sssd.git/src/responder/common/cache_req, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. cache_req: always go to dp first when looking up host 2017-02-08T20:25:48+00:00 Pavel Březina pbrezina@redhat.com 2017-02-08T12:22:42+00:00 d9780d2860b2f2c9d707bfd8f2fc72099b9545d7 We need to always lookup host in DP first to update host certificates so we are consinstent during ssh authentication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
We need to always lookup host in DP first to update host certificates so
we are consinstent during ssh authentication.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cache_req: add host by name search 2017-02-08T10:05:46+00:00 Pavel Březina pbrezina@redhat.com 2017-01-18T11:12:01+00:00 53c31b83e4d06ea4c2813eec2f1e647a613b4a2b Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: move dp request to plugin 2017-02-08T10:05:42+00:00 Pavel Březina pbrezina@redhat.com 2017-01-17T13:11:58+00:00 4df7aec645f87342f3a5146062abcb15f71f4fd9 This will allow to use cache req even for object that do not use account request such as hosts. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This will allow to use cache req even for object that do not use
account request such as hosts.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: add api to create ldb_result from message 2017-02-08T10:05:38+00:00 Pavel Březina pbrezina@redhat.com 2017-01-17T13:11:32+00:00 9492b3b26ac0b1898f836094074a9d8b38916e13 Some sysdb methods doesn't return ldb_result as output but return ldb_message instead. Changing sysdb to be consistent is too big so I added this helper function that will wrap resulting message into ldb_result. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Some sysdb methods doesn't return ldb_result as output but return
ldb_message instead. Changing sysdb to be consistent is too big
so I added this helper function that will wrap resulting message
into ldb_result.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: search user by name with attrs 2017-02-08T10:05:33+00:00 Pavel Březina pbrezina@redhat.com 2017-01-11T10:36:50+00:00 7723e79f5a1fad4201360199037aea33f655bab6 Sometime is is desirable to aquire more attribute from user object than SYSDB_PW_ATTRS set. such as user's public key. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Sometime is is desirable to aquire more attribute from user object
than SYSDB_PW_ATTRS set. such as user's public key.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: add ability to not use default domain suffix 2017-02-08T10:05:29+00:00 Pavel Březina pbrezina@redhat.com 2017-02-03T12:04:23+00:00 ddfd1900b26c66a062457d4fcc1a48bafd3eadf6 This will be used in the next plugin "host by name" where it is not desirable to use default domain suffix if set. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This will be used in the next plugin "host by name" where
it is not desirable to use default domain suffix if set.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sss_parse_inp_send: provide default_domain as parameter 2017-02-08T10:05:23+00:00 Pavel Březina pbrezina@redhat.com 2017-02-03T11:44:15+00:00 2b5704cd96a085b99d3b0d4f80f4414adc134750 It is not always desirable to consider default_domain from configuration but expect none instead. For example when we search host certificates. This is currently not used in this patch since host lookups parse name directly with sss_parse_name but it will be used in the next patch. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
It is not always desirable to consider default_domain from configuration
but expect none instead. For example when we search host certificates.

This is currently not used in this patch since host lookups parse
name directly with sss_parse_name but it will be used in the next
patch.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
nss: rewrite nss responder so it uses cache_req 2016-12-19T22:28:55+00:00 Pavel Březina pbrezina@redhat.com 2016-10-05T12:05:45+00:00 4049b63f8c67ada17b453463b0451ca6be3d5de4 Given the size of the current nss responder it was quite impossible to simply switch into using the cache_req interface, especially because most of the code was duplication of cache lookups. This patch completely rewrites the responder from scratch. The amount of code was reduced to less than a half lines of code with no code duplication, better documentation and better maintainability and readability. All functionality should be intact. *Code organization* All protocol (parsing input message and send a reply) is placed in nss_protocol.c. Functions that deals with creating a reply packet are placed into their specific nss_protocol_$object.c files. All supported commands are placed into nss_cmd.c. Functions that deals with cache req are in nss_get_object.c and nss_enum.c. *Code flow for non-enumeration* An nss_getby_$input-type is called for each non-enumeration command. This function parses the input message, creates a cache_req_data structure and issues nss_get_object that calls cache_req. When this request is done nss_getby_done make sure a reply is sent to the client. *Comments on enumeration* I made some effort to make sure enumeration shares the same code for users, groups, services and netgroups. Netgroups now uses nss negative cache instead of implementing its own. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Given the size of the current nss responder it was quite impossible
to simply switch into using the cache_req interface, especially
because most of the code was duplication of cache lookups.

This patch completely rewrites the responder from scratch. The amount
of code was reduced to less than a half lines of code with no code duplication,
better documentation and better maintainability and readability.

All functionality should be intact.

*Code organization*
All protocol (parsing input message and send a reply) is placed
in nss_protocol.c. Functions that deals with creating a reply
packet are placed into their specific nss_protocol_$object.c files.

All supported commands are placed into nss_cmd.c. Functions that
deals with cache req are in nss_get_object.c and nss_enum.c.

*Code flow for non-enumeration*
An nss_getby_$input-type is called for each non-enumeration command.
This function parses the input message, creates a cache_req_data
structure and issues nss_get_object that calls cache_req. When
this request is done nss_getby_done make sure a reply is sent to
the client.

*Comments on enumeration*
I made some effort to make sure enumeration shares the same code
for users, groups, services and netgroups. Netgroups now uses
nss negative cache instead of implementing its own.

Resolves:
https://fedorahosted.org/sssd/ticket/3151

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cache_req: do not set ncache if dp request fails 2016-12-19T22:24:36+00:00 Pavel Březina pbrezina@redhat.com 2016-12-14T10:37:15+00:00 2d12aae08aff6c17c1edb107a204c54d9acfe08d We will only remember entry in the negative cache if the data provider requests succeeded because only then we can be sure that the entry does not exist. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
We will only remember entry in the negative cache if the data provider
requests succeeded because only then we can be sure that the entry
does not exist.

Resolves:
https://fedorahosted.org/sssd/ticket/3151

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cache_req: allow to search subdomains without fqn 2016-12-19T22:24:32+00:00 Pavel Březina pbrezina@redhat.com 2016-12-12T10:52:19+00:00 122228f496f1a914b0763fb47a50854f168dc3b4 This patch allows plugins that do not require name qualification on multi-domain search to perform lookup also in subdomains. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
This patch allows plugins that do not require name qualification
on multi-domain search to perform lookup also in subdomains.

Resolves:
https://fedorahosted.org/sssd/ticket/3151

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>