summaryrefslogtreecommitdiffstats
path: root/src/responder
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-09-18 15:42:41 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-09-25 11:26:13 +0200
commit20b158b515ce814363edc2d8a8634f467d37a71c (patch)
tree74a946a2bbc078e5c063703e82ba073a06d7f226 /src/responder
parent539fdcebb352722b88a2700f994b1f8b7305b95a (diff)
downloadsssd-20b158b515ce814363edc2d8a8634f467d37a71c.tar.gz
sssd-20b158b515ce814363edc2d8a8634f467d37a71c.tar.xz
sssd-20b158b515ce814363edc2d8a8634f467d37a71c.zip
NSS: Set UID and GID to negative cache after searching all domains
https://fedorahosted.org/sssd/ticket/2090 Previously, when searching by UID or GID, the negative cache will only work in case the UID was searched for using fully qualified names.
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/nss/nsssrv_cmd.c171
1 files changed, 105 insertions, 66 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 18ccdeacc..aadb72753 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -1235,7 +1235,8 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
dom = get_next_domain(dom, true);
continue;
}
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
if (dom != dctx->domain) {
@@ -1252,18 +1253,21 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
sysdb = dom->sysdb;
if (sysdb == NULL) {
DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
ret = sysdb_getpwuid(cmdctx, sysdb, dom, cmdctx->id, &dctx->res);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (dctx->res->count > 1) {
DEBUG(0, ("getpwuid call returned more than one result !?!\n"));
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
if (dctx->res->count == 0 && !dctx->check_provider) {
@@ -1273,15 +1277,10 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
continue;
}
- DEBUG(2, ("No results for getpwuid call\n"));
-
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id);
- if (ret != EOK) {
- return ret;
- }
-
- return ENOENT;
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No results for getpwuid call\n"));
+ ret = ENOENT;
+ goto done;
}
/* if this is a caching provider (or if we haven't checked the cache
@@ -1295,18 +1294,30 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
/* Anything but EOK means we should reenter the mainloop
* because we may be refreshing the cache
*/
- return ret;
+ goto done;
}
}
/* One result found */
DEBUG(6, ("Returning info for uid [%d@%s]\n", cmdctx->id, dom->name));
- return EOK;
+ ret = EOK;
+ goto done;
}
- DEBUG(2, ("No matching domain found for [%d], fail!\n", cmdctx->id));
- return ENOENT;
+ /* All domains were tried and none had the entry. */
+ ret = ENOENT;
+done:
+ if (ret == ENOENT) {
+ /* The entry was not found, need to set result in negative cache */
+ ret = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id);
+ if (ret != EOK) {
+ return ret;
+ }
+ }
+
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%d]\n", cmdctx->id));
+ return ret;
}
static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx);
@@ -2667,7 +2678,8 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
dom = get_next_domain(dom, true);
continue;
}
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
if (dom != dctx->domain) {
@@ -2684,18 +2696,21 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
sysdb = dom->sysdb;
if (sysdb == NULL) {
DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
ret = sysdb_getgrgid(cmdctx, sysdb, dom, cmdctx->id, &dctx->res);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (dctx->res->count > 1) {
DEBUG(0, ("getgrgid call returned more than one result !?!\n"));
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
if (dctx->res->count == 0 && !dctx->check_provider) {
@@ -2705,15 +2720,10 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
continue;
}
- DEBUG(2, ("No results for getgrgid call\n"));
-
/* set negative cache only if not result of cache check */
- ret = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id);
- if (ret != EOK) {
- return ret;
- }
-
- return ENOENT;
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No results for getgrgid call\n"));
+ ret = ENOENT;
+ goto done;
}
/* if this is a caching provider (or if we haven't checked the cache
@@ -2727,18 +2737,31 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
/* Anything but EOK means we should reenter the mainloop
* because we may be refreshing the cache
*/
- return ret;
+ goto done;
}
}
/* One result found */
DEBUG(6, ("Returning info for gid [%d@%s]\n", cmdctx->id, dom->name));
- return EOK;
+ /* Success. Break from the loop and return EOK */
+ ret = EOK;
+ goto done;
}
- DEBUG(2, ("No matching domain found for [%d], fail!\n", cmdctx->id));
- return ENOENT;
+ /* All domains were tried and none had the entry. */
+ ret = ENOENT;
+done:
+ if (ret == ENOENT) {
+ /* The entry was not found, need to set result in negative cache */
+ ret = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id);
+ if (ret != EOK) {
+ return ret;
+ }
+ }
+
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%d]\n", cmdctx->id));
+ return ret;
}
static int nss_cmd_getgrgid(struct cli_ctx *cctx)
@@ -3638,7 +3661,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
dom = get_next_domain(dom, true);
continue;
}
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
} else {
/* if it is a domainless search, skip domains that require fully
@@ -3669,7 +3693,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive);
if (name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("sss_get_cased_name failed.\n"));
- return ENOMEM;
+ ret = ENOMEM;
+ goto done;
}
/* For subdomains a fully qualified name is needed for
@@ -3678,7 +3703,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
sysdb_name = sss_tc_fqname(cmdctx, dom->names, dom, name);
if (sysdb_name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n"));
- return ENOMEM;
+ ret = ENOMEM;
+ goto done;
}
}
@@ -3701,7 +3727,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
/* There are no further domains or this was a
* fully-qualified user request.
*/
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for [%s@%s]\n",
@@ -3713,7 +3740,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Fatal: Sysdb CTX not found for this domain!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (cmdctx->cmd == SSS_NSS_GETSIDBYID) {
@@ -3722,7 +3750,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to make request to our cache!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (ret == EOK) {
@@ -3734,7 +3763,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to make request to our cache!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (ret == EOK) {
@@ -3748,7 +3778,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to make request to our cache!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (ret == EOK) {
@@ -3761,7 +3792,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to make request to our cache!\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
if (ret == EOK) {
@@ -3773,7 +3805,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
dctx->res = talloc_zero(cmdctx, struct ldb_result);
if (dctx->res == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n"));
- return ENOMEM;
+ ret = ENOMEM;
+ goto done;
}
if (user_found || group_found) {
@@ -3781,7 +3814,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
dctx->res->msgs = talloc_array(dctx->res, struct ldb_message *, 1);
if (dctx->res->msgs == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
- return ENOMEM;
+ ret = ENOMEM;
+ goto done;
}
dctx->res->msgs[0] = talloc_steal(dctx->res, msg);
}
@@ -3805,20 +3839,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
}
DEBUG(SSSDBG_OP_FAILURE, ("No matching user or group found.\n"));
-
- if (cmdctx->cmd == SSS_NSS_GETSIDBYID) {
- ret = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id);
- if (ret != EOK) {
- return ret;
- }
-
- ret = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id);
- if (ret != EOK) {
- return ret;
- }
- }
-
- return ENOENT;
+ ret = ENOENT;
+ goto done;
}
/* if this is a caching provider (or if we haven't checked the cache
@@ -3847,7 +3869,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
/* Anything but EOK means we should reenter the mainloop
* because we may be refreshing the cache
*/
- return ret;
+ goto done;
}
}
@@ -3860,17 +3882,34 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
name, dom->name));
}
- return EOK;
+ /* Success. Break from the loop and return EOK */
+ ret = EOK;
+ goto done;
}
- if (cmdctx->cmd == SSS_NSS_GETSIDBYID) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("No matching domain found for [%d], fail!\n", cmdctx->id));
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("No matching domain found for [%s], fail!\n", cmdctx->name));
+ /* All domains were tried and none had the entry. */
+ ret = ENOENT;
+done:
+ if (ret == ENOENT) {
+ /* The entry was not found, need to set result in negative cache */
+ if (cmdctx->cmd == SSS_NSS_GETSIDBYID) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("No matching domain found for [%d], fail!\n", cmdctx->id));
+ ret = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ ret = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id);
+ if (ret != EOK) {
+ return ret;
+ }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("No matching domain found for [%s], fail!\n", cmdctx->name));
+ }
}
- return ENOENT;
+ return ret;
}
static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
generated by cgit (git 2.34.1) at 2024-05-04 01:42:45 +0000