summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2015-03-29 16:31:19 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-04-09 08:35:23 +0200
commit0528fdec17d0031996e919fcd852459e86592c35 (patch)
tree1b2e9e3a9406629fb4006acaf51a44d9bad8e4bd
parent0d19785f9ffd9c66df5b30d208ec7b0216a9555b (diff)
downloadsssd-0528fdec17d0031996e919fcd852459e86592c35.tar.gz
sssd-0528fdec17d0031996e919fcd852459e86592c35.tar.xz
sssd-0528fdec17d0031996e919fcd852459e86592c35.zip
responders: reset ncache after domains are discovered during startup
After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r--src/responder/autofs/autofssrv.c2
-rw-r--r--src/responder/common/responder.h4
-rw-r--r--src/responder/common/responder_get_domains.c42
-rw-r--r--src/responder/ifp/ifpsrv.c2
-rw-r--r--src/responder/nss/nsssrv.c2
-rw-r--r--src/responder/pac/pacsrv.c2
-rw-r--r--src/responder/pam/pamsrv.c2
-rw-r--r--src/responder/ssh/sshsrv.c2
-rw-r--r--src/responder/sudo/sudosrv.c2
-rw-r--r--src/tests/cmocka/test_responder_common.c37
10 files changed, 82 insertions, 15 deletions
diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c
index 91f529135..ff3016729 100644
--- a/src/responder/autofs/autofssrv.c
+++ b/src/responder/autofs/autofssrv.c
@@ -187,7 +187,7 @@ autofs_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 02a215ced..9c7a73809 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -34,6 +34,7 @@
#include <dhash.h>
#include "sbus/sssd_dbus.h"
+#include "responder/common/negcache.h"
#include "sss_client/sss_cli.h"
extern hash_table_t *dp_requests;
@@ -314,7 +315,8 @@ errno_t sss_dp_get_domains_recv(struct tevent_req *req);
errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct resp_ctx *rctx);
+ struct resp_ctx *rctx,
+ struct sss_nc_ctx *optional_ncache);
errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string,
bool allow_sss_loop,
diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c
index 1dbb9ea81..8fbab082a 100644
--- a/src/responder/common/responder_get_domains.c
+++ b/src/responder/common/responder_get_domains.c
@@ -363,16 +363,33 @@ static errno_t check_last_request(struct resp_ctx *rctx, const char *hint)
return EOK;
}
+struct get_domains_state {
+ struct resp_ctx *rctx;
+ struct sss_nc_ctx *optional_ncache;
+};
+
static void get_domains_at_startup_done(struct tevent_req *req)
{
int ret;
+ struct get_domains_state *state;
+
+ state = tevent_req_callback_data(req, struct get_domains_state);
ret = sss_dp_get_domains_recv(req);
talloc_free(req);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "sss_dp_get_domains request failed.\n");
+ DEBUG(SSSDBG_MINOR_FAILURE, "sss_dp_get_domains request failed.\n");
}
+ if (state->optional_ncache != NULL) {
+ ret = sss_ncache_reset_repopulate_permanent(state->rctx,
+ state->optional_ncache);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "sss_dp_get_domains request failed.\n");
+ }
+ }
+
+ talloc_free(state);
return;
}
@@ -381,33 +398,44 @@ static void get_domains_at_startup(struct tevent_context *ev,
void *pvt)
{
struct tevent_req *req;
- struct resp_ctx *rctx;
+ struct get_domains_state *state;
- rctx = talloc_get_type(pvt, struct resp_ctx);
+ state = talloc_get_type(pvt, struct get_domains_state);
- req = sss_dp_get_domains_send(rctx, rctx, true, NULL);
+ req = sss_dp_get_domains_send(state, state->rctx, true, NULL);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "sss_dp_get_domains_send failed.\n");
+ talloc_free(state);
return;
}
- tevent_req_set_callback(req, get_domains_at_startup_done, NULL);
+ tevent_req_set_callback(req, get_domains_at_startup_done, state);
return;
}
errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct resp_ctx *rctx)
+ struct resp_ctx *rctx,
+ struct sss_nc_ctx *optional_ncache)
{
struct tevent_immediate *imm;
+ struct get_domains_state *state;
+
+ state = talloc(mem_ctx, struct get_domains_state);
+ if (state == NULL) {
+ return ENOMEM;
+ }
+ state->rctx = rctx;
+ state->optional_ncache = optional_ncache;
imm = tevent_create_immediate(mem_ctx);
if (imm == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "tevent_create_immediate failed.\n");
+ talloc_free(state);
return ENOMEM;
}
- tevent_schedule_immediate(imm, ev, get_domains_at_startup, rctx);
+ tevent_schedule_immediate(imm, ev, get_domains_at_startup, state);
return EOK;
}
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index a4cabf20a..3f5444186 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -339,7 +339,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
return EIO;
}
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"schedule_get_domains_tasks failed.\n");
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index bce06c3e8..48fb19408 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -530,7 +530,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index 859ae86a5..20a5702e1 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -195,7 +195,7 @@ int pac_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 45747baa0..aa0d2796b 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -296,7 +296,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
}
responder_set_fd_limit(fd_limit);
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, pctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto done;
diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
index 1bcf4e21a..9439b9d89 100644
--- a/src/responder/ssh/sshsrv.c
+++ b/src/responder/ssh/sshsrv.c
@@ -163,7 +163,7 @@ int ssh_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index e480c7a43..5d46222c9 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -143,7 +143,7 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
diff --git a/src/tests/cmocka/test_responder_common.c b/src/tests/cmocka/test_responder_common.c
index 44c93c1d5..0a4d4bb49 100644
--- a/src/tests/cmocka/test_responder_common.c
+++ b/src/tests/cmocka/test_responder_common.c
@@ -266,6 +266,40 @@ void parse_inp_call_neg(void **state)
assert_int_equal(ret, EOK);
}
+struct sss_nc_ctx {
+ struct parse_inp_test_ctx *pctx;
+};
+
+errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
+ struct sss_nc_ctx *dummy_ncache_ptr)
+{
+ dummy_ncache_ptr->pctx->tctx->error = EOK;
+ dummy_ncache_ptr->pctx->tctx->done = true;
+ return EOK;
+}
+
+void test_schedule_get_domains_task(void **state)
+{
+ struct parse_inp_test_ctx *parse_inp_ctx = talloc_get_type(*state,
+ struct parse_inp_test_ctx);
+ errno_t ret;
+ struct sss_nc_ctx *dummy_ncache_ptr;
+
+ dummy_ncache_ptr = talloc(parse_inp_ctx, struct sss_nc_ctx);
+ assert_non_null(dummy_ncache_ptr);
+ dummy_ncache_ptr->pctx = parse_inp_ctx;
+
+ ret = schedule_get_domains_task(dummy_ncache_ptr,
+ parse_inp_ctx->rctx->ev,
+ parse_inp_ctx->rctx,
+ dummy_ncache_ptr);
+ assert_int_equal(ret, EOK);
+
+ ret = test_ev_loop(parse_inp_ctx->tctx);
+ assert_int_equal(ret, EOK);
+ talloc_free(dummy_ncache_ptr);
+}
+
int main(int argc, const char *argv[])
{
int rv;
@@ -293,6 +327,9 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(parse_inp_call_neg,
parse_inp_test_setup,
parse_inp_test_teardown),
+ cmocka_unit_test_setup_teardown(test_schedule_get_domains_task,
+ parse_inp_test_setup,
+ parse_inp_test_teardown),
};
/* Set debug level to invalid value so we can deside if -d 0 was used. */