Hi, recently the patch "Allow flat name in the FQname format" was commit to master. The flat domain name is determined at runtime but currently only when the responders receive a request with an unknown domain name.
If now the flat domain name is used in the FQname and the nss responder receives e.g. a 'getent passwd DOM\username' request with the flat domain name after startup everything is fine. Because after startup the domain part of the given fully qualified user name is not know and a request will be send to the backends to look it up. If the request is done the flat domain name is know and can be used in the returned FQname. if on the other hand the nss responder receives a 'getent passwd usern...@domain.name' with the domain name from sssd.conf the domain part of the user name is known and there is no reason to send a get_domains request to the backend. Hence the flat domain name is not known when the FQname for the response is constructed and will be replaced by the full name. To avoid this the following patch will always run a get_domains request at startup to get the needed domain data. Fixes https://fedorahosted.org/sssd/ticket/1951. bye, Sumit
From fff4c87319c4599344571ce7abae67513b6acc1a Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 31 May 2013 10:52:05 +0200 Subject: [PATCH] Lookup domains at startup To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951 --- src/responder/autofs/autofssrv.c | 6 +++ src/responder/common/responder.h | 4 ++ src/responder/common/responder_get_domains.c | 49 ++++++++++++++++++++++++++ src/responder/nss/nsssrv.c | 6 +++ src/responder/pac/pacsrv.c | 6 +++ src/responder/pam/pamsrv.c | 6 +++ src/responder/ssh/sshsrv.c | 6 +++ src/responder/sudo/sudosrv.c | 6 +++ 8 files changed, 89 insertions(+), 0 deletions(-) diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index ea4c049..edd6f42 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -194,6 +194,12 @@ autofs_process_init(TALLOC_CTX *mem_ctx, goto fail; } + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); + goto fail; + } + DEBUG(SSSDBG_TRACE_FUNC, ("autofs Initialization complete\n")); return EOK; diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 68b4ebb..5331d5b 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -303,6 +303,10 @@ struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, errno_t sss_dp_get_domains_recv(struct tevent_req *req); +errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx); + errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, bool allow_sss_loop, size_t *_uid_count, uid_t **_uids); diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index defa4a4..592cd8d 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -369,3 +369,52 @@ static errno_t check_last_request(struct resp_ctx *rctx, const char *hint) return EOK; } + +static void get_domains_at_startup_done(struct tevent_req *req) +{ + int ret; + + ret = sss_dp_get_domains_recv(req); + talloc_free(req); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sss_dp_get_domains request failed.\n")); + } + + return; +} + +static void get_domains_at_startup(struct tevent_context *ev, + struct tevent_immediate *imm, + void *pvt) +{ + struct tevent_req *req; + struct resp_ctx *rctx; + + rctx = talloc_get_type(pvt, struct resp_ctx); + + req = sss_dp_get_domains_send(rctx, rctx, true, NULL); + if (req == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("sss_dp_get_domains_send failed.\n")); + return; + } + + tevent_req_set_callback(req, get_domains_at_startup_done, NULL); + return; +} + +errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct resp_ctx *rctx) +{ + struct tevent_immediate *imm; + + imm = tevent_create_immediate(mem_ctx); + if (imm == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("tevent_create_immediate failed.\n")); + return ENOMEM; + } + + tevent_schedule_immediate(imm, ev, get_domains_at_startup, rctx); + + return EOK; +} diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index ee8fecb..ebad150 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -532,6 +532,12 @@ int nss_process_init(TALLOC_CTX *mem_ctx, } responder_set_fd_limit(fd_limit); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); + goto fail; + } + DEBUG(SSSDBG_TRACE_FUNC, ("NSS Initialization complete\n")); return EOK; diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 9bc2766..22f87cb 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -207,6 +207,12 @@ int pac_process_init(TALLOC_CTX *mem_ctx, } responder_set_fd_limit(fd_limit); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); + goto fail; + } + DEBUG(SSSDBG_TRACE_FUNC, ("PAC Initialization complete\n")); return EOK; diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index c71ef07..fad564a 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -203,6 +203,12 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, } responder_set_fd_limit(fd_limit); + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); + goto done; + } + ret = EOK; done: diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 410e631..a1d1f6c 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -166,6 +166,12 @@ int ssh_process_init(TALLOC_CTX *mem_ctx, goto fail; } + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); + goto fail; + } + DEBUG(SSSDBG_TRACE_FUNC, ("SSH Initialization complete\n")); return EOK; diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index a6344a9..e6bd997 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -148,6 +148,12 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, goto fail; } + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); + goto fail; + } + DEBUG(SSSDBG_TRACE_FUNC, ("SUDO Initialization complete\n")); return EOK; -- 1.7.7.6
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel