sssd.git/src/responder/common, branch subdomfo sssd with jhrozek's patches UTIL: Convert domain->disabled into tri-state with domain states 2015-09-01T12:06:29+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-18T15:15:44+00:00 13e1628e34e4b4bc2320a87dd5ac888c70a63ddd This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as enabled, previously we only relied on talloc_zero marking dom->disabled as false. 
This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as enabled, previously we only relied on
talloc_zero marking dom->disabled as false.
negcache: allow domain name for UID and GID 2015-07-27T20:03:42+00:00 Sumit Bose sbose@redhat.com 2015-07-22T12:21:52+00:00 e1aed98d7c195f844ac8e85050d04f3ca5f899b3 Related to https://fedorahosted.org/sssd/ticket/2731 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2731

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: Extend cache_req with wildcard lookups 2015-07-15T15:32:23+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-24T22:24:50+00:00 fd04b25eaa5cd105da4122854d8bc1e702760e60 Related: https://fedorahosted.org/sssd/ticket/2553 Adds two new functions to the cache_req API: - cache_req_user_by_filter_send - cache_req_group_by_filter_send These functions can be used to retrieve users or groups that match a specified filter. Also renames a variable to avoid constant confusion -- the variable is only used for debug output. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2553

Adds two new functions to the cache_req API:
    - cache_req_user_by_filter_send
    - cache_req_group_by_filter_send

These functions can be used to retrieve users or groups that match a
specified filter.

Also renames a variable to avoid constant confusion -- the variable is
only used for debug output.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
DP: Add DP_WILDCARD and SSS_DP_WILDCARD_USER/SSS_DP_WILDCARD_GROUP 2015-07-15T15:32:20+00:00 Jakub Hrozek jhrozek@redhat.com 2015-05-04T10:34:32+00:00 cdc44abdf944b0de541fe93ecd77df4d09c856b1 Related: https://fedorahosted.org/sssd/ticket/2553 Extends the Data Provider interface and the responder<->Data provider interface with wildcard lookups. The patch uses a new "wildcard" prefix rather than reusing the existing user/group prefixes. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2553

Extends the Data Provider interface and the responder<->Data provider
interface with wildcard lookups.

The patch uses a new "wildcard" prefix rather than reusing the existing
user/group prefixes.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IFP: add FindByCertificate method for User objects 2015-06-19T16:48:13+00:00 Sumit Bose sbose@redhat.com 2015-05-26T12:29:17+00:00 827a016a07d5f911cc4195be89896a376fd71f59 Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2596

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ncache: add calls for certificate based searches 2015-06-19T16:48:13+00:00 Sumit Bose sbose@redhat.com 2015-06-03T14:18:05+00:00 8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98 Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2596

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
negcache: Soften condition for expired entries 2015-05-22T10:26:59+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-05-20T11:13:40+00:00 75e4a7753c44e9f2a7a65fad77d95e394f81c125 Type of timestamp for entries in negative cache is time_t which is number of *seconds* that have elapsed since 1 January 1970. The condition for ttl was to strict so entry could be valid from "ttl-1" to ttl e.g. * ttl is 1 second * entry was stored to negative cache at 1432120871.999639 stored_timestamp = 1432120871 * entry was tested few miliseconds later 1432120872.001293 current_time = 1432120872 Entry was marked as expired becuase result of condition was false stored_timestamp + ttl < current_time 1432120871 + 1 < 1432120872 This is a reason why ./test-negcache sometime fails. It's quite easily reproducible on slow machine or when valgrind was used. sh$ while libtool --mode=execute valgrind ./test-negcache ; do echo OK: done Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Type of timestamp for entries in negative cache is time_t
which is number of *seconds* that have elapsed since 1 January 1970.

The condition for ttl was to strict so entry could be valid
 from  "ttl-1" to  ttl e.g.
 * ttl is 1 second
 * entry was stored to negative cache at 1432120871.999639
   stored_timestamp = 1432120871
 * entry was tested few miliseconds later 1432120872.001293
   current_time = 1432120872

Entry was marked as expired becuase result of condition was false
  stored_timestamp + ttl < current_time
          1432120871 + 1 < 1432120872

This is a reason why ./test-negcache sometime fails.
It's quite easily reproducible on slow machine or when valgrind was used.

sh$ while libtool --mode=execute valgrind ./test-negcache ; do echo OK: done

Reviewed-by: Pavel Reichl <preichl@redhat.com>
responders: reset ncache after domains are discovered during startup 2015-04-09T06:35:23+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:31:19+00:00 0528fdec17d0031996e919fcd852459e86592c35 After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
ncache: Add sss_ncache_reset_repopulate_permanent 2015-04-09T06:35:20+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:30:27+00:00 0d19785f9ffd9c66df5b30d208ec7b0216a9555b This new function resets the negative cache and then re-adds the permanent entries. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
This new function resets the negative cache and then re-adds the
permanent entries.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
ncache: Silence critical error from filter_users when default_domain_suffix is set 2015-04-09T06:35:16+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-27T11:30:53+00:00 1aa492ce890f362564bfac21f3cfb0a3e38608bd When default_domain_suffix is used and filter_users is set (at least root is always, by default), SSSD tried to add the negcache entry to the default domain. But since the default domain is not known after start up, adding the entries fail with a verbose error message. This patch handles EAGAIN returned from the parsing function while setting negcache entries gracefully and also makes the debug message in parsing function more precise. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
When default_domain_suffix is used and filter_users is set (at least
root is always, by default), SSSD tried to add the negcache entry to the
default domain. But since the default domain is not known after start
up, adding the entries fail with a verbose error message.

This patch handles EAGAIN returned from the parsing function while
setting negcache entries gracefully and also makes the debug message in
parsing function more precise.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>