sssd/0038-NEGCACHE-Add-API-to-reset-all-users-and-groups.patch
2017-02-28 16:54:33 +01:00

191 lines
6.1 KiB
Diff

From 99a32e4f5164e174d5a3ffa5a1fe622075a8fe45 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 2 Nov 2016 16:59:12 +0100
Subject: [PATCH 38/79] NEGCACHE: Add API to reset all users and groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Adds a negative cache API to reset negatively cached users and groups.
This will be used when the files back end finishes enumeration to make
sure all results are available.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/responder/common/negcache.c | 56 ++++++++++++++++++++++++++++++++
src/responder/common/negcache.h | 2 ++
src/tests/cmocka/test_negcache.c | 70 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 128 insertions(+)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 5b7ad69f432518be94b88e92e24265add722c852..944a06e158f778948c16bb931f0af5659a00b13b 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -674,6 +674,62 @@ int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx)
return EOK;
}
+static int delete_prefix(struct tdb_context *tdb,
+ TDB_DATA key, TDB_DATA data, void *state)
+{
+ const char *prefix = (const char *) state;
+
+ if (strncmp((char *)key.dptr, prefix, strlen(prefix) - 1) != 0) {
+ /* not interested in this key */
+ return 0;
+ }
+
+ return tdb_delete(tdb, key);
+}
+
+static int sss_ncache_reset_pfx(struct sss_nc_ctx *ctx,
+ const char **prefixes)
+{
+ int ret;
+
+ if (prefixes == NULL) {
+ return EOK;
+ }
+
+ for (int i = 0; prefixes[i] != NULL; i++) {
+ ret = tdb_traverse(ctx->tdb,
+ delete_prefix,
+ discard_const(prefixes[i]));
+ if (ret < 0) {
+ return EIO;
+ }
+ }
+
+ return EOK;
+}
+
+int sss_ncache_reset_users(struct sss_nc_ctx *ctx)
+{
+ const char *prefixes[] = {
+ NC_USER_PREFIX,
+ NC_UID_PREFIX,
+ NULL,
+ };
+
+ return sss_ncache_reset_pfx(ctx, prefixes);
+}
+
+int sss_ncache_reset_groups(struct sss_nc_ctx *ctx)
+{
+ const char *prefixes[] = {
+ NC_GROUP_PREFIX,
+ NC_GID_PREFIX,
+ NULL,
+ };
+
+ return sss_ncache_reset_pfx(ctx, prefixes);
+}
+
errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
struct confdb_ctx *cdb,
struct resp_ctx *rctx)
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 377f97c8b3b20ec5b4a284e08d891737e2e25225..8af736a67aada91d6ac42495399f5de469dec753 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -78,6 +78,8 @@ int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent,
uint16_t port, const char *proto);
int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx);
+int sss_ncache_reset_users(struct sss_nc_ctx *ctx);
+int sss_ncache_reset_groups(struct sss_nc_ctx *ctx);
struct resp_ctx;
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index 14e4fa639a056d712b2453230745d7dc49853dec..d608c20ad3248c80e68029c8c27b826395a61ddc 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -785,6 +785,74 @@ static void test_sss_ncache_reset_prepopulate(void **state)
ret = check_group_in_ncache(ncache, dom2, "testgroup2");
assert_int_equal(ret, EEXIST);
}
+
+static void test_sss_ncache_reset(void **state)
+{
+ errno_t ret;
+ struct test_state *ts;
+ struct sss_domain_info *dom;
+
+ ts = talloc_get_type_abort(*state, struct test_state);
+ dom = talloc(ts, struct sss_domain_info);
+ assert_non_null(dom);
+ dom->case_sensitive = true;
+
+ dom->name = discard_const_p(char, TEST_DOM_NAME);
+
+ /* Set users */
+ ret = sss_ncache_check_uid(ts->ctx, NULL, 123);
+ assert_int_equal(ret, ENOENT);
+ ret = sss_ncache_set_uid(ts->ctx, false, NULL, 123);
+ assert_int_equal(ret, EOK);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, 123);
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_user(ts->ctx, dom, "foo");
+ assert_int_equal(ret, ENOENT);
+ ret = sss_ncache_set_user(ts->ctx, false, dom, "foo");
+ assert_int_equal(ret, EOK);
+ ret = sss_ncache_check_user(ts->ctx, dom, "foo");
+ assert_int_equal(ret, EEXIST);
+
+ /* Set groups */
+ ret = sss_ncache_check_gid(ts->ctx, NULL, 456);
+ assert_int_equal(ret, ENOENT);
+ ret = sss_ncache_set_gid(ts->ctx, false, NULL, 456);
+ assert_int_equal(ret, EOK);
+ ret = sss_ncache_check_gid(ts->ctx, NULL, 456);
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_check_group(ts->ctx, dom, "bar");
+ assert_int_equal(ret, ENOENT);
+ ret = sss_ncache_set_group(ts->ctx, false, dom, "bar");
+ assert_int_equal(ret, EOK);
+ ret = sss_ncache_check_group(ts->ctx, dom, "bar");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_reset_users(ts->ctx);
+ assert_int_equal(ret, EOK);
+
+ /* Users are no longer negatively cached */
+ ret = sss_ncache_check_user(ts->ctx, dom, "foo");
+ assert_int_equal(ret, ENOENT);
+ ret = sss_ncache_check_uid(ts->ctx, NULL, 123);
+ assert_int_equal(ret, ENOENT);
+
+ /* Groups still are */
+ ret = sss_ncache_check_gid(ts->ctx, NULL, 456);
+ assert_int_equal(ret, EEXIST);
+ ret = sss_ncache_check_group(ts->ctx, dom, "bar");
+ assert_int_equal(ret, EEXIST);
+
+ ret = sss_ncache_reset_groups(ts->ctx);
+ assert_int_equal(ret, EOK);
+
+ ret = sss_ncache_check_gid(ts->ctx, NULL, 456);
+ assert_int_equal(ret, ENOENT);
+ ret = sss_ncache_check_group(ts->ctx, dom, "bar");
+ assert_int_equal(ret, ENOENT);
+}
+
int main(void)
{
int rv;
@@ -809,6 +877,8 @@ int main(void)
setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_reset_prepopulate,
setup, teardown),
+ cmocka_unit_test_setup_teardown(test_sss_ncache_reset,
+ setup, teardown),
};
tests_set_cwd();
--
2.9.3