s3-passdb: Keep caches coherent

When deleting a user send a message to all interested parties so they can
purge their caches. Otherwise some processes may positively respond with a
cached getpwnam, when the user have actully been removed.

Without this some tests that remove and then immediately create users are
flakey.

Signed-off-by: Simo Sorce <idra@samba.org>

source3/lib/id_cache.c

@@ -56,6 +56,10 @@ bool id_cache_ref_parse(const char* str, struct id_cache_ref* id)
 		id->id.sid = sid;
 		id->type = SID;
 		return true;
+	} else if (strncmp(str, "USER ", 5) == 0) {
+		id->id.name = str + 5;
+		id->type = USERNAME;
+		return true;
 	}
 	return false;
 }
@@ -112,6 +116,15 @@ static bool delete_sid_cache(const struct dom_sid* psid)
 	return true;
 }
 
+static bool delete_getpwnam_cache(const char *username)
+{
+	DATA_BLOB name = data_blob_string_const_null(username);
+	DEBUG(6, ("Delete passwd struct for %s from memcache\n",
+		  username));
+	memcache_delete(NULL, GETPWNAM_CACHE, name);
+	return true;
+}
+
 static void flush_gid_cache(void)
 {
 	DEBUG(3, ("Flush GID <-> SID memcache\n"));
@@ -140,6 +153,8 @@ static void delete_from_cache(const struct id_cache_ref* id)
 		delete_sid_cache(&id->id.sid);
 		idmap_cache_del_sid(&id->id.sid);
 		break;
+	case USERNAME:
+		delete_getpwnam_cache(id->id.name);
 	default:
 		break;
 	}

source3/lib/id_cache.h

@@ -24,7 +24,7 @@ struct id_cache_ref {
 		struct dom_sid sid;
 		const char *name;
 	} id;
-	enum {UID, GID, SID, NAME} type;
+	enum {UID, GID, SID, USERNAME} type;
 };
 
 bool id_cache_ref_parse(const char* str, struct id_cache_ref* id);

source3/passdb/pdb_interface.c

@@ -24,6 +24,7 @@
 #include "system/passwd.h"
 #include "passdb.h"
 #include "secrets.h"
+#include "messages.h"
 #include "../librpc/gen_ndr/samr.h"
 #include "../librpc/gen_ndr/drsblobs.h"
 #include "../librpc/gen_ndr/ndr_drsblobs.h"
@@ -608,6 +609,8 @@ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
 	uid_t uid = -1;
+	NTSTATUS status;
+	char *msg_data;
 
 	/* sanity check to make sure we don't delete root */
 
@@ -619,7 +622,26 @@ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	return pdb->delete_user(pdb, mem_ctx, sam_acct);
+	status = pdb->delete_user(pdb, mem_ctx, sam_acct);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	msg_data = talloc_asprintf(mem_ctx, "USER %s",
+				   pdb_get_username(sam_acct));
+	if (!msg_data) {
+		/* not fatal, and too late to rollback,
+		 * just return */
+		return status;
+	}
+	message_send_all(server_messaging_context(),
+			 ID_CACHE_DELETE,
+			 msg_data,
+			 strlen(msg_data) + 1,
+			 NULL);
+
+	TALLOC_FREE(msg_data);
+	return status;
 }
 
 NTSTATUS pdb_add_sam_account(struct samu *sam_acct) 

source3/rpc_server/lsasd.c

@@ -24,6 +24,8 @@
 #include "messages.h"
 #include "ntdomain.h"
 
+#include "lib/id_cache.h"
+
 #include "../lib/tsocket/tsocket.h"
 #include "lib/server_prefork.h"
 #include "lib/server_prefork_util.h"
@@ -267,6 +269,7 @@ static bool lsasd_child_init(struct tevent_context *ev_ctx,
 			   MSG_SMB_CONF_UPDATED, lsasd_smb_conf_updated);
 	messaging_register(msg_ctx, ev_ctx,
 			   MSG_PREFORK_PARENT_EVENT, parent_ping);
+	id_cache_register_msgs(msg_ctx);
 
 	status = rpc_lsarpc_init(NULL);
 	if (!NT_STATUS_IS_OK(status)) {