From 27bf39ed3e197497cf4aca58038d788ea5b5ddbc Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 19 Jun 2016 19:54:50 +0200 Subject: NCACHE: Store FQDNs internaly, check for shortnames in files When storing users and groups by their name in the negative cache, store them fully qualfied so that the responder only has to track the name in the internal format once the input is converted. Reviewed-by: Sumit Bose --- src/responder/common/negcache.c | 53 +++++++++++++++++++++++++++++++---- src/responder/common/negcache_files.c | 18 ++++++++++-- 2 files changed, 63 insertions(+), 8 deletions(-) (limited to 'src/responder/common') diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 025455238..dfeb0d483 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -679,6 +679,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, char *conf_path = NULL; TALLOC_CTX *tmpctx = talloc_new(NULL); int i; + char *fqname = NULL; + + if (tmpctx == NULL) { + return ENOMEM; + } /* Populate domain-specific negative cache entries */ for (dom = domain_list; dom; dom = get_next_domain(dom, 0)) { @@ -721,7 +726,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } - ret = sss_ncache_set_user(ncache, true, dom, name); + fqname = sss_create_internal_fqname(tmpctx, name, dom->name); + if (fqname == NULL) { + continue; + } + + ret = sss_ncache_set_user(ncache, true, dom, fqname); + talloc_zfree(fqname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store permanent user filter for [%s]" @@ -773,7 +784,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } - ret = sss_ncache_set_user(ncache, true, dom, name); + fqname = sss_create_internal_fqname(tmpctx, name, dom->name); + if (fqname == NULL) { + continue; + } + + ret = sss_ncache_set_user(ncache, true, dom, fqname); + talloc_zfree(fqname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store permanent user filter for [%s]" @@ -783,7 +800,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } else { for (dom = domain_list; dom; dom = get_next_domain(dom, 0)) { - ret = sss_ncache_set_user(ncache, true, dom, name); + fqname = sss_create_internal_fqname(tmpctx, name, dom->name); + if (fqname == NULL) { + continue; + } + + ret = sss_ncache_set_user(ncache, true, dom, fqname); + talloc_zfree(fqname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store permanent user filter for" @@ -829,7 +852,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } - ret = sss_ncache_set_group(ncache, true, dom, name); + fqname = sss_create_internal_fqname(tmpctx, name, dom->name); + if (fqname == NULL) { + continue; + } + + ret = sss_ncache_set_group(ncache, true, dom, fqname); + talloc_zfree(fqname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store permanent group filter for [%s]" @@ -881,7 +910,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } - ret = sss_ncache_set_group(ncache, true, dom, name); + fqname = sss_create_internal_fqname(tmpctx, name, dom->name); + if (fqname == NULL) { + continue; + } + + ret = sss_ncache_set_group(ncache, true, dom, fqname); + talloc_zfree(fqname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store permanent group filter for" @@ -891,7 +926,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } else { for (dom = domain_list; dom; dom = get_next_domain(dom, 0)) { - ret = sss_ncache_set_group(ncache, true, dom, name); + fqname = sss_create_internal_fqname(tmpctx, name, dom->name); + if (fqname == NULL) { + continue; + } + + ret = sss_ncache_set_group(ncache, true, dom, fqname); + talloc_zfree(fqname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store permanent group filter for" diff --git a/src/responder/common/negcache_files.c b/src/responder/common/negcache_files.c index 1b9a4be43..4256186d9 100644 --- a/src/responder/common/negcache_files.c +++ b/src/responder/common/negcache_files.c @@ -34,8 +34,15 @@ bool is_user_local_by_name(const char *name) char buffer[BUFFER_SIZE]; bool is_local = false; int ret; + char *shortname = NULL; - ret = getpwnam_r(name, &pwd, buffer, BUFFER_SIZE, &pwd_result); + ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL); + if (ret != EOK) { + return false; + } + + ret = getpwnam_r(shortname, &pwd, buffer, BUFFER_SIZE, &pwd_result); + talloc_free(shortname); if (ret == EOK && pwd_result != NULL) { DEBUG(SSSDBG_TRACE_FUNC, "User %s is a local user\n", name); is_local = true; @@ -69,8 +76,15 @@ bool is_group_local_by_name(const char *name) char buffer[BUFFER_SIZE]; bool is_local = false; int ret; + char *shortname = NULL; + + ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL); + if (ret != EOK) { + return false; + } - ret = getgrnam_r(name, &grp, buffer, BUFFER_SIZE, &grp_result); + ret = getgrnam_r(shortname, &grp, buffer, BUFFER_SIZE, &grp_result); + talloc_free(shortname); if (ret == EOK && grp_result != NULL) { DEBUG(SSSDBG_TRACE_FUNC, "Group %s is a local group\n", name); is_local = true; -- cgit