diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-29 16:31:19 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-09 08:35:23 +0200 |
| commit | 0528fdec17d0031996e919fcd852459e86592c35 (patch) | |
| tree | 1b2e9e3a9406629fb4006acaf51a44d9bad8e4bd | |
| parent | 0d19785f9ffd9c66df5b30d208ec7b0216a9555b (diff) | |
| download | sssd-0528fdec17d0031996e919fcd852459e86592c35.tar.gz sssd-0528fdec17d0031996e919fcd852459e86592c35.tar.xz sssd-0528fdec17d0031996e919fcd852459e86592c35.zip | |
responders: reset ncache after domains are discovered during startup
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
| -rw-r--r-- | src/responder/autofs/autofssrv.c | 2 | ||||
| -rw-r--r-- | src/responder/common/responder.h | 4 | ||||
| -rw-r--r-- | src/responder/common/responder_get_domains.c | 42 | ||||
| -rw-r--r-- | src/responder/ifp/ifpsrv.c | 2 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.c | 2 | ||||
| -rw-r--r-- | src/responder/pac/pacsrv.c | 2 | ||||
| -rw-r--r-- | src/responder/pam/pamsrv.c | 2 | ||||
| -rw-r--r-- | src/responder/ssh/sshsrv.c | 2 | ||||
| -rw-r--r-- | src/responder/sudo/sudosrv.c | 2 | ||||
| -rw-r--r-- | src/tests/cmocka/test_responder_common.c | 37 |
10 files changed, 82 insertions, 15 deletions
diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index 91f529135..ff3016729 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -187,7 +187,7 @@ autofs_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 02a215ced..9c7a73809 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -34,6 +34,7 @@ #include <dhash.h> #include "sbus/sssd_dbus.h" +#include "responder/common/negcache.h" #include "sss_client/sss_cli.h" extern hash_table_t *dp_requests; @@ -314,7 +315,8 @@ errno_t sss_dp_get_domains_recv(struct tevent_req *req); errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct resp_ctx *rctx); + struct resp_ctx *rctx, + struct sss_nc_ctx *optional_ncache); errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string, bool allow_sss_loop, diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index 1dbb9ea81..8fbab082a 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -363,16 +363,33 @@ static errno_t check_last_request(struct resp_ctx *rctx, const char *hint) return EOK; } +struct get_domains_state { + struct resp_ctx *rctx; + struct sss_nc_ctx *optional_ncache; +}; + static void get_domains_at_startup_done(struct tevent_req *req) { int ret; + struct get_domains_state *state; + + state = tevent_req_callback_data(req, struct get_domains_state); ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sss_dp_get_domains request failed.\n"); + DEBUG(SSSDBG_MINOR_FAILURE, "sss_dp_get_domains request failed.\n"); } + if (state->optional_ncache != NULL) { + ret = sss_ncache_reset_repopulate_permanent(state->rctx, + state->optional_ncache); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "sss_dp_get_domains request failed.\n"); + } + } + + talloc_free(state); return; } @@ -381,33 +398,44 @@ static void get_domains_at_startup(struct tevent_context *ev, void *pvt) { struct tevent_req *req; - struct resp_ctx *rctx; + struct get_domains_state *state; - rctx = talloc_get_type(pvt, struct resp_ctx); + state = talloc_get_type(pvt, struct get_domains_state); - req = sss_dp_get_domains_send(rctx, rctx, true, NULL); + req = sss_dp_get_domains_send(state, state->rctx, true, NULL); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "sss_dp_get_domains_send failed.\n"); + talloc_free(state); return; } - tevent_req_set_callback(req, get_domains_at_startup_done, NULL); + tevent_req_set_callback(req, get_domains_at_startup_done, state); return; } errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct resp_ctx *rctx) + struct resp_ctx *rctx, + struct sss_nc_ctx *optional_ncache) { struct tevent_immediate *imm; + struct get_domains_state *state; + + state = talloc(mem_ctx, struct get_domains_state); + if (state == NULL) { + return ENOMEM; + } + state->rctx = rctx; + state->optional_ncache = optional_ncache; imm = tevent_create_immediate(mem_ctx); if (imm == NULL) { DEBUG(SSSDBG_OP_FAILURE, "tevent_create_immediate failed.\n"); + talloc_free(state); return ENOMEM; } - tevent_schedule_immediate(imm, ev, get_domains_at_startup, rctx); + tevent_schedule_immediate(imm, ev, get_domains_at_startup, state); return EOK; } diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index a4cabf20a..3f5444186 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -339,7 +339,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, return EIO; } - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index bce06c3e8..48fb19408 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -530,7 +530,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, } responder_set_fd_limit(fd_limit); - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 859ae86a5..20a5702e1 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -195,7 +195,7 @@ int pac_process_init(TALLOC_CTX *mem_ctx, } responder_set_fd_limit(fd_limit); - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 45747baa0..aa0d2796b 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -296,7 +296,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, } responder_set_fd_limit(fd_limit); - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, pctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto done; diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 1bcf4e21a..9439b9d89 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -163,7 +163,7 @@ int ssh_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index e480c7a43..5d46222c9 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -143,7 +143,7 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; diff --git a/src/tests/cmocka/test_responder_common.c b/src/tests/cmocka/test_responder_common.c index 44c93c1d5..0a4d4bb49 100644 --- a/src/tests/cmocka/test_responder_common.c +++ b/src/tests/cmocka/test_responder_common.c @@ -266,6 +266,40 @@ void parse_inp_call_neg(void **state) assert_int_equal(ret, EOK); } +struct sss_nc_ctx { + struct parse_inp_test_ctx *pctx; +}; + +errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx, + struct sss_nc_ctx *dummy_ncache_ptr) +{ + dummy_ncache_ptr->pctx->tctx->error = EOK; + dummy_ncache_ptr->pctx->tctx->done = true; + return EOK; +} + +void test_schedule_get_domains_task(void **state) +{ + struct parse_inp_test_ctx *parse_inp_ctx = talloc_get_type(*state, + struct parse_inp_test_ctx); + errno_t ret; + struct sss_nc_ctx *dummy_ncache_ptr; + + dummy_ncache_ptr = talloc(parse_inp_ctx, struct sss_nc_ctx); + assert_non_null(dummy_ncache_ptr); + dummy_ncache_ptr->pctx = parse_inp_ctx; + + ret = schedule_get_domains_task(dummy_ncache_ptr, + parse_inp_ctx->rctx->ev, + parse_inp_ctx->rctx, + dummy_ncache_ptr); + assert_int_equal(ret, EOK); + + ret = test_ev_loop(parse_inp_ctx->tctx); + assert_int_equal(ret, EOK); + talloc_free(dummy_ncache_ptr); +} + int main(int argc, const char *argv[]) { int rv; @@ -293,6 +327,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(parse_inp_call_neg, parse_inp_test_setup, parse_inp_test_teardown), + cmocka_unit_test_setup_teardown(test_schedule_get_domains_task, + parse_inp_test_setup, + parse_inp_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ |