summaryrefslogtreecommitdiffstats
path: root/src/responder/common
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2016-02-12 14:28:33 +0100
committerJakub Hrozek <jhrozek@redhat.com>2016-03-14 17:34:38 +0100
commitf4d2ad64d7d4a991f93631b8a0b3a69ff9d241bf (patch)
tree7a941379e22c8365e3895a4a8abeb47900d9f4f6 /src/responder/common
parent3a12f5cf2ee4a76c13b4d5ed9b0be87ad1d5cb2e (diff)
downloadsssd-f4d2ad64d7d4a991f93631b8a0b3a69ff9d241bf.tar.gz
sssd-f4d2ad64d7d4a991f93631b8a0b3a69ff9d241bf.tar.xz
sssd-f4d2ad64d7d4a991f93631b8a0b3a69ff9d241bf.zip
cache_req: add SID lookups
Resolves: https://fedorahosted.org/sssd/ticket/2848 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/responder/common')
-rw-r--r--src/responder/common/responder_cache_req.c101
-rw-r--r--src/responder/common/responder_cache_req.h21
2 files changed, 109 insertions, 13 deletions
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c
index e160b86ce..6edecea44 100644
--- a/src/responder/common/responder_cache_req.c
+++ b/src/responder/common/responder_cache_req.c
@@ -82,6 +82,8 @@ struct cache_req_input {
} name;
uint32_t id;
const char *cert;
+ const char *sid;
+ const char **attrs;
} data;
/* Data Provider request type resolved from @type.
@@ -106,7 +108,9 @@ cache_req_input_set_data(struct cache_req_input *input,
enum cache_req_type type,
uint32_t id,
const char *name,
- const char *cert)
+ const char *cert,
+ const char *sid,
+ const char **attrs)
{
switch (input->type) {
case CACHE_REQ_USER_BY_NAME:
@@ -146,6 +150,24 @@ cache_req_input_set_data(struct cache_req_input *input,
input->data.id = id;
break;
+ case CACHE_REQ_OBJECT_BY_SID:
+ if (sid == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: SID cannot be NULL!\n");
+ return ERR_INTERNAL;
+ }
+
+ input->data.sid = talloc_strdup(input, sid);
+ if (input->data.sid == NULL) {
+ return ENOMEM;
+ }
+ break;
+ }
+
+ if (attrs != NULL) {
+ input->data.attrs = dup_string_list(input, attrs);
+ if (input->data.attrs == NULL) {
+ return ENOMEM;
+ }
}
return EOK;
@@ -182,6 +204,10 @@ cache_req_input_set_dp(struct cache_req_input *input, enum cache_req_type type)
case CACHE_REQ_GROUP_BY_FILTER:
input->dp_type = SSS_DP_WILDCARD_GROUP;
break;
+
+ case CACHE_REQ_OBJECT_BY_SID:
+ input->dp_type = SSS_DP_SECID;
+ break;
}
return;
@@ -222,6 +248,9 @@ cache_req_input_set_reqname(struct cache_req_input *input,
case CACHE_REQ_GROUP_BY_FILTER:
input->reqname = "Group by filter";
break;
+ case CACHE_REQ_OBJECT_BY_SID:
+ input->reqname = "Object by SID";
+ break;
}
return;
@@ -233,7 +262,9 @@ cache_req_input_create(TALLOC_CTX *mem_ctx,
enum cache_req_type type,
const char *name,
uint32_t id,
- const char *cert)
+ const char *cert,
+ const char *sid,
+ const char **attrs)
{
struct cache_req_input *input;
errno_t ret;
@@ -249,7 +280,7 @@ cache_req_input_create(TALLOC_CTX *mem_ctx,
/* It is perfectly fine to just overflow here. */
input->reqid = rctx->cache_req_num++;
- ret = cache_req_input_set_data(input, type, id, name, cert);
+ ret = cache_req_input_set_data(input, type, id, name, cert, sid, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set input data!\n");
goto fail;
@@ -368,6 +399,14 @@ cache_req_input_set_domain(struct cache_req_input *input,
goto done;
}
break;
+ case CACHE_REQ_OBJECT_BY_SID:
+ debugobj = talloc_asprintf(tmp_ctx, "SID:%s@%s",
+ input->data.sid, domain->name);
+ if (debugobj == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ break;
}
input->domain = domain;
@@ -467,6 +506,9 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input,
case CACHE_REQ_GROUP_BY_FILTER:
ret = EOK;
break;
+ case CACHE_REQ_OBJECT_BY_SID:
+ ret = sss_ncache_check_sid(ncache, neg_timeout, input->data.sid);
+ break;
}
if (ret == EEXIST) {
@@ -504,6 +546,7 @@ static void cache_req_add_to_ncache(struct cache_req_input *input,
case CACHE_REQ_USER_BY_ID:
case CACHE_REQ_GROUP_BY_ID:
case CACHE_REQ_USER_BY_CERT:
+ case CACHE_REQ_OBJECT_BY_SID:
/* Nothing to do. Those types must be unique among all domains so
* the don't contain domain part. Therefore they must be set only
* if all domains are search and the entry is not found. */
@@ -553,6 +596,9 @@ static void cache_req_add_to_ncache_global(struct cache_req_input *input,
case CACHE_REQ_USER_BY_CERT:
ret = sss_ncache_set_cert(ncache, false, input->data.cert);
break;
+ case CACHE_REQ_OBJECT_BY_SID:
+ ret = sss_ncache_set_sid(ncache, false, input->data.sid);
+ break;
}
if (ret != EOK) {
@@ -630,6 +676,12 @@ static errno_t cache_req_get_object(TALLOC_CTX *mem_ctx,
input->data.name.lookup, input->req_start,
&result);
break;
+ case CACHE_REQ_OBJECT_BY_SID:
+ one_item_only = true;
+ ret = sysdb_search_object_by_sid(mem_ctx, input->domain,
+ input->data.sid, input->data.attrs,
+ &result);
+ break;
}
if (ret != EOK) {
@@ -709,6 +761,9 @@ static void cache_req_dpreq_params(TALLOC_CTX *mem_ctx,
if (input->type == CACHE_REQ_USER_BY_CERT) {
*_string = input->data.cert;
return;
+ } else if (input->type == CACHE_REQ_OBJECT_BY_SID) {
+ *_string = input->data.sid;
+ return;
}
if (!DOM_HAS_VIEWS(input->domain)) {
@@ -1353,7 +1408,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_USER_BY_NAME,
- name, 0, NULL);
+ name, 0, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1376,7 +1431,7 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_USER_BY_ID,
- NULL, uid, NULL);
+ NULL, uid, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1399,7 +1454,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_USER_BY_CERT,
- NULL, 0, pem_cert);
+ NULL, 0, pem_cert, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1422,7 +1477,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_GROUP_BY_NAME,
- name, 0, NULL);
+ name, 0, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1445,7 +1500,7 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_GROUP_BY_ID,
- NULL, gid, NULL);
+ NULL, gid, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1468,7 +1523,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_INITGROUPS,
- name, 0, NULL);
+ name, 0, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1488,7 +1543,7 @@ cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_USER_BY_FILTER,
- filter, 0, NULL);
+ filter, 0, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1507,7 +1562,7 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
struct cache_req_input *input;
input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_GROUP_BY_FILTER,
- filter, 0, NULL);
+ filter, 0, NULL, NULL, NULL);
if (input == NULL) {
return NULL;
}
@@ -1515,3 +1570,27 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
return cache_req_steal_input_and_send(mem_ctx, ev, rctx, NULL,
0, 0, domain, input);
}
+
+struct tevent_req *
+cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct resp_ctx *rctx,
+ struct sss_nc_ctx *ncache,
+ int neg_timeout,
+ int cache_refresh_percent,
+ const char *domain,
+ const char *sid,
+ const char **attrs)
+{
+ struct cache_req_input *input;
+
+ input = cache_req_input_create(mem_ctx, rctx, CACHE_REQ_OBJECT_BY_SID,
+ NULL, 0, NULL, sid, attrs);
+ if (input == NULL) {
+ return NULL;
+ }
+
+ return cache_req_steal_input_and_send(mem_ctx, ev, rctx, ncache,
+ neg_timeout, cache_refresh_percent,
+ domain, input);
+}
diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h
index 59926ac58..a93881491 100644
--- a/src/responder/common/responder_cache_req.h
+++ b/src/responder/common/responder_cache_req.h
@@ -37,7 +37,8 @@ enum cache_req_type {
CACHE_REQ_INITGROUPS_BY_UPN,
CACHE_REQ_USER_BY_CERT,
CACHE_REQ_USER_BY_FILTER,
- CACHE_REQ_GROUP_BY_FILTER
+ CACHE_REQ_GROUP_BY_FILTER,
+ CACHE_REQ_OBJECT_BY_SID
};
struct cache_req_input;
@@ -48,7 +49,9 @@ cache_req_input_create(TALLOC_CTX *mem_ctx,
enum cache_req_type type,
const char *name,
uint32_t id,
- const char *cert);
+ const char *cert,
+ const char *sid,
+ const char **attrs);
/**
* Currently only SSS_DP_USER and SSS_DP_INITGROUPS are supported.
@@ -168,4 +171,18 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
#define cache_req_group_by_filter_recv(mem_ctx, req, _result, _domain) \
cache_req_recv(mem_ctx, req, _result, _domain, NULL)
+struct tevent_req *
+cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct resp_ctx *rctx,
+ struct sss_nc_ctx *ncache,
+ int neg_timeout,
+ int cache_refresh_percent,
+ const char *domain,
+ const char *sid,
+ const char **attrs);
+
+#define cache_req_object_by_sid_recv(mem_ctx, req, _result, _domain) \
+ cache_req_recv(mem_ctx, req, _result, _domain, NULL)
+
#endif /* RESPONDER_CACHE_H_ */