diff options
-rw-r--r-- | src/Makefile.am | 5 | ||||
-rw-r--r-- | src/responder/common/negcache.c (renamed from src/responder/nss/nsssrv_nc.c) | 46 | ||||
-rw-r--r-- | src/responder/common/negcache.h (renamed from src/responder/nss/nsssrv_nc.h) | 22 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.c | 16 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.h | 3 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 27 |
6 files changed, 60 insertions, 59 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 64376d79..d77c7317 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -245,6 +245,7 @@ SSSD_UTIL_OBJ = \ $(SSSD_DEBUG_OBJ) SSSD_RESPONDER_OBJ = \ + responder/common/negcache.c \ responder/common/responder_cmd.c \ responder/common/responder_common.c \ responder/common/responder_dp.c \ @@ -329,7 +330,7 @@ dist_noinst_HEADERS = \ responder/common/responder_packet.h \ responder/pam/pamsrv.h \ responder/nss/nsssrv.h \ - responder/nss/nsssrv_nc.h \ + responder/common/negcache.h \ sbus/sbus_client.h \ sbus/sssd_dbus.h \ sbus/sssd_dbus_private.h \ @@ -380,7 +381,6 @@ sssd_LDADD = \ sssd_nss_SOURCES = \ responder/nss/nsssrv.c \ responder/nss/nsssrv_cmd.c \ - responder/nss/nsssrv_nc.c \ $(SSSD_UTIL_OBJ) \ $(SSSD_RESPONDER_OBJ) sssd_nss_LDADD = \ @@ -395,6 +395,7 @@ sssd_pam_SOURCES = \ $(SSSD_UTIL_OBJ) \ $(SSSD_RESPONDER_OBJ) sssd_pam_LDADD = \ + $(TDB_LIBS) \ $(SSSD_LIBS) sssd_be_SOURCES = \ diff --git a/src/responder/nss/nsssrv_nc.c b/src/responder/common/negcache.c index 8d8ef01c..aef9080a 100644 --- a/src/responder/nss/nsssrv_nc.c +++ b/src/responder/common/negcache.c @@ -30,7 +30,7 @@ #define NC_UID_PREFIX NC_ENTRY_PREFIX"UID" #define NC_GID_PREFIX NC_ENTRY_PREFIX"GID" -struct nss_nc_ctx { +struct sss_nc_ctx { struct tdb_context *tdb; }; @@ -44,11 +44,11 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret) return EOK; } -int nss_ncache_init(TALLOC_CTX *memctx, struct nss_nc_ctx **_ctx) +int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx) { - struct nss_nc_ctx *ctx; + struct sss_nc_ctx *ctx; - ctx = talloc_zero(memctx, struct nss_nc_ctx); + ctx = talloc_zero(memctx, struct sss_nc_ctx); if (!ctx) return ENOMEM; errno = 0; @@ -60,7 +60,7 @@ int nss_ncache_init(TALLOC_CTX *memctx, struct nss_nc_ctx **_ctx) return EOK; }; -static int nss_ncache_check_str(struct nss_nc_ctx *ctx, char *str, int ttl) +static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl) { TDB_DATA key; TDB_DATA data; @@ -117,7 +117,7 @@ done: return ret; } -static int nss_ncache_set_str(struct nss_nc_ctx *ctx, +static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str, bool permanent) { TDB_DATA key; @@ -151,7 +151,7 @@ done: return ret; } -int nss_ncache_check_user(struct nss_nc_ctx *ctx, int ttl, +int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name) { char *str; @@ -162,13 +162,13 @@ int nss_ncache_check_user(struct nss_nc_ctx *ctx, int ttl, str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name); if (!str) return ENOMEM; - ret = nss_ncache_check_str(ctx, str, ttl); + ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } -int nss_ncache_check_group(struct nss_nc_ctx *ctx, int ttl, +int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name) { char *str; @@ -179,13 +179,13 @@ int nss_ncache_check_group(struct nss_nc_ctx *ctx, int ttl, str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name); if (!str) return ENOMEM; - ret = nss_ncache_check_str(ctx, str, ttl); + ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } -int nss_ncache_check_uid(struct nss_nc_ctx *ctx, int ttl, uid_t uid) +int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) { char *str; int ret; @@ -193,13 +193,13 @@ int nss_ncache_check_uid(struct nss_nc_ctx *ctx, int ttl, uid_t uid) str = talloc_asprintf(ctx, "%s/%u", NC_UID_PREFIX, uid); if (!str) return ENOMEM; - ret = nss_ncache_check_str(ctx, str, ttl); + ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } -int nss_ncache_check_gid(struct nss_nc_ctx *ctx, int ttl, gid_t gid) +int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid) { char *str; int ret; @@ -207,13 +207,13 @@ int nss_ncache_check_gid(struct nss_nc_ctx *ctx, int ttl, gid_t gid) str = talloc_asprintf(ctx, "%s/%u", NC_GID_PREFIX, gid); if (!str) return ENOMEM; - ret = nss_ncache_check_str(ctx, str, ttl); + ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } -int nss_ncache_set_user(struct nss_nc_ctx *ctx, bool permanent, +int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { char *str; @@ -224,13 +224,13 @@ int nss_ncache_set_user(struct nss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name); if (!str) return ENOMEM; - ret = nss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } -int nss_ncache_set_group(struct nss_nc_ctx *ctx, bool permanent, +int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { char *str; @@ -241,13 +241,13 @@ int nss_ncache_set_group(struct nss_nc_ctx *ctx, bool permanent, str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name); if (!str) return ENOMEM; - ret = nss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } -int nss_ncache_set_uid(struct nss_nc_ctx *ctx, bool permanent, uid_t uid) +int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) { char *str; int ret; @@ -255,13 +255,13 @@ int nss_ncache_set_uid(struct nss_nc_ctx *ctx, bool permanent, uid_t uid) str = talloc_asprintf(ctx, "%s/%u", NC_UID_PREFIX, uid); if (!str) return ENOMEM; - ret = nss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } -int nss_ncache_set_gid(struct nss_nc_ctx *ctx, bool permanent, gid_t gid) +int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid) { char *str; int ret; @@ -269,7 +269,7 @@ int nss_ncache_set_gid(struct nss_nc_ctx *ctx, bool permanent, gid_t gid) str = talloc_asprintf(ctx, "%s/%u", NC_GID_PREFIX, gid); if (!str) return ENOMEM; - ret = nss_ncache_set_str(ctx, str, permanent); + ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; @@ -309,7 +309,7 @@ done: return 0; } -int nss_ncache_reset_permament(struct nss_nc_ctx *ctx) +int sss_ncache_reset_permament(struct sss_nc_ctx *ctx) { int ret; diff --git a/src/responder/nss/nsssrv_nc.h b/src/responder/common/negcache.h index c0fa197c..d310c9e3 100644 --- a/src/responder/nss/nsssrv_nc.h +++ b/src/responder/common/negcache.h @@ -22,30 +22,30 @@ #ifndef _NSS_NEG_CACHE_H_ #define _NSS_NEG_CACHE_H_ -struct nss_nc_ctx; +struct sss_nc_ctx; /* init the in memory negative cache */ -int nss_ncache_init(TALLOC_CTX *memctx, struct nss_nc_ctx **_ctx); +int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx); /* check if the user is expired according to the passed in time to live */ -int nss_ncache_check_user(struct nss_nc_ctx *ctx, int ttl, +int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name); -int nss_ncache_check_group(struct nss_nc_ctx *ctx, int ttl, +int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name); -int nss_ncache_check_uid(struct nss_nc_ctx *ctx, int ttl, uid_t uid); -int nss_ncache_check_gid(struct nss_nc_ctx *ctx, int ttl, gid_t gid); +int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); +int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid); /* add a new neg-cache entry setting the timestamp to "now" unless * "permanent" is set to true, in which case the timestamps is set to 0 * and the negative cache never expires (used to permanently filter out * users and groups) */ -int nss_ncache_set_user(struct nss_nc_ctx *ctx, bool permanent, +int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name); -int nss_ncache_set_group(struct nss_nc_ctx *ctx, bool permanent, +int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name); -int nss_ncache_set_uid(struct nss_nc_ctx *ctx, bool permanent, uid_t uid); -int nss_ncache_set_gid(struct nss_nc_ctx *ctx, bool permanent, gid_t gid); +int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid); +int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid); -int nss_ncache_reset_permament(struct nss_nc_ctx *ctx); +int sss_ncache_reset_permament(struct sss_nc_ctx *ctx); #endif /* _NSS_NEG_CACHE_H_ */ diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index ea2dc518..24753674 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -33,7 +33,7 @@ #include "popt.h" #include "util/util.h" #include "responder/nss/nsssrv.h" -#include "responder/nss/nsssrv_nc.h" +#include "responder/common/negcache.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" @@ -135,7 +135,7 @@ static int nss_get_config(struct nss_ctx *nctx, continue; } - ret = nss_ncache_set_user(nctx->ncache, true, dom->name, name); + ret = sss_ncache_set_user(nctx->ncache, true, dom->name, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], @@ -174,7 +174,7 @@ static int nss_get_config(struct nss_ctx *nctx, continue; } if (domain) { - ret = nss_ncache_set_user(nctx->ncache, true, domain, name); + ret = sss_ncache_set_user(nctx->ncache, true, domain, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], @@ -183,7 +183,7 @@ static int nss_get_config(struct nss_ctx *nctx, } } else { for (dom = rctx->domains; dom; dom = dom->next) { - ret = nss_ncache_set_user(nctx->ncache, true, dom->name, name); + ret = sss_ncache_set_user(nctx->ncache, true, dom->name, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for" " [%s:%s] (%d [%s])\n", @@ -226,7 +226,7 @@ static int nss_get_config(struct nss_ctx *nctx, continue; } - ret = nss_ncache_set_group(nctx->ncache, true, dom->name, name); + ret = sss_ncache_set_group(nctx->ncache, true, dom->name, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for [%s]" " (%d [%s])\n", filter_list[i], @@ -265,7 +265,7 @@ static int nss_get_config(struct nss_ctx *nctx, continue; } if (domain) { - ret = nss_ncache_set_group(nctx->ncache, true, domain, name); + ret = sss_ncache_set_group(nctx->ncache, true, domain, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for" " [%s] (%d [%s])\n", filter_list[i], @@ -274,7 +274,7 @@ static int nss_get_config(struct nss_ctx *nctx, } } else { for (dom = rctx->domains; dom; dom = dom->next) { - ret = nss_ncache_set_group(nctx->ncache, true, dom->name, name); + ret = sss_ncache_set_group(nctx->ncache, true, dom->name, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for" " [%s:%s] (%d [%s])\n", @@ -351,7 +351,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = nss_ncache_init(nctx, &nctx->ncache); + ret = sss_ncache_init(nctx, &nctx->ncache); if (ret != EOK) { DEBUG(0, ("fatal error initializing negative cache\n")); return ret; diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h index a6c66183..d53143dc 100644 --- a/src/responder/nss/nsssrv.h +++ b/src/responder/nss/nsssrv.h @@ -32,7 +32,6 @@ #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" -#include "responder/nss/nsssrv_nc.h" #define NSS_SBUS_SERVICE_VERSION 0x0001 #define NSS_SBUS_SERVICE_NAME "nss" @@ -45,7 +44,7 @@ struct nss_ctx { struct resp_ctx *rctx; int neg_timeout; - struct nss_nc_ctx *ncache; + struct sss_nc_ctx *ncache; int cache_refresh_percent; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 25e914bb..9b755138 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -21,6 +21,7 @@ #include "util/util.h" #include "responder/nss/nsssrv.h" +#include "responder/common/negcache.h" #include "confdb/confdb.h" #include "db/sysdb.h" #include <time.h> @@ -220,7 +221,7 @@ static int fill_pwent(struct sss_packet *packet, } if (filter_users) { - ncret = nss_ncache_check_user(nctx->ncache, + ncret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, domain, name); if (ncret == EEXIST) { @@ -528,7 +529,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) /* verify this user has not yet been negatively cached, * or has been permanently filtered */ - ret = nss_ncache_check_user(nctx->ncache, nctx->neg_timeout, + ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom->name, name); /* if neg cached, return we didn't find it */ @@ -570,7 +571,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) DEBUG(2, ("No results for getpwnam call\n")); /* set negative cache only if not result of cache check */ - ret = nss_ncache_set_user(nctx->ncache, false, dom->name, name); + ret = sss_ncache_set_user(nctx->ncache, false, dom->name, name); if (ret != EOK) { return ret; } @@ -791,7 +792,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) DEBUG(2, ("No results for getpwuid call\n")); /* set negative cache only if not result of cache check */ - ret = nss_ncache_set_uid(nctx->ncache, false, cmdctx->id); + ret = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); if (ret != EOK) { return ret; } @@ -900,7 +901,7 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx) } cmdctx->id = *((uint32_t *)body); - ret = nss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); if (ret == EEXIST) { DEBUG(3, ("Uid [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); @@ -1360,7 +1361,7 @@ static int fill_grent(struct sss_packet *packet, } if (filter_groups) { - ret = nss_ncache_check_group(nctx->ncache, + ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout, domain, name); if (ret == EEXIST) { DEBUG(4, ("Group [%s@%s] filtered out! (negative cache)\n", @@ -1437,7 +1438,7 @@ static int fill_grent(struct sss_packet *packet, name = (const char *)el->values[j].data; if (nctx->filter_users_in_groups) { - ret = nss_ncache_check_user(nctx->ncache, + ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, domain, name); if (ret == EEXIST) { @@ -1602,7 +1603,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) /* verify this group has not yet been negatively cached, * or has been permanently filtered */ - ret = nss_ncache_check_group(nctx->ncache, nctx->neg_timeout, + ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout, dom->name, name); /* if neg cached, return we didn't find it */ @@ -1644,7 +1645,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) DEBUG(2, ("No results for getgrnam call\n")); /* set negative cache only if not result of cache check */ - ret = nss_ncache_set_group(nctx->ncache, false, dom->name, name); + ret = sss_ncache_set_group(nctx->ncache, false, dom->name, name); if (ret != EOK) { return ret; } @@ -1865,7 +1866,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) DEBUG(2, ("No results for getgrgid call\n")); /* set negative cache only if not result of cache check */ - ret = nss_ncache_set_gid(nctx->ncache, false, cmdctx->id); + ret = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); if (ret != EOK) { return ret; } @@ -1974,7 +1975,7 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx) } cmdctx->id = *((uint32_t *)body); - ret = nss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, cmdctx->id); + ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, cmdctx->id); if (ret == EEXIST) { DEBUG(3, ("Gid [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); @@ -2451,7 +2452,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) /* verify this user has not yet been negatively cached, * or has been permanently filtered */ - ret = nss_ncache_check_user(nctx->ncache, nctx->neg_timeout, + ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom->name, name); /* if neg cached, return we didn't find it */ @@ -2488,7 +2489,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) DEBUG(2, ("No results for initgroups call\n")); /* set negative cache only if not result of cache check */ - ret = nss_ncache_set_user(nctx->ncache, false, dom->name, name); + ret = sss_ncache_set_user(nctx->ncache, false, dom->name, name); if (ret != EOK) { return ret; } |