diff options
| -rw-r--r-- | src/responder/common/negcache.c | 18 | ||||
| -rw-r--r-- | src/tests/cmocka/test_negcache.c | 88 | ||||
| -rw-r--r-- | src/util/usertools.c | 3 |
3 files changed, 101 insertions, 8 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 04c9a53f5..3e58c3e7f 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -630,7 +630,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, rctx->default_domain, filter_list[i], &domainname, &name); - if (ret != EOK) { + if (ret == EAGAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + "cannot add [%s] to negcache because the required or " + "default domain are not known yet\n", filter_list[i]); + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret); @@ -679,7 +683,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); - if (ret != EOK) { + if (ret == EAGAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot add [%s] to negcache because the required or " + "default domain are not known yet\n", filter_list[i]); + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret); @@ -783,7 +791,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); - if (ret != EOK) { + if (ret == EAGAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot add [%s] to negcache because the required or " + "default domain are not known yet\n", filter_list[i]); + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret); diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c index 4502c0294..cab457434 100644 --- a/src/tests/cmocka/test_negcache.c +++ b/src/tests/cmocka/test_negcache.c @@ -590,8 +590,8 @@ static void test_sss_ncache_prepopulate(void **state) struct sss_domain_info *dom; struct sss_test_conf_param params[] = { - { "filter_users", "testuser1" }, - { "filter_groups", "testgroup1" }, + { "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" }, + { "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" }, { NULL, NULL }, }; @@ -628,6 +628,86 @@ static void test_sss_ncache_prepopulate(void **state) ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1"); assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser3"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser3@somedomain"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3@somedomain"); + assert_int_equal(ret, ENOENT); +} + +static void test_sss_ncache_default_domain_suffix(void **state) +{ + int ret; + struct test_state *ts; + struct tevent_context *ev; + struct sss_nc_ctx *ncache; + struct sss_test_ctx *tc; + struct sss_domain_info *dom; + + struct sss_test_conf_param params[] = { + { "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" }, + { "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" }, + { NULL, NULL }, + }; + + ts = talloc_get_type_abort(*state, struct test_state); + + ev = tevent_context_init(ts); + assert_non_null(ev); + + dom = talloc_zero(ts, struct sss_domain_info); + assert_non_null(dom); + dom->name = discard_const_p(char, TEST_DOM_NAME); + + ts->nctx = mock_nctx(ts); + assert_non_null(ts->nctx); + + tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB, + TEST_DOM_NAME, TEST_ID_PROVIDER, params); + assert_non_null(tc); + + ncache = ts->ctx; + ts->rctx = mock_rctx(ts, ev, dom, ts->nctx); + assert_non_null(ts->rctx); + ts->rctx->default_domain = discard_const(TEST_DOM_NAME); + + ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names); + assert_int_equal(ret, EOK); + + ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx); + assert_int_equal(ret, EOK); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom, "testuser3"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3"); + assert_int_equal(ret, ENOENT); + } int main(void) @@ -648,7 +728,9 @@ int main(void) cmocka_unit_test_setup_teardown(test_sss_ncache_reset_permanent, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_prepopulate, - setup, teardown) + setup, teardown), + cmocka_unit_test_setup_teardown(test_sss_ncache_default_domain_suffix, + setup, teardown), }; tests_set_cwd(); diff --git a/src/util/usertools.c b/src/util/usertools.c index 439c1494a..c43d420e3 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -481,8 +481,7 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, } if (match == NULL) { DEBUG(SSSDBG_FUNC_DATA, "default domain [%s] is currently " \ - "not known, trying to look it up.\n", - rdomain); + "not known\n", rdomain); *domain = talloc_steal(memctx, rdomain); ret = EAGAIN; goto done; |