summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2015-03-29 16:30:27 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-04-09 08:35:20 +0200
commit0d19785f9ffd9c66df5b30d208ec7b0216a9555b (patch)
treefa11cac980dba90b196538cd68de11eae11ada4d /src
parent1aa492ce890f362564bfac21f3cfb0a3e38608bd (diff)
downloadsssd-0d19785f9ffd9c66df5b30d208ec7b0216a9555b.tar.gz
sssd-0d19785f9ffd9c66df5b30d208ec7b0216a9555b.tar.xz
sssd-0d19785f9ffd9c66df5b30d208ec7b0216a9555b.zip
ncache: Add sss_ncache_reset_repopulate_permanent
This new function resets the negative cache and then re-adds the permanent entries. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r--src/responder/common/negcache.c14
-rw-r--r--src/responder/common/negcache.h6
-rw-r--r--src/tests/cmocka/test_negcache.c93
3 files changed, 113 insertions, 0 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 3e58c3e7f..2fa61af53 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -838,3 +838,17 @@ done:
talloc_free(tmpctx);
return ret;
}
+
+/* Reset permanent negcache after checking the domains */
+errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
+ struct sss_nc_ctx *ncache)
+{
+ int ret;
+
+ ret = sss_ncache_reset_permanent(ncache);
+ if (ret == EOK) {
+ ret = sss_ncache_prepopulate(ncache, rctx->cdb, rctx);
+ }
+
+ return ret;
+}
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 00f979dbb..b96fbfda5 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -69,6 +69,8 @@ int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent,
int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx);
+struct resp_ctx;
+
/* Set up the negative cache with values from filter_users and
* filter_groups in the sssd.conf
*/
@@ -76,4 +78,8 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
struct confdb_ctx *cdb,
struct resp_ctx *rctx);
+/* Flush the negcache and then repopulate */
+errno_t sss_ncache_reset_repopulate_permanent(struct resp_ctx *rctx,
+ struct sss_nc_ctx *ncache);
+
#endif /* _NSS_NEG_CACHE_H_ */
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index cab457434..6f9802a38 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -710,6 +710,97 @@ static void test_sss_ncache_default_domain_suffix(void **state)
}
+static void test_sss_ncache_reset_prepopulate(void **state)
+{
+ int ret;
+ struct test_state *ts;
+ struct tevent_context *ev;
+ struct sss_nc_ctx *ncache;
+ struct sss_test_ctx *tc;
+ struct sss_domain_info *dom;
+ struct sss_domain_info *dom2;
+
+ struct sss_test_conf_param params[] = {
+ { "filter_users", "testuser1@"TEST_DOM_NAME", testuser2@"TEST_DOM_NAME"2" },
+ { "filter_groups", "testgroup1@"TEST_DOM_NAME", testgroup2@"TEST_DOM_NAME"2" },
+ { NULL, NULL },
+ };
+
+ const char *nss_filter_users[] = { params[0].value, NULL};
+ const char *nss_filter_groups[] = { params[1].value, NULL};
+
+ ts = talloc_get_type_abort(*state, struct test_state);
+
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+ dom = talloc_zero(ts, struct sss_domain_info);
+ assert_non_null(dom);
+ dom->name = discard_const_p(char, TEST_DOM_NAME);
+
+ ts->nctx = mock_nctx(ts);
+ assert_non_null(ts->nctx);
+
+ tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
+ TEST_DOM_NAME, TEST_ID_PROVIDER, params);
+ assert_non_null(tc);
+
+ ret = confdb_add_param(tc->confdb, true, "config/nss",
+ "filter_users", nss_filter_users);
+ assert_int_equal(ret, EOK);
+
+ ret = confdb_add_param(tc->confdb, true, "config/nss",
+ "filter_groups", nss_filter_groups);
+ assert_int_equal(ret, EOK);
+
+ ncache = ts->ctx;
+ ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
+ assert_non_null(ts->rctx);
+ ts->rctx->default_domain = discard_const(TEST_DOM_NAME);
+ ts->rctx->cdb = tc->confdb;
+
+ ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
+ assert_int_equal(ret, EOK);
+
+ ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
+ assert_int_equal(ret, EOK);
+
+ /* Add another domain */
+ dom2 = talloc_zero(ts, struct sss_domain_info);
+ assert_non_null(dom2);
+ dom2->name = discard_const_p(char, TEST_DOM_NAME"2");
+ dom->next = dom2;
+ dom2->names = dom->names;
+
+ /* First domain should not be known, the second not */
+ ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
+ assert_int_equal(ret, ENOENT);
+
+ ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
+ assert_int_equal(ret, ENOENT);
+
+ ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
+ assert_int_equal(ret, EOK);
+
+ /* First domain should not be known, the second not */
+ ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
+ assert_int_equal(ret, EEXIST);
+}
int main(void)
{
int rv;
@@ -731,6 +822,8 @@ int main(void)
setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_default_domain_suffix,
setup, teardown),
+ cmocka_unit_test_setup_teardown(test_sss_ncache_reset_prepopulate,
+ setup, teardown),
};
tests_set_cwd();