diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2016-11-14 14:55:03 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-12-19 23:23:42 +0100 |
| commit | 7be55c7de03da57f43fae3db7e6114eebb117a2e (patch) | |
| tree | a78d7401ae591111800ee362842adf60d114fc11 /src | |
| parent | 4e2c15e6b7c4015fa787f8c624c2ec10153e99f6 (diff) | |
cache_req: allow to return well known object as result
When we are looking name by sid or sid by name we want to be also
able to translate well known sid/name into its pair equivalent.
This adds the ability to mock cache_req_result if a well known object
is found.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
21 files changed, 153 insertions, 3 deletions
diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 1c25c76bc..e74f28e08 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -158,6 +158,30 @@ cache_req_validate_domain(struct cache_req *cr, } static errno_t +cache_req_is_well_known_object(TALLOC_CTX *mem_ctx, + struct cache_req *cr, + struct cache_req_result **_result) +{ + errno_t ret; + + if (cr->plugin->is_well_known_fn == NULL) { + return ENOENT; + } + + ret = cr->plugin->is_well_known_fn(mem_ctx, cr, cr->data, _result); + if (ret == EOK) { + CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "Object is well known!\n"); + (*_result)->well_known_object = true; + } else if (ret != ENOENT) { + CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr, + "Unable to prepare data [%d]: %s\n", + ret, sss_strerror(ret)); + } + + return ret; +} + +static errno_t cache_req_prepare_domain_data(struct cache_req *cr, struct sss_domain_info *domain) { @@ -293,6 +317,9 @@ struct cache_req_state { bool check_next; }; +static errno_t cache_req_add_result(struct cache_req_state *state, + struct cache_req_result *new); + static errno_t cache_req_process_input(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct cache_req *cr, @@ -316,6 +343,7 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, struct cache_req_data *data) { struct cache_req_state *state; + struct cache_req_result *result; struct cache_req *cr; struct tevent_req *req; errno_t ret; @@ -335,6 +363,14 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "New request\n"); + ret = cache_req_is_well_known_object(state, cr, &result); + if (ret == EOK) { + ret = cache_req_add_result(state, result); + goto done; + } else if (ret != ENOENT) { + goto done; + } + ret = cache_req_process_input(state, req, cr, domain); if (ret != EOK) { goto done; @@ -570,7 +606,7 @@ cache_req_create_and_add_result(struct cache_req_state *state, "Found %u entries in domain %s\n", ldb_result->count, domain->name); - item = cache_req_create_result(state, domain, ldb_result, name); + item = cache_req_create_result(state, domain, ldb_result, name, NULL); if (item == NULL) { return ENOMEM; } @@ -728,7 +764,8 @@ struct cache_req_result * cache_req_create_result(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct ldb_result *ldb_result, - const char *lookup_name) + const char *lookup_name, + const char *well_known_domain) { struct cache_req_result *result; @@ -750,6 +787,65 @@ cache_req_create_result(TALLOC_CTX *mem_ctx, } } + if (well_known_domain != NULL) { + result->well_known_domain = talloc_strdup(result, well_known_domain); + if (result->well_known_domain == NULL) { + talloc_free(result); + return NULL; + } + } + + return result; +} + +struct cache_req_result * +cache_req_create_result_from_msg(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct ldb_message *ldb_msg, + const char *lookup_name, + const char *well_known_domain) +{ + struct cache_req_result *result; + struct ldb_result *ldb_result; + errno_t ret; + + if (ldb_msg == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "No message set!\n"); + return NULL; + } + + ldb_result = talloc_zero(NULL, struct ldb_result); + if (ldb_result == NULL) { + return NULL; + } + + ldb_result->extended = NULL; + ldb_result->controls = NULL; + ldb_result->refs = NULL; + ldb_result->count = 1; + ldb_result->msgs = talloc_zero_array(ldb_result, struct ldb_message *, 2); + if (ldb_result->msgs == NULL) { + ret = ENOMEM; + goto done; + } + + ldb_result->msgs[0] = talloc_steal(ldb_result->msgs, ldb_msg); + + result = cache_req_create_result(mem_ctx, domain, ldb_result, + lookup_name, well_known_domain); + if (result == NULL) { + ret = ENOMEM; + goto done; + } + + ret = EOK; + +done: + if (ret != EOK) { + talloc_free(ldb_result); + return NULL; + } + return result; } diff --git a/src/responder/common/cache_req/cache_req.h b/src/responder/common/cache_req/cache_req.h index 73c00b6e2..c0568476e 100644 --- a/src/responder/common/cache_req/cache_req.h +++ b/src/responder/common/cache_req/cache_req.h @@ -114,6 +114,19 @@ struct cache_req_result { * normalized to @domain rules. */ const char *lookup_name; + + /** + * If true the result contain attributes of a well known object. + * Since this result is manually created it may not contain all + * requested attributes, depending on the plug-in. + */ + bool well_known_object; + + /* If this is a well known object, it may not be part of any particular + * SSSD domain, but still may be associated with a well known domain + * name such as "BUILTIN", or "LOCAL AUTHORITY". + */ + const char *well_known_domain; }; /** diff --git a/src/responder/common/cache_req/cache_req_plugin.h b/src/responder/common/cache_req/cache_req_plugin.h index 490e93968..f57a07d81 100644 --- a/src/responder/common/cache_req/cache_req_plugin.h +++ b/src/responder/common/cache_req/cache_req_plugin.h @@ -31,6 +31,21 @@ enum cache_object_status { }; /** + * Create cache request result manually, if the searched object is well known + * and thus can not be found in the cache. + * + * + * @return EOK If it is a well known object and a result was created. + * @return ENOENT If it is not a well known object. + * @return Other errno code in case of an error. + */ +typedef errno_t +(*cache_req_is_well_known_result_fn)(TALLOC_CTX *mem_ctx, + struct cache_req *cr, + struct cache_req_data *data, + struct cache_req_result **_result); + +/** * Create an object debug name that is used in debug messages to identify * this object. * @@ -174,6 +189,7 @@ struct cache_req_plugin { enum cache_req_type upn_equivalent; /* Operations */ + cache_req_is_well_known_result_fn is_well_known_fn; cache_req_prepare_domain_data_fn prepare_domain_data_fn; cache_req_create_debug_name_fn create_debug_name_fn; cache_req_global_ncache_add_fn global_ncache_add_fn; diff --git a/src/responder/common/cache_req/cache_req_private.h b/src/responder/common/cache_req/cache_req_private.h index dc46408d5..16d7bfaf7 100644 --- a/src/responder/common/cache_req/cache_req_private.h +++ b/src/responder/common/cache_req/cache_req_private.h @@ -113,6 +113,14 @@ struct cache_req_result * cache_req_create_result(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct ldb_result *ldb_result, - const char *lookup_name); + const char *lookup_name, + const char *well_known_domain); + +struct cache_req_result * +cache_req_create_result_from_msg(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct ldb_message *ldb_msg, + const char *lookup_name, + const char *well_known_domain); #endif /* _CACHE_REQ_PRIVATE_H_ */ diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c index fb6bf08aa..c36925615 100644 --- a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c +++ b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c @@ -73,6 +73,7 @@ struct cache_req_plugin cache_req_enum_groups = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_enum_groups_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_svc.c b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c index 9e4d5aa30..d88a29259 100644 --- a/src/responder/common/cache_req/plugins/cache_req_enum_svc.c +++ b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c @@ -74,6 +74,7 @@ struct cache_req_plugin cache_req_enum_svc = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_enum_svc_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_users.c b/src/responder/common/cache_req/plugins/cache_req_enum_users.c index 811afcf8e..ed042f648 100644 --- a/src/responder/common/cache_req/plugins/cache_req_enum_users.c +++ b/src/responder/common/cache_req/plugins/cache_req_enum_users.c @@ -73,6 +73,7 @@ struct cache_req_plugin cache_req_enum_users = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_enum_users_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c index b92173222..fc4549031 100644 --- a/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c +++ b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c @@ -128,6 +128,7 @@ struct cache_req_plugin cache_req_group_by_filter = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_group_by_filter_prepare_domain_data, .create_debug_name_fn = cache_req_group_by_filter_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c index c15226054..7728330ae 100644 --- a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c +++ b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c @@ -116,6 +116,7 @@ struct cache_req_plugin cache_req_group_by_id = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_group_by_id_create_debug_name, .global_ncache_add_fn = cache_req_group_by_id_global_ncache_add, diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_name.c b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c index f9e504205..b0d363fff 100644 --- a/src/responder/common/cache_req/plugins/cache_req_group_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c @@ -166,6 +166,7 @@ struct cache_req_plugin cache_req_group_by_name = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_group_by_name_prepare_domain_data, .create_debug_name_fn = cache_req_group_by_name_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c index 2d3056cd8..c1ba3f52a 100644 --- a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c @@ -181,6 +181,7 @@ struct cache_req_plugin cache_req_initgroups_by_name = { .upn_equivalent = CACHE_REQ_INITGROUPS_BY_UPN, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_initgroups_by_name_prepare_domain_data, .create_debug_name_fn = cache_req_initgroups_by_name_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_upn.c b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_upn.c index 7284e7844..d1c7987ad 100644 --- a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_upn.c +++ b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_upn.c @@ -117,6 +117,7 @@ struct cache_req_plugin cache_req_initgroups_by_upn = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = SSS_GND_DESCEND, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_initgroups_by_upn_prepare_domain_data, .create_debug_name_fn = cache_req_initgroups_by_upn_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c index 08c5a16fe..07582e831 100644 --- a/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c @@ -125,6 +125,7 @@ struct cache_req_plugin cache_req_netgroup_by_name = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_netgroup_by_name_prepare_domain_data, .create_debug_name_fn = cache_req_netgroup_by_name_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c index 390878a1a..d2e31f12e 100644 --- a/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c +++ b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c @@ -89,6 +89,7 @@ struct cache_req_plugin cache_req_object_by_sid = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_object_by_sid_create_debug_name, .global_ncache_add_fn = cache_req_object_by_sid_global_ncache_add, diff --git a/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c index df5f9c3ff..7a253eb82 100644 --- a/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c @@ -149,6 +149,7 @@ struct cache_req_plugin cache_req_svc_by_name = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_svc_by_name_prepare_domain_data, .create_debug_name_fn = cache_req_svc_by_name_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c index 521849992..9b9703ac6 100644 --- a/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c +++ b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c @@ -122,6 +122,7 @@ struct cache_req_plugin cache_req_svc_by_port = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_svc_by_port_prepare_domain_data, .create_debug_name_fn = cache_req_svc_by_port_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c index 0da9de091..68728984d 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c @@ -92,6 +92,7 @@ struct cache_req_plugin cache_req_user_by_cert = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = SSS_GND_DESCEND, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_user_by_cert_create_debug_name, .global_ncache_add_fn = cache_req_user_by_cert_global_ncache_add, diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c index 9490a0441..ef01d71d5 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c @@ -128,6 +128,7 @@ struct cache_req_plugin cache_req_user_by_filter = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_user_by_filter_prepare_domain_data, .create_debug_name_fn = cache_req_user_by_filter_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c index e70ab9f44..f0629add5 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c @@ -116,6 +116,7 @@ struct cache_req_plugin cache_req_user_by_id = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = NULL, .create_debug_name_fn = cache_req_user_by_id_create_debug_name, .global_ncache_add_fn = cache_req_user_by_id_global_ncache_add, diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_name.c b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c index f598317e2..c799362da 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c @@ -166,6 +166,7 @@ struct cache_req_plugin cache_req_user_by_name = { .upn_equivalent = CACHE_REQ_USER_BY_UPN, .get_next_domain_flags = 0, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_user_by_name_prepare_domain_data, .create_debug_name_fn = cache_req_user_by_name_create_debug_name, .global_ncache_add_fn = NULL, diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c index 1260643b3..a0addfbc2 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c @@ -116,6 +116,7 @@ struct cache_req_plugin cache_req_user_by_upn = { .upn_equivalent = CACHE_REQ_SENTINEL, .get_next_domain_flags = SSS_GND_DESCEND, + .is_well_known_fn = NULL, .prepare_domain_data_fn = cache_req_user_by_upn_prepare_domain_data, .create_debug_name_fn = cache_req_user_by_upn_create_debug_name, .global_ncache_add_fn = NULL, |