dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 7482c6affd4dfa77a8d465ff0283617792847725 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 6 Nov 2017 15:52:11 +0100
Subject: [PATCH 81/83] CACHE_REQ: Implement the plugin methods that utilize
 the domain locator API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Mainly, this patch adds handlers for the dp_get_domain_check_fn(),
dp_get_domain_send_fn() and dp_get_domain_recv_fn() functions to
requests that resolve objects by ID.

This patch also adds domain-local negcache setter for by-id methods
Previously, the by-ID methods only used global negative cache setters
because the ID space is global and we always iterated over all domains.

However, with addition of the domain locator plugin, we want also
to skip only certain domains and the easiest way to to so is to add
the IDs for domains that do not contain these IDs to the negative cache
with the get-account-domain request.

Therefore this patch also adds per-domain negative cache setters for
the three plugins that search by ID.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit a6eb9c4c3ff68d134bc745e8374f182737e9696b)
---
 src/responder/common/cache_req/cache_req_private.h |  5 ++
 .../common/cache_req/plugins/cache_req_common.c    | 17 +++++
 .../cache_req/plugins/cache_req_group_by_id.c      | 62 +++++++++++++++--
 .../cache_req/plugins/cache_req_object_by_id.c     | 77 ++++++++++++++++++++--
 .../cache_req/plugins/cache_req_user_by_id.c       | 63 ++++++++++++++++--
 src/tests/cmocka/common_mock_resp_dp.c             | 23 +++++++
 6 files changed, 235 insertions(+), 12 deletions(-)

diff --git a/src/responder/common/cache_req/cache_req_private.h b/src/responder/common/cache_req/cache_req_private.h
index 9586e3788045ff44eb2a4b626dc7fcaf11ec8028..95f24c0e5b9ab1150591d308c7288c57fe478c5d 100644
--- a/src/responder/common/cache_req/cache_req_private.h
+++ b/src/responder/common/cache_req/cache_req_private.h
@@ -187,4 +187,9 @@ bool
 cache_req_common_dp_recv(struct tevent_req *subreq,
                          struct cache_req *cr);
 
+errno_t
+cache_reg_common_get_acct_domain_recv(TALLOC_CTX *mem_ctx,
+                                      struct tevent_req *subreq,
+                                      struct cache_req *cr,
+                                      char **_domain);
 #endif /* _CACHE_REQ_PRIVATE_H_ */
diff --git a/src/responder/common/cache_req/plugins/cache_req_common.c b/src/responder/common/cache_req/plugins/cache_req_common.c
index 1f86258bc14c7a382712959f24a4ec4c153572d4..408c91949ceb3ecaf743f270f58f4e3fcfc3ccb1 100644
--- a/src/responder/common/cache_req/plugins/cache_req_common.c
+++ b/src/responder/common/cache_req/plugins/cache_req_common.c
@@ -147,3 +147,20 @@ done:
     talloc_free(err_msg);
     return bret;
 }
+
+errno_t
+cache_reg_common_get_acct_domain_recv(TALLOC_CTX *mem_ctx,
+                                      struct tevent_req *subreq,
+                                      struct cache_req *cr,
+                                      char **_domain)
+{
+    errno_t ret;
+
+    ret = sss_dp_get_account_domain_recv(mem_ctx, subreq, _domain);
+    if (ret != EOK) {
+        CACHE_REQ_DEBUG(SSSDBG_MINOR_FAILURE, cr,
+                        "Could not get account domain [%d]: %s\n",
+                        ret, sss_strerror(ret));
+    }
+    return ret;
+}
diff --git a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
index 70381266712d2c27c95027b54efab201c5df7690..ce84b1b4458b447ff6b4b036c6e8fe8f4d7758c8 100644
--- a/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_group_by_id.c
@@ -39,6 +39,15 @@ cache_req_group_by_id_ncache_check(struct sss_nc_ctx *ncache,
                                    struct sss_domain_info *domain,
                                    struct cache_req_data *data)
 {
+    errno_t ret;
+
+    if (domain != NULL) {
+        ret = sss_ncache_check_gid(ncache, domain, data->id);
+        if (ret == EEXIST) {
+            return ret;
+        }
+    }
+
     return sss_ncache_check_gid(ncache, NULL, data->id);
 }
 
@@ -57,6 +66,14 @@ cache_req_group_by_id_global_ncache_add(struct sss_nc_ctx *ncache,
     return sss_ncache_set_gid(ncache, false, NULL, data->id);
 }
 
+static errno_t
+cache_req_group_by_id_ncache_add(struct sss_nc_ctx *ncache,
+                                 struct sss_domain_info *domain,
+                                 struct cache_req_data *data)
+{
+    return sss_ncache_set_gid(ncache, false, domain, data->id);
+}
+
 static errno_t
 cache_req_group_by_id_lookup(TALLOC_CTX *mem_ctx,
                              struct cache_req *cr,
@@ -132,6 +149,43 @@ cache_req_group_by_id_dp_send(TALLOC_CTX *mem_ctx,
                                    SSS_DP_GROUP, string, id, flag);
 }
 
+static bool
+cache_req_group_by_id_get_domain_check(struct resp_ctx *rctx,
+                                       struct sss_domain_info *domain,
+                                       struct cache_req_data *data)
+{
+    int nret;
+
+    nret = sss_ncache_check_locate_gid(rctx->ncache, domain, data->id);
+    if (nret == EEXIST) {
+        return false;
+    }
+
+    return true;
+}
+
+static struct tevent_req *
+cache_req_group_by_id_get_domain_send(TALLOC_CTX *mem_ctx,
+                                      struct resp_ctx *rctx,
+                                      struct sss_domain_info *domain,
+                                      struct cache_req_data *data)
+{
+    int nret;
+
+    nret = sss_ncache_set_locate_gid(rctx->ncache, domain, data->id);
+    if (nret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Cannot set negative cache, this might result in performance degradation\n");
+        /* Not fatal */
+    }
+
+    return sss_dp_get_account_domain_send(mem_ctx,
+                                          rctx,
+                                          domain,
+                                          SSS_DP_GROUP,
+                                          data->id);
+}
+
 const struct cache_req_plugin cache_req_group_by_id = {
     .name = "Group by ID",
     .attr_expiration = SYSDB_CACHE_EXPIRE,
@@ -151,14 +205,14 @@ const struct cache_req_plugin cache_req_group_by_id = {
     .create_debug_name_fn = cache_req_group_by_id_create_debug_name,
     .global_ncache_add_fn = cache_req_group_by_id_global_ncache_add,
     .ncache_check_fn = cache_req_group_by_id_ncache_check,
-    .ncache_add_fn = NULL,
+    .ncache_add_fn = cache_req_group_by_id_ncache_add,
     .ncache_filter_fn = cache_req_group_by_id_ncache_filter,
     .lookup_fn = cache_req_group_by_id_lookup,
     .dp_send_fn = cache_req_group_by_id_dp_send,
     .dp_recv_fn = cache_req_common_dp_recv,
-    .dp_get_domain_check_fn = NULL,
-    .dp_get_domain_send_fn = NULL,
-    .dp_get_domain_recv_fn = NULL,
+    .dp_get_domain_check_fn = cache_req_group_by_id_get_domain_check,
+    .dp_get_domain_send_fn = cache_req_group_by_id_get_domain_send,
+    .dp_get_domain_recv_fn = cache_reg_common_get_acct_domain_recv,
 };
 
 struct tevent_req *
diff --git a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
index 2af95313cb2df0f46a61519ac962074033f34a12..1327b480c1b1b68f9826fa229c9b001f2d92b79b 100644
--- a/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_object_by_id.c
@@ -83,6 +83,26 @@ cache_req_object_by_id_global_ncache_add(struct sss_nc_ctx *ncache,
     return EOK;
 }
 
+static errno_t
+cache_req_object_by_id_ncache_add(struct sss_nc_ctx *ncache,
+                                  struct sss_domain_info *domain,
+                                  struct cache_req_data *data)
+{
+    errno_t ret;
+
+    ret = sss_ncache_set_uid(ncache, false, domain, data->id);
+    if (ret != EOK) {
+        return ret;
+    }
+
+    ret = sss_ncache_set_gid(ncache, false, domain, data->id);
+    if (ret != EOK) {
+        return ret;
+    }
+
+    return EOK;
+}
+
 static errno_t
 cache_req_object_by_id_lookup(TALLOC_CTX *mem_ctx,
                               struct cache_req *cr,
@@ -106,6 +126,55 @@ cache_req_object_by_id_dp_send(TALLOC_CTX *mem_ctx,
                                    cr->data->id, NULL);
 }
 
+static bool
+cache_req_object_by_id_get_domain_check(struct resp_ctx *rctx,
+                                        struct sss_domain_info *domain,
+                                        struct cache_req_data *data)
+{
+    int nret;
+
+    nret = sss_ncache_check_locate_uid(rctx->ncache, domain, data->id);
+    if (nret == EEXIST) {
+        nret = sss_ncache_check_locate_gid(rctx->ncache, domain, data->id);
+        if (nret == EEXIST) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+static struct tevent_req *
+cache_req_object_by_id_get_domain_send(TALLOC_CTX *mem_ctx,
+                                       struct resp_ctx *rctx,
+                                       struct sss_domain_info *domain,
+                                       struct cache_req_data *data)
+{
+    int nret;
+
+    nret = sss_ncache_set_locate_uid(rctx->ncache, domain, data->id);
+    if (nret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Cannot set negative cache, this might result in "
+              "performance degradation\n");
+        /* Not fatal */
+    }
+
+    nret = sss_ncache_set_locate_gid(rctx->ncache, domain, data->id);
+    if (nret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Cannot set negative cache, this might result in "
+              "performance degradation\n");
+        /* Not fatal */
+    }
+
+    return sss_dp_get_account_domain_send(mem_ctx,
+                                          rctx,
+                                          domain,
+                                          SSS_DP_USER_AND_GROUP,
+                                          data->id);
+}
+
 const struct cache_req_plugin cache_req_object_by_id = {
     .name = "Object by ID",
     .attr_expiration = SYSDB_CACHE_EXPIRE,
@@ -125,14 +194,14 @@ const struct cache_req_plugin cache_req_object_by_id = {
     .create_debug_name_fn = cache_req_object_by_id_create_debug_name,
     .global_ncache_add_fn = cache_req_object_by_id_global_ncache_add,
     .ncache_check_fn = cache_req_object_by_id_ncache_check,
-    .ncache_add_fn = NULL,
+    .ncache_add_fn = cache_req_object_by_id_ncache_add,
     .ncache_filter_fn = cache_req_object_by_id_ncache_filter,
     .lookup_fn = cache_req_object_by_id_lookup,
     .dp_send_fn = cache_req_object_by_id_dp_send,
     .dp_recv_fn = cache_req_common_dp_recv,
-    .dp_get_domain_check_fn = NULL,
-    .dp_get_domain_send_fn = NULL,
-    .dp_get_domain_recv_fn = NULL,
+    .dp_get_domain_check_fn = cache_req_object_by_id_get_domain_check,
+    .dp_get_domain_send_fn = cache_req_object_by_id_get_domain_send,
+    .dp_get_domain_recv_fn = cache_reg_common_get_acct_domain_recv,
 };
 
 struct tevent_req *
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
index 254330e92cc801b84bfb5e308d6d90ac54507d77..656fa41af5f39f68c64e241aa97c4eaf3ec57395 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_id.c
@@ -39,6 +39,15 @@ cache_req_user_by_id_ncache_check(struct sss_nc_ctx *ncache,
                                   struct sss_domain_info *domain,
                                   struct cache_req_data *data)
 {
+    errno_t ret;
+
+    if (domain != NULL) {
+        ret = sss_ncache_check_uid(ncache, domain, data->id);
+        if (ret == EEXIST) {
+            return ret;
+        }
+    }
+
     return sss_ncache_check_uid(ncache, NULL, data->id);
 }
 
@@ -57,6 +66,14 @@ cache_req_user_by_id_global_ncache_add(struct sss_nc_ctx *ncache,
     return sss_ncache_set_uid(ncache, false, NULL, data->id);
 }
 
+static errno_t
+cache_req_user_by_id_ncache_add(struct sss_nc_ctx *ncache,
+                                struct sss_domain_info *domain,
+                                struct cache_req_data *data)
+{
+    return sss_ncache_set_uid(ncache, false, domain, data->id);
+}
+
 static errno_t
 cache_req_user_by_id_lookup(TALLOC_CTX *mem_ctx,
                             struct cache_req *cr,
@@ -132,6 +149,44 @@ cache_req_user_by_id_dp_send(TALLOC_CTX *mem_ctx,
                                    SSS_DP_USER, string, id, flag);
 }
 
+static bool
+cache_req_user_by_id_get_domain_check(struct resp_ctx *rctx,
+                                      struct sss_domain_info *domain,
+                                      struct cache_req_data *data)
+{
+    int nret;
+
+    nret = sss_ncache_check_locate_uid(rctx->ncache, domain, data->id);
+    if (nret == EEXIST) {
+        return false;
+    }
+
+    return true;
+}
+
+static struct tevent_req *
+cache_req_user_by_id_get_domain_send(TALLOC_CTX *mem_ctx,
+                                     struct resp_ctx *rctx,
+                                     struct sss_domain_info *domain,
+                                     struct cache_req_data *data)
+{
+    int nret;
+
+    nret = sss_ncache_set_locate_uid(rctx->ncache, domain, data->id);
+    if (nret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Cannot set negative cache, this might result in "
+              "performance degradation\n");
+        /* Not fatal */
+    }
+
+    return sss_dp_get_account_domain_send(mem_ctx,
+                                          rctx,
+                                          domain,
+                                          SSS_DP_USER,
+                                          data->id);
+}
+
 const struct cache_req_plugin cache_req_user_by_id = {
     .name = "User by ID",
     .attr_expiration = SYSDB_CACHE_EXPIRE,
@@ -151,14 +206,14 @@ const struct cache_req_plugin cache_req_user_by_id = {
     .create_debug_name_fn = cache_req_user_by_id_create_debug_name,
     .global_ncache_add_fn = cache_req_user_by_id_global_ncache_add,
     .ncache_check_fn = cache_req_user_by_id_ncache_check,
-    .ncache_add_fn = NULL,
+    .ncache_add_fn = cache_req_user_by_id_ncache_add,
     .ncache_filter_fn = cache_req_user_by_id_ncache_filter,
     .lookup_fn = cache_req_user_by_id_lookup,
     .dp_send_fn = cache_req_user_by_id_dp_send,
     .dp_recv_fn = cache_req_common_dp_recv,
-    .dp_get_domain_check_fn = NULL,
-    .dp_get_domain_send_fn = NULL,
-    .dp_get_domain_recv_fn = NULL,
+    .dp_get_domain_check_fn = cache_req_user_by_id_get_domain_check,
+    .dp_get_domain_send_fn = cache_req_user_by_id_get_domain_send,
+    .dp_get_domain_recv_fn = cache_reg_common_get_acct_domain_recv,
 };
 
 struct tevent_req *
diff --git a/src/tests/cmocka/common_mock_resp_dp.c b/src/tests/cmocka/common_mock_resp_dp.c
index 4b38a38e6f53499132f9fe14a0ec0af157cf85ca..f21ca53ad0d6b7f4ed28d0c1d9e491af31355d43 100644
--- a/src/tests/cmocka/common_mock_resp_dp.c
+++ b/src/tests/cmocka/common_mock_resp_dp.c
@@ -179,3 +179,26 @@ errno_t sss_dp_get_domains_recv(struct tevent_req *req)
 {
     return test_request_recv(req);
 }
+
+struct tevent_req *
+sss_dp_get_account_domain_send(TALLOC_CTX *mem_ctx,
+                               struct resp_ctx *rctx,
+                               struct sss_domain_info *domain,
+                               enum sss_dp_acct_type type,
+                               uint32_t opt_id)
+{
+    return test_req_succeed_send(mem_ctx, rctx->ev);
+}
+
+errno_t sss_dp_get_account_domain_recv(TALLOC_CTX *mem_ctx,
+                                       struct tevent_req *req,
+                                       char **_domain)
+{
+    errno_t ret;
+
+    ret = sss_mock_type(errno_t);
+    if (ret == EOK) {
+        *_domain = sss_mock_ptr_type(char *);
+    }
+    return ret;
+}
-- 
2.14.3