sssd.git/src/util/mmap_cache.h, branch intg_test sssd with jhrozek's patches NSS: Initgr memory cache should work with fq names 2015-08-05T09:28:37+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-07-13T08:40:06+00:00 dda0258705de7255e6ec54b7f9adbde83a220996 We need to stored two versions of name to the initgroups memory cache. Otherwise it could be stored many times if sssd is configured with case_sensitive = false. It would be impossible to invalidate all version of names after user login. As a result of this wrong user groups could be returned from initgroups memory cache. Therefore we store raw name provided by glibc function and internal sanitized fully qualified name, which is unique for particular user. This patch also increase average space for initgroups because there are also stored two quite long names in case of fq names. Resolves: https://fedorahosted.org/sssd/ticket/2712 Reviewed-by: Michal Židek <mzidek@redhat.com> 
We need to stored two versions of name to the initgroups memory cache.
Otherwise it could be stored many times if sssd is configured with
case_sensitive = false. It would be impossible to invalidate all
version of names after user login. As a result of this wrong user
groups could be returned from initgroups memory cache.

Therefore we store raw name provided by glibc function
and internal sanitized fully qualified name,
which is unique for particular user.

This patch also increase average space for initgroups
because there are also stored two quite long names in case of
fq names.

Resolves:
https://fedorahosted.org/sssd/ticket/2712

Reviewed-by: Michal Židek <mzidek@redhat.com>
mmap_cache: "Override" functions for initgr mmap cache 2015-08-05T09:28:19+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-07-16T15:00:12+00:00 225dc6914cdc8920b02a129b98ece1ed97b99c03 Functions sss_mc_get_strs_offset and sss_mc_get_strs_len provides data about strings for individual memory caches (passwd, ...) Their are used in generic responder mmap cache code to find a record in mmap cache (sss_mc_find_record). Data provided from functions sss_mc_get_* are used for checking the validity of record. So in case of corrupted record the whole mmap cache can be invalidated. Functions sss_mc_get_strs_offset and sss_mc_get_strs_len did not provide data for initgroups mmap cache and therefore particular record could not be invalidated. Resolves: https://fedorahosted.org/sssd/ticket/2716 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Functions sss_mc_get_strs_offset and sss_mc_get_strs_len provides
data about strings for individual memory caches (passwd, ...)
Their are used in generic responder mmap cache code to find a record
in mmap cache (sss_mc_find_record). Data provided from functions sss_mc_get_*
are used for checking the validity of record. So in case of corrupted record
the whole mmap cache can be invalidated.

Functions sss_mc_get_strs_offset and sss_mc_get_strs_len did not provide
data for initgroups mmap cache and therefore particular record could not be
invalidated.

Resolves:
https://fedorahosted.org/sssd/ticket/2716

Reviewed-by: Michal Židek <mzidek@redhat.com>
mmap_cache: Rename variables 2015-08-05T09:28:11+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-07-16T14:54:00+00:00 39b31427e2d11ca318df11fd48db33a7cc610aa7 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Reviewed-by: Michal Židek <mzidek@redhat.com>
nss: Store entries in responder to initgr mmap cache 2015-07-03T13:16:44+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-06-30T11:50:51+00:00 ebf6735dd4f71bf3dc9105e5d04d11e744c64a59 Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2485

Reviewed-by: Michal Židek <mzidek@redhat.com>
mmap_cache: Use two chains for hash collision. 2013-09-23T15:04:19+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-09-10T11:39:01+00:00 581de96fc30b7fe44070f17a8a73f3374d38d6ff struct sss_mc_rec had two hash members (hash1 and hash2) but only one next member. This was a big problem in case of higher probability of hash collision. structure sss_mc_rec will have two next members (next1, next2) with this patch. next1 is related to hash1 and next2 is related to hash1. Iterating over chains is changed, because we need to choose right next pointer. Right next pointer will be chosen after comparing record hashes. This behaviour is wrapped in function sss_mc_next_slot_with_hash. Adding new record to chain is also changed. The situation is very similar to iterating. We need to choose right next pointer (next1 or next2). Right next pointer will be chosen after comparing record hashes. Adding reference to next slot is wrapped in function sss_mc_chain_slot_to_record_with_hash Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes. Resolves: https://fedorahosted.org/sssd/ticket/2049 
struct sss_mc_rec had two hash members (hash1 and hash2) but only one next
member. This was a big problem in case of higher probability of hash collision.

structure sss_mc_rec will have two next members (next1, next2) with this patch.
next1 is related to hash1 and next2 is related to hash1.

Iterating over chains is changed, because we need to choose right next pointer.
Right next pointer will be chosen after comparing record hashes.
This behaviour is wrapped in function sss_mc_next_slot_with_hash.

Adding new record to chain is also changed. The situation is very similar to
iterating. We need to choose right next pointer (next1 or next2).
Right next pointer will be chosen after comparing record hashes.
Adding reference to next slot is wrapped in function
sss_mc_chain_slot_to_record_with_hash

Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes.

Resolves:
https://fedorahosted.org/sssd/ticket/2049
mmap_cache: Use better checks for corrupted mc in responder 2013-08-19T18:51:03+00:00 Michal Zidek mzidek@redhat.com 2013-08-15T14:08:17+00:00 441e6050f4b67134d15862e401b4c4e8546d7387 We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder. 
We introduced new way to check integrity of memcache in the
client code. We should use similiar checks in the responder.
mmap_cache: Off by one error. 2013-08-19T18:51:03+00:00 Michal Zidek mzidek@redhat.com 2013-08-14T16:22:06+00:00 13df7b9e400211c717284fb841c849ba034ed348 Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS. 
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
mmap_cache: Check if slot and name_ptr are not invalid. 2013-08-11T18:36:21+00:00 Michal Zidek mzidek@redhat.com 2013-08-05T18:59:33+00:00 9028706a00da1bc48547e74aa872c825ac15adb2 This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018 
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
memcache: make MC_PTR_TO_SLOT() more readable 2013-01-07T16:35:13+00:00 Pavel Březina pbrezina@redhat.com 2013-01-07T14:31:44+00:00 4869633dc87dadb2b9a114444d375c39703ac863 






memcache: add macro that validates record length
2013-01-07T16:35:13+00:00

Pavel Březina
pbrezina@redhat.com

2013-01-07T09:34:48+00:00

31c47cacc7f9453153e57319474909d23122883f