diff options
author | Pavel Březina <pbrezina@redhat.com> | 2015-01-23 15:32:55 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-13 09:56:06 +0100 |
commit | 3a5ea81007bd38ce511c37f65cc45d4b6b95ec44 (patch) | |
tree | 4e819e0c42fb5b085315d5f522e10e299f41b0b8 /src/responder | |
parent | 665bc06b1a39c64227de74ecbba3db1c4c104ccf (diff) | |
download | sssd-3a5ea81007bd38ce511c37f65cc45d4b6b95ec44.tar.gz sssd-3a5ea81007bd38ce511c37f65cc45d4b6b95ec44.tar.xz sssd-3a5ea81007bd38ce511c37f65cc45d4b6b95ec44.zip |
cache_req: add support for user by uid
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/common/responder_cache_req.c | 105 | ||||
-rw-r--r-- | src/responder/common/responder_cache_req.h | 17 | ||||
-rw-r--r-- | src/responder/ifp/ifpsrv_cmd.c | 4 |
3 files changed, 117 insertions, 9 deletions
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index b60f91c2c..5eb23f8dd 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -33,6 +33,7 @@ struct cache_req_input { /* Provided input. */ const char *orig_name; + uint32_t id; /* Data Provider request type resolved from @type. * FIXME: This is currently needed for data provider calls. We should @@ -54,7 +55,8 @@ struct cache_req_input { struct cache_req_input * cache_req_input_create(TALLOC_CTX *mem_ctx, enum cache_req_type type, - const char *name) + const char *name, + uint32_t id) { struct cache_req_input *input; @@ -79,11 +81,20 @@ cache_req_input_create(TALLOC_CTX *mem_ctx, goto fail; } break; + case CACHE_REQ_USER_BY_ID: + if (id == 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "Bug: id cannot be 0!\n"); + goto fail; + } + + input->id = id; + break; } /* Resolve Data Provider request type. */ switch (type) { case CACHE_REQ_USER_BY_NAME: + case CACHE_REQ_USER_BY_ID: input->dp_type = SSS_DP_USER; break; @@ -140,6 +151,14 @@ cache_req_input_set_domain(struct cache_req_input *input, } break; + + case CACHE_REQ_USER_BY_ID: + fqn = talloc_asprintf(tmp_ctx, "UID:%d@%s", input->id, domain->name); + if (fqn == NULL) { + ret = ENOMEM; + goto done; + } + break; } input->domain = domain; @@ -165,6 +184,9 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input, ret = sss_ncache_check_user(ncache, neg_timeout, input->domain, input->dom_objname); break; + case CACHE_REQ_USER_BY_ID: + ret = sss_ncache_check_uid(ncache, neg_timeout, input->id); + break; default: ret = EINVAL; DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cache request type\n"); @@ -190,6 +212,43 @@ static void cache_req_add_to_ncache(struct cache_req_input *input, ret = sss_ncache_set_user(ncache, false, input->domain, input->dom_objname); break; + case CACHE_REQ_USER_BY_ID: + /* Nothing to do. Those types must be unique among all domains so + * the don't contain domain part. Therefore they must be set only + * if all domains are search and the entry is not found. */ + ret = EOK; + break; + default: + ret = EINVAL; + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cache request type\n"); + break; + } + + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for [%s] [%d]: %s\n", + input->debug_fqn, ret, sss_strerror(ret)); + + /* not fatal */ + } + + return; +} + +static void cache_req_add_to_ncache_global(struct cache_req_input *input, + struct sss_nc_ctx *ncache) +{ + errno_t ret; + + switch (input->type) { + case CACHE_REQ_USER_BY_NAME: + case CACHE_REQ_INITGROUPS: + /* Nothing to do. Those types are already in ncache for selected + * domains. */ + ret = EOK; + break; + case CACHE_REQ_USER_BY_ID: + ret = sss_ncache_set_uid(ncache, false, input->id); + break; default: ret = EINVAL; DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported cache request type\n"); @@ -222,6 +281,11 @@ static errno_t cache_req_get_object(TALLOC_CTX *mem_ctx, ret = sysdb_getpwnam_with_views(mem_ctx, input->domain, input->dom_objname, &result); break; + case CACHE_REQ_USER_BY_ID: + one_item_only = true; + ret = sysdb_getpwuid_with_views(mem_ctx, input->domain, + input->id, &result); + break; case CACHE_REQ_INITGROUPS: one_item_only = false; ret = sysdb_initgroups_with_views(mem_ctx, input->domain, @@ -385,7 +449,8 @@ static errno_t cache_req_cache_check(struct tevent_req *req) subreq = sss_dp_get_account_send(state, state->rctx, state->input->domain, true, state->input->dp_type, - state->input->dom_objname, 0, NULL); + state->input->dom_objname, + state->input->id, NULL); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory sending out-of-band " "data provider request\n"); @@ -406,8 +471,8 @@ static errno_t cache_req_cache_check(struct tevent_req *req) subreq = sss_dp_get_account_send(state, state->rctx, state->input->domain, true, state->input->dp_type, - state->input->dom_objname, 0, - extra_flag); + state->input->dom_objname, + state->input->id, extra_flag); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory sending data provider request\n"); @@ -612,6 +677,12 @@ static errno_t cache_req_next_domain(struct tevent_req *req) return EAGAIN; } + /* If the object searched has to be unique among all maintained domains, + * we have to add it into negative cache here when all domains have + * been searched. */ + + cache_req_add_to_ncache_global(state->input, state->ncache); + return ENOENT; } @@ -700,7 +771,29 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, { struct cache_req_input *input; - input = cache_req_input_create(mem_ctx, CACHE_REQ_USER_BY_NAME, name); + input = cache_req_input_create(mem_ctx, CACHE_REQ_USER_BY_NAME, name, 0); + if (input == NULL) { + return NULL; + } + + return cache_req_steal_input_and_send(mem_ctx, ev, rctx, ncache, + neg_timeout, cache_refresh_percent, + domain, input); +} + +struct tevent_req * +cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + const char *domain, + uid_t uid) +{ + struct cache_req_input *input; + + input = cache_req_input_create(mem_ctx, CACHE_REQ_USER_BY_ID, NULL, uid); if (input == NULL) { return NULL; } @@ -722,7 +815,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, { struct cache_req_input *input; - input = cache_req_input_create(mem_ctx, CACHE_REQ_INITGROUPS, name); + input = cache_req_input_create(mem_ctx, CACHE_REQ_INITGROUPS, name, 0); if (input == NULL) { return NULL; } diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h index 3d11cd234..3ebcd1e8e 100644 --- a/src/responder/common/responder_cache_req.h +++ b/src/responder/common/responder_cache_req.h @@ -29,6 +29,7 @@ enum cache_req_type { CACHE_REQ_USER_BY_NAME, + CACHE_REQ_USER_BY_ID, CACHE_REQ_INITGROUPS }; @@ -37,7 +38,8 @@ struct cache_req_input; struct cache_req_input * cache_req_input_create(TALLOC_CTX *mem_ctx, enum cache_req_type type, - const char *name); + const char *name, + uint32_t id); /** * Currently only SSS_DP_USER and SSS_DP_INITGROUPS are supported. @@ -72,6 +74,19 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, cache_req_recv(mem_ctx, req, _result, _domain) struct tevent_req * +cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + const char *domain, + uid_t uid); + +#define cache_req_user_by_id_recv(mem_ctx, req, _result, _domain) \ + cache_req_recv(mem_ctx, req, _result, _domain) + +struct tevent_req * cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index b57a33a8d..0a4bd0530 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -494,11 +494,11 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq) switch (state->search_type) { case SSS_DP_USER: input = cache_req_input_create(state, CACHE_REQ_USER_BY_NAME, - state->name); + state->name, 0); break; case SSS_DP_INITGROUPS: input = cache_req_input_create(state, CACHE_REQ_INITGROUPS, - state->name); + state->name, 0); break; default: DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported search type [%d]!\n", |