From fd04b25eaa5cd105da4122854d8bc1e702760e60 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 24 Mar 2015 23:24:50 +0100 Subject: cache_req: Extend cache_req with wildcard lookups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related: https://fedorahosted.org/sssd/ticket/2553 Adds two new functions to the cache_req API: - cache_req_user_by_filter_send - cache_req_group_by_filter_send These functions can be used to retrieve users or groups that match a specified filter. Also renames a variable to avoid constant confusion -- the variable is only used for debug output. Reviewed-by: Pavel Březina --- src/responder/common/responder_cache_req.c | 156 ++++++++++++++++++++++++++--- src/responder/common/responder_cache_req.h | 24 ++++- 2 files changed, 166 insertions(+), 14 deletions(-) (limited to 'src/responder') diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index dd81abadf..e7099f171 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -28,6 +28,44 @@ #include "responder/common/responder_cache_req.h" #include "providers/data_provider.h" +static errno_t updated_users_by_filter(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name_filter, + time_t since, + struct ldb_result **_res) +{ + int ret; + char *recent_filter; + + recent_filter = talloc_asprintf(mem_ctx, "(%s>=%lu)", + SYSDB_LAST_UPDATE, since); + ret = sysdb_enumpwent_filter_with_views(mem_ctx, domain, + name_filter, recent_filter, + _res); + talloc_free(recent_filter); + + return ret; +} + +static errno_t updated_groups_by_filter(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name_filter, + time_t since, + struct ldb_result **_res) +{ + int ret; + char *recent_filter; + + recent_filter = talloc_asprintf(mem_ctx, "(%s>=%lu)", + SYSDB_LAST_UPDATE, since); + ret = sysdb_enumgrent_filter_with_views(mem_ctx, domain, + name_filter, recent_filter, + _res); + talloc_free(recent_filter); + + return ret; +} + struct cache_req_input { enum cache_req_type type; @@ -51,6 +89,8 @@ struct cache_req_input { /* Fully qualified object name used in debug messages. */ const char *debug_fqn; + /* Time when the request started. Useful for by-filter lookups */ + time_t req_start; }; struct cache_req_input * @@ -68,11 +108,14 @@ cache_req_input_create(TALLOC_CTX *mem_ctx, } input->type = type; + input->req_start = time(NULL); /* Check that input parameters match selected type. */ switch (input->type) { case CACHE_REQ_USER_BY_NAME: case CACHE_REQ_GROUP_BY_NAME: + case CACHE_REQ_USER_BY_FILTER: + case CACHE_REQ_GROUP_BY_FILTER: case CACHE_REQ_INITGROUPS: if (name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Bug: name cannot be NULL!\n"); @@ -121,9 +164,18 @@ cache_req_input_create(TALLOC_CTX *mem_ctx, case CACHE_REQ_INITGROUPS: input->dp_type = SSS_DP_INITGROUPS; break; + case CACHE_REQ_USER_BY_CERT: input->dp_type = SSS_DP_CERT; break; + + case CACHE_REQ_USER_BY_FILTER: + input->dp_type = SSS_DP_WILDCARD_USER; + break; + + case CACHE_REQ_GROUP_BY_FILTER: + input->dp_type = SSS_DP_WILDCARD_GROUP; + break; } return input; @@ -157,7 +209,7 @@ cache_req_input_set_domain(struct cache_req_input *input, { TALLOC_CTX *tmp_ctx = NULL; const char *name = NULL; - const char *fqn = NULL; + const char *debug_fqn = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); @@ -171,6 +223,8 @@ cache_req_input_set_domain(struct cache_req_input *input, switch (input->type) { case CACHE_REQ_USER_BY_NAME: case CACHE_REQ_GROUP_BY_NAME: + case CACHE_REQ_USER_BY_FILTER: + case CACHE_REQ_GROUP_BY_FILTER: case CACHE_REQ_INITGROUPS: name = sss_get_cased_name(tmp_ctx, input->orig_name, domain->case_sensitive); @@ -185,8 +239,8 @@ cache_req_input_set_domain(struct cache_req_input *input, goto done; } - fqn = talloc_asprintf(tmp_ctx, "%s@%s", name, domain->name); - if (fqn == NULL) { + debug_fqn = talloc_asprintf(tmp_ctx, "%s@%s", name, domain->name); + if (debug_fqn == NULL) { ret = ENOMEM; goto done; } @@ -194,16 +248,16 @@ cache_req_input_set_domain(struct cache_req_input *input, break; case CACHE_REQ_USER_BY_ID: - fqn = talloc_asprintf(tmp_ctx, "UID:%d@%s", input->id, domain->name); - if (fqn == NULL) { + debug_fqn = talloc_asprintf(tmp_ctx, "UID:%d@%s", input->id, domain->name); + if (debug_fqn == NULL) { ret = ENOMEM; goto done; } break; case CACHE_REQ_GROUP_BY_ID: - fqn = talloc_asprintf(tmp_ctx, "GID:%d@%s", input->id, domain->name); - if (fqn == NULL) { + debug_fqn = talloc_asprintf(tmp_ctx, "GID:%d@%s", input->id, domain->name); + if (debug_fqn == NULL) { ret = ENOMEM; goto done; } @@ -211,10 +265,10 @@ cache_req_input_set_domain(struct cache_req_input *input, case CACHE_REQ_USER_BY_CERT: /* certificates might be quite long, only use the last 10 charcters * for logging */ - fqn = talloc_asprintf(tmp_ctx, "CERT:%s@%s", - get_last_x_chars(input->cert, 10), - domain->name); - if (fqn == NULL) { + debug_fqn = talloc_asprintf(tmp_ctx, "CERT:%s@%s", + get_last_x_chars(input->cert, 10), + domain->name); + if (debug_fqn == NULL) { ret = ENOMEM; goto done; } @@ -223,7 +277,7 @@ cache_req_input_set_domain(struct cache_req_input *input, input->domain = domain; input->dom_objname = talloc_steal(input, name); - input->debug_fqn = talloc_steal(input, fqn); + input->debug_fqn = talloc_steal(input, debug_fqn); ret = EOK; @@ -257,6 +311,10 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input, case CACHE_REQ_USER_BY_CERT: ret = sss_ncache_check_cert(ncache, neg_timeout, input->cert); break; + case CACHE_REQ_USER_BY_FILTER: + case CACHE_REQ_GROUP_BY_FILTER: + ret = EOK; + break; } if (ret == EEXIST) { @@ -282,6 +340,10 @@ static void cache_req_add_to_ncache(struct cache_req_input *input, ret = sss_ncache_set_group(ncache, false, input->domain, input->dom_objname); break; + case CACHE_REQ_USER_BY_FILTER: + case CACHE_REQ_GROUP_BY_FILTER: + /* Nothing to do, adding a wildcard request to ncache doesn't + * make sense */ case CACHE_REQ_USER_BY_ID: case CACHE_REQ_GROUP_BY_ID: case CACHE_REQ_USER_BY_CERT: @@ -308,6 +370,10 @@ static void cache_req_add_to_ncache_global(struct cache_req_input *input, errno_t ret = ERR_INTERNAL; switch (input->type) { + case CACHE_REQ_USER_BY_FILTER: + case CACHE_REQ_GROUP_BY_FILTER: + /* Nothing to do, adding a wildcard request to ncache doesn't + * make sense */ case CACHE_REQ_USER_BY_NAME: case CACHE_REQ_GROUP_BY_NAME: case CACHE_REQ_INITGROUPS: @@ -377,6 +443,18 @@ static errno_t cache_req_get_object(TALLOC_CTX *mem_ctx, ret = sysdb_search_user_by_cert(mem_ctx, input->domain, input->cert, &result); break; + case CACHE_REQ_USER_BY_FILTER: + one_item_only = false; + ret = updated_users_by_filter(mem_ctx, input->domain, + input->dom_objname, input->req_start, + &result); + break; + case CACHE_REQ_GROUP_BY_FILTER: + one_item_only = false; + ret = updated_groups_by_filter(mem_ctx, input->domain, + input->dom_objname, input->req_start, + &result); + break; } if (ret != EOK) { @@ -397,6 +475,19 @@ done: return ret; } +/* Return true if the request bypasses cache or false if the cache_req + * code can leverage sysdb for this request. + */ +static bool cache_req_bypass_cache(struct cache_req_input *input) +{ + if (input->type == CACHE_REQ_USER_BY_FILTER || + input->type == CACHE_REQ_GROUP_BY_FILTER) { + return true; + } + + return false; +} + struct cache_req_cache_state { /* input data */ struct tevent_context *ev; @@ -504,7 +595,8 @@ static errno_t cache_req_cache_check(struct tevent_req *req) state = tevent_req_data(req, struct cache_req_cache_state); - if (state->result == NULL || state->result->count == 0) { + if (state->result == NULL || state->result->count == 0 || + cache_req_bypass_cache(state->input) == true) { ret = ENOENT; } else { if (state->input->type == CACHE_REQ_INITGROUPS) { @@ -1059,3 +1151,41 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, neg_timeout, cache_refresh_percent, domain, input); } + +struct tevent_req * +cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + const char *domain, + const char *filter) +{ + struct cache_req_input *input; + + input = cache_req_input_create(mem_ctx, CACHE_REQ_USER_BY_FILTER, + filter, 0, NULL); + if (input == NULL) { + return NULL; + } + + return cache_req_steal_input_and_send(mem_ctx, ev, rctx, NULL, + 0, 0, domain, input); +} + +struct tevent_req * +cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + const char *domain, + const char *filter) +{ + struct cache_req_input *input; + + input = cache_req_input_create(mem_ctx, CACHE_REQ_GROUP_BY_FILTER, + filter, 0, NULL); + if (input == NULL) { + return NULL; + } + + return cache_req_steal_input_and_send(mem_ctx, ev, rctx, NULL, + 0, 0, domain, input); +} diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h index 84a9dde7d..9e3f88a14 100644 --- a/src/responder/common/responder_cache_req.h +++ b/src/responder/common/responder_cache_req.h @@ -33,7 +33,9 @@ enum cache_req_type { CACHE_REQ_GROUP_BY_NAME, CACHE_REQ_GROUP_BY_ID, CACHE_REQ_INITGROUPS, - CACHE_REQ_USER_BY_CERT + CACHE_REQ_USER_BY_CERT, + CACHE_REQ_USER_BY_FILTER, + CACHE_REQ_GROUP_BY_FILTER, }; struct cache_req_input; @@ -143,4 +145,24 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, #define cache_req_initgr_by_name_recv(mem_ctx, req, _result, _domain, _name) \ cache_req_recv(mem_ctx, req, _result, _domain, _name) +struct tevent_req * +cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + const char *domain, + const char *filter); + +#define cache_req_user_by_filter_recv(mem_ctx, req, _result, _domain) \ + cache_req_recv(mem_ctx, req, _result, _domain, NULL) + +struct tevent_req * +cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx, + const char *domain, + const char *filter); + +#define cache_req_group_by_filter_recv(mem_ctx, req, _result, _domain) \ + cache_req_recv(mem_ctx, req, _result, _domain, NULL) + #endif /* RESPONDER_CACHE_H_ */ -- cgit