|
|
bb7cd1 |
From 4c3780ced1b1507ebd8c3d0b91a3ef50b74e0b52 Mon Sep 17 00:00:00 2001
|
|
|
bb7cd1 |
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
|
bb7cd1 |
Date: Tue, 25 Apr 2017 16:33:58 +0200
|
|
|
bb7cd1 |
Subject: [PATCH 126/127] CACHE_REQ: Make use of cache_req_ncache_filter_fn()
|
|
|
bb7cd1 |
MIME-Version: 1.0
|
|
|
bb7cd1 |
Content-Type: text/plain; charset=UTF-8
|
|
|
bb7cd1 |
Content-Transfer-Encoding: 8bit
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
This patch makes use of cache_req_ncache_filter_fn() in order to process
|
|
|
bb7cd1 |
the result of a cache_req search and then filter out all the results
|
|
|
bb7cd1 |
that are present in the negative cache.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
The "post cache_req search" result processing is done basically in two
|
|
|
bb7cd1 |
different cases:
|
|
|
bb7cd1 |
- plugins which don't use name as an input token (group_by_id, user_by_id
|
|
|
bb7cd1 |
and object_by_id), but still can be affected by filter_{users,groups}
|
|
|
bb7cd1 |
options;
|
|
|
bb7cd1 |
- plugins responsible for groups and users enumeration (enum_groups and
|
|
|
bb7cd1 |
enum_users);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Resolves:
|
|
|
bb7cd1 |
https://pagure.io/SSSD/sssd/issue/3362
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
bb7cd1 |
(cherry picked from commit 4ef0b19a5e8a327443d027e57487c8a1e4f654ce)
|
|
|
bb7cd1 |
---
|
|
|
bb7cd1 |
src/responder/common/cache_req/cache_req_search.c | 124 +++++++++++++++++++--
|
|
|
bb7cd1 |
.../cache_req/plugins/cache_req_enum_groups.c | 10 +-
|
|
|
bb7cd1 |
.../cache_req/plugins/cache_req_enum_users.c | 10 +-
|
|
|
bb7cd1 |
.../cache_req/plugins/cache_req_group_by_id.c | 10 +-
|
|
|
bb7cd1 |
.../cache_req/plugins/cache_req_object_by_id.c | 17 ++-
|
|
|
bb7cd1 |
.../cache_req/plugins/cache_req_user_by_id.c | 10 +-
|
|
|
bb7cd1 |
src/responder/nss/nss_protocol_grent.c | 12 --
|
|
|
bb7cd1 |
src/responder/nss/nss_protocol_pwent.c | 11 --
|
|
|
bb7cd1 |
8 files changed, 165 insertions(+), 39 deletions(-)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/cache_req_search.c b/src/responder/common/cache_req/cache_req_search.c
|
|
|
bb7cd1 |
index 8bc1530b341f587cb502fdf0ca3ed8d37cfb7d13..793dbc5042ae329b2cade5d1eb5a6d41102e264f 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/cache_req_search.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/cache_req_search.c
|
|
|
bb7cd1 |
@@ -84,6 +84,87 @@ static void cache_req_search_ncache_add(struct cache_req *cr)
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+static errno_t cache_req_search_ncache_filter(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
+ struct cache_req *cr,
|
|
|
bb7cd1 |
+ struct ldb_result *result,
|
|
|
bb7cd1 |
+ struct ldb_result **_result)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ TALLOC_CTX *tmp_ctx;
|
|
|
bb7cd1 |
+ struct ldb_result *filtered_result;
|
|
|
bb7cd1 |
+ struct ldb_message **msgs;
|
|
|
bb7cd1 |
+ size_t msg_count;
|
|
|
bb7cd1 |
+ const char *name;
|
|
|
bb7cd1 |
+ errno_t ret;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
bb7cd1 |
+ if (tmp_ctx == NULL) {
|
|
|
bb7cd1 |
+ return ENOMEM;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (cr->plugin->ncache_filter_fn == NULL) {
|
|
|
bb7cd1 |
+ CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
|
|
|
bb7cd1 |
+ "This request type does not support filtering "
|
|
|
bb7cd1 |
+ "result by negative cache\n");
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ *_result = talloc_steal(mem_ctx, result);
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ ret = EOK;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
|
|
|
bb7cd1 |
+ "Filtering out results by negative cache\n");
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ msgs = talloc_zero_array(tmp_ctx, struct ldb_message *, result->count);
|
|
|
bb7cd1 |
+ msg_count = 0;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ for (size_t i = 0; i < result->count; i++) {
|
|
|
bb7cd1 |
+ name = sss_get_name_from_msg(cr->domain, result->msgs[i]);
|
|
|
bb7cd1 |
+ if (name == NULL) {
|
|
|
bb7cd1 |
+ CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr,
|
|
|
bb7cd1 |
+ "sss_get_name_from_msg() returned NULL, which should never "
|
|
|
bb7cd1 |
+ "happen in this scenario!\n");
|
|
|
bb7cd1 |
+ ret = ERR_INTERNAL;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ ret = cr->plugin->ncache_filter_fn(cr->ncache, cr->domain, name);
|
|
|
bb7cd1 |
+ if (ret == EEXIST) {
|
|
|
bb7cd1 |
+ CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
|
|
|
bb7cd1 |
+ "[%s] filtered out! (negative cache)\n",
|
|
|
bb7cd1 |
+ name);
|
|
|
bb7cd1 |
+ continue;
|
|
|
bb7cd1 |
+ } else if (ret != EOK && ret != ENOENT) {
|
|
|
bb7cd1 |
+ CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr,
|
|
|
bb7cd1 |
+ "Unable to check negative cache [%d]: %s\n",
|
|
|
bb7cd1 |
+ ret, sss_strerror(ret));
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ msgs[msg_count] = talloc_steal(msgs, result->msgs[i]);
|
|
|
bb7cd1 |
+ msg_count++;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (msg_count == 0) {
|
|
|
bb7cd1 |
+ ret = ENOENT;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ filtered_result = cache_req_create_ldb_result_from_msg_list(tmp_ctx, msgs,
|
|
|
bb7cd1 |
+ msg_count);
|
|
|
bb7cd1 |
+ if (filtered_result == NULL) {
|
|
|
bb7cd1 |
+ ret = ENOMEM;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ *_result = talloc_steal(mem_ctx, filtered_result);
|
|
|
bb7cd1 |
+ ret = EOK;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+done:
|
|
|
bb7cd1 |
+ talloc_free(tmp_ctx);
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
static errno_t cache_req_search_cache(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
struct cache_req *cr,
|
|
|
bb7cd1 |
struct ldb_result **_result)
|
|
|
bb7cd1 |
@@ -338,10 +419,18 @@ static void cache_req_search_oob_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static void cache_req_search_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
+ TALLOC_CTX *tmp_ctx;
|
|
|
bb7cd1 |
struct cache_req_search_state *state;
|
|
|
bb7cd1 |
struct tevent_req *req;
|
|
|
bb7cd1 |
+ struct ldb_result *result = NULL;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
bb7cd1 |
+ if (tmp_ctx == NULL) {
|
|
|
bb7cd1 |
+ ret = ENOMEM;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
bb7cd1 |
state = tevent_req_data(req, struct cache_req_search_state);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
@@ -349,23 +438,36 @@ static void cache_req_search_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
talloc_zfree(subreq);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
/* Get result from cache again. */
|
|
|
bb7cd1 |
- ret = cache_req_search_cache(state, state->cr, &state->result);
|
|
|
bb7cd1 |
- if (ret == ENOENT) {
|
|
|
bb7cd1 |
- /* Only store entry in negative cache if DP request succeeded
|
|
|
bb7cd1 |
- * because only then we know that the entry does not exist. */
|
|
|
bb7cd1 |
- if (state->dp_success) {
|
|
|
bb7cd1 |
- cache_req_search_ncache_add(state->cr);
|
|
|
bb7cd1 |
+ ret = cache_req_search_cache(tmp_ctx, state->cr, &result);
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ if (ret == ENOENT) {
|
|
|
bb7cd1 |
+ /* Only store entry in negative cache if DP request succeeded
|
|
|
bb7cd1 |
+ * because only then we know that the entry does not exist. */
|
|
|
bb7cd1 |
+ if (state->dp_success) {
|
|
|
bb7cd1 |
+ cache_req_search_ncache_add(state->cr);
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
- tevent_req_error(req, ENOENT);
|
|
|
bb7cd1 |
- return;
|
|
|
bb7cd1 |
- } else if (ret != EOK) {
|
|
|
bb7cd1 |
- tevent_req_error(req, ret);
|
|
|
bb7cd1 |
- return;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ /* ret == EOK */
|
|
|
bb7cd1 |
+ ret = cache_req_search_ncache_filter(state, state->cr, result,
|
|
|
bb7cd1 |
+ &state->result);
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, state->cr,
|
|
|
bb7cd1 |
"Returning updated object [%s]\n", state->cr->debugobj);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+done:
|
|
|
bb7cd1 |
+ talloc_free(tmp_ctx);
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ tevent_req_error(req, ret);
|
|
|
bb7cd1 |
+ return;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
tevent_req_done(req);
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
|
|
|
bb7cd1 |
index 11ce9e90ff28f77078b025a44593a44be8f1f5c5..15350ca8279bc77c73bcc4abe51c97a8a37cb8c8 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
|
|
|
bb7cd1 |
@@ -55,6 +55,14 @@ cache_req_enum_groups_dp_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
SSS_DP_GROUP, NULL, 0, NULL);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
+cache_req_enum_groups_ncache_filter(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *name)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ return sss_ncache_check_group(ncache, domain, name);
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
const struct cache_req_plugin cache_req_enum_groups = {
|
|
|
bb7cd1 |
.name = "Enumerate groups",
|
|
|
bb7cd1 |
.attr_expiration = SYSDB_CACHE_EXPIRE,
|
|
|
bb7cd1 |
@@ -75,7 +83,7 @@ const struct cache_req_plugin cache_req_enum_groups = {
|
|
|
bb7cd1 |
.global_ncache_add_fn = NULL,
|
|
|
bb7cd1 |
.ncache_check_fn = NULL,
|
|
|
bb7cd1 |
.ncache_add_fn = NULL,
|
|
|
bb7cd1 |
- .ncache_filter_fn = NULL,
|
|
|
bb7cd1 |
+ .ncache_filter_fn = cache_req_enum_groups_ncache_filter,
|
|
|
bb7cd1 |
.lookup_fn = cache_req_enum_groups_lookup,
|
|
|
bb7cd1 |
.dp_send_fn = cache_req_enum_groups_dp_send,
|
|
|
bb7cd1 |
.dp_recv_fn = cache_req_common_dp_recv
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_users.c b/src/responder/common/cache_req/plugins/cache_req_enum_users.c
|
|
|
bb7cd1 |
index e0647a0102d9568abdcebfbf0fb99fc2624d5565..a3ddcdd45548a2fa7c367f3fb3be103c115dedb4 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/plugins/cache_req_enum_users.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/plugins/cache_req_enum_users.c
|
|
|
bb7cd1 |
@@ -55,6 +55,14 @@ cache_req_enum_users_dp_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
SSS_DP_USER, NULL, 0, NULL);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
+cache_req_enum_users_ncache_filter(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *name)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ return sss_ncache_check_user(ncache, domain, name);
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
const struct cache_req_plugin cache_req_enum_users = {
|
|
|
bb7cd1 |
.name = "Enumerate users",
|
|
|
bb7cd1 |
.attr_expiration = SYSDB_CACHE_EXPIRE,
|
|
|
bb7cd1 |
@@ -75,7 +83,7 @@ const struct cache_req_plugin cache_req_enum_users = {
|
|
|
bb7cd1 |
.global_ncache_add_fn = NULL,
|
|
|
bb7cd1 |
.ncache_check_fn = NULL,
|
|
|
bb7cd1 |
.ncache_add_fn = NULL,
|
|
|
bb7cd1 |
- .ncache_filter_fn = NULL,
|
|
|
bb7cd1 |
+ .ncache_filter_fn = cache_req_enum_users_ncache_filter,
|
|
|
bb7cd1 |
.lookup_fn = cache_req_enum_users_lookup,
|
|
|
bb7cd1 |
.dp_send_fn = cache_req_enum_users_dp_send,
|
|
|
bb7cd1 |
.dp_recv_fn = cache_req_common_dp_recv
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
|
|
|
bb7cd1 |
index 5613bf67c6acd1b2ace00cf75221462f45ef6743..5ca64283a781318bc4e4d6920fff989c3f3919b4 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
|
|
|
bb7cd1 |
@@ -43,6 +43,14 @@ cache_req_group_by_id_ncache_check(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t
|
|
|
bb7cd1 |
+cache_req_group_by_id_ncache_filter(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *name)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ return sss_ncache_check_group(ncache, domain, name);
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
cache_req_group_by_id_global_ncache_add(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
struct cache_req_data *data)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
@@ -144,7 +152,7 @@ const struct cache_req_plugin cache_req_group_by_id = {
|
|
|
bb7cd1 |
.global_ncache_add_fn = cache_req_group_by_id_global_ncache_add,
|
|
|
bb7cd1 |
.ncache_check_fn = cache_req_group_by_id_ncache_check,
|
|
|
bb7cd1 |
.ncache_add_fn = NULL,
|
|
|
bb7cd1 |
- .ncache_filter_fn = NULL,
|
|
|
bb7cd1 |
+ .ncache_filter_fn = cache_req_group_by_id_ncache_filter,
|
|
|
bb7cd1 |
.lookup_fn = cache_req_group_by_id_lookup,
|
|
|
bb7cd1 |
.dp_send_fn = cache_req_group_by_id_dp_send,
|
|
|
bb7cd1 |
.dp_recv_fn = cache_req_common_dp_recv
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
|
|
|
bb7cd1 |
index ff3d0e67862be365c56ab24396b4982e8addded0..339bd4f5fef827acc1aa3c123d041e426d9e4782 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
|
|
|
bb7cd1 |
@@ -50,6 +50,21 @@ cache_req_object_by_id_ncache_check(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t
|
|
|
bb7cd1 |
+cache_req_object_by_id_ncache_filter(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *name)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ errno_t ret;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ ret = sss_ncache_check_user(ncache, domain, name);
|
|
|
bb7cd1 |
+ if (ret == EEXIST) {
|
|
|
bb7cd1 |
+ ret = sss_ncache_check_group(ncache, domain, name);
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
cache_req_object_by_id_global_ncache_add(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
struct cache_req_data *data)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
@@ -111,7 +126,7 @@ const struct cache_req_plugin cache_req_object_by_id = {
|
|
|
bb7cd1 |
.global_ncache_add_fn = cache_req_object_by_id_global_ncache_add,
|
|
|
bb7cd1 |
.ncache_check_fn = cache_req_object_by_id_ncache_check,
|
|
|
bb7cd1 |
.ncache_add_fn = NULL,
|
|
|
bb7cd1 |
- .ncache_filter_fn = NULL,
|
|
|
bb7cd1 |
+ .ncache_filter_fn = cache_req_object_by_id_ncache_filter,
|
|
|
bb7cd1 |
.lookup_fn = cache_req_object_by_id_lookup,
|
|
|
bb7cd1 |
.dp_send_fn = cache_req_object_by_id_dp_send,
|
|
|
bb7cd1 |
.dp_recv_fn = cache_req_common_dp_recv
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
|
|
|
bb7cd1 |
index b14b3738aa7721723f524ebd46301a3a9a1c712f..913f9be5bcc2dfd074b52cb3b15fb6948826e831 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
|
|
|
bb7cd1 |
@@ -43,6 +43,14 @@ cache_req_user_by_id_ncache_check(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t
|
|
|
bb7cd1 |
+cache_req_user_by_id_ncache_filter(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *name)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ return sss_ncache_check_user(ncache, domain, name);
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
cache_req_user_by_id_global_ncache_add(struct sss_nc_ctx *ncache,
|
|
|
bb7cd1 |
struct cache_req_data *data)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
@@ -144,7 +152,7 @@ const struct cache_req_plugin cache_req_user_by_id = {
|
|
|
bb7cd1 |
.global_ncache_add_fn = cache_req_user_by_id_global_ncache_add,
|
|
|
bb7cd1 |
.ncache_check_fn = cache_req_user_by_id_ncache_check,
|
|
|
bb7cd1 |
.ncache_add_fn = NULL,
|
|
|
bb7cd1 |
- .ncache_filter_fn = NULL,
|
|
|
bb7cd1 |
+ .ncache_filter_fn = cache_req_user_by_id_ncache_filter,
|
|
|
bb7cd1 |
.lookup_fn = cache_req_user_by_id_lookup,
|
|
|
bb7cd1 |
.dp_send_fn = cache_req_user_by_id_dp_send,
|
|
|
bb7cd1 |
.dp_recv_fn = cache_req_common_dp_recv
|
|
|
bb7cd1 |
diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
|
|
|
bb7cd1 |
index 947463df93e188729959737efa4ac4f44a8459c4..ee228c722a153a1ba7aa8a1b30a1e551108424bb 100644
|
|
|
bb7cd1 |
--- a/src/responder/nss/nss_protocol_grent.c
|
|
|
bb7cd1 |
+++ b/src/responder/nss/nss_protocol_grent.c
|
|
|
bb7cd1 |
@@ -241,18 +241,6 @@ nss_protocol_fill_grent(struct nss_ctx *nss_ctx,
|
|
|
bb7cd1 |
continue;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- /* Check negative cache during enumeration. */
|
|
|
bb7cd1 |
- if (cmd_ctx->enumeration) {
|
|
|
bb7cd1 |
- ret = sss_ncache_check_group(nss_ctx->rctx->ncache,
|
|
|
bb7cd1 |
- result->domain, name->str);
|
|
|
bb7cd1 |
- if (ret == EEXIST) {
|
|
|
bb7cd1 |
- DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
bb7cd1 |
- "User [%s] filtered out! (negative cache)\n",
|
|
|
bb7cd1 |
- name->str);
|
|
|
bb7cd1 |
- continue;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
/* Adjust packet size: gid, num_members + string fields. */
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = sss_packet_grow(packet, 2 * sizeof(uint32_t)
|
|
|
bb7cd1 |
diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
|
|
|
bb7cd1 |
index cb643f29e2d5f0a0c55c51afd9def73813061aa7..b355d4fc90397f51e82545e56940be850f144d49 100644
|
|
|
bb7cd1 |
--- a/src/responder/nss/nss_protocol_pwent.c
|
|
|
bb7cd1 |
+++ b/src/responder/nss/nss_protocol_pwent.c
|
|
|
bb7cd1 |
@@ -309,17 +309,6 @@ nss_protocol_fill_pwent(struct nss_ctx *nss_ctx,
|
|
|
bb7cd1 |
continue;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- /* Check negative cache during enumeration. */
|
|
|
bb7cd1 |
- if (cmd_ctx->enumeration) {
|
|
|
bb7cd1 |
- ret = sss_ncache_check_user(nss_ctx->rctx->ncache,
|
|
|
bb7cd1 |
- result->domain, name->str);
|
|
|
bb7cd1 |
- if (ret == EEXIST) {
|
|
|
bb7cd1 |
- DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
bb7cd1 |
- "User [%s] filtered out! (negative cache)\n", name->str);
|
|
|
bb7cd1 |
- continue;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
/* Adjust packet size: uid, gid + string fields. */
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = sss_packet_grow(packet, 2 * sizeof(uint32_t)
|
|
|
bb7cd1 |
--
|
|
|
bb7cd1 |
2.9.3
|
|
|
bb7cd1 |
|