From e1aed98d7c195f844ac8e85050d04f3ca5f899b3 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 22 Jul 2015 14:21:52 +0200 Subject: negcache: allow domain name for UID and GID Related to https://fedorahosted.org/sssd/ticket/2731 Reviewed-by: Jakub Hrozek --- src/responder/common/negcache.c | 40 ++++++++++++++++++++++++------ src/responder/common/negcache.h | 12 ++++++--- src/responder/common/responder_cache_req.c | 8 +++--- src/responder/nss/nsssrv_cmd.c | 19 ++++++++------ 4 files changed, 55 insertions(+), 24 deletions(-) (limited to 'src/responder') diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 64270f467..fc482c411 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -376,12 +376,18 @@ int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl, -int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) +int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, uid_t uid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIuid, NC_UID_PREFIX, dom->name, + uid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + } if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); @@ -390,12 +396,18 @@ int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) return ret; } -int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid) +int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, gid_t gid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIgid, NC_GID_PREFIX, dom->name, + gid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + } if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); @@ -522,12 +534,18 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_netgr_int); } -int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) +int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, uid_t uid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIuid, NC_UID_PREFIX, dom->name, + uid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); + } if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); @@ -536,12 +554,18 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) return ret; } -int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid) +int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, gid_t gid) { char *str; int ret; - str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + if (dom != NULL) { + str = talloc_asprintf(ctx, "%s/%s/%"SPRIgid, NC_GID_PREFIX, dom->name, + gid); + } else { + str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); + } if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index e7cbfe114..46e66d503 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -34,8 +34,10 @@ int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); -int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); -int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid); +int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, uid_t uid); +int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, gid_t gid); int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid); int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert); @@ -58,8 +60,10 @@ int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); -int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid); -int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid); +int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, uid_t uid); +int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, gid_t gid); int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid); int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent, const char *cert); diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index e7099f171..d0a90d2c9 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -303,10 +303,10 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input, input->domain, input->dom_objname); break; case CACHE_REQ_USER_BY_ID: - ret = sss_ncache_check_uid(ncache, neg_timeout, input->id); + ret = sss_ncache_check_uid(ncache, neg_timeout, NULL, input->id); break; case CACHE_REQ_GROUP_BY_ID: - ret = sss_ncache_check_gid(ncache, neg_timeout, input->id); + ret = sss_ncache_check_gid(ncache, neg_timeout, NULL, input->id); break; case CACHE_REQ_USER_BY_CERT: ret = sss_ncache_check_cert(ncache, neg_timeout, input->cert); @@ -382,10 +382,10 @@ static void cache_req_add_to_ncache_global(struct cache_req_input *input, ret = EOK; break; case CACHE_REQ_USER_BY_ID: - ret = sss_ncache_set_uid(ncache, false, input->id); + ret = sss_ncache_set_uid(ncache, false, NULL, input->id); break; case CACHE_REQ_GROUP_BY_ID: - ret = sss_ncache_set_gid(ncache, false, input->id); + ret = sss_ncache_set_gid(ncache, false, NULL, input->id); break; case CACHE_REQ_USER_BY_CERT: ret = sss_ncache_set_cert(ncache, false, input->cert); diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index b3998015f..93c9bb81d 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -1710,7 +1710,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ - err = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id); @@ -1779,7 +1779,8 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) switch(dctx->cmdctx->cmd) { case SSS_NSS_GETPWUID: - ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, NULL, + cmdctx->id); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, "Uid [%"PRIu32"] does not exist! (negative cache)\n", @@ -1789,7 +1790,8 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) } break; case SSS_NSS_GETGRGID: - ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, NULL, + cmdctx->id); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, "Gid [%"PRIu32"] does not exist! (negative cache)\n", @@ -1799,10 +1801,11 @@ static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) } break; case SSS_NSS_GETSIDBYID: - ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, NULL, + cmdctx->id); if (ret != EEXIST) { ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, - cmdctx->id); + NULL, cmdctx->id); } if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, @@ -3288,7 +3291,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ - err = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id); @@ -4592,13 +4595,13 @@ done: if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { DEBUG(SSSDBG_MINOR_FAILURE, "No matching domain found for [%"PRIu32"], fail!\n", cmdctx->id); - err = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_uid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for UID %"PRIu32"\n", cmdctx->id); } - err = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); + err = sss_ncache_set_gid(nctx->ncache, false, NULL, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negative cache for GID %"PRIu32"\n", cmdctx->id); -- cgit