diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-27 12:30:53 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-09 08:35:16 +0200 |
| commit | 1aa492ce890f362564bfac21f3cfb0a3e38608bd (patch) | |
| tree | 8cbab507804e46c8bb2c7bba0fe8ec26a2957664 | |
| parent | d338bb46b8c03c33e6182e725911af6d778bcf00 (diff) | |
| download | sssd-1aa492ce890f362564bfac21f3cfb0a3e38608bd.tar.gz sssd-1aa492ce890f362564bfac21f3cfb0a3e38608bd.tar.xz sssd-1aa492ce890f362564bfac21f3cfb0a3e38608bd.zip | |
ncache: Silence critical error from filter_users when default_domain_suffix is set
When default_domain_suffix is used and filter_users is set (at least
root is always, by default), SSSD tried to add the negcache entry to the
default domain. But since the default domain is not known after start
up, adding the entries fail with a verbose error message.
This patch handles EAGAIN returned from the parsing function while
setting negcache entries gracefully and also makes the debug message in
parsing function more precise.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
| -rw-r--r-- | src/responder/common/negcache.c | 18 | ||||
| -rw-r--r-- | src/tests/cmocka/test_negcache.c | 88 | ||||
| -rw-r--r-- | src/util/usertools.c | 3 |
3 files changed, 101 insertions, 8 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 04c9a53f5..3e58c3e7f 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -630,7 +630,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, rctx->default_domain, filter_list[i], &domainname, &name); - if (ret != EOK) { + if (ret == EAGAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + "cannot add [%s] to negcache because the required or " + "default domain are not known yet\n", filter_list[i]); + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret); @@ -679,7 +683,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); - if (ret != EOK) { + if (ret == EAGAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot add [%s] to negcache because the required or " + "default domain are not known yet\n", filter_list[i]); + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret); @@ -783,7 +791,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); - if (ret != EOK) { + if (ret == EAGAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot add [%s] to negcache because the required or " + "default domain are not known yet\n", filter_list[i]); + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret); diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c index 4502c0294..cab457434 100644 --- a/src/tests/cmocka/test_negcache.c +++ b/src/tests/cmocka/test_negcache.c @@ -590,8 +590,8 @@ static void test_sss_ncache_prepopulate(void **state) struct sss_domain_info *dom; struct sss_test_conf_param params[] = { - { "filter_users", "testuser1" }, - { "filter_groups", "testgroup1" }, + { "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" }, + { "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" }, { NULL, NULL }, }; @@ -628,6 +628,86 @@ static void test_sss_ncache_prepopulate(void **state) ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1"); assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser3"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser3@somedomain"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3@somedomain"); + assert_int_equal(ret, ENOENT); +} + +static void test_sss_ncache_default_domain_suffix(void **state) +{ + int ret; + struct test_state *ts; + struct tevent_context *ev; + struct sss_nc_ctx *ncache; + struct sss_test_ctx *tc; + struct sss_domain_info *dom; + + struct sss_test_conf_param params[] = { + { "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" }, + { "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" }, + { NULL, NULL }, + }; + + ts = talloc_get_type_abort(*state, struct test_state); + + ev = tevent_context_init(ts); + assert_non_null(ev); + + dom = talloc_zero(ts, struct sss_domain_info); + assert_non_null(dom); + dom->name = discard_const_p(char, TEST_DOM_NAME); + + ts->nctx = mock_nctx(ts); + assert_non_null(ts->nctx); + + tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB, + TEST_DOM_NAME, TEST_ID_PROVIDER, params); + assert_non_null(tc); + + ncache = ts->ctx; + ts->rctx = mock_rctx(ts, ev, dom, ts->nctx); + assert_non_null(ts->rctx); + ts->rctx->default_domain = discard_const(TEST_DOM_NAME); + + ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names); + assert_int_equal(ret, EOK); + + ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx); + assert_int_equal(ret, EOK); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser3"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3"); + assert_int_equal(ret, ENOENT); + } int main(void) @@ -648,7 +728,9 @@ int main(void) cmocka_unit_test_setup_teardown(test_sss_ncache_reset_permanent, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_prepopulate, - setup, teardown) + setup, teardown), + cmocka_unit_test_setup_teardown(test_sss_ncache_default_domain_suffix, + setup, teardown), }; tests_set_cwd(); diff --git a/src/util/usertools.c b/src/util/usertools.c index 439c1494a..c43d420e3 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -481,8 +481,7 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, } if (match == NULL) { DEBUG(SSSDBG_FUNC_DATA, "default domain [%s] is currently " \ - "not known, trying to look it up.\n", - rdomain); + "not known\n", rdomain); *domain = talloc_steal(memctx, rdomain); ret = EAGAIN; goto done; |