From 2bffccf990b08fb8ce1c72a0a5092053c8a06e12 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 22 Jul 2015 14:21:52 +0200 Subject: negcache: allow domain name for UID and GID Related to https://fedorahosted.org/sssd/ticket/2731 --- src/responder/common/negcache.c | 40 +++++++++++++++++++++++------ src/responder/common/negcache.h | 12 ++++++--- src/responder/common/responder_cache_req.c | 8 +++--- src/responder/nss/nsssrv_cmd.c | 19 ++++++++------ src/tests/cmocka/test_negcache.c | 40 ++++++++++++++--------------- src/tests/cmocka/test_nss_srv.c | 8 +++--- src/tests/cmocka/test_responder_cache_req.c | 4 +-- 7 files changed, 82 insertions(+), 49 deletions(-) diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 64270f467..fc482c411 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -376,12 +376,18 @@ int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl, -int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) +int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, uid_t uid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIuid, NC_UID_PREFIX, dom->name, + uid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + } if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); @@ -390,12 +396,18 @@ int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) return ret; } -int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid) +int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, gid_t gid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIgid, NC_GID_PREFIX, dom->name, + gid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + } if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); @@ -522,12 +534,18 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_netgr_int); } -int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) +int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, uid_t uid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIuid, NC_UID_PREFIX, dom->name, + uid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + } if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); @@ -536,12 +554,18 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) return ret; } -int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid) +int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, gid_t gid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIgid, NC_GID_PREFIX, dom->name, + gid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + } if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index e7cbfe114..46e66d503 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -34,8 +34,10 @@ int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); -int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); -int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid); +int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, uid_t uid); +int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, gid_t gid); int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid); int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert); @@ -58,8 +60,10 @@ int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); -int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid); -int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid); +int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, uid_t uid); +int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, gid_t gid); int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid); int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent, const char *cert); diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index e7099f171..d0a90d2c9 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -303,10 +303,10 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input, input->domain, input->dom_objname); break; case CACHE_REQ_USER_BY_ID: - ret = sss_ncache_check_uid(ncache, neg_timeout, input->id); + ret = sss_ncache_check_uid(ncache, neg_timeout, NULL, input->id); break; case CACHE_REQ_GROUP_BY_ID: - ret = sss_ncache_check_gid(ncache, neg_timeout, input->id); + ret = sss_ncache_check_gid(ncache, neg_timeout, NULL, input->id); break; case CACHE_REQ_USER_BY_CERT: ret = sss_ncache_check_cert(ncache, neg_timeout, input->cert); @@ -382,10 +382,10 @@ static void cache_req_add_to_ncache_global(struct cache_req_input *input, ret = EOK; break; case CACHE_REQ_USER_BY_ID: - ret = sss_ncache_set_uid(ncache, false, input->id); + ret = sss_ncache_set_uid(ncache, false, NULL, input->id); break; case CACHE_REQ_GROUP_BY_ID: - ret = sss_ncache_set_gid(ncache, false, input->id); + ret = sss_ncache_set_gid(ncache, false, NULL, input->id); break; case CACHE_REQ_USER_BY_CERT: ret = sss_ncache_set_cert(ncache, false, input->cert); diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index b3998015f..93c9bb81d 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -1710,7 +1710,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ - err = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id); @@ -1779,7 +1779,8 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) switch(dctx->cmdctx->cmd) { case SSS_NSS_GETPWUID: - ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, NULL, + cmdctx->id); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, "Uid [%"PRIu32"] does not exist! (negative cache)\n", @@ -1789,7 +1790,8 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) } break; case SSS_NSS_GETGRGID: - ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, NULL, + cmdctx->id); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, "Gid [%"PRIu32"] does not exist! (negative cache)\n", @@ -1799,10 +1801,11 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) } break; case SSS_NSS_GETSIDBYID: - ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, NULL, + cmdctx->id); if (ret != EEXIST) { ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, - cmdctx->id); + NULL, cmdctx->id); } if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, @@ -3288,7 +3291,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ - err = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id); @@ -4592,13 +4595,13 @@ done: if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { DEBUG(SSSDBG_MINOR_FAILURE, "No matching domain found for [%"PRIu32"], fail!\n", cmdctx->id); - err = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id); } - err = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id); diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c index fa07ea248..a1f947185 100644 --- a/src/tests/cmocka/test_negcache.c +++ b/src/tests/cmocka/test_negcache.c @@ -188,7 +188,7 @@ static void test_sss_ncache_uid(void **state) ts = talloc_get_type_abort(*state, struct test_state); /* test when uid not present in database */ - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, ENOENT); /* test when uid is present in database */ @@ -197,43 +197,43 @@ static void test_sss_ncache_uid(void **state) ret = sss_ncache_reset_permanent(ts->ctx); assert_int_equal(ret, EOK); - ret = sss_ncache_set_uid(ts->ctx, permanent, uid); + ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid); assert_int_equal(ret, EOK); - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, EEXIST); ttl = SHORTSPAN; - ret = sss_ncache_set_uid(ts->ctx, permanent, uid); + ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid); assert_int_equal(ret, EOK); - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, EEXIST); sleep(SHORTSPAN + 1); - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, EEXIST); permanent = false; - ret = sss_ncache_set_uid(ts->ctx, permanent, uid); + ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid); assert_int_equal(ret, EOK); - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, EEXIST); sleep(SHORTSPAN + 1); - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, ENOENT); - ret = sss_ncache_set_uid(ts->ctx, permanent, uid); + ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid); assert_int_equal(ret, EOK); /* test when ttl is -1 with uid present in database*/ ttl = -1; - ret = sss_ncache_check_uid(ts->ctx, ttl, uid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid); assert_int_equal(ret, EEXIST); } @@ -253,27 +253,27 @@ static void test_sss_ncache_gid(void **state) ts = talloc_get_type_abort(*state, struct test_state); /* test when gid is not present in database */ - ret = sss_ncache_check_gid(ts->ctx, ttl, gid); + ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid); assert_int_equal(ret, ENOENT); /* test when gid is present in database */ permanent = true; - ret = sss_ncache_set_gid(ts->ctx, permanent, gid); + ret = sss_ncache_set_gid(ts->ctx, permanent, NULL, gid); assert_int_equal(ret, EOK); - ret = sss_ncache_check_gid(ts->ctx, ttl, gid); + ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid); assert_int_equal(ret, EEXIST); permanent = false; - ret = sss_ncache_set_uid(ts->ctx, permanent, gid); + ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, gid); assert_int_equal(ret, EOK); - ret = sss_ncache_check_uid(ts->ctx, ttl, gid); + ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, gid); assert_int_equal(ret, EEXIST); /* test when ttl is -1 with gid present in database*/ ttl = -1; - ret = sss_ncache_check_gid(ts->ctx, ttl, gid); + ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid); assert_int_equal(ret, EEXIST); } @@ -608,16 +608,16 @@ static void test_sss_ncache_reset_permanent(void **state) ts = talloc_get_type_abort(*state, struct test_state); - ret = sss_ncache_set_uid(ts->ctx, permanent, 0); + ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, 0); assert_int_equal(ret, EOK); - ret = sss_ncache_check_uid(ts->ctx, 0, 0); + ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0); assert_int_equal(ret, EEXIST); ret = sss_ncache_reset_permanent(ts->ctx); assert_int_equal(ret, EOK); - ret = sss_ncache_check_uid(ts->ctx, 0, 0); + ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0); assert_int_equal(ret, ENOENT); } diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 84d3413be..2d4fb2204 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -166,13 +166,15 @@ int __wrap_sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, return ret; } -int __real_sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); +int __real_sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, uid_t uid); -int __wrap_sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) +int __wrap_sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, uid_t uid) { int ret; - ret = __real_sss_ncache_check_uid(ctx, ttl, uid); + ret = __real_sss_ncache_check_uid(ctx, ttl, dom, uid); if (ret == EEXIST) { nss_test_ctx->ncache_hits++; } diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c index 31b669466..032fe429a 100644 --- a/src/tests/cmocka/test_responder_cache_req.c +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -873,7 +873,7 @@ void test_user_by_id_ncache(void **state) test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); - ret = sss_ncache_set_uid(test_ctx->ncache, false, uid); + ret = sss_ncache_set_uid(test_ctx->ncache, false, NULL, uid); assert_int_equal(ret, EOK); req_mem_ctx = talloc_new(global_talloc_context); @@ -1601,7 +1601,7 @@ void test_group_by_id_ncache(void **state) test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); - ret = sss_ncache_set_gid(test_ctx->ncache, false, gid); + ret = sss_ncache_set_gid(test_ctx->ncache, false, NULL, gid); assert_int_equal(ret, EOK); req_mem_ctx = talloc_new(global_talloc_context); -- cgit