dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0030-nss-idmap-add-timeout-version-of-old-sss_nss_-calls.patch

ced1f5
From a12e6ac8001025174cf201bcaa2143edb1b0c017 Mon Sep 17 00:00:00 2001
ced1f5
From: Sumit Bose <sbose@redhat.com>
ced1f5
Date: Thu, 2 Nov 2017 10:32:41 +0100
ced1f5
Subject: [PATCH 30/31] nss-idmap: add timeout version of old sss_nss_* calls
ced1f5
ced1f5
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ced1f5
(cherry picked from commit e54db68cbb9c12d8a6867f2c7766fb2115ab0997)
ced1f5
---
ced1f5
 Makefile.am                                   |   2 +-
ced1f5
 src/sss_client/idmap/sss_nss_idmap.c          | 126 ++++++++++++++++++--------
ced1f5
 src/sss_client/idmap/sss_nss_idmap.exports    |   7 ++
ced1f5
 src/sss_client/idmap/sss_nss_idmap.h          | 124 +++++++++++++++++++++++++
ced1f5
 src/sss_client/idmap/sss_nss_idmap.unit_tests |   2 +-
ced1f5
 src/tests/cmocka/sss_nss_idmap-tests.c        |  13 +--
ced1f5
 6 files changed, 229 insertions(+), 45 deletions(-)
ced1f5
ced1f5
diff --git a/Makefile.am b/Makefile.am
ced1f5
index dd25d1f7ea1be66388aa1b393bac290c4d7501a2..286ba47e3c421864362717be5258de960efca9f2 100644
ced1f5
--- a/Makefile.am
ced1f5
+++ b/Makefile.am
ced1f5
@@ -2974,7 +2974,6 @@ test_sysdb_domain_resolution_order_LDADD = \
ced1f5
 
ced1f5
 test_wbc_calls_SOURCES = \
ced1f5
     src/tests/cmocka/test_wbc_calls.c \
ced1f5
-    src/sss_client/idmap/sss_nss_idmap.c \
ced1f5
     src/sss_client/libwbclient/wbc_sid_sssd.c \
ced1f5
     src/sss_client/libwbclient/wbclient_common.c \
ced1f5
     src/sss_client/libwbclient/wbc_sid_common.c \
ced1f5
@@ -2993,6 +2992,7 @@ test_wbc_calls_LDADD = \
ced1f5
     $(TALLOC_LIBS) \
ced1f5
     $(SSSD_INTERNAL_LTLIBS) \
ced1f5
     libsss_test_common.la \
ced1f5
+    libsss_nss_idmap.la \
ced1f5
     $(NULL)
ced1f5
 
ced1f5
 test_be_ptask_SOURCES = \
ced1f5
diff --git a/src/sss_client/idmap/sss_nss_idmap.c b/src/sss_client/idmap/sss_nss_idmap.c
ced1f5
index 6f3af267a1e763e7dce77e3862be377ae2bfe984..6e7685d2b1d80956b6a6668e9bbb146abd9e86ed 100644
ced1f5
--- a/src/sss_client/idmap/sss_nss_idmap.c
ced1f5
+++ b/src/sss_client/idmap/sss_nss_idmap.c
ced1f5
@@ -28,10 +28,13 @@
ced1f5
 
ced1f5
 #include "sss_client/sss_cli.h"
ced1f5
 #include "sss_client/idmap/sss_nss_idmap.h"
ced1f5
+#include "sss_client/idmap/sss_nss_idmap_private.h"
ced1f5
 #include "util/strtonum.h"
ced1f5
 
ced1f5
 #define DATA_START (3 * sizeof(uint32_t))
ced1f5
 #define LIST_START (2 * sizeof(uint32_t))
ced1f5
+#define NO_TIMEOUT ((unsigned int) -1)
ced1f5
+
ced1f5
 union input {
ced1f5
     const char *str;
ced1f5
     uint32_t id;
ced1f5
@@ -198,8 +201,8 @@ done:
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
-static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd ,
ced1f5
-                               struct output *out)
ced1f5
+static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd,
ced1f5
+                               unsigned int timeout, struct output *out)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     size_t inp_len;
ced1f5
@@ -215,6 +218,7 @@ static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd ,
ced1f5
     struct sss_nss_kv *kv_list;
ced1f5
     char **names;
ced1f5
     enum sss_id_type *types;
ced1f5
+    int time_left = SSS_CLI_SOCKET_TIMEOUT;
ced1f5
 
ced1f5
     switch (cmd) {
ced1f5
     case SSS_NSS_GETSIDBYNAME:
ced1f5
@@ -250,9 +254,14 @@ static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd ,
ced1f5
         return EINVAL;
ced1f5
     }
ced1f5
 
ced1f5
-    sss_nss_lock();
ced1f5
+    if (timeout == NO_TIMEOUT) {
ced1f5
+        sss_nss_lock();
ced1f5
+    } else {
ced1f5
+        sss_nss_timedlock(timeout, &time_left);
ced1f5
+    }
ced1f5
 
ced1f5
-    nret = sss_nss_make_request(cmd, &rd, &repbuf, &replen, &errnop);
ced1f5
+    nret = sss_nss_make_request_timeout(cmd, &rd, time_left, &repbuf, &replen,
ced1f5
+                                        &errnop);
ced1f5
     if (nret != NSS_STATUS_SUCCESS) {
ced1f5
         ret = nss_status_to_errno(nret);
ced1f5
         goto done;
ced1f5
@@ -347,8 +356,8 @@ done:
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
-int sss_nss_getsidbyname(const char *fq_name, char **sid,
ced1f5
-                         enum sss_id_type *type)
ced1f5
+int sss_nss_getsidbyname_timeout(const char *fq_name, unsigned int timeout,
ced1f5
+                                 char **sid, enum sss_id_type *type)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     union input inp;
ced1f5
@@ -360,7 +369,7 @@ int sss_nss_getsidbyname(const char *fq_name, char **sid,
ced1f5
 
ced1f5
     inp.str = fq_name;
ced1f5
 
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETSIDBYNAME, &out;;
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETSIDBYNAME, timeout, &out;;
ced1f5
     if (ret == EOK) {
ced1f5
         *sid = out.d.str;
ced1f5
         *type = out.type;
ced1f5
@@ -369,7 +378,14 @@ int sss_nss_getsidbyname(const char *fq_name, char **sid,
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
-int sss_nss_getsidbyid(uint32_t id, char **sid, enum sss_id_type *type)
ced1f5
+int sss_nss_getsidbyname(const char *fq_name, char **sid,
ced1f5
+                         enum sss_id_type *type)
ced1f5
+{
ced1f5
+    return sss_nss_getsidbyname_timeout(fq_name, NO_TIMEOUT, sid, type);
ced1f5
+}
ced1f5
+
ced1f5
+int sss_nss_getsidbyid_timeout(uint32_t id, unsigned int timeout,
ced1f5
+                               char **sid, enum sss_id_type *type)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     union input inp;
ced1f5
@@ -381,7 +397,7 @@ int sss_nss_getsidbyid(uint32_t id, char **sid, enum sss_id_type *type)
ced1f5
 
ced1f5
     inp.id = id;
ced1f5
 
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETSIDBYID, &out;;
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETSIDBYID, timeout, &out;;
ced1f5
     if (ret == EOK) {
ced1f5
         *sid = out.d.str;
ced1f5
         *type = out.type;
ced1f5
@@ -390,8 +406,13 @@ int sss_nss_getsidbyid(uint32_t id, char **sid, enum sss_id_type *type)
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
-int sss_nss_getnamebysid(const char *sid, char **fq_name,
ced1f5
-                         enum sss_id_type *type)
ced1f5
+int sss_nss_getsidbyid(uint32_t id, char **sid, enum sss_id_type *type)
ced1f5
+{
ced1f5
+    return sss_nss_getsidbyid_timeout(id, NO_TIMEOUT, sid, type);
ced1f5
+}
ced1f5
+
ced1f5
+int sss_nss_getnamebysid_timeout(const char *sid, unsigned int timeout,
ced1f5
+                                 char **fq_name, enum sss_id_type *type)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     union input inp;
ced1f5
@@ -403,7 +424,7 @@ int sss_nss_getnamebysid(const char *sid, char **fq_name,
ced1f5
 
ced1f5
     inp.str = sid;
ced1f5
 
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYSID, &out;;
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYSID, timeout, &out;;
ced1f5
     if (ret == EOK) {
ced1f5
         *fq_name = out.d.str;
ced1f5
         *type = out.type;
ced1f5
@@ -412,7 +433,14 @@ int sss_nss_getnamebysid(const char *sid, char **fq_name,
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
-int sss_nss_getidbysid(const char *sid, uint32_t *id, enum sss_id_type *id_type)
ced1f5
+int sss_nss_getnamebysid(const char *sid, char **fq_name,
ced1f5
+                         enum sss_id_type *type)
ced1f5
+{
ced1f5
+    return sss_nss_getnamebysid_timeout(sid, NO_TIMEOUT, fq_name, type);
ced1f5
+}
ced1f5
+
ced1f5
+int sss_nss_getidbysid_timeout(const char *sid, unsigned int timeout,
ced1f5
+                               uint32_t *id, enum sss_id_type *id_type)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     union input inp;
ced1f5
@@ -424,7 +452,7 @@ int sss_nss_getidbysid(const char *sid, uint32_t *id, enum sss_id_type *id_type)
ced1f5
 
ced1f5
     inp.str = sid;
ced1f5
 
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETIDBYSID, &out;;
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETIDBYSID, timeout, &out;;
ced1f5
     if (ret == EOK) {
ced1f5
         *id = out.d.id;
ced1f5
         *id_type = out.type;
ced1f5
@@ -433,8 +461,14 @@ int sss_nss_getidbysid(const char *sid, uint32_t *id, enum sss_id_type *id_type)
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
-int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv **kv_list,
ced1f5
-                         enum sss_id_type *type)
ced1f5
+int sss_nss_getidbysid(const char *sid, uint32_t *id, enum sss_id_type *id_type)
ced1f5
+{
ced1f5
+    return sss_nss_getidbysid_timeout(sid, NO_TIMEOUT, id, id_type);
ced1f5
+}
ced1f5
+
ced1f5
+int sss_nss_getorigbyname_timeout(const char *fq_name, unsigned int timeout,
ced1f5
+                                  struct sss_nss_kv **kv_list,
ced1f5
+                                  enum sss_id_type *type)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     union input inp;
ced1f5
@@ -446,7 +480,7 @@ int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv **kv_list,
ced1f5
 
ced1f5
     inp.str = fq_name;
ced1f5
 
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETORIGBYNAME, &out;;
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETORIGBYNAME, timeout, &out;;
ced1f5
     if (ret == EOK) {
ced1f5
         *kv_list = out.d.kv_list;
ced1f5
         *type = out.type;
ced1f5
@@ -455,30 +489,42 @@ int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv **kv_list,
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
+int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv **kv_list,
ced1f5
+                          enum sss_id_type *type)
ced1f5
+{
ced1f5
+    return sss_nss_getorigbyname_timeout(fq_name, NO_TIMEOUT, kv_list, type);
ced1f5
+}
ced1f5
+
ced1f5
+int sss_nss_getnamebycert_timeout(const char *cert, unsigned int timeout,
ced1f5
+                                  char **fq_name, enum sss_id_type *type)
ced1f5
+{
ced1f5
+    int ret;
ced1f5
+    union input inp;
ced1f5
+    struct output out;
ced1f5
+
ced1f5
+    if (fq_name == NULL || cert == NULL || *cert == '\0') {
ced1f5
+        return EINVAL;
ced1f5
+    }
ced1f5
+
ced1f5
+    inp.str = cert;
ced1f5
+
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, timeout, &out;;
ced1f5
+    if (ret == EOK) {
ced1f5
+        *fq_name = out.d.str;
ced1f5
+        *type = out.type;
ced1f5
+    }
ced1f5
+
ced1f5
+    return ret;
ced1f5
+}
ced1f5
+
ced1f5
 int sss_nss_getnamebycert(const char *cert, char **fq_name,
ced1f5
                           enum sss_id_type *type)
ced1f5
 {
ced1f5
-    int ret;
ced1f5
-    union input inp;
ced1f5
-    struct output out;
ced1f5
-
ced1f5
-    if (fq_name == NULL || cert == NULL || *cert == '\0') {
ced1f5
-        return EINVAL;
ced1f5
-    }
ced1f5
-
ced1f5
-    inp.str = cert;
ced1f5
-
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, &out;;
ced1f5
-    if (ret == EOK) {
ced1f5
-        *fq_name = out.d.str;
ced1f5
-        *type = out.type;
ced1f5
-    }
ced1f5
-
ced1f5
-    return ret;
ced1f5
+    return sss_nss_getnamebycert_timeout(cert, NO_TIMEOUT, fq_name, type);
ced1f5
 }
ced1f5
 
ced1f5
-int sss_nss_getlistbycert(const char *cert, char ***fq_name,
ced1f5
-                          enum sss_id_type **type)
ced1f5
+int sss_nss_getlistbycert_timeout(const char *cert, unsigned int timeout,
ced1f5
+                                  char ***fq_name, enum sss_id_type **type)
ced1f5
 {
ced1f5
     int ret;
ced1f5
     union input inp;
ced1f5
@@ -490,7 +536,7 @@ int sss_nss_getlistbycert(const char *cert, char ***fq_name,
ced1f5
 
ced1f5
     inp.str = cert;
ced1f5
 
ced1f5
-    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETLISTBYCERT, &out;;
ced1f5
+    ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETLISTBYCERT, timeout, &out;;
ced1f5
     if (ret == EOK) {
ced1f5
         *fq_name = out.d.names;
ced1f5
         *type = out.types;
ced1f5
@@ -498,3 +544,9 @@ int sss_nss_getlistbycert(const char *cert, char ***fq_name,
ced1f5
 
ced1f5
     return ret;
ced1f5
 }
ced1f5
+
ced1f5
+int sss_nss_getlistbycert(const char *cert, char ***fq_name,
ced1f5
+                          enum sss_id_type **type)
ced1f5
+{
ced1f5
+    return sss_nss_getlistbycert_timeout(cert, NO_TIMEOUT, fq_name, type);
ced1f5
+}
ced1f5
diff --git a/src/sss_client/idmap/sss_nss_idmap.exports b/src/sss_client/idmap/sss_nss_idmap.exports
ced1f5
index 788d05ecc3bd56fa88e68a98b9c8096cf7140a09..8d0a24f42aa3fb3dd9c2ed125bf79e2c7792993f 100644
ced1f5
--- a/src/sss_client/idmap/sss_nss_idmap.exports
ced1f5
+++ b/src/sss_client/idmap/sss_nss_idmap.exports
ced1f5
@@ -40,4 +40,11 @@ SSS_NSS_IDMAP_0.4.0 {
ced1f5
         sss_nss_getgrnam_timeout;
ced1f5
         sss_nss_getgrgid_timeout;
ced1f5
         sss_nss_getgrouplist_timeout;
ced1f5
+        sss_nss_getsidbyname_timeout;
ced1f5
+        sss_nss_getsidbyid_timeout;
ced1f5
+        sss_nss_getnamebysid_timeout;
ced1f5
+        sss_nss_getidbysid_timeout;
ced1f5
+        sss_nss_getorigbyname_timeout;
ced1f5
+        sss_nss_getnamebycert_timeout;
ced1f5
+        sss_nss_getlistbycert_timeout;
ced1f5
 } SSS_NSS_IDMAP_0.3.0;
ced1f5
diff --git a/src/sss_client/idmap/sss_nss_idmap.h b/src/sss_client/idmap/sss_nss_idmap.h
ced1f5
index 3755643312f05a31d1cf1aa76dfc22848ef1e3ec..125e72a6486f5916f90d37f27e1743d181bfa3e5 100644
ced1f5
--- a/src/sss_client/idmap/sss_nss_idmap.h
ced1f5
+++ b/src/sss_client/idmap/sss_nss_idmap.h
ced1f5
@@ -303,5 +303,129 @@ int sss_nss_getgrgid_timeout(gid_t gid, struct group *grp,
ced1f5
 int sss_nss_getgrouplist_timeout(const char *name, gid_t group,
ced1f5
                                  gid_t *groups, int *ngroups,
ced1f5
                                  uint32_t flags, unsigned int timeout);
ced1f5
+/**
ced1f5
+ * @brief Find SID by fully qualified name with timeout
ced1f5
+ *
ced1f5
+ * @param[in] fq_name  Fully qualified name of a user or a group
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] sid     String representation of the SID of the requested user
ced1f5
+ *                     or group, must be freed by the caller
ced1f5
+ * @param[out] type    Type of the object related to the given name
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - 0 (EOK): success, sid contains the requested SID
ced1f5
+ *  - ENOENT: requested object was not found in the domain extracted from the given name
ced1f5
+ *  - ENETUNREACH: SSSD does not know how to handle the domain extracted from the given name
ced1f5
+ *  - ENOSYS: this call is not supported by the configured provider
ced1f5
+ *  - EINVAL: input cannot be parsed
ced1f5
+ *  - EIO: remote servers cannot be reached
ced1f5
+ *  - EFAULT: any other error
ced1f5
+ *  - ETIME:     request timed out but was send to SSSD
ced1f5
+ *  - ETIMEDOUT: request timed out but was not send to SSSD
ced1f5
+ */
ced1f5
+int sss_nss_getsidbyname_timeout(const char *fq_name, unsigned int timeout,
ced1f5
+                                 char **sid, enum sss_id_type *type);
ced1f5
+
ced1f5
+/**
ced1f5
+ * @brief Find SID by a POSIX UID or GID with timeout
ced1f5
+ *
ced1f5
+ * @param[in] id       POSIX UID or GID
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] sid     String representation of the SID of the requested user
ced1f5
+ *                     or group, must be freed by the caller
ced1f5
+ * @param[out] type    Type of the object related to the given ID
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - see #sss_nss_getsidbyname_timeout
ced1f5
+ */
ced1f5
+int sss_nss_getsidbyid_timeout(uint32_t id, unsigned int timeout,
ced1f5
+                               char **sid, enum sss_id_type *type);
ced1f5
+
ced1f5
+/**
ced1f5
+ * @brief Return the fully qualified name for the given SID with timeout
ced1f5
+ *
ced1f5
+ * @param[in] sid      String representation of the SID
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] fq_name Fully qualified name of a user or a group,
ced1f5
+ *                     must be freed by the caller
ced1f5
+ * @param[out] type    Type of the object related to the SID
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - see #sss_nss_getsidbyname_timeout
ced1f5
+ */
ced1f5
+int sss_nss_getnamebysid_timeout(const char *sid, unsigned int timeout,
ced1f5
+                                 char **fq_name, enum sss_id_type *type);
ced1f5
+
ced1f5
+/**
ced1f5
+ * @brief Return the POSIX ID for the given SID with timeout
ced1f5
+ *
ced1f5
+ * @param[in] sid      String representation of the SID
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] id      POSIX ID related to the SID
ced1f5
+ * @param[out] id_type Type of the object related to the SID
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - see #sss_nss_getsidbyname_timeout
ced1f5
+ */
ced1f5
+int sss_nss_getidbysid_timeout(const char *sid, unsigned int timeout,
ced1f5
+                               uint32_t *id, enum sss_id_type *id_type);
ced1f5
+
ced1f5
+/**
ced1f5
+ * @brief Find original data by fully qualified name with timeout
ced1f5
+ *
ced1f5
+ * @param[in] fq_name  Fully qualified name of a user or a group
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] kv_list A NULL terminate list of key-value pairs where the key
ced1f5
+ *                     is the attribute name in the cache of SSSD,
ced1f5
+ *                     must be freed by the caller with sss_nss_free_kv()
ced1f5
+ * @param[out] type    Type of the object related to the given name
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - 0 (EOK): success, sid contains the requested SID
ced1f5
+ *  - ENOENT: requested object was not found in the domain extracted from the given name
ced1f5
+ *  - ENETUNREACH: SSSD does not know how to handle the domain extracted from the given name
ced1f5
+ *  - ENOSYS: this call is not supported by the configured provider
ced1f5
+ *  - EINVAL: input cannot be parsed
ced1f5
+ *  - EIO: remote servers cannot be reached
ced1f5
+ *  - EFAULT: any other error
ced1f5
+ *  - ETIME:     request timed out but was send to SSSD
ced1f5
+ *  - ETIMEDOUT: request timed out but was not send to SSSD
ced1f5
+ */
ced1f5
+int sss_nss_getorigbyname_timeout(const char *fq_name, unsigned int timeout,
ced1f5
+                                  struct sss_nss_kv **kv_list,
ced1f5
+                                  enum sss_id_type *type);
ced1f5
+
ced1f5
+/**
ced1f5
+ * @brief Return the fully qualified name for the given base64 encoded
ced1f5
+ * X.509 certificate in DER format with timeout
ced1f5
+ *
ced1f5
+ * @param[in] cert     base64 encoded certificate
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] fq_name Fully qualified name of a user or a group,
ced1f5
+ *                     must be freed by the caller
ced1f5
+ * @param[out] type    Type of the object related to the cert
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - see #sss_nss_getsidbyname_timeout
ced1f5
+ */
ced1f5
+int sss_nss_getnamebycert_timeout(const char *cert, unsigned int timeout,
ced1f5
+                                  char **fq_name, enum sss_id_type *type);
ced1f5
+
ced1f5
+/**
ced1f5
+ * @brief Return a list of fully qualified names for the given base64 encoded
ced1f5
+ * X.509 certificate in DER format with timeout
ced1f5
+ *
ced1f5
+ * @param[in] cert     base64 encoded certificate
ced1f5
+ * @param[in] timeout  timeout in milliseconds
ced1f5
+ * @param[out] fq_name List of fully qualified name of users or groups,
ced1f5
+ *                     must be freed by the caller
ced1f5
+ * @param[out] type    List of types of the objects related to the cert
ced1f5
+ *
ced1f5
+ * @return
ced1f5
+ *  - see #sss_nss_getsidbyname_timeout
ced1f5
+ */
ced1f5
+int sss_nss_getlistbycert_timeout(const char *cert, unsigned int timeout,
ced1f5
+                                  char ***fq_name, enum sss_id_type **type);
ced1f5
+
ced1f5
 #endif /* IPA_389DS_PLUGIN_HELPER_CALLS */
ced1f5
 #endif /* SSS_NSS_IDMAP_H_ */
ced1f5
diff --git a/src/sss_client/idmap/sss_nss_idmap.unit_tests b/src/sss_client/idmap/sss_nss_idmap.unit_tests
ced1f5
index 361cc3b134ead52cf458afe27c055739d6728441..05c474f008e1d59aae5976acfd81613c3c3e6540 100644
ced1f5
--- a/src/sss_client/idmap/sss_nss_idmap.unit_tests
ced1f5
+++ b/src/sss_client/idmap/sss_nss_idmap.unit_tests
ced1f5
@@ -2,5 +2,5 @@
ced1f5
 UNIT_TEST_ONLY {
ced1f5
     # should not be part of installed library
ced1f5
     global:
ced1f5
-        sss_nss_make_request;
ced1f5
+        sss_nss_make_request_timeout;
ced1f5
 };
ced1f5
diff --git a/src/tests/cmocka/sss_nss_idmap-tests.c b/src/tests/cmocka/sss_nss_idmap-tests.c
ced1f5
index 8807eca619d7b07d919168e5629042cf38f654ac..2e37040d2d3523bea157804706685fa0b36df16a 100644
ced1f5
--- a/src/tests/cmocka/sss_nss_idmap-tests.c
ced1f5
+++ b/src/tests/cmocka/sss_nss_idmap-tests.c
ced1f5
@@ -61,10 +61,11 @@ uint8_t buf_orig1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0
ced1f5
  #error "unknow endianess"
ced1f5
 #endif
ced1f5
 
ced1f5
-enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
ced1f5
-                      struct sss_cli_req_data *rd,
ced1f5
-                      uint8_t **repbuf, size_t *replen,
ced1f5
-                      int *errnop)
ced1f5
+enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
ced1f5
+                                             struct sss_cli_req_data *rd,
ced1f5
+                                             int timeout,
ced1f5
+                                             uint8_t **repbuf, size_t *replen,
ced1f5
+                                             int *errnop)
ced1f5
 {
ced1f5
     struct sss_nss_make_request_test_data *d;
ced1f5
 
ced1f5
@@ -114,7 +115,7 @@ void test_getsidbyname(void **state)
ced1f5
     sid = NULL;
ced1f5
 
ced1f5
     for (c = 0; d[c].d.repbuf != NULL; c++) {
ced1f5
-        will_return(sss_nss_make_request, &d[0].d);
ced1f5
+        will_return(sss_nss_make_request_timeout, &d[0].d);
ced1f5
 
ced1f5
         ret = sss_nss_getsidbyname("test", &sid, &type);
ced1f5
         assert_int_equal(ret, d[0].ret);
ced1f5
@@ -134,7 +135,7 @@ void test_getorigbyname(void **state)
ced1f5
     enum sss_id_type type;
ced1f5
     struct sss_nss_make_request_test_data d = {buf_orig1, sizeof(buf_orig1), 0, NSS_STATUS_SUCCESS};
ced1f5
 
ced1f5
-    will_return(sss_nss_make_request, &d);
ced1f5
+    will_return(sss_nss_make_request_timeout, &d);
ced1f5
     ret = sss_nss_getorigbyname("test", &kv_list, &type);
ced1f5
     assert_int_equal(ret, EOK);
ced1f5
     assert_int_equal(type, SSS_ID_TYPE_UID);
ced1f5
-- 
ced1f5
2.13.6
ced1f5