diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2016-11-02 16:59:12 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-15 14:50:42 +0100 |
commit | 99a32e4f5164e174d5a3ffa5a1fe622075a8fe45 (patch) | |
tree | ce6fa2399c750cb4bc2d2de6d85705c472461f93 | |
parent | a5ecc93abb01cece628fdef04ebad43bba267419 (diff) | |
download | sssd-99a32e4f5164e174d5a3ffa5a1fe622075a8fe45.tar.gz sssd-99a32e4f5164e174d5a3ffa5a1fe622075a8fe45.tar.xz sssd-99a32e4f5164e174d5a3ffa5a1fe622075a8fe45.zip |
NEGCACHE: Add API to reset all users and groups
Adds a negative cache API to reset negatively cached users and groups.
This will be used when the files back end finishes enumeration to make
sure all results are available.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r-- | src/responder/common/negcache.c | 56 | ||||
-rw-r--r-- | src/responder/common/negcache.h | 2 | ||||
-rw-r--r-- | src/tests/cmocka/test_negcache.c | 70 |
3 files changed, 128 insertions, 0 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 5b7ad69f4..944a06e15 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -674,6 +674,62 @@ int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx) return EOK; } +static int delete_prefix(struct tdb_context *tdb, + TDB_DATA key, TDB_DATA data, void *state) +{ + const char *prefix = (const char *) state; + + if (strncmp((char *)key.dptr, prefix, strlen(prefix) - 1) != 0) { + /* not interested in this key */ + return 0; + } + + return tdb_delete(tdb, key); +} + +static int sss_ncache_reset_pfx(struct sss_nc_ctx *ctx, + const char **prefixes) +{ + int ret; + + if (prefixes == NULL) { + return EOK; + } + + for (int i = 0; prefixes[i] != NULL; i++) { + ret = tdb_traverse(ctx->tdb, + delete_prefix, + discard_const(prefixes[i])); + if (ret < 0) { + return EIO; + } + } + + return EOK; +} + +int sss_ncache_reset_users(struct sss_nc_ctx *ctx) +{ + const char *prefixes[] = { + NC_USER_PREFIX, + NC_UID_PREFIX, + NULL, + }; + + return sss_ncache_reset_pfx(ctx, prefixes); +} + +int sss_ncache_reset_groups(struct sss_nc_ctx *ctx) +{ + const char *prefixes[] = { + NC_GROUP_PREFIX, + NC_GID_PREFIX, + NULL, + }; + + return sss_ncache_reset_pfx(ctx, prefixes); +} + errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, struct confdb_ctx *cdb, struct resp_ctx *rctx) diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index 377f97c8b..8af736a67 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -78,6 +78,8 @@ int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent, uint16_t port, const char *proto); int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx); +int sss_ncache_reset_users(struct sss_nc_ctx *ctx); +int sss_ncache_reset_groups(struct sss_nc_ctx *ctx); struct resp_ctx; diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c index 14e4fa639..d608c20ad 100644 --- a/src/tests/cmocka/test_negcache.c +++ b/src/tests/cmocka/test_negcache.c @@ -785,6 +785,74 @@ static void test_sss_ncache_reset_prepopulate(void **state) ret = check_group_in_ncache(ncache, dom2, "testgroup2"); assert_int_equal(ret, EEXIST); } + +static void test_sss_ncache_reset(void **state) +{ + errno_t ret; + struct test_state *ts; + struct sss_domain_info *dom; + + ts = talloc_get_type_abort(*state, struct test_state); + dom = talloc(ts, struct sss_domain_info); + assert_non_null(dom); + dom->case_sensitive = true; + + dom->name = discard_const_p(char, TEST_DOM_NAME); + + /* Set users */ + ret = sss_ncache_check_uid(ts->ctx, NULL, 123); + assert_int_equal(ret, ENOENT); + ret = sss_ncache_set_uid(ts->ctx, false, NULL, 123); + assert_int_equal(ret, EOK); + ret = sss_ncache_check_uid(ts->ctx, NULL, 123); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_user(ts->ctx, dom, "foo"); + assert_int_equal(ret, ENOENT); + ret = sss_ncache_set_user(ts->ctx, false, dom, "foo"); + assert_int_equal(ret, EOK); + ret = sss_ncache_check_user(ts->ctx, dom, "foo"); + assert_int_equal(ret, EEXIST); + + /* Set groups */ + ret = sss_ncache_check_gid(ts->ctx, NULL, 456); + assert_int_equal(ret, ENOENT); + ret = sss_ncache_set_gid(ts->ctx, false, NULL, 456); + assert_int_equal(ret, EOK); + ret = sss_ncache_check_gid(ts->ctx, NULL, 456); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_check_group(ts->ctx, dom, "bar"); + assert_int_equal(ret, ENOENT); + ret = sss_ncache_set_group(ts->ctx, false, dom, "bar"); + assert_int_equal(ret, EOK); + ret = sss_ncache_check_group(ts->ctx, dom, "bar"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_reset_users(ts->ctx); + assert_int_equal(ret, EOK); + + /* Users are no longer negatively cached */ + ret = sss_ncache_check_user(ts->ctx, dom, "foo"); + assert_int_equal(ret, ENOENT); + ret = sss_ncache_check_uid(ts->ctx, NULL, 123); + assert_int_equal(ret, ENOENT); + + /* Groups still are */ + ret = sss_ncache_check_gid(ts->ctx, NULL, 456); + assert_int_equal(ret, EEXIST); + ret = sss_ncache_check_group(ts->ctx, dom, "bar"); + assert_int_equal(ret, EEXIST); + + ret = sss_ncache_reset_groups(ts->ctx); + assert_int_equal(ret, EOK); + + ret = sss_ncache_check_gid(ts->ctx, NULL, 456); + assert_int_equal(ret, ENOENT); + ret = sss_ncache_check_group(ts->ctx, dom, "bar"); + assert_int_equal(ret, ENOENT); +} + int main(void) { int rv; @@ -809,6 +877,8 @@ int main(void) setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_reset_prepopulate, setup, teardown), + cmocka_unit_test_setup_teardown(test_sss_ncache_reset, + setup, teardown), }; tests_set_cwd(); |