summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2015-06-30 13:50:51 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-07-03 15:16:44 +0200
commitebf6735dd4f71bf3dc9105e5d04d11e744c64a59 (patch)
tree57eea70a590336d2f004d7e5c108828954d09716
parent323943605c88838f1f86a72f891eb28600bb34e2 (diff)
downloadsssd-ebf6735dd4f71bf3dc9105e5d04d11e744c64a59.tar.gz
sssd-ebf6735dd4f71bf3dc9105e5d04d11e744c64a59.tar.xz
sssd-ebf6735dd4f71bf3dc9105e5d04d11e744c64a59.zip
nss: Store entries in responder to initgr mmap cache
Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com>
-rw-r--r--src/responder/nss/nsssrv.c16
-rw-r--r--src/responder/nss/nsssrv.h1
-rw-r--r--src/responder/nss/nsssrv_cmd.c30
-rw-r--r--src/responder/nss/nsssrv_mmap_cache.c64
-rw-r--r--src/responder/nss/nsssrv_mmap_cache.h9
-rw-r--r--src/util/mmap_cache.h8
6 files changed, 124 insertions, 4 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 48fb19408..2b3bca892 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -124,6 +124,15 @@ static int nss_clear_memcache(struct sbus_request *dbus_req, void *data)
return ret;
}
+ ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
+ (time_t)memcache_timeout,
+ &nctx->initgr_mc_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "initgroups mmap cache invalidation failed\n");
+ return ret;
+ }
+
done:
return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
}
@@ -517,6 +526,13 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
}
+ ret = sss_mmap_cache_init(nctx, "initgroups", SSS_MC_INITGROUPS,
+ SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
+ &nctx->initgr_mc_ctx);
+ if (ret) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "inigroups mmap cache is DISABLED\n");
+ }
+
/* Set up file descriptor limits */
ret = confdb_get_int(nctx->rctx->cdb,
CONFDB_NSS_CONF_ENTRY,
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 784eba2e0..e293e3b4d 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -72,6 +72,7 @@ struct nss_ctx {
struct sss_mc_ctx *pwd_mc_ctx;
struct sss_mc_ctx *grp_mc_ctx;
+ struct sss_mc_ctx *initgr_mc_ctx;
struct sss_idmap_ctx *idmap_ctx;
struct sss_names_ctx *global_names;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 012c4e701..ccb8e7334 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -3909,17 +3909,23 @@ done:
/* FIXME: what about mpg, should we return the user's GID ? */
/* FIXME: should we filter out GIDs ? */
-static int fill_initgr(struct sss_packet *packet, struct sss_domain_info *dom,
- struct ldb_result *res)
+static int fill_initgr(struct sss_packet *packet,
+ struct sss_domain_info *dom,
+ struct ldb_result *res,
+ struct nss_ctx *nctx,
+ const char *name)
{
uint8_t *body;
size_t blen;
gid_t gid;
- int ret, i, num;
+ int ret, i;
+ uint32_t num;
size_t bindex;
int skipped = 0;
const char *posix;
gid_t orig_primary_gid;
+ struct sized_string rawname;
+ uint8_t *gids;
if (res->count == 0) {
return ENOENT;
@@ -3952,6 +3958,7 @@ static int fill_initgr(struct sss_packet *packet, struct sss_domain_info *dom,
/* 0-3: 32bit unsigned number of results
* 4-7: 32bit unsigned (reserved/padding) */
bindex = 2 * sizeof(uint32_t);
+ gids = body + bindex;
/* skip first entry, it's the user entry */
for (i = 0; i < num; i++) {
@@ -3993,6 +4000,17 @@ static int fill_initgr(struct sss_packet *packet, struct sss_domain_info *dom,
return ret;
}
+ if (nctx->initgr_mc_ctx) {
+ to_sized_string(&rawname, name);
+ ret = sss_mmap_cache_initgr_store(&nctx->initgr_mc_ctx, &rawname,
+ num - skipped, gids);
+ if (ret != EOK && ret != ENOMEM) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to store user %s(%s) in mmap cache!\n",
+ rawname.str, dom->name);
+ }
+ }
+
return EOK;
}
@@ -4000,8 +4018,11 @@ static int nss_cmd_initgr_send_reply(struct nss_dom_ctx *dctx)
{
struct nss_cmd_ctx *cmdctx = dctx->cmdctx;
struct cli_ctx *cctx = cmdctx->cctx;
+ struct nss_ctx *nctx;
int ret;
+ nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
+
ret = sss_packet_new(cctx->creq, 0,
sss_packet_get_cmd(cctx->creq->in),
&cctx->creq->out);
@@ -4009,7 +4030,8 @@ static int nss_cmd_initgr_send_reply(struct nss_dom_ctx *dctx)
return EFAULT;
}
- ret = fill_initgr(cctx->creq->out, dctx->domain, dctx->res);
+ ret = fill_initgr(cctx->creq->out, dctx->domain, dctx->res, nctx,
+ dctx->rawname);
if (ret) {
return ret;
}
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
index 2d159eb11..ebda8ac6f 100644
--- a/src/responder/nss/nsssrv_mmap_cache.c
+++ b/src/responder/nss/nsssrv_mmap_cache.c
@@ -31,6 +31,8 @@
#define SSS_AVG_PASSWD_PAYLOAD (MC_SLOT_SIZE * 4)
/* short group name and no gids (private user group */
#define SSS_AVG_GROUP_PAYLOAD (MC_SLOT_SIZE * 3)
+/* average place for 40 supplementary groups */
+#define SSS_AVG_INITGROUP_PAYLOAD (MC_SLOT_SIZE * 4)
#define MC_NEXT_BARRIER(val) ((((val) + 1) & 0x00ffffff) | 0xf0000000)
@@ -955,6 +957,65 @@ done:
return ret;
}
+errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
+ struct sized_string *name,
+ uint32_t memnum,
+ uint8_t *membuf)
+{
+ struct sss_mc_ctx *mcc = *_mcc;
+ struct sss_mc_rec *rec;
+ struct sss_mc_initgr_data *data;
+ size_t data_len;
+ size_t rec_len;
+ int ret;
+
+ if (mcc == NULL) {
+ /* cache not initialized ? */
+ return EINVAL;
+ }
+
+ /* memnum + reserved + array of members + name*/
+ data_len = (2 + memnum) * sizeof(uint32_t) + name->len;
+ rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_initgr_data)
+ + data_len;
+ if (rec_len > mcc->dt_size) {
+ return ENOMEM;
+ }
+
+ ret = sss_mc_get_record(_mcc, rec_len, name, &rec);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ data = (struct sss_mc_initgr_data *)rec->data;
+
+ MC_RAISE_BARRIER(rec);
+
+ /* We cannot use two keys for searching in intgroups cache.
+ * Use the first key twice.
+ */
+ sss_mmap_set_rec_header(mcc, rec, rec_len, mcc->valid_time_slot,
+ name->str, name->len, name->str, name->len);
+
+ /* initgroups struct */
+ data->members = memnum;
+ memcpy(data->gids, membuf, memnum * sizeof(uint32_t));
+ memcpy(&data->gids[memnum], name->str, name->len);
+ data->name = MC_PTR_DIFF(&data->gids[memnum], data);
+
+ MC_LOWER_BARRIER(rec);
+
+ /* finally chain the rec in the hash table */
+ sss_mmap_chain_in_rec(mcc, rec);
+
+ return EOK;
+}
+
+errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc,
+ struct sized_string *name)
+{
+ return sss_mmap_cache_invalidate(mcc, name);
+}
/***************************************************************************
* initialization
@@ -1145,6 +1206,9 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
case SSS_MC_GROUP:
payload = SSS_AVG_GROUP_PAYLOAD;
break;
+ case SSS_MC_INITGROUPS:
+ payload = SSS_AVG_INITGROUP_PAYLOAD;
+ break;
default:
return EINVAL;
}
diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h
index fdeaa0912..3a6764dd3 100644
--- a/src/responder/nss/nsssrv_mmap_cache.h
+++ b/src/responder/nss/nsssrv_mmap_cache.h
@@ -30,6 +30,7 @@ enum sss_mc_type {
SSS_MC_NONE = 0,
SSS_MC_PASSWD,
SSS_MC_GROUP,
+ SSS_MC_INITGROUPS,
};
errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
@@ -50,6 +51,11 @@ errno_t sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
gid_t gid, size_t memnum,
char *membuf, size_t memsize);
+errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
+ struct sized_string *name,
+ uint32_t memnum,
+ uint8_t *membuf);
+
errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc,
struct sized_string *name);
@@ -60,6 +66,9 @@ errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc,
errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid);
+errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc,
+ struct sized_string *name);
+
errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, size_t n_elem,
time_t timeout, struct sss_mc_ctx **mc_ctx);
diff --git a/src/util/mmap_cache.h b/src/util/mmap_cache.h
index 81269fe7e..438e28a3d 100644
--- a/src/util/mmap_cache.h
+++ b/src/util/mmap_cache.h
@@ -136,6 +136,14 @@ struct sss_mc_grp_data {
* string is zero terminated ordered as follows:
* name, passwd, member1, member2, ... */
};
+
+struct sss_mc_initgr_data {
+ rel_ptr_t name; /* ptr to name string, rel. to struct base addr */
+ uint32_t members; /* number of members in groups */
+ uint32_t gids[0]; /* array of all groups
+ * string with name is stored after gids */
+};
+
#pragma pack()