From 5519295726bb2a0e88475e1d8deff0b8c0f65119 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 24 Mar 2017 10:39:12 +0100 Subject: [PATCH 63/72] CACHE_REQ: Domain type selection in cache_req MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new enumeration cache_req_dom_type. It is a tri-state that allows the caller to select which domains can be contacted - either only POSIX, only application domains or any type. Not all plugins of cache_req have the new parameter added -- only those that are usable/useful in a non-POSIX environment. For example, it makes no sense to allow the selection for calls by ID because those are inherently POSIX-specific. Also, services or netgroups are supported only coming from POSIX domains. At the moment, the patch should not change any behaviour as all calls default to contacting POSIX domains only. Reviewed-by: Pavel Březina --- src/responder/common/cache_req/cache_req.c | 80 ++++++++++++++++++++-- src/responder/common/cache_req/cache_req.h | 19 +++++ src/responder/common/cache_req/cache_req_private.h | 3 + .../cache_req/plugins/cache_req_enum_groups.c | 4 +- .../common/cache_req/plugins/cache_req_enum_svc.c | 3 +- .../cache_req/plugins/cache_req_enum_users.c | 4 +- .../cache_req/plugins/cache_req_group_by_filter.c | 5 +- .../cache_req/plugins/cache_req_group_by_id.c | 4 +- .../cache_req/plugins/cache_req_group_by_name.c | 5 +- .../cache_req/plugins/cache_req_host_by_name.c | 4 +- .../plugins/cache_req_initgroups_by_name.c | 5 +- .../cache_req/plugins/cache_req_netgroup_by_name.c | 4 +- .../cache_req/plugins/cache_req_object_by_id.c | 4 +- .../cache_req/plugins/cache_req_object_by_name.c | 4 +- .../cache_req/plugins/cache_req_object_by_sid.c | 4 +- .../cache_req/plugins/cache_req_svc_by_name.c | 4 +- .../cache_req/plugins/cache_req_svc_by_port.c | 4 +- .../cache_req/plugins/cache_req_user_by_cert.c | 4 +- .../cache_req/plugins/cache_req_user_by_filter.c | 5 +- .../cache_req/plugins/cache_req_user_by_id.c | 4 +- .../cache_req/plugins/cache_req_user_by_name.c | 9 ++- src/responder/ifp/ifp_groups.c | 14 +++- src/responder/ifp/ifp_users.c | 19 +++-- src/responder/ifp/ifpsrv_cmd.c | 3 +- src/responder/nss/nss_enum.c | 2 +- src/responder/nss/nss_get_object.c | 3 +- src/responder/pam/pamsrv_cmd.c | 5 +- src/responder/sudo/sudosrv_get_sudorules.c | 3 +- src/tests/cmocka/test_responder_cache_req.c | 62 ++++++++++++++--- 29 files changed, 246 insertions(+), 47 deletions(-) diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 483126396f8addbad744ae03bfc739801cd0c18b..3a5fecf34427437bbf95317e05c5bd8b07b4537d 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -89,12 +89,31 @@ static errno_t cache_req_set_plugin(struct cache_req *cr, return EOK; } +static const char * +cache_req_dom_type_as_str(struct cache_req *cr) +{ + if (cr == NULL) { + return "BUG: Invalid cache_req pointer\n"; + } + switch (cr->req_dom_type) { + case CACHE_REQ_POSIX_DOM: + return "POSIX-only"; + case CACHE_REQ_APPLICATION_DOM: + return "Application-only"; + case CACHE_REQ_ANY_DOM: + return "Any"; + } + + return "Unknown"; +} + static struct cache_req * cache_req_create(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct cache_req_data *data, struct sss_nc_ctx *ncache, - int midpoint) + int midpoint, + enum cache_req_dom_type req_dom_type) { struct cache_req *cr; errno_t ret; @@ -108,6 +127,7 @@ cache_req_create(TALLOC_CTX *mem_ctx, cr->data = data; cr->ncache = ncache; cr->midpoint = midpoint; + cr->req_dom_type = req_dom_type; cr->req_start = time(NULL); /* It is perfectly fine to just overflow here. */ @@ -145,8 +165,8 @@ cache_req_set_name(struct cache_req *cr, const char *name) } static bool -cache_req_validate_domain(struct cache_req *cr, - struct sss_domain_info *domain) +cache_req_validate_domain_enumeration(struct cache_req *cr, + struct sss_domain_info *domain) { if (!cr->plugin->require_enumeration) { return true; @@ -164,6 +184,52 @@ cache_req_validate_domain(struct cache_req *cr, return true; } +static bool +cache_req_validate_domain_type(struct cache_req *cr, + struct sss_domain_info *domain) +{ + bool valid = false; + + switch (cr->req_dom_type) { + case CACHE_REQ_POSIX_DOM: + valid = domain->type == DOM_TYPE_POSIX ? true : false; + break; + case CACHE_REQ_APPLICATION_DOM: + valid = domain->type == DOM_TYPE_APPLICATION ? true : false; + break; + case CACHE_REQ_ANY_DOM: + valid = true; + break; + } + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Request type %s for domain %s type %s is %svalid\n", + cache_req_dom_type_as_str(cr), + domain->name, + sss_domain_type_str(domain), + valid ? "" : "not "); + return valid; +} + +static bool +cache_req_validate_domain(struct cache_req *cr, + struct sss_domain_info *domain) +{ + bool ok; + + ok = cache_req_validate_domain_enumeration(cr, domain); + if (ok == false) { + return false; + } + + ok = cache_req_validate_domain_type(cr, domain); + if (ok == false) { + return false; + } + + return true; +} + static errno_t cache_req_is_well_known_object(TALLOC_CTX *mem_ctx, struct cache_req *cr, @@ -651,6 +717,7 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int midpoint, + enum cache_req_dom_type req_dom_type, const char *domain, struct cache_req_data *data) { @@ -667,7 +734,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, } state->ev = ev; - state->cr = cr = cache_req_create(state, rctx, data, ncache, midpoint); + state->cr = cr = cache_req_create(state, rctx, data, + ncache, midpoint, req_dom_type); if (state->cr == NULL) { ret = ENOMEM; goto done; @@ -952,13 +1020,15 @@ cache_req_steal_data_and_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, struct cache_req_data *data) { struct tevent_req *req; req = cache_req_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + req_dom_type, domain, data); if (req == NULL) { talloc_zfree(data); return NULL; diff --git a/src/responder/common/cache_req/cache_req.h b/src/responder/common/cache_req/cache_req.h index d0e5ff43921467fc191fd5cc7d5b49cc039b7f67..c04b2fba6f0445dcfcc9cfe1b5963ac975c39118 100644 --- a/src/responder/common/cache_req/cache_req.h +++ b/src/responder/common/cache_req/cache_req.h @@ -57,6 +57,18 @@ enum cache_req_type { CACHE_REQ_SENTINEL }; +/* Whether to limit the request type to a certain domain type + * (POSIX/non-POSIX) + */ +enum cache_req_dom_type { + /* Only look up data in POSIX domains */ + CACHE_REQ_POSIX_DOM, + /* Only look up data in application domains */ + CACHE_REQ_APPLICATION_DOM, + /* Look up data in any domain type */ + CACHE_REQ_ANY_DOM +}; + /* Input data. */ struct cache_req_data; @@ -172,6 +184,7 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int midpoint, + enum cache_req_dom_type req_dom_type, const char *domain, struct cache_req_data *data); @@ -191,6 +204,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *name); @@ -228,6 +242,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *pem_cert); @@ -240,6 +255,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *name); @@ -264,6 +280,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *name); @@ -274,6 +291,7 @@ struct tevent_req * cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, + enum cache_req_dom_type req_dom_type, const char *domain, const char *filter); @@ -284,6 +302,7 @@ struct tevent_req * cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, + enum cache_req_dom_type req_dom_type, const char *domain, const char *filter); diff --git a/src/responder/common/cache_req/cache_req_private.h b/src/responder/common/cache_req/cache_req_private.h index 2d3c1870795e4fd5667f603280edcee24f926220..851005c389f994b1bd2d04cda9b68df8b18492cc 100644 --- a/src/responder/common/cache_req/cache_req_private.h +++ b/src/responder/common/cache_req/cache_req_private.h @@ -42,6 +42,8 @@ struct cache_req { struct sss_domain_info *domain; bool cache_first; bool bypass_cache; + /* Only contact domains with this type */ + enum cache_req_dom_type req_dom_type; /* Debug information */ uint32_t reqid; @@ -108,6 +110,7 @@ cache_req_steal_data_and_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, struct cache_req_data *data); diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c index dbb40c98339cc9295e3678e05340396aff51ac78..49ce3508e678862e4389657187b9659ce90fbd1c 100644 --- a/src/responder/common/cache_req/plugins/cache_req_enum_groups.c +++ b/src/responder/common/cache_req/plugins/cache_req_enum_groups.c @@ -96,5 +96,7 @@ cache_req_enum_groups_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_svc.c b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c index 28dea33c601f500b9c7af0de3eb9e1c342f03522..499b994738d62707b4e86d5a8383e3e2b82e8c57 100644 --- a/src/responder/common/cache_req/plugins/cache_req_enum_svc.c +++ b/src/responder/common/cache_req/plugins/cache_req_enum_svc.c @@ -97,5 +97,6 @@ cache_req_enum_svc_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_enum_users.c b/src/responder/common/cache_req/plugins/cache_req_enum_users.c index 3b1a85841e3ed853cd329dfa9d762cb7a05cbd43..b635354be6e9d2e2e2af1a6f867ac68e6cf7f085 100644 --- a/src/responder/common/cache_req/plugins/cache_req_enum_users.c +++ b/src/responder/common/cache_req/plugins/cache_req_enum_users.c @@ -96,5 +96,7 @@ cache_req_enum_users_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c index 6ce6ae0d63967ac50b813a47ac938251619948da..4377a476c36e5e03c8533bc62335b84fa1cee3ff 100644 --- a/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c +++ b/src/responder/common/cache_req/plugins/cache_req_group_by_filter.c @@ -140,6 +140,7 @@ struct tevent_req * cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, + enum cache_req_dom_type req_dom_type, const char *domain, const char *filter) { @@ -151,5 +152,7 @@ cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL, - 0, domain, data); + 0, + req_dom_type, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c index e98f76f8cd20742b81ae247df61db159d2584a17..ad5b7d890a42f29b586ab8e0943fef3dfab1162d 100644 --- a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c +++ b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c @@ -166,5 +166,7 @@ cache_req_group_by_id_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_name.c b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c index af6f23ccfd68f952027462ba3e74ed7219d04651..de1e8f9442273acf386a2278b06f28ee63a7e3c6 100644 --- a/src/responder/common/cache_req/plugins/cache_req_group_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_group_by_name.c @@ -205,6 +205,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *name) { @@ -216,5 +217,7 @@ cache_req_group_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + req_dom_type, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_host_by_name.c b/src/responder/common/cache_req/plugins/cache_req_host_by_name.c index 77b46831fec3abc4126ef9d9be67221469801094..1171cd63fac5cc1d36b31bf8a069f059705cae90 100644 --- a/src/responder/common/cache_req/plugins/cache_req_host_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_host_by_name.c @@ -117,5 +117,7 @@ cache_req_host_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c index 307b65a24282838b99c472b50a71f06865aed3f0..f100aefe5c92279cde7e3209c7f48f5e2b35f135 100644 --- a/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c @@ -220,6 +220,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *name) { @@ -231,5 +232,7 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + req_dom_type, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c index e49d6d84a41ce8dabf18c87373826f8e7b684bda..ab3e553d3ecb8ae09094dcfc938ed0ac01925327 100644 --- a/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_netgroup_by_name.c @@ -150,5 +150,7 @@ cache_req_netgroup_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c index 046e313c83d1d4c75237b047be779201b8a5d3c0..9557bd15270b2eb1a0671f9ef91033efac29c3ac 100644 --- a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c +++ b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c @@ -134,5 +134,7 @@ cache_req_object_by_id_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_name.c b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c index 74d2b3dea287e890b38e4d5bb176ad2dc6337b7e..e236d1fa4aadcd87b192d34ebaf5f9ad8908b6c2 100644 --- a/src/responder/common/cache_req/plugins/cache_req_object_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_object_by_name.c @@ -228,5 +228,7 @@ cache_req_object_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c index ab577663111cfd424e7f46308b2621af7f1ca264..dfec79da07d669165205a767cab22c2254686134 100644 --- a/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c +++ b/src/responder/common/cache_req/plugins/cache_req_object_by_sid.c @@ -143,5 +143,7 @@ cache_req_object_by_sid_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c index ef13f097a8ae78ec9db5b7f6e14924b511578b34..b2bfb26ffed1a60ed8389fa89b0e728c8c6cf76c 100644 --- a/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_svc_by_name.c @@ -175,5 +175,7 @@ cache_req_svc_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c index afa2eeeda12794de26e798aee4b88900bc87ed93..0e48437f4b64d26112be88af1eebc20f012b70fd 100644 --- a/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c +++ b/src/responder/common/cache_req/plugins/cache_req_svc_by_port.c @@ -149,5 +149,7 @@ cache_req_svc_by_port_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c index f237c8d0fe3faf5aea553480f3f92eb279209a20..286a34db276e0098060982c572e2a68ceceebf60 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_cert.c @@ -105,6 +105,7 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *pem_cert) { @@ -117,5 +118,6 @@ cache_req_user_by_cert_send(TALLOC_CTX *mem_ctx, return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, cache_refresh_percent, - domain, data); + req_dom_type, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c index eb71b42dad3a805298df0c8425409d571befb31b..c476814373cd784bf8dbbea1da7b010afe5bb4e4 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_filter.c @@ -140,6 +140,7 @@ struct tevent_req * cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx, + enum cache_req_dom_type req_dom_type, const char *domain, const char *filter) { @@ -151,5 +152,7 @@ cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, NULL, - 0, domain, data); + 0, + req_dom_type, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c index fa783714b7c67ca029d18a223b64a3a69e3e6929..9ba73292e5dc518e86c6e00e7e493d6871f28e70 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c @@ -166,5 +166,7 @@ cache_req_user_by_id_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_name.c b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c index 0670febdce2d51e0373045570dd07f56255db7bc..15da7d0d20b1ac97511a226daecc8ef7e7d2e7e4 100644 --- a/src/responder/common/cache_req/plugins/cache_req_user_by_name.c +++ b/src/responder/common/cache_req/plugins/cache_req_user_by_name.c @@ -210,6 +210,7 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, int cache_refresh_percent, + enum cache_req_dom_type req_dom_type, const char *domain, const char *name) { @@ -221,7 +222,9 @@ cache_req_user_by_name_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + req_dom_type, domain, + data); } struct tevent_req * @@ -243,5 +246,7 @@ cache_req_user_by_name_attrs_send(TALLOC_CTX *mem_ctx, } return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache, - cache_refresh_percent, domain, data); + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, domain, + data); } diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c index 94d1e84cc9de75727d3c47c0a5a24790d21ce132..99908e96bd971bce4b4e9064a77d8413f837d743 100644 --- a/src/responder/ifp/ifp_groups.c +++ b/src/responder/ifp/ifp_groups.c @@ -118,7 +118,9 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req, } req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->rctx->ncache, 0, NULL, name); + ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, NULL, + name); if (req == NULL) { return ENOMEM; } @@ -271,6 +273,7 @@ static int ifp_groups_list_by_name_step(struct ifp_list_ctx *list_ctx) req = cache_req_group_by_filter_send(list_ctx, list_ctx->ctx->rctx->ev, list_ctx->ctx->rctx, + CACHE_REQ_POSIX_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -355,7 +358,8 @@ int ifp_groups_list_by_domain_and_name(struct sbus_request *sbus_req, } req = cache_req_group_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx, - domain, filter); + CACHE_REQ_POSIX_DOM, + domain, filter); if (req == NULL) { return ENOMEM; } @@ -522,7 +526,10 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx, } subreq = cache_req_group_by_name_send(state, ev, ctx->rctx, - ctx->rctx->ncache, 0, domain->name, name); + ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, + domain->name, + name); if (subreq == NULL) { ret = ENOMEM; goto immediately; @@ -601,6 +608,7 @@ errno_t resolv_ghosts_step(struct tevent_req *req) subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx, state->ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, state->domain->name, state->ghosts[state->index]); if (subreq == NULL) { diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c index cc78300f31e863fcb5366e18a14abc597c6f7ddb..436bb268fa9c78d72fb744e0d338aa561a7d8764 100644 --- a/src/responder/ifp/ifp_users.c +++ b/src/responder/ifp/ifp_users.c @@ -99,7 +99,9 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req, } req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->rctx->ncache, 0, NULL, name); + ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, + NULL, name); if (req == NULL) { return ENOMEM; } @@ -253,7 +255,9 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data, } req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->rctx->ncache, 0, NULL, derb64); + ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, NULL, + derb64); if (req == NULL) { return ENOMEM; } @@ -367,6 +371,7 @@ static int ifp_users_list_by_cert_step(struct ifp_list_ctx *list_ctx) list_ctx->ctx->rctx, list_ctx->ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -532,7 +537,9 @@ int ifp_users_find_by_name_and_cert(struct sbus_request *sbus_req, void *data, if (name_and_cert_ctx->name != NULL) { req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->rctx->ncache, 0, NULL, + ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, + NULL, name_and_cert_ctx->name); if (req == NULL) { return ENOMEM; @@ -614,6 +621,7 @@ static int ifp_users_find_by_name_and_cert_step( list_ctx->ctx->rctx, list_ctx->ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -774,6 +782,7 @@ static int ifp_users_list_by_name_step(struct ifp_list_ctx *list_ctx) req = cache_req_user_by_filter_send(list_ctx, list_ctx->ctx->rctx->ev, list_ctx->ctx->rctx, + CACHE_REQ_POSIX_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -858,6 +867,7 @@ int ifp_users_list_by_domain_and_name(struct sbus_request *sbus_req, } req = cache_req_user_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx, + CACHE_REQ_POSIX_DOM, domain, filter); if (req == NULL) { return ENOMEM; @@ -1102,7 +1112,8 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req, } req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, - ctx->rctx->ncache, 0, domain->name, + ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, domain->name, username); if (req == NULL) { return ENOMEM; diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index 07edcddffa1091f8bbcf79a25962aadc791bb890..118b5083b14bf5692c6fdd7ba90668fe514aa89d 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -509,7 +509,8 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq) } subreq = cache_req_send(state, state->rctx->ev, state->rctx, - state->ncache, 0, state->domname, data); + state->ncache, 0, CACHE_REQ_POSIX_DOM, + state->domname, data); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; diff --git a/src/responder/nss/nss_enum.c b/src/responder/nss/nss_enum.c index b1cce2cde43ece735285c132d0127c142ee83cb0..aa7d8428f37e943a6b5904495c40ad4b8011b767 100644 --- a/src/responder/nss/nss_enum.c +++ b/src/responder/nss/nss_enum.c @@ -93,7 +93,7 @@ nss_setent_internal_send(TALLOC_CTX *mem_ctx, /* Create new object. */ state->enum_ctx->is_ready = false; subreq = cache_req_send(req, ev, cli_ctx->rctx, cli_ctx->rctx->ncache, - 0, NULL, data); + 0, CACHE_REQ_POSIX_DOM, NULL, data); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to send cache request!\n"); ret = ENOMEM; diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index f83dd393c0e333d8914802e005672a15a51d5939..9058793ea2d72b57003a7219414af6a0f0c5b89e 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -190,7 +190,8 @@ nss_get_object_send(TALLOC_CTX *mem_ctx, } subreq = cache_req_send(req, ev, cli_ctx->rctx, cli_ctx->rctx->ncache, - state->nss_ctx->cache_refresh_percent, NULL, data); + state->nss_ctx->cache_refresh_percent, + CACHE_REQ_POSIX_DOM, NULL, data); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to send cache request!\n"); ret = ENOMEM; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ba2563c11885ff39681c2ef432acaedf26702b64..fa6d2cc10fe1404196f9d9221a469d7a9a768211 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1315,7 +1315,9 @@ static void pam_forwarder_cert_cb(struct tevent_req *req) req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx, - pctx->rctx->ncache, 0, NULL, cert); + pctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, NULL, + cert); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n"); ret = ENOMEM; @@ -1507,6 +1509,7 @@ static int pam_check_user_search(struct pam_auth_req *preq) preq->cctx->rctx, preq->cctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, preq->pd->domain, data); if (!dpreq) { diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index 52dfd5c709e48f0d4610a4b384962fbc2869312b..cfdbfc9c9c66d96f774822d6a4d4aaaf1327abe3 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -644,7 +644,8 @@ struct tevent_req *sudosrv_get_rules_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "Running initgroups for [%s]\n", username); subreq = cache_req_initgr_by_name_send(state, ev, sudo_ctx->rctx, - sudo_ctx->rctx->ncache, 0, NULL, + sudo_ctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, NULL, username); if (subreq == NULL) { ret = ENOMEM; diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c index 5f1e5350eaf1d85de376c94731f0bd678f884a1d..80086232fd437876c2b190fb972c2ee3194d9efd 100644 --- a/src/tests/cmocka/test_responder_cache_req.c +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -84,6 +84,28 @@ struct test_group { talloc_free(req_mem_ctx); \ } while (0) +#define run_cache_req_domtype(ctx, send_fn, done_fn, dom, crp, domtype, lookup, expret) do { \ + TALLOC_CTX *req_mem_ctx; \ + struct tevent_req *req; \ + errno_t ret; \ + \ + req_mem_ctx = talloc_new(global_talloc_context); \ + check_leaks_push(req_mem_ctx); \ + \ + req = send_fn(req_mem_ctx, ctx->tctx->ev, ctx->rctx, \ + ctx->ncache, crp, \ + domtype, \ + (dom == NULL ? NULL : dom->name), lookup); \ + assert_non_null(req); \ + tevent_req_set_callback(req, done_fn, ctx); \ + \ + ret = test_ev_loop(ctx->tctx); \ + assert_int_equal(ret, expret); \ + assert_true(check_leaks_pop(req_mem_ctx)); \ + \ + talloc_free(req_mem_ctx); \ +} while (0) + struct cache_req_test_ctx { struct sss_test_ctx *tctx; struct resp_ctx *rctx; @@ -211,9 +233,11 @@ static void run_user_by_name(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { - run_cache_req(test_ctx, cache_req_user_by_name_send, - cache_req_user_by_name_test_done, domain, - cache_refresh_percent, users[0].short_name, exp_ret); + run_cache_req_domtype(test_ctx, cache_req_user_by_name_send, + cache_req_user_by_name_test_done, domain, + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, + users[0].short_name, exp_ret); } static void run_user_by_upn(struct cache_req_test_ctx *test_ctx, @@ -221,9 +245,11 @@ static void run_user_by_upn(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { - run_cache_req(test_ctx, cache_req_user_by_name_send, - cache_req_user_by_name_test_done, domain, - cache_refresh_percent, users[0].upn, exp_ret); + run_cache_req_domtype(test_ctx, cache_req_user_by_name_send, + cache_req_user_by_name_test_done, domain, + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, + users[0].upn, exp_ret); } static void run_user_by_id(struct cache_req_test_ctx *test_ctx, @@ -318,9 +344,11 @@ static void run_group_by_name(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { - run_cache_req(test_ctx, cache_req_group_by_name_send, - cache_req_group_by_name_test_done, domain, - cache_refresh_percent, groups[0].short_name, exp_ret); + run_cache_req_domtype(test_ctx, cache_req_group_by_name_send, + cache_req_group_by_name_test_done, domain, + cache_refresh_percent, + CACHE_REQ_POSIX_DOM, + groups[0].short_name, exp_ret); } static void run_group_by_id(struct cache_req_test_ctx *test_ctx, @@ -605,7 +633,9 @@ void test_user_by_name_multiple_domains_parse(void **state) check_leaks_push(req_mem_ctx); req = cache_req_user_by_name_send(req_mem_ctx, test_ctx->tctx->ev, - test_ctx->rctx, test_ctx->ncache, 0, + test_ctx->rctx, test_ctx->ncache, + CACHE_REQ_POSIX_DOM, + 0, NULL, input_fqn); assert_non_null(req); tevent_req_set_callback(req, cache_req_user_by_name_test_done, test_ctx); @@ -1119,7 +1149,8 @@ void test_group_by_name_multiple_domains_parse(void **state) req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, test_ctx->ncache, 0, - NULL, input_fqn); + CACHE_REQ_POSIX_DOM, NULL, + input_fqn); assert_non_null(req); tevent_req_set_callback(req, cache_req_group_by_name_test_done, test_ctx); @@ -1421,6 +1452,7 @@ void test_user_by_recent_filter_valid(void **state) /* User TEST_USER is created with a DP callback. */ req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, TEST_USER_PREFIX); assert_non_null(req); @@ -1463,6 +1495,7 @@ void test_users_by_recent_filter_valid(void **state) /* User TEST_USER1 and TEST_USER2 are created with a DP callback. */ req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, TEST_USER_PREFIX); assert_non_null(req); @@ -1524,6 +1557,7 @@ void test_users_by_filter_filter_old(void **state) req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, TEST_USER_PREFIX); assert_non_null(req); @@ -1559,6 +1593,7 @@ void test_users_by_filter_notfound(void **state) req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, "nosuchuser*"); assert_non_null(req); @@ -1592,6 +1627,7 @@ static void test_users_by_filter_multiple_domains_notfound(void **state) req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, domain->name, "nosuchuser*"); assert_non_null(req); @@ -1636,6 +1672,7 @@ void test_group_by_recent_filter_valid(void **state) /* Group TEST_GROUP is created with a DP callback. */ req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, TEST_USER_PREFIX); assert_non_null(req); @@ -1680,6 +1717,7 @@ void test_groups_by_recent_filter_valid(void **state) /* Group TEST_GROUP1 and TEST_GROUP2 are created with a DP callback. */ req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, TEST_USER_PREFIX); assert_non_null(req); @@ -1738,6 +1776,7 @@ void test_groups_by_filter_notfound(void **state) req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, test_ctx->tctx->dom->name, "nosuchgroup*"); assert_non_null(req); @@ -1770,6 +1809,7 @@ void test_groups_by_filter_multiple_domains_notfound(void **state) req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, + CACHE_REQ_POSIX_DOM, domain->name, "nosuchgroup*"); assert_non_null(req); -- 2.9.3