From 641d684ee88c6540a4cf1d74d258614f615699fe Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 26 Jan 2015 13:10:57 +0100 Subject: cache_req: add support for group by name Reviewed-by: Jakub Hrozek --- src/responder/common/responder_cache_req.c | 42 ++++ src/responder/common/responder_cache_req.h | 14 ++ src/tests/cmocka/test_responder_cache_req.c | 343 +++++++++++++++++++++++++++- 3 files changed, 398 insertions(+), 1 deletion(-) diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index 5eb23f8dd..e7a9fa348 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -70,6 +70,7 @@ cache_req_input_create(TALLOC_CTX *mem_ctx, /* Check that input parameters match selected type. */ switch (input->type) { case CACHE_REQ_USER_BY_NAME: + case CACHE_REQ_GROUP_BY_NAME: case CACHE_REQ_INITGROUPS: if (name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Bug: name cannot be NULL!\n"); @@ -98,6 +99,10 @@ cache_req_input_create(TALLOC_CTX *mem_ctx, input->dp_type = SSS_DP_USER; break; + case CACHE_REQ_GROUP_BY_NAME: + input->dp_type = SSS_DP_GROUP; + break; + case CACHE_REQ_INITGROUPS: input->dp_type = SSS_DP_INITGROUPS; break; @@ -130,6 +135,7 @@ cache_req_input_set_domain(struct cache_req_input *input, switch (input->type) { case CACHE_REQ_USER_BY_NAME: + case CACHE_REQ_GROUP_BY_NAME: case CACHE_REQ_INITGROUPS: name = sss_get_cased_name(tmp_ctx, input->orig_name, domain->case_sensitive); @@ -184,6 +190,10 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input, ret = sss_ncache_check_user(ncache, neg_timeout, input->domain, input->dom_objname); break; + case CACHE_REQ_GROUP_BY_NAME: + ret = sss_ncache_check_group(ncache, neg_timeout, + input->domain, input->dom_objname); + break; case CACHE_REQ_USER_BY_ID: ret = sss_ncache_check_uid(ncache, neg_timeout, input->id); break; @@ -212,6 +222,10 @@ static void cache_req_add_to_ncache(struct cache_req_input *input, ret = sss_ncache_set_user(ncache, false, input->domain, input->dom_objname); break; + case CACHE_REQ_GROUP_BY_NAME: + ret = sss_ncache_set_group(ncache, false, input->domain, + input->dom_objname); + break; case CACHE_REQ_USER_BY_ID: /* Nothing to do. Those types must be unique among all domains so * the don't contain domain part. Therefore they must be set only @@ -241,6 +255,7 @@ static void cache_req_add_to_ncache_global(struct cache_req_input *input, switch (input->type) { case CACHE_REQ_USER_BY_NAME: + case CACHE_REQ_GROUP_BY_NAME: case CACHE_REQ_INITGROUPS: /* Nothing to do. Those types are already in ncache for selected * domains. */ @@ -286,6 +301,11 @@ static errno_t cache_req_get_object(TALLOC_CTX *mem_ctx, ret = sysdb_getpwuid_with_views(mem_ctx, input->domain, input->id, &result); break; + case CACHE_REQ_GROUP_BY_NAME: + one_item_only = true; + ret = sysdb_getgrnam_with_views(mem_ctx, input->domain, + input->dom_objname, &result); + break; case CACHE_REQ_INITGROUPS: one_item_only = false; ret = sysdb_initgroups_with_views(mem_ctx, input->domain, @@ -803,6 +823,28 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, domain, input); } +struct tevent_req * +cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + const char *domain, + const char *name) +{ + struct cache_req_input *input; + + input = cache_req_input_create(mem_ctx, CACHE_REQ_GROUP_BY_NAME, name, 0); + if (input == NULL) { + return NULL; + } + + return cache_req_steal_input_and_send(mem_ctx, ev, rctx, ncache, + neg_timeout, cache_refresh_percent, + domain, input); +} + struct tevent_req * cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h index 3ebcd1e8e..65a0908f9 100644 --- a/src/responder/common/responder_cache_req.h +++ b/src/responder/common/responder_cache_req.h @@ -30,6 +30,7 @@ enum cache_req_type { CACHE_REQ_USER_BY_NAME, CACHE_REQ_USER_BY_ID, + CACHE_REQ_GROUP_BY_NAME, CACHE_REQ_INITGROUPS }; @@ -86,6 +87,19 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, #define cache_req_user_by_id_recv(mem_ctx, req, _result, _domain) \ cache_req_recv(mem_ctx, req, _result, _domain) +struct tevent_req * +cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + struct sss_nc_ctx *ncache, + int neg_timeout, + int cache_refresh_percent, + const char *domain, + const char *name); + +#define cache_req_group_by_name_recv(mem_ctx, req, _result, _domain) \ + cache_req_recv(mem_ctx, req, _result, _domain) + struct tevent_req * cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c index f2e1b85f6..1311efc9e 100644 --- a/src/tests/cmocka/test_responder_cache_req.c +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -35,6 +35,8 @@ #define TEST_USER_NAME "test-user" #define TEST_USER_ID 1000 +#define TEST_GROUP_NAME "test-group" +#define TEST_GROUP_ID 1000 #define new_single_domain_test(test) \ cmocka_unit_test_setup_teardown(test_ ## test, \ @@ -55,6 +57,7 @@ struct cache_req_test_ctx { struct sss_domain_info *domain; bool dp_called; bool create_user; + bool create_group; }; const char *domains[] = {"responder_cache_req_test_a", @@ -96,6 +99,12 @@ __wrap_sss_dp_get_account_send(TALLOC_CTX *mem_ctx, assert_int_equal(ret, EOK); } + if (ctx->create_group) { + ret = sysdb_store_group(ctx->tctx->dom, TEST_GROUP_NAME, + TEST_GROUP_ID, NULL, 1000, time(NULL)); + assert_int_equal(ret, EOK); + } + return test_req_succeed_send(mem_ctx, rctx->ev); } @@ -125,6 +134,19 @@ static void cache_req_user_by_id_test_done(struct tevent_req *req) ctx->tctx->done = true; } +static void cache_req_group_by_name_test_done(struct tevent_req *req) +{ + struct cache_req_test_ctx *ctx = NULL; + + ctx = tevent_req_callback_data(req, struct cache_req_test_ctx); + + ctx->tctx->error = cache_req_group_by_name_recv(ctx, req, + &ctx->result, &ctx->domain); + talloc_zfree(req); + + ctx->tctx->done = true; +} + static int test_single_domain_setup(void **state) { struct cache_req_test_ctx *test_ctx = NULL; @@ -845,6 +867,316 @@ void test_user_by_id_missing_notfound(void **state) assert_true(test_ctx->dp_called); } +void test_group_by_name_multiple_domains_found(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + struct sss_domain_info *domain = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + domain = find_domain_by_name(test_ctx->tctx->dom, + "responder_cache_req_test_d", true); + assert_non_null(domain); + + ret = sysdb_store_group(domain, name, TEST_GROUP_ID, NULL, + 1000, time(NULL)); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return_always(__wrap_sss_dp_get_account_send, test_ctx); + will_return_always(sss_dp_get_account_recv, 0); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + NULL, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); + + assert_non_null(test_ctx->domain); + assert_string_equal(domain->name, test_ctx->domain->name); +} + +void test_group_by_name_multiple_domains_notfound(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return_always(__wrap_sss_dp_get_account_send, test_ctx); + will_return_always(sss_dp_get_account_recv, 0); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + NULL, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ENOENT); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); +} + +void test_group_by_name_cache_valid(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sysdb_store_group(test_ctx->tctx->dom, name, TEST_GROUP_ID, NULL, + 1000, time(NULL)); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_group_by_name_cache_expired(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sysdb_store_group(test_ctx->tctx->dom, name, TEST_GROUP_ID, NULL, + -1000, time(NULL)); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + /* DP should be contacted */ + will_return(__wrap_sss_dp_get_account_send, test_ctx); + mock_account_recv_simple(); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_group_by_name_cache_midpoint(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sysdb_store_group(test_ctx->tctx->dom, name, TEST_GROUP_ID, NULL, + 50, time(NULL) - 26); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + /* DP should be contacted without callback */ + will_return(__wrap_sss_dp_get_account_send, test_ctx); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 10, 50, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_group_by_name_ncache(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + ret = sss_ncache_set_group(test_ctx->ncache, false, + test_ctx->tctx->dom, name); + assert_int_equal(ret, EOK); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 100, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ENOENT); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_false(test_ctx->dp_called); +} + +void test_group_by_name_missing_found(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + const char *ldbname = NULL; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return(__wrap_sss_dp_get_account_send, test_ctx); + mock_account_recv_simple(); + + test_ctx->create_group = true; + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 100, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ERR_OK); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); + + assert_non_null(test_ctx->result); + assert_int_equal(test_ctx->result->count, 1); + assert_non_null(test_ctx->result->msgs); + assert_non_null(test_ctx->result->msgs[0]); + + ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0], + SYSDB_NAME, NULL); + assert_non_null(ldbname); + assert_string_equal(ldbname, name); +} + +void test_group_by_name_missing_notfound(void **state) +{ + struct cache_req_test_ctx *test_ctx = NULL; + TALLOC_CTX *req_mem_ctx = NULL; + struct tevent_req *req = NULL; + const char *name = TEST_GROUP_NAME; + errno_t ret; + + test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); + + req_mem_ctx = talloc_new(global_talloc_context); + check_leaks_push(req_mem_ctx); + + will_return(__wrap_sss_dp_get_account_send, test_ctx); + mock_account_recv_simple(); + + req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, + test_ctx->rctx, test_ctx->ncache, 100, 0, + test_ctx->tctx->dom->name, name); + assert_non_null(req); + tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); + + ret = test_ev_loop(test_ctx->tctx); + assert_int_equal(ret, ENOENT); + assert_true(check_leaks_pop(req_mem_ctx)); + + assert_true(test_ctx->dp_called); +} + int main(int argc, const char *argv[]) { poptContext pc; @@ -872,7 +1204,16 @@ int main(int argc, const char *argv[]) new_single_domain_test(user_by_id_missing_found), new_single_domain_test(user_by_id_missing_notfound), new_multi_domain_test(user_by_id_multiple_domains_found), - new_multi_domain_test(user_by_id_multiple_domains_notfound) + new_multi_domain_test(user_by_id_multiple_domains_notfound), + + new_single_domain_test(group_by_name_cache_valid), + new_single_domain_test(group_by_name_cache_expired), + new_single_domain_test(group_by_name_cache_midpoint), + new_single_domain_test(group_by_name_ncache), + new_single_domain_test(group_by_name_missing_found), + new_single_domain_test(group_by_name_missing_notfound), + new_multi_domain_test(group_by_name_multiple_domains_found), + new_multi_domain_test(group_by_name_multiple_domains_notfound) }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ -- cgit