diff options
-rw-r--r-- | Makefile.am | 24 | ||||
-rw-r--r-- | src/responder/common/responder_cache_req.c | 560 | ||||
-rw-r--r-- | src/responder/common/responder_cache_req.h | 66 | ||||
-rw-r--r-- | src/tests/cmocka/test_responder_cache_req.c | 529 |
4 files changed, 1178 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index fcfaf026c..355f8c3d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -218,6 +218,7 @@ if HAVE_CMOCKA test_copy_ccache \ test_copy_keytab \ test_child_common \ + responder_cache_req-tests \ $(NULL) if BUILD_IFP @@ -390,6 +391,7 @@ SSSD_RESPONDER_OBJ = \ src/responder/common/responder_packet.c \ src/responder/common/responder_get_domains.c \ src/responder/common/responder_utils.c \ + src/responder/common/responder_cache_req.c \ src/monitor/monitor_iface_generated.c \ src/monitor/monitor_iface_generated.h \ src/providers/data_provider_iface_generated.c \ @@ -501,6 +503,7 @@ dist_noinst_HEADERS = \ src/responder/common/responder.h \ src/responder/common/responder_packet.h \ src/responder/common/responder_sbus.h \ + src/responder/common/responder_cache_req.h \ src/responder/pam/pamsrv.h \ src/responder/pam/pam_helpers.h \ src/responder/nss/nsssrv.h \ @@ -1698,7 +1701,8 @@ TEST_MOCK_RESP_OBJ = \ src/responder/common/responder_packet.c \ src/responder/common/responder_cmd.c \ src/responder/common/negcache.c \ - src/responder/common/responder_common.c + src/responder/common/responder_common.c \ + src/responder/common/responder_cache_req.c TEST_MOCK_PROVIDER_OBJ = \ src/util/sss_ldap.c \ @@ -2180,6 +2184,24 @@ test_child_common_LDADD = \ libsss_test_common.la \ $(NULL) +responder_cache_req_tests_SOURCES = \ + $(TEST_MOCK_OBJ) \ + $(TEST_MOCK_RESP_OBJ) \ + src/tests/cmocka/test_responder_cache_req.c \ + $(NULL) +responder_cache_req_tests_CFLAGS = \ + $(AM_CFLAGS) \ + $(NULL) +responder_cache_req_tests_LDFLAGS = \ + -Wl,-wrap,sss_dp_get_account_send \ + $(NULL) +responder_cache_req_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) + endif # HAVE_CMOCKA noinst_PROGRAMS = pam_test_client diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c new file mode 100644 index 000000000..dad4df65c --- /dev/null +++ b/src/responder/common/responder_cache_req.c @@ -0,0 +1,560 @@ +/* + Authors: + Pavel Březina <pbrezina@redhat.com> + + Copyright (C) 2014 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <dbus/dbus.h> +#include <ldb.h> +#include <talloc.h> +#include <tevent.h> + +#include "util/util.h" +#include "db/sysdb.h" +#include "responder/common/responder_cache_req.h" + +static errno_t cache_req_check_ncache(enum sss_dp_acct_type dp_type, + struct sss_nc_ctx *ncache, + int neg_timeout, + struct sss_domain_info *domain, + const char *name) +{ + errno_t ret; + + switch (dp_type) { + case SSS_DP_USER: + case SSS_DP_INITGROUPS: + ret = sss_ncache_check_user(ncache, neg_timeout, domain, name); + break; + default: + ret = EINVAL; + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported DP request type\n"); + break; + } + + if (ret == EEXIST) { + DEBUG(SSSDBG_TRACE_FUNC, "[%s] does not exist in [%s]! " + "(negative cache)\n", name, domain->name); + } + + return ret; +} + +static void cache_req_add_to_ncache(enum sss_dp_acct_type dp_type, + struct sss_nc_ctx *ncache, + struct sss_domain_info *domain, + const char *name) +{ + errno_t ret; + + switch (dp_type) { + case SSS_DP_USER: + case SSS_DP_INITGROUPS: + ret = sss_ncache_set_user(ncache, false, domain, name); + break; + default: + ret = EINVAL; + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported DP request type\n"); + break; + } + + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s [%d]: %s\n", + name, domain->name, ret, sss_strerror(ret)); + + /* not fatal */ + } + + return; +} + +static errno_t cache_req_get_object(TALLOC_CTX *mem_ctx, + enum sss_dp_acct_type dp_type, + struct sss_domain_info *domain, + const char *name, + struct ldb_result **_result) +{ + struct ldb_result *result = NULL; + bool one_item_only; + errno_t ret; + + DEBUG(SSSDBG_FUNC_DATA, "Requesting info for [%s@%s]\n", + name, domain->name); + + switch (dp_type) { + case SSS_DP_USER: + one_item_only = true; + ret = sysdb_getpwnam(mem_ctx, domain, name, &result); + break; + case SSS_DP_INITGROUPS: + one_item_only = false; + ret = sysdb_initgroups(mem_ctx, domain, name, &result); + break; + default: + ret = EINVAL; + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported DP request type\n"); + break; + } + + if (ret != EOK) { + goto done; + } else if (result->count == 0) { + ret = ENOENT; + goto done; + } else if (one_item_only && result->count > 1) { + ret = ENOENT; + DEBUG(SSSDBG_CRIT_FAILURE, "Multiple objects were found when" + "sysdb search expected only one!\n"); + goto done; + } + + *_result = result; + +done: + return ret; +} + +struct cache_req_cache_state { + /* input data */ + struct tevent_context *ev; + struct resp_ctx *rctx; + struct sss_nc_ctx *ncache; + int neg_timeout; + int cache_refresh_percent; + enum sss_dp_acct_type dp_type; + struct sss_domain_info *domain; + const char *name; + + /* output data */ + struct ldb_result *result; +}; + +static errno_t cache_req_cache_search(struct tevent_req *req); +static errno_t cache_req_cache_check(struct tevent_req *req); +static void cache_req_cache_done(struct tevent_req *subreq); + +static struct tevent_req *cache_req_cache_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + enum sss_dp_acct_type dp_type, + struct sss_domain_info *domain, + const char *name) +{ + struct cache_req_cache_state *state = NULL; + struct tevent_req *req = NULL; + errno_t ret; + + req = tevent_req_create(mem_ctx, &state, struct cache_req_cache_state); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); + return NULL; + } + + state->ev = ev; + state->rctx = rctx; + state->ncache = ncache; + state->neg_timeout = neg_timeout; + state->cache_refresh_percent = cache_refresh_percent; + state->dp_type = dp_type; + state->domain = domain; + + /* Sanitize input name. */ + state->name = sss_get_cased_name(state, name, domain->case_sensitive); + if (state->name == NULL) { + ret = ENOMEM; + goto immediately; + } + + state->name = sss_reverse_replace_space(state, state->name, + state->rctx->override_space); + if (state->name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "sss_reverse_replace_space failed\n"); + ret = ENOMEM; + goto immediately; + } + + /* Check negative cache first. */ + ret = cache_req_check_ncache(state->dp_type, state->ncache, + state->neg_timeout, state->domain, + state->name); + if (ret == EEXIST) { + ret = ENOENT; + goto immediately; + } + + /* We will first search the cache. If we get cache miss or the entry + * is expired we will contact data provider and then search again. */ + ret = cache_req_cache_search(req); + if (ret != EAGAIN) { + goto immediately; + } + + return req; + +immediately: + if (ret == EOK) { + tevent_req_done(req); + } else { + tevent_req_error(req, ret); + } + tevent_req_post(req, ev); + + return req; +} + +static errno_t cache_req_cache_search(struct tevent_req *req) +{ + struct cache_req_cache_state *state = NULL; + errno_t ret; + + state = tevent_req_data(req, struct cache_req_cache_state); + + ret = cache_req_get_object(state, state->dp_type, state->domain, + state->name, &state->result); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache " + "[%d]: %s\n", ret, sss_strerror(ret)); + return ret; + } + + /* Verify that the cache is up to date. */ + ret = cache_req_cache_check(req); + if (req != EOK) { + return ret; + } + + /* One result found */ + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for [%s@%s]\n", state->name, state->domain->name); + return EOK; +} + +static errno_t cache_req_cache_check(struct tevent_req *req) +{ + struct cache_req_cache_state *state = NULL; + struct tevent_req *subreq = NULL; + uint64_t cache_expire = 0; + errno_t ret; + + state = tevent_req_data(req, struct cache_req_cache_state); + + if (state->result == NULL || state->result->count == 0) { + ret = ENOENT; + } else { + if (state->dp_type == SSS_DP_INITGROUPS) { + cache_expire = ldb_msg_find_attr_as_uint64(state->result->msgs[0], + SYSDB_INITGR_EXPIRE, 0); + } else { + cache_expire = ldb_msg_find_attr_as_uint64(state->result->msgs[0], + SYSDB_CACHE_EXPIRE, 0); + } + + ret = sss_cmd_check_cache(state->result->msgs[0], + state->cache_refresh_percent, cache_expire); + } + + switch (ret) { + case EOK: + DEBUG(SSSDBG_TRACE_FUNC, "Cached entry is valid, returning...\n"); + return EOK; + case EAGAIN: + /* Out of band update. The calling function will return the cached + * entry immediately. No callback is required. */ + + DEBUG(SSSDBG_TRACE_FUNC, "Performing midpoint cache update\n"); + + subreq = sss_dp_get_account_send(state, state->rctx, state->domain, + true, state->dp_type, state->name, + 0, NULL); + if (subreq == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory sending out-of-band " + "data provider request\n"); + /* This is non-fatal, so we'll continue here */ + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Updating cache out-of-band\n"); + } + + return EOK; + case ENOENT: + /* Cache miss or the cache is expired. We need to get the updated + * information before returning it. */ + + subreq = sss_dp_get_account_send(state, state->rctx, state->domain, + true, state->dp_type, state->name, + 0, NULL); + if (subreq == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Out of memory sending data provider request\n"); + return ENOMEM; + } + + tevent_req_set_callback(subreq, cache_req_cache_done, req); + return EAGAIN; + default: + /* error */ + DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache [%d]: %s\n", + ret, sss_strerror(ret)); + return ret; + } +} + +static void cache_req_cache_done(struct tevent_req *subreq) +{ + struct cache_req_cache_state *state = NULL; + struct tevent_req *req = NULL; + char *err_msg = NULL; + dbus_uint16_t err_maj; + dbus_uint32_t err_min; + errno_t ret; + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct cache_req_cache_state); + + ret = sss_dp_get_account_recv(state, subreq, &err_maj, &err_min, &err_msg); + talloc_zfree(subreq); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Could not get account info [%d]: %s\n", + ret, sss_strerror(ret)); + } + + if (err_maj) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Unable to get information from Data Provider\n" + "Error: %u, %u, %s\n" + "Will try to return what we have in cache\n", + (unsigned int)err_maj, (unsigned int)err_min, err_msg); + } + + /* Get result from cache again. */ + ret = cache_req_get_object(state, state->dp_type, state->domain, + state->name, &state->result); + if (ret == ENOENT) { + cache_req_add_to_ncache(state->dp_type, state->ncache, + state->domain, state->name); + ret = ENOENT; + } else if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache " + "[%d]: %s\n", ret, sss_strerror(ret)); + } + + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } + + /* One result found */ + DEBUG(SSSDBG_TRACE_FUNC, + "Returning info for [%s@%s]\n", state->name, state->domain->name); + + tevent_req_done(req); +} + +static errno_t cache_req_cache_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct ldb_result **_result) +{ + struct cache_req_cache_state *state = NULL; + state = tevent_req_data(req, struct cache_req_cache_state); + + TEVENT_REQ_RETURN_ON_ERROR(req); + + *_result = talloc_steal(mem_ctx, state->result); + + return EOK; +} + + +struct cache_req_state { + /* input data */ + struct tevent_context *ev; + struct resp_ctx *rctx; + struct sss_nc_ctx *ncache; + int neg_timeout; + int cache_refresh_percent; + const char *name; + enum sss_dp_acct_type dp_type; + + /* work data */ + struct ldb_result *result; + struct sss_domain_info *domain; + struct sss_domain_info *selected_domain; + bool check_next; +}; + +static errno_t cache_req_next_domain(struct tevent_req *req); +static void cache_req_done(struct tevent_req *subreq); + +struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + enum sss_dp_acct_type dp_type, + const char *domain, + const char *name) +{ + struct cache_req_state *state = NULL; + struct tevent_req *req = NULL; + errno_t ret; + + req = tevent_req_create(mem_ctx, &state, struct cache_req_state); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); + return NULL; + } + + state->ev = ev; + state->rctx = rctx; + state->ncache = ncache; + state->neg_timeout = neg_timeout; + state->cache_refresh_percent = cache_refresh_percent; + state->dp_type = dp_type; + state->name = talloc_strdup(state, name); + if (state->name == NULL) { + ret = ENOMEM; + goto immediately; + } + + if (domain != NULL) { + /* single-domain search */ + state->domain = responder_get_domain(state->rctx, domain); + if (state->domain == NULL) { + ret = EINVAL; + goto immediately; + } + + state->check_next = false; + } else { + /* multi-domain search */ + state->domain = state->rctx->domains; + state->check_next = true; + } + + ret = cache_req_next_domain(req); + if (ret != EAGAIN) { + goto immediately; + } + + return req; + +immediately: + if (ret == EOK) { + tevent_req_done(req); + } else { + tevent_req_error(req, ret); + } + tevent_req_post(req, ev); + + return req; +} + +static errno_t cache_req_next_domain(struct tevent_req *req) +{ + struct cache_req_state *state = NULL; + struct tevent_req *subreq = NULL; + + state = tevent_req_data(req, struct cache_req_state); + + while (state->domain != NULL) { + /* If it is a domainless search, skip domains that require fully + * qualified names instead. */ + while (state->domain != NULL && state->check_next + && state->domain->fqnames) { + state->domain = get_next_domain(state->domain, false); + } + + state->selected_domain = state->domain; + + if (state->domain == NULL) { + break; + } + + subreq = cache_req_cache_send(state, state->ev, state->rctx, + state->ncache, state->neg_timeout, + state->cache_refresh_percent, + state->dp_type, state->domain, + state->name); + if (subreq == NULL) { + return ENOMEM; + } + + tevent_req_set_callback(subreq, cache_req_done, req); + + /* we will continue with the following domain the next time */ + if (state->check_next) { + state->domain = get_next_domain(state->domain, false); + } + + return EAGAIN; + } + + return ENOENT; +} + +static void cache_req_done(struct tevent_req *subreq) +{ + struct cache_req_state *state = NULL; + struct tevent_req *req = NULL; + errno_t ret; + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct cache_req_state); + + ret = cache_req_cache_recv(state, subreq, &state->result); + talloc_zfree(subreq); + if (ret == EOK) { + tevent_req_done(req); + return; + } + + if (state->check_next == false) { + tevent_req_error(req, ret); + return; + } + + ret = cache_req_next_domain(req); + if (ret != EAGAIN) { + tevent_req_error(req, ret); + } + + return; +} + +errno_t cache_req_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct ldb_result **_result, + struct sss_domain_info **_domain) +{ + struct cache_req_state *state = NULL; + state = tevent_req_data(req, struct cache_req_state); + + TEVENT_REQ_RETURN_ON_ERROR(req); + + if (_result != NULL) { + *_result = talloc_steal(mem_ctx, state->result); + } + + if (_domain != NULL) { + *_domain = state->selected_domain; + } + + return EOK; +} diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h new file mode 100644 index 000000000..fdad94a13 --- /dev/null +++ b/src/responder/common/responder_cache_req.h @@ -0,0 +1,66 @@ +/* + Authors: + Pavel Březina <pbrezina@redhat.com> + + Copyright (C) 2014 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef RESPONDER_CACHE_H_ +#define RESPONDER_CACHE_H_ + +#include <talloc.h> +#include <tevent.h> +#include "db/sysdb.h" +#include "responder/common/responder.h" +#include "responder/common/negcache.h" + +/** + * Currently only SSS_DP_USER and SSS_DP_INITGROUPS are supported. + * + * @todo support other request types + */ +struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + enum sss_dp_acct_type dp_type, + const char *domain, + const char *name); + +errno_t cache_req_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct ldb_result **_result, + struct sss_domain_info **_domain); + +#define cache_req_user_by_name_send(mem_ctx, ev, rctx, ncache, neg_timeout, \ + cache_refresh_percent, domain, name) \ + cache_req_send(mem_ctx, ev, rctx, ncache, neg_timeout, \ + cache_refresh_percent, SSS_DP_USER, domain, name) + +#define cache_req_user_by_name_recv(mem_ctx, req, _result, _domain) \ + cache_req_recv(mem_ctx, req, _result, _domain) + +#define cache_req_initgr_by_name_send(mem_ctx, ev, rctx, ncache, neg_timeout, \ + cache_refresh_percent, domain, name) \ + cache_req_send(mem_ctx, ev, rctx, ncache, neg_timeout, \ + cache_refresh_percent, SSS_DP_INITGROUPS, domain, name) + +#define cache_req_initgr_by_name_recv(mem_ctx, req, _result, _domain) \ + cache_req_recv(mem_ctx, req, _result, _domain) + +#endif /* RESPONDER_CACHE_H_ */ diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c new file mode 100644 index 000000000..694e8dd46 --- /dev/null +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -0,0 +1,529 @@ +/* + Authors: + Pavel Březina <pbrezina@redhat.com> + + Copyright (C) 2014 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <talloc.h> +#include <tevent.h> +#include <errno.h> +#include <popt.h> + +#include "tests/cmocka/common_mock.h" +#include "tests/cmocka/common_mock_resp.h" +#include "db/sysdb.h" +#include "responder/common/responder_cache_req.h" + +#define TESTS_PATH "tests_responder_cache_req" +#define TEST_CONF_DB "test_responder_cache_req_conf.ldb" +#define TEST_DOM_NAME "responder_cache_req_test" +#define TEST_ID_PROVIDER "ldap" + +#define new_single_domain_test(test) \ + unit_test_setup_teardown(test_ ## test, \ + test_single_domain_setup, \ + test_single_domain_teardown) + +#define new_multi_domain_test(test) \ + unit_test_setup_teardown(test_ ## test, \ + test_multi_domain_setup, \ + test_multi_domain_teardown) + +struct cache_req_test_ctx { + struct sss_test_ctx *tctx; + struct resp_ctx *rctx; + struct sss_nc_ctx *ncache; + + struct ldb_result *result; + struct sss_domain_info *domain; + bool dp_called; + bool create_user; +}; + +const char *domains[] = {"responder_cache_req_test_a", + "responder_cache_req_test_b", + "responder_cache_req_test_c", + "responder_cache_req_test_d", + NULL}; + +struct cli_protocol_version *register_cli_protocol_version(void) +{ + static struct cli_protocol_version version[] = { + { 0, NULL, NULL } + }; + + return version; +} + +struct tevent_req * +__wrap_sss_dp_get_account_send(TALLOC_CTX *mem_ctx, + struct resp_ctx *rctx, + struct sss_domain_info *dom, + bool fast_reply, + enum sss_dp_acct_type type, + const char *opt_name, + uint32_t opt_id, + const char *extra) +{ + struct cache_req_test_ctx *ctx = NULL; + errno_t ret; + + ctx = sss_mock_ptr_type(struct cache_req_test_ctx*); + ctx->dp_called = true; + + if (ctx->create_user) { + ret = sysdb_store_user(ctx->tctx->dom, "test-user", "pwd", 1000, 1000, + NULL, NULL, NULL, "cn=test-user,dc=test", NULL, + NULL, 1000, time(NULL)); + assert_int_equal(ret, EOK); + } + + return test_req_succeed_send(mem_ctx, rctx->ev); +} + +static void cache_req_user_test_done(struct tevent_req *req) +{ + struct cache_req_test_ctx *ctx = NULL; + + ctx = tevent_req_callback_data(req, struct cache_req_test_ctx); + + ctx->tctx->error = cache_req_user_by_name_recv(ctx, req, + &ctx->result, &ctx->domain); + talloc_zfree(req); + + ctx->tctx->done = true; +} + +void test_single_domain_setup(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + errno_t ret; + + test_dom_suite_setup(TESTS_PATH); + + test_ctx = talloc_zero(NULL, struct cache_req_test_ctx); + assert_non_null(test_ctx); + *state = test_ctx; + + test_ctx->tctx = create_dom_test_ctx(test_ctx, TESTS_PATH, TEST_CONF_DB, + TEST_DOM_NAME, TEST_ID_PROVIDER, NULL); + assert_non_null(test_ctx->tctx); + + test_ctx->rctx = mock_rctx(test_ctx, test_ctx->tctx->ev, + test_ctx->tctx->dom, NULL); + assert_non_null(test_ctx->rctx); + + ret = sss_ncache_init(test_ctx, &test_ctx->ncache); + assert_int_equal(ret, EOK); +} + +void test_single_domain_teardown(void **state) +{ + talloc_zfree(*state); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); +} + +void test_multi_domain_setup(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + errno_t ret; + + test_dom_suite_setup(TESTS_PATH); + + test_ctx = talloc_zero(NULL, struct cache_req_test_ctx); + assert_non_null(test_ctx); + *state = test_ctx; + + test_ctx->tctx = create_multidom_test_ctx(test_ctx, TESTS_PATH, + TEST_CONF_DB, domains, + TEST_ID_PROVIDER, NULL); + assert_non_null(test_ctx->tctx); + + test_ctx->rctx = mock_rctx(test_ctx, test_ctx->tctx->ev, + test_ctx->tctx->dom, NULL); + assert_non_null(test_ctx->rctx); + + ret = sss_ncache_init(test_ctx, &test_ctx->ncache); + assert_int_equal(ret, EOK); +} + +void test_multi_domain_teardown(void **state) +{ + talloc_zfree(*state); + test_multidom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, domains); +} + +void test_user_multiple_domains_found(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + struct sss_domain_info *domain = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + domain = find_domain_by_name(test_ctx->tctx->dom, + "responder_cache_req_test_d", true); + assert_non_null(domain); + + ret = sysdb_store_user(domain, name, "pwd", 1000, 1000, + NULL, NULL, NULL, "cn=test-user,dc=test", NULL, + NULL, 1000, time(NULL)); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return_always(__wrap_sss_dp_get_account_send, test_ctx); + will_return_always(sss_dp_get_account_recv, 0); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + NULL, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); + + assert_non_null(test_ctx->domain); + assert_string_equal(domain->name, test_ctx->domain->name); +} + +void test_user_multiple_domains_notfound(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return_always(__wrap_sss_dp_get_account_send, test_ctx); + will_return_always(sss_dp_get_account_recv, 0); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + NULL, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ENOENT); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); +} + +void test_user_cache_valid(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sysdb_store_user(test_ctx->tctx->dom, name, "pwd", 1000, 1000, + NULL, NULL, NULL, "cn=test-user,dc=test", NULL, + NULL, 1000, time(NULL)); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_user_cache_expired(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sysdb_store_user(test_ctx->tctx->dom, name, "pwd", 1000, 1000, + NULL, NULL, NULL, "cn=test-user,dc=test", NULL, + NULL, -1000, time(NULL)); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + /* DP should be contacted */ + will_return(__wrap_sss_dp_get_account_send, test_ctx); + mock_account_recv_simple(); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_user_cache_midpoint(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sysdb_store_user(test_ctx->tctx->dom, name, "pwd", 1000, 1000, + NULL, NULL, NULL, "cn=test-user,dc=test", NULL, + NULL, 50, time(NULL) - 26); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + /* DP should be contacted without callback */ + will_return(__wrap_sss_dp_get_account_send, test_ctx); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 50, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_user_ncache(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sss_ncache_set_user(test_ctx->ncache, false, + test_ctx->tctx->dom, name); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 100, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ENOENT); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_false(test_ctx->dp_called); +} + +void test_user_missing_found(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return(__wrap_sss_dp_get_account_send, test_ctx); + mock_account_recv_simple(); + + test_ctx->create_user = true; + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 100, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_user_missing_notfound(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = "test-user"; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return(__wrap_sss_dp_get_account_send, test_ctx); + mock_account_recv_simple(); + + req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 100, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_user_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ENOENT); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); +} + +int main(int argc, const char *argv[]) +{ + poptContext pc; + int opt; + struct poptOption long_options[] = { + POPT_AUTOHELP + SSSD_DEBUG_OPTS + POPT_TABLEEND + }; + + const UnitTest tests[] = { + new_single_domain_test(user_cache_valid), + new_single_domain_test(user_cache_expired), + new_single_domain_test(user_cache_midpoint), + new_single_domain_test(user_ncache), + new_single_domain_test(user_missing_found), + new_single_domain_test(user_missing_notfound), + new_multi_domain_test(user_multiple_domains_found), + new_multi_domain_test(user_multiple_domains_notfound) + }; + + /* Set debug level to invalid value so we can deside if -d 0 was used. */ + debug_level = SSSDBG_INVALID; + + pc = poptGetContext(argv[0], argc, argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + return 1; + } + } + poptFreeContext(pc); + + DEBUG_CLI_INIT(debug_level); + + /* Even though normally the tests should clean up after themselves + * they might not after a failed run. Remove the old db to be sure */ + tests_set_cwd(); + test_multidom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, domains); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); + + return run_tests(tests); +} |