd_invalidator: starting");
+  log_log(LOG_DEBUG, "invalidator: starting");
   /* set up environment */
   (void)chdir("/");
   putenv("PATH=/usr/sbin:/usr/bin:/sbin:/bin");
@@ -159,17 +162,17 @@ static void nscd_handle_requests(int fd)
     i = read(fd, &c, sizeof(uint8_t));
     if (i == 0)
     {
-      log_log(LOG_ERR, "nscd_invalidator: EOF");
+      log_log(LOG_ERR, "invalidator: EOF");
       _exit(EXIT_SUCCESS);
     }
     else if (i < 0)
     {
       if (errno == EINTR)
-        log_log(LOG_DEBUG, "nscd_invalidator: read failed (ignored): %s",
+        log_log(LOG_DEBUG, "invalidator: read failed (ignored): %s",
                 strerror(errno));
       else
       {
-        log_log(LOG_ERR, "nscd_invalidator: read failed: %s", strerror(errno));
+        log_log(LOG_ERR, "invalidator: read failed: %s", strerror(errno));
         _exit(EXIT_SUCCESS);
       }
     }
@@ -177,7 +180,7 @@ static void nscd_handle_requests(int fd)
     {
       db = map2name((enum ldap_map_selector)c);
       if (db == NULL)
-        log_log(LOG_ERR, "nscd_invalidator: invalid db received");
+        log_log(LOG_ERR, "invalidator: invalid db received");
       else
         exec_invalidate(db);
     }
@@ -185,8 +188,8 @@ static void nscd_handle_requests(int fd)
 }
 
 /* start a child process that holds onto the original privileges with the
-   sole purpose of running nscd -i commands */
-int nscd_start_invalidator(void)
+   purpose of running external cache invalidation commands */
+int invalidator_start(void)
 {
   int pipefds[2];
   pid_t cpid;
@@ -213,7 +216,7 @@ int nscd_start_invalidator(void)
     close(pipefds[1]);
     return -1;
   }
-  /* fork a child to perfrom the nscd invalidate commands */
+  /* fork a child to perfrom the invalidate commands */
   cpid = fork();
   if (cpid < 0)
   {
@@ -226,7 +229,7 @@ int nscd_start_invalidator(void)
   {
     /* we are the child: close the write end and handle requests */
     close(pipefds[1]);
-    nscd_handle_requests(pipefds[0]);
+    handle_requests(pipefds[0]);
     /* the handle function should't return */
     _exit(EXIT_FAILURE);
   }
@@ -236,19 +239,19 @@ int nscd_start_invalidator(void)
   return 0;
 }
 
-/* signal nscd to invalidate the selected map */
-void nscd_invalidate(enum ldap_map_selector map)
+/* signal invalidator to invalidate the selected external cache */
+void invalidator_do(enum ldap_map_selector map)
 {
   uint8_t c;
   int rc;
   if (signalfd < 0)
     return;
-  /* LM_NONE is used to signal all maps condigured in nscd_invalidate */
+  /* LM_NONE is used to signal all maps condigured in reconnect_invalidate */
   if (map == LM_NONE)
   {
     for (map = 0; map < LM_NONE ; map++)
-      if (nslcd_cfg->nscd_invalidate[map])
-        nscd_invalidate(map);
+        invalidator_do(map);
+      if (nslcd_cfg->reconnect_invalidate[map])
     return;
   }
   /* write a single byte which should be atomic and not fill the PIPE
@@ -257,6 +260,6 @@ void nscd_invalidate(enum ldap_map_selector map)
   c = (uint8_t)map;
   rc = write(signalfd, &c, sizeof(uint8_t));
   if (rc <= 0)
-    log_log(LOG_WARNING, "error signalling nscd invalidator: %s",
+    log_log(LOG_WARNING, "error signalling invalidator: %s",
             strerror(errno));
 }
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 243ec9e..b2258d4 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -1197,8 +1197,8 @@ static int do_retry_search(MYLDAP_SEARCH *search)
           if ((current_uri->lastfail > 0) || (search->session->current_uri != 
start_uri))
           {
             log_log(LOG_INFO, "connected to LDAP server %s", current_uri->uri);
-            /* signal nscd cache invalidation */
-            nscd_invalidate(LM_NONE);
+            /* signal external invalidation of configured caches */
+            invalidator_do(LM_NONE);
           }
           /* update ok time */
           current_uri->firstfail = 0;
diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c
index 0816647..8cc29c6 100644
--- a/nslcd/nslcd.c
+++ b/nslcd/nslcd.c
@@ -706,12 +706,12 @@ int main(int argc, char *argv[])
   if (!nslcd_debugging)
     log_startlogging();
   log_log(LOG_INFO, "version %s starting", VERSION);
-  /* start subprocess to do nscd invalidating if nscd_invalidate is set */
+  /* start subprocess to do invalidating if reconnect_invalidate is set */
   for (i = 0; i < LM_NONE; i++)
-    if (nslcd_cfg->nscd_invalidate[i])
+    if (nslcd_cfg->reconnect_invalidate[i])
       break;
   if (i < LM_NONE)
-    nscd_start_invalidator();
+    invalidator_start();
   /* write pidfile */
   create_pidfile(NSLCD_PIDFILE);
   /* install handler to close stuff off on exit and log notice */
diff --git a/pynslcd/Makefile.am b/pynslcd/Makefile.am
index d0604f4..f96654b 100644
--- a/pynslcd/Makefile.am
+++ b/pynslcd/Makefile.am
@@ -20,7 +20,7 @@
 pynslcddir = $(datadir)/pynslcd
 
 pynslcd_PYTHON = pynslcd.py attmap.py cache.py cfg.py common.py expr.py \
-                 mypidfile.py nscd.py search.py tio.py \
+                 mypidfile.py invalidator.py search.py tio.py \
                  alias.py ether.py group.py host.py netgroup.py network.py \
                  passwd.py protocol.py rpc.py service.py shadow.py pam.py \
                  usermod.py
diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index 516eeb7..cf9c872 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -85,7 +85,7 @@ nss_nested_groups = False
 validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ 
\\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE)
 pam_authz_searches = []
 pam_password_prohibit_message = None  # FIXME: add support
-nscd_invalidate = set()
+reconnect_invalidate = set()
 
 
 # allowed boolean values
@@ -311,15 +311,15 @@ def read(filename):
             flags = 0 | re.IGNORECASE if m.group('flags') == 'i' else 0
             validnames = re.compile(m.group('value'), flags=flags)
             continue
-        # nscd_invalidate <MAP>,<MAP>,...
-        m = re.match('nscd_invalidate\s+(?P<value>\S.*)',
+        # reconnect_invalidate <MAP>,<MAP>,...
+        m = re.match('reconnect_invalidate\s+(?P<value>\S.*)',
                      line, re.IGNORECASE)
         if m:
             dbs = re.split('[ ,]+', m.group('value').lower())
             for db in dbs:
                 if db not in maps.keys() + ['nfsidmap']:
                     raise ParseError(filename, lineno, 'map %s unknown' % db)
-            nscd_invalidate.update(dbs)
+            reconnect_invalidate.update(dbs)
             continue
         # unrecognised line
         raise ParseError(filename, lineno, 'error parsing line %r' % line)
diff --git a/pynslcd/nscd.py b/pynslcd/invalidator.py
similarity index 85%
rename from pynslcd/nscd.py
rename to pynslcd/invalidator.py
index 1cc05cf..98c0783 100644
--- a/pynslcd/nscd.py
+++ b/pynslcd/invalidator.py
@@ -1,5 +1,5 @@
 
-# nscd.py - functions for invalidating the nscd cache
+# invalidator.py - functions for invalidating external caches
 #
 # Copyright (C) 2013 Arthur de Jong
 #
@@ -41,7 +41,7 @@ _char_to_db = dict((reversed(item) for item in 
_db_to_char.items()))
 
 def exec_invalidate(*args):
     cmd = ' '.join(args)
-    logging.debug('nscd_invalidator: %s', cmd)
+    logging.debug('invalidator: %s', cmd)
     try:
         p = subprocess.Popen(args, bufsize=4096, close_fds=True,
                              stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
@@ -49,23 +49,23 @@ def exec_invalidate(*args):
         if output:
             output = ': %s' % output[:1024].strip()
         if p.returncode == 0:
-            logging.debug('nscd_invalidator: %s (pid %d) success%s',
+            logging.debug('invalidator: %s (pid %d) success%s',
                           cmd, p.pid, output)
         elif p.returncode > 0:
-            logging.debug('nscd_invalidator: %s (pid %d) failed (%d)%s',
+            logging.debug('invalidator: %s (pid %d) failed (%d)%s',
                           cmd, p.pid, p.returncode, output)
         else:  # p.returncode < 0
-            logging.error('nscd_invalidator: %s (pid %d) killed by signal 
%d%s',
+            logging.error('invalidator: %s (pid %d) killed by signal %d%s',
                           cmd, p.pid, -p.returncode, output)
     except:
-        logging.warn('nscd_invalidator: %s failed', cmd, exc_info=True)
+        logging.warn('invalidator: %s failed', cmd, exc_info=True)
 
 
 def loop(fd):
     # set process title
     try:
         import setproctitle
-        setproctitle.setproctitle('(nscd invalidator)')
+        setproctitle.setproctitle('(invalidator)')
     except ImportError:
         pass
     # set up clean environment
@@ -105,7 +105,7 @@ def invalidate(db=None):
     if db:
         db = _db_to_char.get(db, '')
     else:
-        db = ''.join(_db_to_char[x] for x in cfg.nscd_invalidate)
+        db = ''.join(_db_to_char[x] for x in cfg.reconnect_invalidate)
     try:
         os.write(signalfd, db)
     except:
diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py
index df54bad..4a57155 100755
--- a/pynslcd/pynslcd.py
+++ b/pynslcd/pynslcd.py
@@ -35,7 +35,7 @@ import cfg
 import common
 import constants
 import mypidfile
-import nscd
+import invalidator
 import search
 
 
@@ -323,9 +323,9 @@ if __name__ == '__main__':
                 logging.getLogger().setLevel(min(level for method, level in 
cfg.logs))
                 logging.getLogger().removeHandler(stderrhandler)
             logging.info('version %s starting', constants.VERSION)
-            # start nscd sub-process if needed
-            if cfg.nscd_invalidate:
-                nscd.start_invalidator()
+            # start invalidator sub-process if needed
+            if cfg.invalidator_invalidate:
+                invalidator.start_invalidator()
             # create socket
             nslcd_serversocket = create_socket()
             # load supplementary groups
diff --git a/pynslcd/search.py b/pynslcd/search.py
index 3db6e9d..f8c82fb 100644
--- a/pynslcd/search.py
+++ b/pynslcd/search.py
@@ -55,9 +55,9 @@ class Connection(ldap.ldapobject.ReconnectLDAPObject):
             self.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_HARD)
 
     def reconnect_after_fail(self):
-        import nscd
+        import invalidator
         logging.info('connected to LDAP server %s', cfg.uri)
-        nscd.invalidate()
+        invalidator.invalidate()
 
     def search_s(self, *args, **kwargs):
         # wrapper function to keep the global server_error state
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b8990a9..13d34fc 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -55,7 +55,7 @@ test_getpeercred_SOURCES = test_getpeercred.c common.h
 test_getpeercred_LDADD = ../compat/libcompat.a
 
 # common objects that are included for the tests of nslcd functionality
-common_nslcd_LDADD = ../nslcd/log.o ../nslcd/common.o ../nslcd/nscd.o \
+common_nslcd_LDADD = ../nslcd/log.o ../nslcd/common.o ../nslcd/invalidator.o \
                      ../nslcd/myldap.o ../nslcd/attmap.o ../nslcd/nsswitch.o \
                      ../nslcd/alias.o ../nslcd/ether.o ../nslcd/group.o \
                      ../nslcd/host.o ../nslcd/netgroup.o ../nslcd/network.o \

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=6054499f9a9952593ccadc83182e01d39ff62f12

commit 6054499f9a9952593ccadc83182e01d39ff62f12
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jul 26 14:26:55 2013 +0200

    Allow invalidating the nfsidmap cache
    
    This introduces an nfsidmap value for nscd_invalidate which will cause
    the nfsidmap -c command to be run.

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 87d21f8..9435e3a 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -825,13 +825,21 @@
       <para>
        If this option is set, on start-up and whenever a connection to the
        <acronym>LDAP</acronym> server is re-established after an error
+       the specified cache is flushed.
+      </para>
+      <para>
+       If <replaceable>DB</replaceable> is one of the nsswitch maps,
        <command>nscd</command> is contacted to flush it's cache for the
-       configured databases.
+       specified database.
+      </para>
+      <para> <!-- since 0.9.1 -->
+       If <replaceable>DB</replaceable> is <literal>nfsidmap</literal>,
+       <command>nfsidmap</command> to contacted to clear it's cache.
       </para>
       <para>
-       Using this option ensures that <command>nscd</command> is not
-       caching absence of users that were not available if the LDAP server
-       was unavailable.
+       Using this option ensures that external caches are cleared of
+       information (typically the absence of users) while the
+       <acronym>LDAP</acronym> server was unavailable.
       </para>
      </listitem>
     </varlistentry>
diff --git a/nslcd/attmap.c b/nslcd/attmap.c
index 2480096..08130fa 100644
--- a/nslcd/attmap.c
+++ b/nslcd/attmap.c
@@ -57,6 +57,7 @@ const char **base_get_var(enum ldap_map_selector map)
     case LM_RPC:       return rpc_bases;
     case LM_SERVICES:  return service_bases;
     case LM_SHADOW:    return shadow_bases;
+    case LM_NFSIDMAP:
     case LM_NONE:
     default:           return NULL;
   }
@@ -90,6 +91,7 @@ int *scope_get_var(enum ldap_map_selector map)
     case LM_RPC:       return &rpc_scope;
     case LM_SERVICES:  return &service_scope;
     case LM_SHADOW:    return &shadow_scope;
+    case LM_NFSIDMAP:
     case LM_NONE:
     default:           return NULL;
   }
@@ -123,6 +125,7 @@ const char **filter_get_var(enum ldap_map_selector map)
     case LM_RPC:       return &rpc_filter;
     case LM_SERVICES:  return &service_filter;
     case LM_SHADOW:    return &shadow_filter;
+    case LM_NFSIDMAP:
     case LM_NONE:
     default:           return NULL;
   }
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 056b6e2..381ddec 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -527,6 +527,7 @@ static const char *print_map(enum ldap_map_selector map)
     case LM_RPC:       return "rpc";
     case LM_SERVICES:  return "services";
     case LM_SHADOW:    return "shadow";
+    case LM_NFSIDMAP:  return "nfsidmap";
     case LM_NONE:
     default:           return "???";
   }
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index bd53560..4ec31ff 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -67,6 +67,7 @@ enum ldap_map_selector {
   LM_RPC,
   LM_SERVICES,
   LM_SHADOW,
+  LM_NFSIDMAP, /* only used for cache invalidation */
   LM_NONE
 };
 
diff --git a/nslcd/nscd.c b/nslcd/nscd.c
index da58c2e..14a976c 100644
--- a/nslcd/nscd.c
+++ b/nslcd/nscd.c
@@ -55,6 +55,7 @@ static const char *map2name(enum ldap_map_selector map)
     case LM_RPC:       return "rpc";
     case LM_SERVICES:  return "services";
     case LM_SHADOW:    return "shadow";
+    case LM_NFSIDMAP:  return "nfsidmap";
     case LM_NONE:
     default:           return NULL;
   }
@@ -65,7 +66,7 @@ static void exec_invalidate(const char *db)
 {
   pid_t cpid;
   int i, status;
-  char *argv[] = { "nscd", "-i", NULL, NULL };
+  char *argv[4];
 #ifdef HAVE_EXECVPE
   char *newenviron[] = { NULL };
 #endif
@@ -82,12 +83,25 @@ static void exec_invalidate(const char *db)
         i = 32;
       for (; i >= 0; i--)
         close(i);
+      /* build command line */
+      if (strcmp(db, "nfsidmap") == 0)
+      {
+        argv[0] = "nfsidmap";
+        argv[1] = "-c";
+        argv[2] = NULL;
+      }
+      else
+      {
+        argv[0] = "nscd";
+        argv[1] = "-i";
+        argv[2] = (char *)db;
+        argv[3] = NULL;
+      }
       /* execute command */
-      argv[2] = (char *)db;
 #ifdef HAVE_EXECVPE
-      execvpe("nscd", argv, newenviron);
+      execvpe(argv[0], argv, newenviron);
 #else
-      execvp("nscd", argv);
+      execvp(argv[0], argv);
 #endif
       /* if we are here there has been an error */
       /* we can't log since we don't have any useful file descriptors */
@@ -137,7 +151,7 @@ static void nscd_handle_requests(int fd)
   const char *db;
   log_log(LOG_DEBUG, "nscd_invalidator: starting");
   /* set up environment */
-  chdir("/");
+  (void)chdir("/");
   putenv("PATH=/usr/sbin:/usr/bin:/sbin:/bin");
   /* handle incoming requests */
   while (1)
diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index a9f1d89..516eeb7 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -317,7 +317,7 @@ def read(filename):
         if m:
             dbs = re.split('[ ,]+', m.group('value').lower())
             for db in dbs:
-                if db not in maps:
+                if db not in maps.keys() + ['nfsidmap']:
                     raise ParseError(filename, lineno, 'map %s unknown' % db)
             nscd_invalidate.update(dbs)
             continue
diff --git a/pynslcd/nscd.py b/pynslcd/nscd.py
index acee9a9..1cc05cf 100644
--- a/pynslcd/nscd.py
+++ b/pynslcd/nscd.py
@@ -34,31 +34,31 @@ signalfd = None
 _db_to_char = dict(
         aliases='A', ethers='E', group='G', hosts='H', netgroup='U',
         networks='N', passwd='P', protocols='L', rpc='R', services='V',
-        shadow='S',
+        shadow='S', nfsidmap='F',
     )
 _char_to_db = dict((reversed(item) for item in _db_to_char.items()))
 
 
-def exec_invalidate(db):
-    logging.debug('nscd_invalidator: nscd -i %s', db)
+def exec_invalidate(*args):
+    cmd = ' '.join(args)
+    logging.debug('nscd_invalidator: %s', cmd)
     try:
-        p = subprocess.Popen(['nscd', '-i', db],
-                             bufsize=4096, close_fds=True,
+        p = subprocess.Popen(args, bufsize=4096, close_fds=True,
                              stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
         output, ignored = p.communicate()
         if output:
             output = ': %s' % output[:1024].strip()
         if p.returncode == 0:
-            logging.debug('nscd_invalidator: nscd -i %s (pid %d) success%s',
-                          db, p.pid, output)
+            logging.debug('nscd_invalidator: %s (pid %d) success%s',
+                          cmd, p.pid, output)
         elif p.returncode > 0:
-            logging.debug('nscd_invalidator: nscd -i %s (pid %d) failed 
(%d)%s',
-                          db, p.pid, p.returncode, output)
+            logging.debug('nscd_invalidator: %s (pid %d) failed (%d)%s',
+                          cmd, p.pid, p.returncode, output)
         else:  # p.returncode < 0
-            logging.error('nscd_invalidator: nscd -i %s (pid %d) killed by 
signal %d%s',
-                          db, p.pid, -p.returncode, output)
+            logging.error('nscd_invalidator: %s (pid %d) killed by signal 
%d%s',
+                          cmd, p.pid, -p.returncode, output)
     except:
-        logging.warn('nscd_invalidator: nscd -i %s failed', db, exc_info=True)
+        logging.warn('nscd_invalidator: %s failed', cmd, exc_info=True)
 
 
 def loop(fd):
@@ -76,8 +76,10 @@ def loop(fd):
         if db == '':
             break  # close process down
         db = _char_to_db.get(db, None)
-        if db:
-            exec_invalidate(db)
+        if db == 'nfsidmap':
+            exec_invalidate('nfsidmap', '-c')
+        else if db:
+            exec_invalidate('nscd', '-i', db)
 
 
 def start_invalidator():
@@ -107,4 +109,4 @@ def invalidate(db=None):
     try:
         os.write(signalfd, db)
     except:
-        logging.warn('nscd_invalidator: nscd -i %s failed', db, exc_info=True)
+        logging.warn('requesting invalidation (%s) failed', db, exc_info=True)

-----------------------------------------------------------------------

Summary of changes:
 man/nslcd.conf.5.xml                |   20 +++++---
 nslcd/Makefile.am                   |    2 +-
 nslcd/attmap.c                      |    3 ++
 nslcd/cfg.c                         |   15 +++---
 nslcd/cfg.h                         |    3 +-
 nslcd/common.h                      |    8 ++--
 nslcd/{nscd.c => invalidator.c}     |   87 +++++++++++++++++++++--------------
 nslcd/myldap.c                      |    4 +-
 nslcd/nslcd.c                       |    6 +--
 pynslcd/Makefile.am                 |    2 +-
 pynslcd/cfg.py                      |   10 ++--
 pynslcd/{nscd.py => invalidator.py} |   38 +++++++--------
 pynslcd/pynslcd.py                  |    8 ++--
 pynslcd/search.py                   |    4 +-
 tests/Makefile.am                   |    2 +-
 15 files changed, 122 insertions(+), 90 deletions(-)
 rename nslcd/{nscd.c => invalidator.c} (70%)
 rename pynslcd/{nscd.py => invalidator.py} (70%)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/