summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2017-03-24 10:39:12 +0100
committerJakub Hrozek <jhrozek@redhat.com>2017-03-30 14:09:22 +0200
commitcee85e8fb9534ec997e5388fce59f392cf029573 (patch)
tree8d97dfaa6ddaf5ed379c1cfda3a52a36cc4aa731
parent825e8bf2f73a815c2eceb36ae805145fcbacf74d (diff)
downloadsssd-cee85e8fb9534ec997e5388fce59f392cf029573.tar.gz
sssd-cee85e8fb9534ec997e5388fce59f392cf029573.tar.xz
sssd-cee85e8fb9534ec997e5388fce59f392cf029573.zip
CACHE_REQ: Domain type selection in cache_req
Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new enumeration cache_req_dom_type. It is a tri-state that allows the caller to select which domains can be contacted - either only POSIX, only application domains or any type. Not all plugins of cache_req have the new parameter added -- only those that are usable/useful in a non-POSIX environment. For example, it makes no sense to allow the selection for calls by ID because those are inherently POSIX-specific. Also, services or netgroups are supported only coming from POSIX domains. At the moment, the patch should not change any behaviour as all calls default to contacting POSIX domains only. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat
-rw-r--r--src/responder/common/cache_req/cache_req.c80
-rw-r--r--src/responder/common/cache_req/cache_req.h19
-rw-r--r--src/responder/common/cache_req/cache_req_private.h3
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_enum_groups.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_enum_svc.c3
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_enum_users.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_group_by_filter.c5
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_group_by_id.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_group_by_name.c5
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_host_by_name.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c5
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_object_by_id.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_object_by_name.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_object_by_sid.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_svc_by_name.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_svc_by_port.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_user_by_cert.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_user_by_filter.c5
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_user_by_id.c4
-rw-r--r--src/responder/common/cache_req/plugins/cache_req_user_by_name.c9
-rw-r--r--src/responder/ifp/ifp_groups.c14
-rw-r--r--src/responder/ifp/ifp_users.c19
-rw-r--r--src/responder/ifp/ifpsrv_cmd.c3
-rw-r--r--src/responder/nss/nss_enum.c2
-rw-r--r--src/responder/nss/nss_get_object.c3
-rw-r--r--src/responder/pam/pamsrv_cmd.c5
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c3
-rw-r--r--src/tests/cmocka/test_responder_cache_req.c62
29 files changed, 246 insertions, 47 deletions
diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
index 483126396..3a5fecf34 100644
--- a/src/responder/common/cache_req/cache_req.c
+++ b/src/responder/common/cache_req/cache_req.c
@@ -89,12 +89,31 @@ static errno_t cache_req_set_plugin(struct cache_req *cr,
return EOK;
}
+static const char *
+cache_req_dom_type_as_str(struct cache_req *cr)
+{
+ if (cr == NULL) {
+ return "BUG: Invalid cache_req pointer\n";
+ }
+ switch (cr->req_dom_type) {
+ case CACHE_REQ_POSIX_DOM:
+ return "POSIX-only";
+ case CACHE_REQ_APPLICATION_DOM:
+ return "Application-only";
+ case CACHE_REQ_ANY_DOM:
+ return "Any";
+ }
+
+ return "Unknown";
+}
+
static struct cache_req *
cache_req_create(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct cache_req_data *data,
struct sss_nc_ctx *ncache,
- int midpoint)
+ int midpoint,
+ enum cache_req_dom_type req_dom_type)
{
struct cache_req *cr;
errno_t ret;
@@ -108,6 +127,7 @@ cache_req_create(TALLOC_CTX *mem_ctx,
cr->data = data;
cr->ncache = ncache;
cr->midpoint = midpoint;
+ cr->req_dom_type = req_dom_type;
cr->req_start = time(NULL);
/* It is perfectly fine to just overflow here. */
@@ -145,8 +165,8 @@ cache_req_set_name(struct cache_req *cr, const char *name)
}
static bool
-cache_req_validate_domain(struct cache_req *cr,
- struct sss_domain_info *domain)
+cache_req_validate_domain_enumeration(struct cache_req *cr,
+ struct sss_domain_info *domain)
{
if (!cr->plugin->require_enumeration) {
return true;
@@ -164,6 +184,52 @@ cache_req_validate_domain(struct cache_req *cr,
return true;
}
+static bool
+cache_req_validate_domain_type(struct cache_req *cr,
+ struct sss_domain_info *domain)
+{
+ bool valid = false;
+
+ switch (cr->req_dom_type) {
+ case CACHE_REQ_POSIX_DOM:
+ valid = domain->type == DOM_TYPE_POSIX ? true : false;
+ break;
+ case CACHE_REQ_APPLICATION_DOM:
+ valid = domain->type == DOM_TYPE_APPLICATION ? true : false;
+ break;
+ case CACHE_REQ_ANY_DOM:
+ valid = true;
+ break;
+ }
+
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Request type %s for domain %s type %s is %svalid\n",
+ cache_req_dom_type_as_str(cr),
+ domain->name,
+ sss_domain_type_str(domain),
+ valid ? "" : "not ");
+ return valid;
+}
+
+static bool
+cache_req_validate_domain(struct cache_req *cr,
+ struct sss_domain_info *domain)
+{
+ bool ok;
+
+ ok = cache_req_validate_domain_enumeration(cr, domain);
+ if (ok == false) {
+ return false;
+ }
+
+ ok = cache_req_validate_domain_type(cr, domain);
+ if (ok == false) {
+ return false;
+ }
+
+ return true;
+}
+
static errno_t
cache_req_is_well_known_object(TALLOC_CTX *mem_ctx,
struct cache_req *cr,
@@ -651,6 +717,7 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int midpoint,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
struct cache_req_data *data)
{
@@ -667,7 +734,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
}
state->ev = ev;
- state->cr = cr = cache_req_create(state, rctx, data, ncache, midpoint);
+ state->cr = cr = cache_req_create(state, rctx, data,
+ ncache, midpoint, req_dom_type);
if (state->cr == NULL) {
ret = ENOMEM;
goto done;
@@ -952,13 +1020,15 @@ cache_req_steal_data_and_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
struct cache_req_data *data)
{
struct tevent_req *req;
req = cache_req_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ req_dom_type, domain, data);
if (req == NULL) {
talloc_zfree(data);
return NULL;
diff --git a/src/responder/common/cache_req/cache_req.h b/src/responder/common/cache_req/cache_req.h
index d0e5ff439..c04b2fba6 100644
--- a/src/responder/common/cache_req/cache_req.h
+++ b/src/responder/common/cache_req/cache_req.h
@@ -57,6 +57,18 @@ enum cache_req_type {
CACHE_REQ_SENTINEL
};
+/* Whether to limit the request type to a certain domain type
+ * (POSIX/non-POSIX)
+ */
+enum cache_req_dom_type {
+ /* Only look up data in POSIX domains */
+ CACHE_REQ_POSIX_DOM,
+ /* Only look up data in application domains */
+ CACHE_REQ_APPLICATION_DOM,
+ /* Look up data in any domain type */
+ CACHE_REQ_ANY_DOM
+};
+
/* Input data. */
struct cache_req_data;
@@ -172,6 +184,7 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int midpoint,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
struct cache_req_data *data);
@@ -191,6 +204,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *name);
@@ -228,6 +242,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *pem_cert);
@@ -240,6 +255,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *name);
@@ -264,6 +280,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *name);
@@ -274,6 +291,7 @@ struct tevent_req *
cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *filter);
@@ -284,6 +302,7 @@ struct tevent_req *
cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *filter);
diff --git a/src/responder/common/cache_req/cache_req_private.h b/src/responder/common/cache_req/cache_req_private.h
index 2d3c18707..851005c38 100644
--- a/src/responder/common/cache_req/cache_req_private.h
+++ b/src/responder/common/cache_req/cache_req_private.h
@@ -42,6 +42,8 @@ struct cache_req {
struct sss_domain_info *domain;
bool cache_first;
bool bypass_cache;
+ /* Only contact domains with this type */
+ enum cache_req_dom_type req_dom_type;
/* Debug information */
uint32_t reqid;
@@ -108,6 +110,7 @@ cache_req_steal_data_and_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
struct cache_req_data *data);
diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
index dbb40c983..49ce3508e 100644
--- a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
+++ b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
@@ -96,5 +96,7 @@ cache_req_enum_groups_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_svc.c b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c
index 28dea33c6..499b99473 100644
--- a/src/responder/common/cache_req/plugins/cache_req_enum_svc.c
+++ b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c
@@ -97,5 +97,6 @@ cache_req_enum_svc_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain, data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_users.c b/src/responder/common/cache_req/plugins/cache_req_enum_users.c
index 3b1a85841..b635354be 100644
--- a/src/responder/common/cache_req/plugins/cache_req_enum_users.c
+++ b/src/responder/common/cache_req/plugins/cache_req_enum_users.c
@@ -96,5 +96,7 @@ cache_req_enum_users_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c
index 6ce6ae0d6..4377a476c 100644
--- a/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c
+++ b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c
@@ -140,6 +140,7 @@ struct tevent_req *
cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *filter)
{
@@ -151,5 +152,7 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL,
- 0, domain, data);
+ 0,
+ req_dom_type, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
index e98f76f8c..ad5b7d890 100644
--- a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
@@ -166,5 +166,7 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_name.c b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c
index af6f23ccf..de1e8f944 100644
--- a/src/responder/common/cache_req/plugins/cache_req_group_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c
@@ -205,6 +205,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *name)
{
@@ -216,5 +217,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ req_dom_type, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_host_by_name.c b/src/responder/common/cache_req/plugins/cache_req_host_by_name.c
index 77b46831f..1171cd63f 100644
--- a/src/responder/common/cache_req/plugins/cache_req_host_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_host_by_name.c
@@ -117,5 +117,7 @@ cache_req_host_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c
index 307b65a24..f100aefe5 100644
--- a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c
@@ -220,6 +220,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *name)
{
@@ -231,5 +232,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ req_dom_type, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c
index e49d6d84a..ab3e553d3 100644
--- a/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c
@@ -150,5 +150,7 @@ cache_req_netgroup_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
index 046e313c8..9557bd152 100644
--- a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
@@ -134,5 +134,7 @@ cache_req_object_by_id_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_name.c b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c
index 74d2b3dea..e236d1fa4 100644
--- a/src/responder/common/cache_req/plugins/cache_req_object_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c
@@ -228,5 +228,7 @@ cache_req_object_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c
index ab5776631..dfec79da0 100644
--- a/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c
+++ b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c
@@ -143,5 +143,7 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c
index ef13f097a..b2bfb26ff 100644
--- a/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c
@@ -175,5 +175,7 @@ cache_req_svc_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c
index afa2eeeda..0e48437f4 100644
--- a/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c
+++ b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c
@@ -149,5 +149,7 @@ cache_req_svc_by_port_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c
index f237c8d0f..286a34db2 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c
@@ -105,6 +105,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *pem_cert)
{
@@ -117,5 +118,6 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
cache_refresh_percent,
- domain, data);
+ req_dom_type, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c
index eb71b42da..c47681437 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c
@@ -140,6 +140,7 @@ struct tevent_req *
cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct resp_ctx *rctx,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *filter)
{
@@ -151,5 +152,7 @@ cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL,
- 0, domain, data);
+ 0,
+ req_dom_type, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
index fa783714b..9ba73292e 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
@@ -166,5 +166,7 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_name.c b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c
index 0670febdc..15da7d0d2 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_name.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c
@@ -210,6 +210,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
struct resp_ctx *rctx,
struct sss_nc_ctx *ncache,
int cache_refresh_percent,
+ enum cache_req_dom_type req_dom_type,
const char *domain,
const char *name)
{
@@ -221,7 +222,9 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ req_dom_type, domain,
+ data);
}
struct tevent_req *
@@ -243,5 +246,7 @@ cache_req_user_by_name_attrs_send(TALLOC_CTX *mem_ctx,
}
return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
- cache_refresh_percent, domain, data);
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+ data);
}
diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
index 94d1e84cc..99908e96b 100644
--- a/src/responder/ifp/ifp_groups.c
+++ b/src/responder/ifp/ifp_groups.c
@@ -118,7 +118,9 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req,
}
req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->rctx->ncache, 0, NULL, name);
+ ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM, NULL,
+ name);
if (req == NULL) {
return ENOMEM;
}
@@ -271,6 +273,7 @@ static int ifp_groups_list_by_name_step(struct ifp_list_ctx *list_ctx)
req = cache_req_group_by_filter_send(list_ctx,
list_ctx->ctx->rctx->ev,
list_ctx->ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
list_ctx->dom->name,
list_ctx->filter);
if (req == NULL) {
@@ -355,7 +358,8 @@ int ifp_groups_list_by_domain_and_name(struct sbus_request *sbus_req,
}
req = cache_req_group_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx,
- domain, filter);
+ CACHE_REQ_POSIX_DOM,
+ domain, filter);
if (req == NULL) {
return ENOMEM;
}
@@ -522,7 +526,10 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx,
}
subreq = cache_req_group_by_name_send(state, ev, ctx->rctx,
- ctx->rctx->ncache, 0, domain->name, name);
+ ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM,
+ domain->name,
+ name);
if (subreq == NULL) {
ret = ENOMEM;
goto immediately;
@@ -601,6 +608,7 @@ errno_t resolv_ghosts_step(struct tevent_req *req)
subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx,
state->ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM,
state->domain->name,
state->ghosts[state->index]);
if (subreq == NULL) {
diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
index cc78300f3..436bb268f 100644
--- a/src/responder/ifp/ifp_users.c
+++ b/src/responder/ifp/ifp_users.c
@@ -99,7 +99,9 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req,
}
req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->rctx->ncache, 0, NULL, name);
+ ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM,
+ NULL, name);
if (req == NULL) {
return ENOMEM;
}
@@ -253,7 +255,9 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data,
}
req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->rctx->ncache, 0, NULL, derb64);
+ ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM, NULL,
+ derb64);
if (req == NULL) {
return ENOMEM;
}
@@ -367,6 +371,7 @@ static int ifp_users_list_by_cert_step(struct ifp_list_ctx *list_ctx)
list_ctx->ctx->rctx,
list_ctx->ctx->rctx->ncache,
0,
+ CACHE_REQ_POSIX_DOM,
list_ctx->dom->name,
list_ctx->filter);
if (req == NULL) {
@@ -532,7 +537,9 @@ int ifp_users_find_by_name_and_cert(struct sbus_request *sbus_req, void *data,
if (name_and_cert_ctx->name != NULL) {
req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->rctx->ncache, 0, NULL,
+ ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM,
+ NULL,
name_and_cert_ctx->name);
if (req == NULL) {
return ENOMEM;
@@ -614,6 +621,7 @@ static int ifp_users_find_by_name_and_cert_step(
list_ctx->ctx->rctx,
list_ctx->ctx->rctx->ncache,
0,
+ CACHE_REQ_POSIX_DOM,
list_ctx->dom->name,
list_ctx->filter);
if (req == NULL) {
@@ -774,6 +782,7 @@ static int ifp_users_list_by_name_step(struct ifp_list_ctx *list_ctx)
req = cache_req_user_by_filter_send(list_ctx,
list_ctx->ctx->rctx->ev,
list_ctx->ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
list_ctx->dom->name,
list_ctx->filter);
if (req == NULL) {
@@ -858,6 +867,7 @@ int ifp_users_list_by_domain_and_name(struct sbus_request *sbus_req,
}
req = cache_req_user_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
domain, filter);
if (req == NULL) {
return ENOMEM;
@@ -1102,7 +1112,8 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req,
}
req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
- ctx->rctx->ncache, 0, domain->name,
+ ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM, domain->name,
username);
if (req == NULL) {
return ENOMEM;
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index 07edcddff..118b5083b 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -509,7 +509,8 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq)
}
subreq = cache_req_send(state, state->rctx->ev, state->rctx,
- state->ncache, 0, state->domname, data);
+ state->ncache, 0, CACHE_REQ_POSIX_DOM,
+ state->domname, data);
if (subreq == NULL) {
tevent_req_error(req, ENOMEM);
return;
diff --git a/src/responder/nss/nss_enum.c b/src/responder/nss/nss_enum.c
index b1cce2cde..aa7d8428f 100644
--- a/src/responder/nss/nss_enum.c
+++ b/src/responder/nss/nss_enum.c
@@ -93,7 +93,7 @@ nss_setent_internal_send(TALLOC_CTX *mem_ctx,
/* Create new object. */
state->enum_ctx->is_ready = false;
subreq = cache_req_send(req, ev, cli_ctx->rctx, cli_ctx->rctx->ncache,
- 0, NULL, data);
+ 0, CACHE_REQ_POSIX_DOM, NULL, data);
if (subreq == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to send cache request!\n");
ret = ENOMEM;
diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c
index f83dd393c..9058793ea 100644
--- a/src/responder/nss/nss_get_object.c
+++ b/src/responder/nss/nss_get_object.c
@@ -190,7 +190,8 @@ nss_get_object_send(TALLOC_CTX *mem_ctx,
}
subreq = cache_req_send(req, ev, cli_ctx->rctx, cli_ctx->rctx->ncache,
- state->nss_ctx->cache_refresh_percent, NULL, data);
+ state->nss_ctx->cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, NULL, data);
if (subreq == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to send cache request!\n");
ret = ENOMEM;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index ba2563c11..fa6d2cc10 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1315,7 +1315,9 @@ static void pam_forwarder_cert_cb(struct tevent_req *req)
req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx,
- pctx->rctx->ncache, 0, NULL, cert);
+ pctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM, NULL,
+ cert);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n");
ret = ENOMEM;
@@ -1507,6 +1509,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
preq->cctx->rctx,
preq->cctx->rctx->ncache,
0,
+ CACHE_REQ_POSIX_DOM,
preq->pd->domain,
data);
if (!dpreq) {
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 52dfd5c70..cfdbfc9c9 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -644,7 +644,8 @@ struct tevent_req *sudosrv_get_rules_send(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_TRACE_FUNC, "Running initgroups for [%s]\n", username);
subreq = cache_req_initgr_by_name_send(state, ev, sudo_ctx->rctx,
- sudo_ctx->rctx->ncache, 0, NULL,
+ sudo_ctx->rctx->ncache, 0,
+ CACHE_REQ_POSIX_DOM, NULL,
username);
if (subreq == NULL) {
ret = ENOMEM;
diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
index 5f1e5350e..80086232f 100644
--- a/src/tests/cmocka/test_responder_cache_req.c
+++ b/src/tests/cmocka/test_responder_cache_req.c
@@ -84,6 +84,28 @@ struct test_group {
talloc_free(req_mem_ctx); \
} while (0)
+#define run_cache_req_domtype(ctx, send_fn, done_fn, dom, crp, domtype, lookup, expret) do { \
+ TALLOC_CTX *req_mem_ctx; \
+ struct tevent_req *req; \
+ errno_t ret; \
+ \
+ req_mem_ctx = talloc_new(global_talloc_context); \
+ check_leaks_push(req_mem_ctx); \
+ \
+ req = send_fn(req_mem_ctx, ctx->tctx->ev, ctx->rctx, \
+ ctx->ncache, crp, \
+ domtype, \
+ (dom == NULL ? NULL : dom->name), lookup); \
+ assert_non_null(req); \
+ tevent_req_set_callback(req, done_fn, ctx); \
+ \
+ ret = test_ev_loop(ctx->tctx); \
+ assert_int_equal(ret, expret); \
+ assert_true(check_leaks_pop(req_mem_ctx)); \
+ \
+ talloc_free(req_mem_ctx); \
+} while (0)
+
struct cache_req_test_ctx {
struct sss_test_ctx *tctx;
struct resp_ctx *rctx;
@@ -211,9 +233,11 @@ static void run_user_by_name(struct cache_req_test_ctx *test_ctx,
int cache_refresh_percent,
errno_t exp_ret)
{
- run_cache_req(test_ctx, cache_req_user_by_name_send,
- cache_req_user_by_name_test_done, domain,
- cache_refresh_percent, users[0].short_name, exp_ret);
+ run_cache_req_domtype(test_ctx, cache_req_user_by_name_send,
+ cache_req_user_by_name_test_done, domain,
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM,
+ users[0].short_name, exp_ret);
}
static void run_user_by_upn(struct cache_req_test_ctx *test_ctx,
@@ -221,9 +245,11 @@ static void run_user_by_upn(struct cache_req_test_ctx *test_ctx,
int cache_refresh_percent,
errno_t exp_ret)
{
- run_cache_req(test_ctx, cache_req_user_by_name_send,
- cache_req_user_by_name_test_done, domain,
- cache_refresh_percent, users[0].upn, exp_ret);
+ run_cache_req_domtype(test_ctx, cache_req_user_by_name_send,
+ cache_req_user_by_name_test_done, domain,
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM,
+ users[0].upn, exp_ret);
}
static void run_user_by_id(struct cache_req_test_ctx *test_ctx,
@@ -318,9 +344,11 @@ static void run_group_by_name(struct cache_req_test_ctx *test_ctx,
int cache_refresh_percent,
errno_t exp_ret)
{
- run_cache_req(test_ctx, cache_req_group_by_name_send,
- cache_req_group_by_name_test_done, domain,
- cache_refresh_percent, groups[0].short_name, exp_ret);
+ run_cache_req_domtype(test_ctx, cache_req_group_by_name_send,
+ cache_req_group_by_name_test_done, domain,
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM,
+ groups[0].short_name, exp_ret);
}
static void run_group_by_id(struct cache_req_test_ctx *test_ctx,
@@ -605,7 +633,9 @@ void test_user_by_name_multiple_domains_parse(void **state)
check_leaks_push(req_mem_ctx);
req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev,
- test_ctx->rctx, test_ctx->ncache, 0,
+ test_ctx->rctx, test_ctx->ncache,
+ CACHE_REQ_POSIX_DOM,
+ 0,
NULL, input_fqn);
assert_non_null(req);
tevent_req_set_callback(req, cache_req_user_by_name_test_done, test_ctx);
@@ -1119,7 +1149,8 @@ void test_group_by_name_multiple_domains_parse(void **state)
req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx, test_ctx->ncache, 0,
- NULL, input_fqn);
+ CACHE_REQ_POSIX_DOM, NULL,
+ input_fqn);
assert_non_null(req);
tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx);
@@ -1421,6 +1452,7 @@ void test_user_by_recent_filter_valid(void **state)
/* User TEST_USER is created with a DP callback. */
req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
TEST_USER_PREFIX);
assert_non_null(req);
@@ -1463,6 +1495,7 @@ void test_users_by_recent_filter_valid(void **state)
/* User TEST_USER1 and TEST_USER2 are created with a DP callback. */
req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
TEST_USER_PREFIX);
assert_non_null(req);
@@ -1524,6 +1557,7 @@ void test_users_by_filter_filter_old(void **state)
req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
TEST_USER_PREFIX);
assert_non_null(req);
@@ -1559,6 +1593,7 @@ void test_users_by_filter_notfound(void **state)
req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
"nosuchuser*");
assert_non_null(req);
@@ -1592,6 +1627,7 @@ static void test_users_by_filter_multiple_domains_notfound(void **state)
req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
domain->name,
"nosuchuser*");
assert_non_null(req);
@@ -1636,6 +1672,7 @@ void test_group_by_recent_filter_valid(void **state)
/* Group TEST_GROUP is created with a DP callback. */
req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
TEST_USER_PREFIX);
assert_non_null(req);
@@ -1680,6 +1717,7 @@ void test_groups_by_recent_filter_valid(void **state)
/* Group TEST_GROUP1 and TEST_GROUP2 are created with a DP callback. */
req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
TEST_USER_PREFIX);
assert_non_null(req);
@@ -1738,6 +1776,7 @@ void test_groups_by_filter_notfound(void **state)
req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
test_ctx->tctx->dom->name,
"nosuchgroup*");
assert_non_null(req);
@@ -1770,6 +1809,7 @@ void test_groups_by_filter_multiple_domains_notfound(void **state)
req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
test_ctx->rctx,
+ CACHE_REQ_POSIX_DOM,
domain->name,
"nosuchgroup*");
assert_non_null(req);
generated by cgit (git 2.34.1) at 2024-05-02 19:10:38 +0000