diff options
| author | Simo Sorce <simo@redhat.com> | 2012-10-16 15:32:48 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-01-04 14:39:23 -0500 |
| commit | b5a99bebff5f7455d9b8bd89f0a81de587c5a9c0 (patch) | |
| tree | bf4fb0f1578d43caeaf0587624347be39598763c | |
| parent | 9366febd6ec9b1fe588fee4a4542ea75cc857abf (diff) | |
| download | sssd-b5a99bebff5f7455d9b8bd89f0a81de587c5a9c0.tar.gz sssd-b5a99bebff5f7455d9b8bd89f0a81de587c5a9c0.tar.xz sssd-b5a99bebff5f7455d9b8bd89f0a81de587c5a9c0.zip | |
Change memory cache layout to add optional key
This bumps the cache major number to 1 as this change is incompatible
with current clients.
The addiotinal key is used to allow name aliases to be added to user
and group entries. Aliases are a string that can be looked up via the
getpwname and getgrnam calls, and are useful to to fetch entries by
alternate names.
Currently only one, optional alias is allowed.
| -rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.c | 30 | ||||
| -rw-r--r-- | src/sss_client/nss_mc_group.c | 2 | ||||
| -rw-r--r-- | src/sss_client/nss_mc_passwd.c | 2 | ||||
| -rw-r--r-- | src/util/mmap_cache.h | 3 |
4 files changed, 28 insertions, 9 deletions
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 7149ca80..cdedf47b 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -195,6 +195,10 @@ static void sss_mc_invalidate_rec(struct sss_mc_ctx *mcc, sss_mc_rm_rec_from_chain(mcc, rec, rec->hash1); /* hash chain 2 */ sss_mc_rm_rec_from_chain(mcc, rec, rec->hash2); + if (rec->hash3 != MC_INVALID_VAL) { + /* hash chain 3 */ + sss_mc_rm_rec_from_chain(mcc, rec, rec->hash3); + } /* Clear from free_table */ sss_mc_free_slots(mcc, rec); @@ -208,6 +212,7 @@ static void sss_mc_invalidate_rec(struct sss_mc_ctx *mcc, rec->next = MC_INVALID_VAL32; rec->hash1 = MC_INVALID_VAL32; rec->hash2 = MC_INVALID_VAL32; + rec->hash3 = MC_INVALID_VAL; MC_LOWER_BARRIER(rec); } @@ -454,12 +459,18 @@ static inline void sss_mmap_set_rec_header(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec, size_t len, int ttl, const char *key1, size_t key1_len, - const char *key2, size_t key2_len) + const char *key2, size_t key2_len, + const char *key3, size_t key3_len) { rec->len = len; rec->expire = time(NULL) + ttl; rec->hash1 = sss_mc_hash(mcc, key1, key1_len); rec->hash2 = sss_mc_hash(mcc, key2, key2_len); + if (key3) { + rec->hash3 = sss_mc_hash(mcc, key3, key3_len); + } else { + rec->hash3 = MC_INVALID_VAL; + } } static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc, @@ -469,6 +480,10 @@ static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc, sss_mc_add_rec_to_chain(mcc, rec, rec->hash1); /* then uid/gid */ sss_mc_add_rec_to_chain(mcc, rec, rec->hash2); + /* then alias */ + if (rec->hash3 != MC_INVALID_VAL) { + sss_mc_add_rec_to_chain(mcc, rec, rec->hash3); + } } /*************************************************************************** @@ -549,7 +564,8 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, /* header */ sss_mmap_set_rec_header(mcc, rec, rec_len, mcc->valid_time_slot, - name->str, name->len, uidkey.str, uidkey.len); + name->str, name->len, uidkey.str, uidkey.len, + NULL, 0); /* passwd struct */ data->name = MC_PTR_DIFF(data->strs, data); @@ -684,7 +700,8 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, /* header */ sss_mmap_set_rec_header(mcc, rec, rec_len, mcc->valid_time_slot, - name->str, name->len, gidkey.str, gidkey.len); + name->str, name->len, gidkey.str, gidkey.len, + NULL, 0); /* group struct */ data->name = MC_PTR_DIFF(data->strs, data); @@ -946,9 +963,10 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, /* We can use MC_ALIGN64 for this */ n_elem = MC_ALIGN64(n_elem); - /* hash table is double the size because it will store both forward and - * reverse keys (name/uid, name/gid, ..) */ - mc_ctx->ht_size = MC_HT_SIZE(n_elem * 2); + /* hash table is triple the size because it will store both forward and + * reverse keys (name/uid, name/gid, ..) plus an alias for entries coming + * from trusted domains (eg a SID for AD trusted users/groups) */ + mc_ctx->ht_size = MC_HT_SIZE(n_elem * 3); mc_ctx->dt_size = MC_DT_SIZE(n_elem, payload); mc_ctx->ft_size = MC_FT_SIZE(n_elem); mc_ctx->mmap_size = MC_HEADER_SIZE + diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c index b3e9a8a0..4691d6d8 100644 --- a/src/sss_client/nss_mc_group.c +++ b/src/sss_client/nss_mc_group.c @@ -123,7 +123,7 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len, } /* check record matches what we are searching for */ - if (hash != rec->hash1) { + if (hash != rec->hash1 && hash != rec->hash3) { /* if name hash does not match we can skip this immediately */ slot = rec->next; continue; diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c index 4acc6425..1932b151 100644 --- a/src/sss_client/nss_mc_passwd.c +++ b/src/sss_client/nss_mc_passwd.c @@ -124,7 +124,7 @@ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len, } /* check record matches what we are searching for */ - if (hash != rec->hash1) { + if (hash != rec->hash1 && hash != rec->hash3) { /* if name hash does not match we can skip this immediately */ slot = rec->next; continue; diff --git a/src/util/mmap_cache.h b/src/util/mmap_cache.h index 407eeea6..3a0ec0fe 100644 --- a/src/util/mmap_cache.h +++ b/src/util/mmap_cache.h @@ -70,7 +70,7 @@ typedef uint32_t rel_ptr_t; #define MC_VALID_BARRIER(val) (((val) & 0xff000000) == 0xf0000000) -#define SSS_MC_MAJOR_VNO 0 +#define SSS_MC_MAJOR_VNO 1 #define SSS_MC_MINOR_VNO 4 #define SSS_MC_HEADER_ALIVE 1 /* current and in use */ @@ -100,6 +100,7 @@ struct sss_mc_rec { rel_ptr_t next; /* ptr of next record rel to data_table */ uint32_t hash1; /* val of first hash (usually name of record) */ uint32_t hash2; /* val of second hash (usually id of record) */ + uint32_t hash3; /* val of third hash (usually sid of record) */ uint32_t b2; /* barrier 2 - 32 bytes mark, fits a slot */ char data[0]; }; |