dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0005-cache_req-Extend-cache_req-with-wildcard-lookups.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   14acf4a389c02d7d774e357d9887f2e16d25e6b3
  2.   SOURCES
  3.   0005-cache_req-Extend-cache_req-with-wildcard-lookups.patch
Blob History Raw
6cf099 
From e069e53495d77bc737abd80fb2e7799fa6245e0f Mon Sep 17 00:00:00 2001
6cf099 
From: Jakub Hrozek <jhrozek@redhat.com>
6cf099 
Date: Tue, 24 Mar 2015 23:24:50 +0100
6cf099 
Subject: [PATCH 05/13] cache_req: Extend cache_req with wildcard lookups
6cf099 
MIME-Version: 1.0
6cf099 
Content-Type: text/plain; charset=UTF-8
6cf099 
Content-Transfer-Encoding: 8bit
6cf099
6cf099 
Related:
6cf099 
    https://fedorahosted.org/sssd/ticket/2553
6cf099
6cf099 
Adds two new functions to the cache_req API:
6cf099 
    - cache_req_user_by_filter_send
6cf099 
    - cache_req_group_by_filter_send
6cf099
6cf099 
These functions can be used to retrieve users or groups that match a
6cf099 
specified filter.
6cf099
6cf099 
Also renames a variable to avoid constant confusion -- the variable is
6cf099 
only used for debug output.
6cf099
6cf099 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
6cf099 
---
6cf099 
 src/responder/common/responder_cache_req.c  | 156 ++++++++++-
6cf099 
 src/responder/common/responder_cache_req.h  |  24 +-
6cf099 
 src/tests/cmocka/test_responder_cache_req.c | 414 +++++++++++++++++++++++++++-
6cf099 
 3 files changed, 579 insertions(+), 15 deletions(-)
6cf099
6cf099 
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c
6cf099 
index dd81abadf71c5e10e7bc2ea2490429a49bdc0270..e7099f171d7ef39af7b146a524dadc38a9165e22 100644
6cf099 
--- a/src/responder/common/responder_cache_req.c
6cf099 
+++ b/src/responder/common/responder_cache_req.c
6cf099 
@@ -28,6 +28,44 @@
6cf099 
 #include "responder/common/responder_cache_req.h"
6cf099 
 #include "providers/data_provider.h"
6cf099
6cf099 
+static errno_t updated_users_by_filter(TALLOC_CTX *mem_ctx,
6cf099 
+                                       struct sss_domain_info *domain,
6cf099 
+                                       const char *name_filter,
6cf099 
+                                       time_t since,
6cf099 
+                                       struct ldb_result **_res)
6cf099 
+{
6cf099 
+    int ret;
6cf099 
+    char *recent_filter;
6cf099 
+
6cf099 
+    recent_filter = talloc_asprintf(mem_ctx, "(%s>=%lu)",
6cf099 
+                                    SYSDB_LAST_UPDATE, since);
6cf099 
+    ret = sysdb_enumpwent_filter_with_views(mem_ctx, domain,
6cf099 
+                                            name_filter, recent_filter,
6cf099 
+                                            _res);
6cf099 
+    talloc_free(recent_filter);
6cf099 
+
6cf099 
+    return ret;
6cf099 
+}
6cf099 
+
6cf099 
+static errno_t updated_groups_by_filter(TALLOC_CTX *mem_ctx,
6cf099 
+                                        struct sss_domain_info *domain,
6cf099 
+                                        const char *name_filter,
6cf099 
+                                        time_t since,
6cf099 
+                                        struct ldb_result **_res)
6cf099 
+{
6cf099 
+    int ret;
6cf099 
+    char *recent_filter;
6cf099 
+
6cf099 
+    recent_filter = talloc_asprintf(mem_ctx, "(%s>=%lu)",
6cf099 
+                                    SYSDB_LAST_UPDATE, since);
6cf099 
+    ret = sysdb_enumgrent_filter_with_views(mem_ctx, domain,
6cf099 
+                                            name_filter, recent_filter,
6cf099 
+                                            _res);
6cf099 
+    talloc_free(recent_filter);
6cf099 
+
6cf099 
+    return ret;
6cf099 
+}
6cf099 
+
6cf099 
 struct cache_req_input {
6cf099 
     enum cache_req_type type;
6cf099
6cf099 
@@ -51,6 +89,8 @@ struct cache_req_input {
6cf099
6cf099 
     /* Fully qualified object name used in debug messages. */
6cf099 
     const char *debug_fqn;
6cf099 
+    /* Time when the request started. Useful for by-filter lookups */
6cf099 
+    time_t req_start;
6cf099 
 };
6cf099
6cf099 
 struct cache_req_input *
6cf099 
@@ -68,11 +108,14 @@ cache_req_input_create(TALLOC_CTX *mem_ctx,
6cf099 
     }
6cf099
6cf099 
     input->type = type;
6cf099 
+    input->req_start = time(NULL);
6cf099
6cf099 
     /* Check that input parameters match selected type. */
6cf099 
     switch (input->type) {
6cf099 
     case CACHE_REQ_USER_BY_NAME:
6cf099 
     case CACHE_REQ_GROUP_BY_NAME:
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
     case CACHE_REQ_INITGROUPS:
6cf099 
         if (name == NULL) {
6cf099 
             DEBUG(SSSDBG_CRIT_FAILURE, "Bug: name cannot be NULL!\n");
6cf099 
@@ -121,9 +164,18 @@ cache_req_input_create(TALLOC_CTX *mem_ctx,
6cf099 
     case CACHE_REQ_INITGROUPS:
6cf099 
         input->dp_type = SSS_DP_INITGROUPS;
6cf099 
         break;
6cf099 
+
6cf099 
     case CACHE_REQ_USER_BY_CERT:
6cf099 
         input->dp_type = SSS_DP_CERT;
6cf099 
         break;
6cf099 
+
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+        input->dp_type = SSS_DP_WILDCARD_USER;
6cf099 
+        break;
6cf099 
+
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
+        input->dp_type = SSS_DP_WILDCARD_GROUP;
6cf099 
+        break;
6cf099 
     }
6cf099
6cf099 
     return input;
6cf099 
@@ -157,7 +209,7 @@ cache_req_input_set_domain(struct cache_req_input *input,
6cf099 
 {
6cf099 
     TALLOC_CTX *tmp_ctx = NULL;
6cf099 
     const char *name = NULL;
6cf099 
-    const char *fqn = NULL;
6cf099 
+    const char *debug_fqn = NULL;
6cf099 
     errno_t ret;
6cf099
6cf099 
     tmp_ctx = talloc_new(NULL);
6cf099 
@@ -171,6 +223,8 @@ cache_req_input_set_domain(struct cache_req_input *input,
6cf099 
     switch (input->type) {
6cf099 
     case CACHE_REQ_USER_BY_NAME:
6cf099 
     case CACHE_REQ_GROUP_BY_NAME:
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
     case CACHE_REQ_INITGROUPS:
6cf099 
         name = sss_get_cased_name(tmp_ctx, input->orig_name,
6cf099 
                                   domain->case_sensitive);
6cf099 
@@ -185,8 +239,8 @@ cache_req_input_set_domain(struct cache_req_input *input,
6cf099 
             goto done;
6cf099 
         }
6cf099
6cf099 
-        fqn = talloc_asprintf(tmp_ctx, "%s@%s", name, domain->name);
6cf099 
-        if (fqn == NULL) {
6cf099 
+        debug_fqn = talloc_asprintf(tmp_ctx, "%s@%s", name, domain->name);
6cf099 
+        if (debug_fqn == NULL) {
6cf099 
             ret = ENOMEM;
6cf099 
             goto done;
6cf099 
         }
6cf099 
@@ -194,16 +248,16 @@ cache_req_input_set_domain(struct cache_req_input *input,
6cf099 
         break;
6cf099
6cf099 
     case CACHE_REQ_USER_BY_ID:
6cf099 
-        fqn = talloc_asprintf(tmp_ctx, "UID:%d@%s", input->id, domain->name);
6cf099 
-        if (fqn == NULL) {
6cf099 
+        debug_fqn = talloc_asprintf(tmp_ctx, "UID:%d@%s", input->id, domain->name);
6cf099 
+        if (debug_fqn == NULL) {
6cf099 
             ret = ENOMEM;
6cf099 
             goto done;
6cf099 
         }
6cf099 
         break;
6cf099
6cf099 
     case CACHE_REQ_GROUP_BY_ID:
6cf099 
-        fqn = talloc_asprintf(tmp_ctx, "GID:%d@%s", input->id, domain->name);
6cf099 
-        if (fqn == NULL) {
6cf099 
+        debug_fqn = talloc_asprintf(tmp_ctx, "GID:%d@%s", input->id, domain->name);
6cf099 
+        if (debug_fqn == NULL) {
6cf099 
             ret = ENOMEM;
6cf099 
             goto done;
6cf099 
         }
6cf099 
@@ -211,10 +265,10 @@ cache_req_input_set_domain(struct cache_req_input *input,
6cf099 
     case CACHE_REQ_USER_BY_CERT:
6cf099 
         /* certificates might be quite long, only use the last 10 charcters
6cf099 
          * for logging */
6cf099 
-        fqn = talloc_asprintf(tmp_ctx, "CERT:%s@%s",
6cf099 
-                              get_last_x_chars(input->cert, 10),
6cf099 
-                              domain->name);
6cf099 
-        if (fqn == NULL) {
6cf099 
+        debug_fqn = talloc_asprintf(tmp_ctx, "CERT:%s@%s",
6cf099 
+                                    get_last_x_chars(input->cert, 10),
6cf099 
+                                    domain->name);
6cf099 
+        if (debug_fqn == NULL) {
6cf099 
             ret = ENOMEM;
6cf099 
             goto done;
6cf099 
         }
6cf099 
@@ -223,7 +277,7 @@ cache_req_input_set_domain(struct cache_req_input *input,
6cf099
6cf099 
     input->domain = domain;
6cf099 
     input->dom_objname = talloc_steal(input, name);
6cf099 
-    input->debug_fqn = talloc_steal(input, fqn);
6cf099 
+    input->debug_fqn = talloc_steal(input, debug_fqn);
6cf099
6cf099 
     ret = EOK;
6cf099
6cf099 
@@ -257,6 +311,10 @@ static errno_t cache_req_check_ncache(struct cache_req_input *input,
6cf099 
     case CACHE_REQ_USER_BY_CERT:
6cf099 
         ret = sss_ncache_check_cert(ncache, neg_timeout, input->cert);
6cf099 
         break;
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
+        ret = EOK;
6cf099 
+        break;
6cf099 
     }
6cf099
6cf099 
     if (ret == EEXIST) {
6cf099 
@@ -282,6 +340,10 @@ static void cache_req_add_to_ncache(struct cache_req_input *input,
6cf099 
         ret = sss_ncache_set_group(ncache, false, input->domain,
6cf099 
                                    input->dom_objname);
6cf099 
         break;
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
+        /* Nothing to do, adding a wildcard request to ncache doesn't
6cf099 
+         * make sense */
6cf099 
     case CACHE_REQ_USER_BY_ID:
6cf099 
     case CACHE_REQ_GROUP_BY_ID:
6cf099 
     case CACHE_REQ_USER_BY_CERT:
6cf099 
@@ -308,6 +370,10 @@ static void cache_req_add_to_ncache_global(struct cache_req_input *input,
6cf099 
     errno_t ret = ERR_INTERNAL;
6cf099
6cf099 
     switch (input->type) {
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
+        /* Nothing to do, adding a wildcard request to ncache doesn't
6cf099 
+         * make sense */
6cf099 
     case CACHE_REQ_USER_BY_NAME:
6cf099 
     case CACHE_REQ_GROUP_BY_NAME:
6cf099 
     case CACHE_REQ_INITGROUPS:
6cf099 
@@ -377,6 +443,18 @@ static errno_t cache_req_get_object(TALLOC_CTX *mem_ctx,
6cf099 
         ret = sysdb_search_user_by_cert(mem_ctx, input->domain,
6cf099 
                                         input->cert, &result);
6cf099 
         break;
6cf099 
+    case CACHE_REQ_USER_BY_FILTER:
6cf099 
+        one_item_only = false;
6cf099 
+        ret = updated_users_by_filter(mem_ctx, input->domain,
6cf099 
+                                      input->dom_objname, input->req_start,
6cf099 
+                                      &result);
6cf099 
+        break;
6cf099 
+    case CACHE_REQ_GROUP_BY_FILTER:
6cf099 
+        one_item_only = false;
6cf099 
+        ret = updated_groups_by_filter(mem_ctx, input->domain,
6cf099 
+                                       input->dom_objname, input->req_start,
6cf099 
+                                       &result);
6cf099 
+        break;
6cf099 
     }
6cf099
6cf099 
     if (ret != EOK) {
6cf099 
@@ -397,6 +475,19 @@ done:
6cf099 
     return ret;
6cf099 
 }
6cf099
6cf099 
+/* Return true if the request bypasses cache or false if the cache_req
6cf099 
+ * code can leverage sysdb for this request.
6cf099 
+ */
6cf099 
+static bool cache_req_bypass_cache(struct cache_req_input *input)
6cf099 
+{
6cf099 
+    if (input->type == CACHE_REQ_USER_BY_FILTER ||
6cf099 
+            input->type == CACHE_REQ_GROUP_BY_FILTER) {
6cf099 
+        return true;
6cf099 
+    }
6cf099 
+
6cf099 
+    return false;
6cf099 
+}
6cf099 
+
6cf099 
 struct cache_req_cache_state {
6cf099 
     /* input data */
6cf099 
     struct tevent_context *ev;
6cf099 
@@ -504,7 +595,8 @@ static errno_t cache_req_cache_check(struct tevent_req *req)
6cf099
6cf099 
     state = tevent_req_data(req, struct cache_req_cache_state);
6cf099
6cf099 
-    if (state->result == NULL || state->result->count == 0) {
6cf099 
+    if (state->result == NULL || state->result->count == 0 ||
6cf099 
+            cache_req_bypass_cache(state->input) == true) {
6cf099 
         ret = ENOENT;
6cf099 
     } else {
6cf099 
         if (state->input->type == CACHE_REQ_INITGROUPS) {
6cf099 
@@ -1059,3 +1151,41 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
6cf099 
                                           neg_timeout, cache_refresh_percent,
6cf099 
                                           domain, input);
6cf099 
 }
6cf099 
+
6cf099 
+struct tevent_req *
6cf099 
+cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
6cf099 
+                              struct tevent_context *ev,
6cf099 
+                              struct resp_ctx *rctx,
6cf099 
+                              const char *domain,
6cf099 
+                              const char *filter)
6cf099 
+{
6cf099 
+    struct cache_req_input *input;
6cf099 
+
6cf099 
+    input = cache_req_input_create(mem_ctx, CACHE_REQ_USER_BY_FILTER,
6cf099 
+                                   filter, 0, NULL);
6cf099 
+    if (input == NULL) {
6cf099 
+        return NULL;
6cf099 
+    }
6cf099 
+
6cf099 
+    return cache_req_steal_input_and_send(mem_ctx, ev, rctx, NULL,
6cf099 
+                                          0, 0, domain, input);
6cf099 
+}
6cf099 
+
6cf099 
+struct tevent_req *
6cf099 
+cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
6cf099 
+                               struct tevent_context *ev,
6cf099 
+                               struct resp_ctx *rctx,
6cf099 
+                               const char *domain,
6cf099 
+                               const char *filter)
6cf099 
+{
6cf099 
+    struct cache_req_input *input;
6cf099 
+
6cf099 
+    input = cache_req_input_create(mem_ctx, CACHE_REQ_GROUP_BY_FILTER,
6cf099 
+                                   filter, 0, NULL);
6cf099 
+    if (input == NULL) {
6cf099 
+        return NULL;
6cf099 
+    }
6cf099 
+
6cf099 
+    return cache_req_steal_input_and_send(mem_ctx, ev, rctx, NULL,
6cf099 
+                                          0, 0, domain, input);
6cf099 
+}
6cf099 
diff --git a/src/responder/common/responder_cache_req.h b/src/responder/common/responder_cache_req.h
6cf099 
index 84a9dde7d9df066e44b1352e0a4557f02d08cc15..9e3f88a1427f3dcbde9f81df2ec647821b7aa931 100644
6cf099 
--- a/src/responder/common/responder_cache_req.h
6cf099 
+++ b/src/responder/common/responder_cache_req.h
6cf099 
@@ -33,7 +33,9 @@ enum cache_req_type {
6cf099 
     CACHE_REQ_GROUP_BY_NAME,
6cf099 
     CACHE_REQ_GROUP_BY_ID,
6cf099 
     CACHE_REQ_INITGROUPS,
6cf099 
-    CACHE_REQ_USER_BY_CERT
6cf099 
+    CACHE_REQ_USER_BY_CERT,
6cf099 
+    CACHE_REQ_USER_BY_FILTER,
6cf099 
+    CACHE_REQ_GROUP_BY_FILTER,
6cf099 
 };
6cf099
6cf099 
 struct cache_req_input;
6cf099 
@@ -143,4 +145,24 @@ cache_req_initgr_by_name_send(TALLOC_CTX *mem_ctx,
6cf099 
 #define cache_req_initgr_by_name_recv(mem_ctx, req, _result, _domain, _name) \
6cf099 
     cache_req_recv(mem_ctx, req, _result, _domain, _name)
6cf099
6cf099 
+struct tevent_req *
6cf099 
+cache_req_user_by_filter_send(TALLOC_CTX *mem_ctx,
6cf099 
+                              struct tevent_context *ev,
6cf099 
+                              struct resp_ctx *rctx,
6cf099 
+                              const char *domain,
6cf099 
+                              const char *filter);
6cf099 
+
6cf099 
+#define cache_req_user_by_filter_recv(mem_ctx, req, _result, _domain) \
6cf099 
+    cache_req_recv(mem_ctx, req, _result, _domain, NULL)
6cf099 
+
6cf099 
+struct tevent_req *
6cf099 
+cache_req_group_by_filter_send(TALLOC_CTX *mem_ctx,
6cf099 
+                              struct tevent_context *ev,
6cf099 
+                              struct resp_ctx *rctx,
6cf099 
+                              const char *domain,
6cf099 
+                              const char *filter);
6cf099 
+
6cf099 
+#define cache_req_group_by_filter_recv(mem_ctx, req, _result, _domain) \
6cf099 
+    cache_req_recv(mem_ctx, req, _result, _domain, NULL)
6cf099 
+
6cf099 
 #endif /* RESPONDER_CACHE_H_ */
6cf099 
diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
6cf099 
index e30deed1c6bc4023a4f2154db21fe1339e9bb3c5..31b6694668607815652f45bc93210554fd2ac918 100644
6cf099 
--- a/src/tests/cmocka/test_responder_cache_req.c
6cf099 
+++ b/src/tests/cmocka/test_responder_cache_req.c
6cf099 
@@ -38,6 +38,9 @@
6cf099 
 #define TEST_GROUP_NAME "test-group"
6cf099 
 #define TEST_GROUP_ID 1000
6cf099
6cf099 
+#define TEST_USER_NAME2 "test-user2"
6cf099 
+#define TEST_GROUP_NAME2 "test-group2"
6cf099 
+
6cf099 
 #define new_single_domain_test(test) \
6cf099 
     cmocka_unit_test_setup_teardown(test_ ## test, \
6cf099 
                                     test_single_domain_setup, \
6cf099 
@@ -1694,6 +1697,405 @@ void test_group_by_id_missing_notfound(void **state)
6cf099 
     assert_true(test_ctx->dp_called);
6cf099 
 }
6cf099
6cf099 
+static void cache_req_user_by_filter_test_done(struct tevent_req *req)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *ctx = NULL;
6cf099 
+
6cf099 
+    ctx = tevent_req_callback_data(req, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    ctx->tctx->error = cache_req_user_by_filter_recv(ctx, req,
6cf099 
+                                                     &ctx->result,
6cf099 
+                                                     &ctx->domain);
6cf099 
+    talloc_zfree(req);
6cf099 
+    ctx->tctx->done = true;
6cf099 
+}
6cf099 
+
6cf099 
+void test_users_by_filter_valid(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    const char *ldbname = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+    test_ctx->create_user = true;
6cf099 
+
6cf099 
+    ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME2, "pwd", 1001, 1001,
6cf099 
+                           NULL, NULL, NULL, "cn="TEST_USER_NAME2",dc=test", NULL,
6cf099 
+                           NULL, 1000, time(NULL));
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        test_ctx->tctx->dom->name,
6cf099 
+                                        "test*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_user_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ERR_OK);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+
6cf099 
+    assert_non_null(test_ctx->result);
6cf099 
+    assert_int_equal(test_ctx->result->count, 2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_USER_NAME2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[1],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_USER_NAME);
6cf099 
+}
6cf099 
+
6cf099 
+void test_users_by_filter_filter_old(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    const char *ldbname = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+    test_ctx->create_user = true;
6cf099 
+
6cf099 
+    /* This user was updated in distant past, so it wont't be reported by
6cf099 
+     * the filter search */
6cf099 
+    ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME2, "pwd", 1001, 1001,
6cf099 
+                           NULL, NULL, NULL, "cn="TEST_USER_NAME2",dc=test", NULL,
6cf099 
+                           NULL, 1000, 1);
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        test_ctx->tctx->dom->name,
6cf099 
+                                        "test*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_user_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ERR_OK);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+
6cf099 
+    assert_non_null(test_ctx->result);
6cf099 
+    assert_int_equal(test_ctx->result->count, 1);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_USER_NAME);
6cf099 
+}
6cf099 
+
6cf099 
+void test_users_by_filter_notfound(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        test_ctx->tctx->dom->name,
6cf099 
+                                        "nosuchuser*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_user_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ENOENT);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+}
6cf099 
+
6cf099 
+static void test_users_by_filter_multiple_domains_valid(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    struct sss_domain_info *domain = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    const char *ldbname = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    domain = find_domain_by_name(test_ctx->tctx->dom,
6cf099 
+                                 "responder_cache_req_test_d", true);
6cf099 
+    assert_non_null(domain);
6cf099 
+
6cf099 
+    ret = sysdb_store_user(domain, TEST_USER_NAME, "pwd", 1000, 1000,
6cf099 
+                           NULL, NULL, NULL, "cn="TEST_USER_NAME",dc=test", NULL,
6cf099 
+                           NULL, 1000, time(NULL));
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    ret = sysdb_store_user(domain, TEST_USER_NAME2, "pwd", 1001, 1001,
6cf099 
+                           NULL, NULL, NULL, "cn="TEST_USER_NAME2",dc=test", NULL,
6cf099 
+                           NULL, 1000, time(NULL));
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        domain->name,
6cf099 
+                                        "test*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_user_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ERR_OK);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+
6cf099 
+    assert_non_null(test_ctx->result);
6cf099 
+    assert_int_equal(test_ctx->result->count, 2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_USER_NAME2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[1],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_USER_NAME);
6cf099 
+}
6cf099 
+
6cf099 
+static void test_users_by_filter_multiple_domains_notfound(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    struct sss_domain_info *domain = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    domain = find_domain_by_name(test_ctx->tctx->dom,
6cf099 
+                                 "responder_cache_req_test_d", true);
6cf099 
+    assert_non_null(domain);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_user_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        domain->name,
6cf099 
+                                        "nosuchuser*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_user_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ENOENT);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+}
6cf099 
+
6cf099 
+static void cache_req_group_by_filter_test_done(struct tevent_req *req)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *ctx = NULL;
6cf099 
+
6cf099 
+    ctx = tevent_req_callback_data(req, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    ctx->tctx->error = cache_req_group_by_filter_recv(ctx, req,
6cf099 
+                                                      &ctx->result,
6cf099 
+                                                      &ctx->domain);
6cf099 
+    talloc_zfree(req);
6cf099 
+    ctx->tctx->done = true;
6cf099 
+}
6cf099 
+
6cf099 
+void test_groups_by_filter_valid(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    const char *ldbname = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+    test_ctx->create_group = true;
6cf099 
+
6cf099 
+    ret = sysdb_store_group(test_ctx->tctx->dom, TEST_GROUP_NAME2,
6cf099 
+                            1001, NULL, 1001, time(NULL));
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                         test_ctx->rctx,
6cf099 
+                                         test_ctx->tctx->dom->name,
6cf099 
+                                         "test*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_group_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ERR_OK);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+
6cf099 
+    assert_non_null(test_ctx->result);
6cf099 
+    assert_int_equal(test_ctx->result->count, 2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_GROUP_NAME2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[1],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_GROUP_NAME);
6cf099 
+}
6cf099 
+
6cf099 
+void test_groups_by_filter_notfound(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        test_ctx->tctx->dom->name,
6cf099 
+                                        "nosuchgroup*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_group_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ENOENT);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+}
6cf099 
+
6cf099 
+void test_groups_by_filter_multiple_domains_valid(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    struct sss_domain_info *domain = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    const char *ldbname = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+
6cf099 
+    domain = find_domain_by_name(test_ctx->tctx->dom,
6cf099 
+                                 "responder_cache_req_test_d", true);
6cf099 
+    assert_non_null(domain);
6cf099 
+
6cf099 
+    ret = sysdb_store_group(domain, TEST_GROUP_NAME,
6cf099 
+                            1000, NULL, 1000, time(NULL));
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    ret = sysdb_store_group(domain, TEST_GROUP_NAME2,
6cf099 
+                            1001, NULL, 1001, time(NULL));
6cf099 
+    assert_int_equal(ret, EOK);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                         test_ctx->rctx,
6cf099 
+                                         domain->name,
6cf099 
+                                         "test*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_group_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ERR_OK);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+
6cf099 
+    assert_non_null(test_ctx->result);
6cf099 
+    assert_int_equal(test_ctx->result->count, 2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[0],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_GROUP_NAME2);
6cf099 
+
6cf099 
+    ldbname = ldb_msg_find_attr_as_string(test_ctx->result->msgs[1],
6cf099 
+                                          SYSDB_NAME, NULL);
6cf099 
+    assert_non_null(ldbname);
6cf099 
+    assert_string_equal(ldbname, TEST_GROUP_NAME);
6cf099 
+}
6cf099 
+
6cf099 
+void test_groups_by_filter_multiple_domains_notfound(void **state)
6cf099 
+{
6cf099 
+    struct cache_req_test_ctx *test_ctx = NULL;
6cf099 
+    struct sss_domain_info *domain = NULL;
6cf099 
+    TALLOC_CTX *req_mem_ctx = NULL;
6cf099 
+    struct tevent_req *req = NULL;
6cf099 
+    errno_t ret;
6cf099 
+
6cf099 
+    test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
6cf099 
+    domain = find_domain_by_name(test_ctx->tctx->dom,
6cf099 
+                                 "responder_cache_req_test_d", true);
6cf099 
+    assert_non_null(domain);
6cf099 
+
6cf099 
+    req_mem_ctx = talloc_new(global_talloc_context);
6cf099 
+    check_leaks_push(req_mem_ctx);
6cf099 
+
6cf099 
+    /* Filters always go to DP */
6cf099 
+    will_return(__wrap_sss_dp_get_account_send, test_ctx);
6cf099 
+    mock_account_recv_simple();
6cf099 
+
6cf099 
+    req = cache_req_group_by_filter_send(req_mem_ctx, test_ctx->tctx->ev,
6cf099 
+                                        test_ctx->rctx,
6cf099 
+                                        domain->name,
6cf099 
+                                        "nosuchgroup*");
6cf099 
+    assert_non_null(req);
6cf099 
+    tevent_req_set_callback(req, cache_req_group_by_filter_test_done, test_ctx);
6cf099 
+
6cf099 
+    ret = test_ev_loop(test_ctx->tctx);
6cf099 
+    assert_int_equal(ret, ENOENT);
6cf099 
+    assert_true(check_leaks_pop(req_mem_ctx));
6cf099 
+}
6cf099 
+
6cf099 
 int main(int argc, const char *argv[])
6cf099 
 {
6cf099 
     poptContext pc;
6cf099 
@@ -1741,7 +2143,17 @@ int main(int argc, const char *argv[])
6cf099 
         new_single_domain_test(group_by_id_missing_found),
6cf099 
         new_single_domain_test(group_by_id_missing_notfound),
6cf099 
         new_multi_domain_test(group_by_id_multiple_domains_found),
6cf099 
-        new_multi_domain_test(group_by_id_multiple_domains_notfound)
6cf099 
+        new_multi_domain_test(group_by_id_multiple_domains_notfound),
6cf099 
+
6cf099 
+        new_single_domain_test(users_by_filter_valid),
6cf099 
+        new_single_domain_test(users_by_filter_filter_old),
6cf099 
+        new_single_domain_test(users_by_filter_notfound),
6cf099 
+        new_multi_domain_test(users_by_filter_multiple_domains_valid),
6cf099 
+        new_multi_domain_test(users_by_filter_multiple_domains_notfound),
6cf099 
+        new_single_domain_test(groups_by_filter_valid),
6cf099 
+        new_single_domain_test(groups_by_filter_notfound),
6cf099 
+        new_multi_domain_test(groups_by_filter_multiple_domains_valid),
6cf099 
+        new_multi_domain_test(groups_by_filter_multiple_domains_notfound),
6cf099 
     };
6cf099
6cf099 
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
6cf099 
--
6cf099 
2.4.3
6cf099

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation