sssd.git/src/responder/common, branch openssl Unnamed repository; edit this file 'description' to name the repository. cache_req: delete old code 2016-10-20T07:56:41+00:00 Pavel Březina pbrezina@redhat.com 2016-10-12T11:27:26+00:00 e083a6bcf19a32f81f3fbbc6fff5fa2ff4c1b17a Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: move from switch to plugins, add plugins 2016-10-20T07:56:35+00:00 Pavel Březina pbrezina@redhat.com 2016-10-03T11:03:44+00:00 0db2f3402b37df221fbf55486769989f82df479a This patch adds all existing functionality into plugins. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch adds all existing functionality into plugins.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: move from switch to plugins; add logic 2016-10-20T07:56:08+00:00 Pavel Březina pbrezina@redhat.com 2016-10-03T11:01:22+00:00 2749964664a69bbb99d09409c1110095cbfcc664 cache_req grown quite big from the original code and it turned out that using switch statements to branch code for different cases makes the code quite hard to read and further extend and any modification to the logic itself is difficult. This patch changes the switch statements to plugins with small functions and separates logic into multiple modules. This gives us better control over the code and improves readability and maintainability while keeping code duplication to minimum. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com> 
cache_req grown quite big from the original code and it turned out
that using switch statements to branch code for different cases
makes the code quite hard to read and further extend and any
modification to the logic itself is difficult.

This patch changes the switch statements to plugins with small
functions and separates logic into multiple modules. This gives
us better control over the code and improves readability and
maintainability while keeping code duplication to minimum.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
DP: Remove old data provider interface 2016-08-16T12:54:50+00:00 Pavel Březina pbrezina@redhat.com 2016-07-19T12:24:16+00:00 04e870d99e72aa3160bdb6ab05d986fb4005c3ed Reverse data provider interface is moved to a better location in NSS responder. All responders now can have an sbus interface defined per data provider connection. The unused old data provider interface is removed. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reverse data provider interface is moved to a better location in
NSS responder. All responders now can have an sbus interface
defined per data provider connection. The unused old data provider
interface is removed.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sbus: add utility function to simplify message and reply handling 2016-08-16T12:39:04+00:00 Pavel Březina pbrezina@redhat.com 2016-06-29T10:35:59+00:00 439e08cdc5c83b3e5835cb0435983f1da2ffbaf1 This patch adds the ability to hook DBusMessage to a talloc context to remove the need of calling dbus_message_unref(). It also provides an automatical way to detect error in a reply so the caller does not need to parse it manually and the whole code around DBusError can be avoided. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch adds the ability to hook DBusMessage to a talloc context
to remove the need of calling dbus_message_unref(). It also provides
an automatical way to detect error in a reply so the caller does
not need to parse it manually and the whole code around DBusError
can be avoided.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
rdp: add ability to forward reply to the client request 2016-08-16T12:38:52+00:00 Pavel Březina pbrezina@redhat.com 2016-06-28T09:40:16+00:00 a40d9cc11d17d9c3c22a0462cd8c419d1e79ffb8 In cases where the InfoPipe servers just as a middle-man between the DataProvider and a client we can simply forward the reply reducing amount of coded needed in the InfoPipe. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
In cases where the InfoPipe servers just as a middle-man between
the DataProvider and a client we can simply forward the reply
reducing amount of coded needed in the InfoPipe.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
NSS: Do not check local users with disabled local_negative_timeout 2016-08-09T09:30:35+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-08-08T11:55:52+00:00 950716d2087446205c84f00b371f468d6ead1ec2 sssd_nss can set different negative timeout for local users and groups. However, checking whether user/group is local is quite expensive operation. We can avoid such operations if local_negative_timeout is not set. This fix improve performance(40%) of lookup non-existing entries in offline mode and with disabled local_negative_timeout. sh$ cat pok.sh for i in {1..10000}; do getent passwd -s sss temp$i getent group -s sss temp$i done #without patch sh $time /bin/bash pok.sh real 0m41.534s user 0m3.580s sys 0m14.202s #with patch sh $time /bin/bash pok.sh real 0m26.686s user 0m3.292s sys 0m13.165s Resolves: https://fedorahosted.org/sssd/ticket/3122 Reviewed-by: Petr Cech <pcech@redhat.com> 
sssd_nss can set different negative timeout for local users
and groups. However, checking whether user/group is local
is quite expensive operation. We can avoid such operations
if local_negative_timeout is not set.

This fix improve performance(40%) of lookup non-existing
entries in offline mode and with disabled local_negative_timeout.

  sh$ cat pok.sh
  for i in {1..10000}; do
    getent passwd -s sss temp$i
    getent group -s sss temp$i
  done

  #without patch
  sh $time /bin/bash pok.sh
  real    0m41.534s
  user    0m3.580s
  sys     0m14.202s

  #with patch
  sh $time /bin/bash pok.sh
  real    0m26.686s
  user    0m3.292s
  sys     0m13.165s

Resolves:
https://fedorahosted.org/sssd/ticket/3122

Reviewed-by: Petr Cech <pcech@redhat.com>
RESPONDERS: Pass errno to strerror() when SELINUX_getpeercon() fails 2016-08-04T10:17:33+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-08-02T13:12:45+00:00 ba3c902014ac0b04ec761296fdb1c3ede747a5f2 Currently ret, which is -1, is passed to strerror() instead of errno. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Currently ret, which is -1, is passed to strerror() instead of errno.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Related:
https://fedorahosted.org/sssd/ticket/3094

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Show a bit more info in case of SELINUX_getpeercon() failure 2016-08-04T10:17:29+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-08-02T13:08:09+00:00 4b9ee02b1f5252b2a116adf0c0c6c7a4722bb2cf Be explicit that it may happen when SELinux is disabled and also suggest to enable SELinux. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Be explicit that it may happen when SELinux is disabled and also suggest
to enable SELinux.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Related:
https://fedorahosted.org/sssd/ticket/3094

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Decrease debug level for failures in SELINUX_getpeercon() 2016-08-04T10:17:25+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-08-02T13:04:51+00:00 634b6f28ec7d94d0ac418f338d892b4a41da7e3b As this is not FATAL and may happen when SELinux is disabled, let's just decrease the debug level to MINOR_FAILURE Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
As this is not FATAL and may happen when SELinux is disabled, let's just
decrease the debug level to MINOR_FAILURE

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Related:
https://fedorahosted.org/sssd/ticket/3094

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>