diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-29 16:30:27 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-09 08:35:20 +0200 |
commit | 0d19785f9ffd9c66df5b30d208ec7b0216a9555b (patch) | |
tree | fa11cac980dba90b196538cd68de11eae11ada4d /src | |
parent | 1aa492ce890f362564bfac21f3cfb0a3e38608bd (diff) | |
download | sssd-0d19785f9ffd9c66df5b30d208ec7b0216a9555b.tar.gz sssd-0d19785f9ffd9c66df5b30d208ec7b0216a9555b.tar.xz sssd-0d19785f9ffd9c66df5b30d208ec7b0216a9555b.zip |
ncache: Add sss_ncache_reset_repopulate_permanent
This new function resets the negative cache and then re-adds the
permanent entries.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/responder/common/negcache.c | 14 | ||||
-rw-r--r-- | src/responder/common/negcache.h | 6 | ||||
-rw-r--r-- | src/tests/cmocka/test_negcache.c | 93 |
3 files changed, 113 insertions, 0 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 3e58c3e7f..2fa61af53 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -838,3 +838,17 @@ done: talloc_free(tmpctx); return ret; } + +/* Reset permanent negcache after checking the domains */ +errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx, + struct sss_nc_ctx *ncache) +{ + int ret; + + ret = sss_ncache_reset_permanent(ncache); + if (ret == EOK) { + ret = sss_ncache_prepopulate(ncache, rctx->cdb, rctx); + } + + return ret; +} diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index 00f979dbb..b96fbfda5 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -69,6 +69,8 @@ int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent, int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx); +struct resp_ctx; + /* Set up the negative cache with values from filter_users and * filter_groups in the sssd.conf */ @@ -76,4 +78,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, struct confdb_ctx *cdb, struct resp_ctx *rctx); +/* Flush the negcache and then repopulate */ +errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx, + struct sss_nc_ctx *ncache); + #endif /* _NSS_NEG_CACHE_H_ */ diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c index cab457434..6f9802a38 100644 --- a/src/tests/cmocka/test_negcache.c +++ b/src/tests/cmocka/test_negcache.c @@ -710,6 +710,97 @@ static void test_sss_ncache_default_domain_suffix(void **state) } +static void test_sss_ncache_reset_prepopulate(void **state) +{ + int ret; + struct test_state *ts; + struct tevent_context *ev; + struct sss_nc_ctx *ncache; + struct sss_test_ctx *tc; + struct sss_domain_info *dom; + struct sss_domain_info *dom2; + + struct sss_test_conf_param params[] = { + { "filter_users", "testuser1@"TEST_DOM_NAME", testuser2@"TEST_DOM_NAME"2" }, + { "filter_groups", "testgroup1@"TEST_DOM_NAME", testgroup2@"TEST_DOM_NAME"2" }, + { NULL, NULL }, + }; + + const char *nss_filter_users[] = { params[0].value, NULL}; + const char *nss_filter_groups[] = { params[1].value, NULL}; + + ts = talloc_get_type_abort(*state, struct test_state); + + ev = tevent_context_init(ts); + assert_non_null(ev); + + dom = talloc_zero(ts, struct sss_domain_info); + assert_non_null(dom); + dom->name = discard_const_p(char, TEST_DOM_NAME); + + ts->nctx = mock_nctx(ts); + assert_non_null(ts->nctx); + + tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB, + TEST_DOM_NAME, TEST_ID_PROVIDER, params); + assert_non_null(tc); + + ret = confdb_add_param(tc->confdb, true, "config/nss", + "filter_users", nss_filter_users); + assert_int_equal(ret, EOK); + + ret = confdb_add_param(tc->confdb, true, "config/nss", + "filter_groups", nss_filter_groups); + assert_int_equal(ret, EOK); + + ncache = ts->ctx; + ts->rctx = mock_rctx(ts, ev, dom, ts->nctx); + assert_non_null(ts->rctx); + ts->rctx->default_domain = discard_const(TEST_DOM_NAME); + ts->rctx->cdb = tc->confdb; + + ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names); + assert_int_equal(ret, EOK); + + ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache); + assert_int_equal(ret, EOK); + + /* Add another domain */ + dom2 = talloc_zero(ts, struct sss_domain_info); + assert_non_null(dom2); + dom2->name = discard_const_p(char, TEST_DOM_NAME"2"); + dom->next = dom2; + dom2->names = dom->names; + + /* First domain should not be known, the second not */ + ret = sss_ncache_check_user(ncache, 1, dom, "testuser1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2"); + assert_int_equal(ret, ENOENT); + + ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache); + assert_int_equal(ret, EOK); + + /* First domain should not be known, the second not */ + ret = sss_ncache_check_user(ncache, 1, dom, "testuser1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2"); + assert_int_equal(ret, EEXIST); +} int main(void) { int rv; @@ -731,6 +822,8 @@ int main(void) setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_default_domain_suffix, setup, teardown), + cmocka_unit_test_setup_teardown(test_sss_ncache_reset_prepopulate, + setup, teardown), }; tests_set_cwd(); |