sssd.git/src/responder/common, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. cache_req: always go to dp first when looking up host 2017-02-08T20:25:48+00:00 Pavel Březina pbrezina@redhat.com 2017-02-08T12:22:42+00:00 d9780d2860b2f2c9d707bfd8f2fc72099b9545d7 We need to always lookup host in DP first to update host certificates so we are consinstent during ssh authentication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
We need to always lookup host in DP first to update host certificates so
we are consinstent during ssh authentication.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cache_req: add host by name search 2017-02-08T10:05:46+00:00 Pavel Březina pbrezina@redhat.com 2017-01-18T11:12:01+00:00 53c31b83e4d06ea4c2813eec2f1e647a613b4a2b Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: move dp request to plugin 2017-02-08T10:05:42+00:00 Pavel Březina pbrezina@redhat.com 2017-01-17T13:11:58+00:00 4df7aec645f87342f3a5146062abcb15f71f4fd9 This will allow to use cache req even for object that do not use account request such as hosts. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This will allow to use cache req even for object that do not use
account request such as hosts.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: add api to create ldb_result from message 2017-02-08T10:05:38+00:00 Pavel Březina pbrezina@redhat.com 2017-01-17T13:11:32+00:00 9492b3b26ac0b1898f836094074a9d8b38916e13 Some sysdb methods doesn't return ldb_result as output but return ldb_message instead. Changing sysdb to be consistent is too big so I added this helper function that will wrap resulting message into ldb_result. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Some sysdb methods doesn't return ldb_result as output but return
ldb_message instead. Changing sysdb to be consistent is too big
so I added this helper function that will wrap resulting message
into ldb_result.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: search user by name with attrs 2017-02-08T10:05:33+00:00 Pavel Březina pbrezina@redhat.com 2017-01-11T10:36:50+00:00 7723e79f5a1fad4201360199037aea33f655bab6 Sometime is is desirable to aquire more attribute from user object than SYSDB_PW_ATTRS set. such as user's public key. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Sometime is is desirable to aquire more attribute from user object
than SYSDB_PW_ATTRS set. such as user's public key.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: add ability to not use default domain suffix 2017-02-08T10:05:29+00:00 Pavel Březina pbrezina@redhat.com 2017-02-03T12:04:23+00:00 ddfd1900b26c66a062457d4fcc1a48bafd3eadf6 This will be used in the next plugin "host by name" where it is not desirable to use default domain suffix if set. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This will be used in the next plugin "host by name" where
it is not desirable to use default domain suffix if set.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sss_parse_inp_send: provide default_domain as parameter 2017-02-08T10:05:23+00:00 Pavel Březina pbrezina@redhat.com 2017-02-03T11:44:15+00:00 2b5704cd96a085b99d3b0d4f80f4414adc134750 It is not always desirable to consider default_domain from configuration but expect none instead. For example when we search host certificates. This is currently not used in this patch since host lookups parse name directly with sss_parse_name but it will be used in the next patch. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
It is not always desirable to consider default_domain from configuration
but expect none instead. For example when we search host certificates.

This is currently not used in this patch since host lookups parse
name directly with sss_parse_name but it will be used in the next
patch.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Suppres implicit-fallthrough from gcc 7 2017-02-01T13:10:44+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-01-30T11:17:25+00:00 2e505786d6d9d537f5b6631099862f6b93e2e687 Some kind of comments are recognized by gcc7 but they are ignored with -Wimplicit-fallthrough=5 and only attributes disable the warning. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Some kind of comments are recognized by gcc7 but they are ignored with
-Wimplicit-fallthrough=5 and only attributes disable the warning.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
RESPONDER: Change how client timeout is calculated 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-30T15:00:33+00:00 560daa14ef013aa14e2aedeea10b07f623d84ec8 Taking Pavel Březina's suggestion, let's avoid always re-creating the idle timer and go for a simpler and not so precise approach where we store the time of the last operation done and then have a simple periodic timer that fires each "client_idle_time/2" and there it checks whether the "current time - last request time > client_idle_time". As said, it won't be as precise as the way done currently but it will save us lots of memory operations. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Taking Pavel Březina's suggestion, let's avoid always re-creating the
idle timer and go for a simpler and not so precise approach where we
store the time of the last operation done and then have a simple
periodic timer that fires each "client_idle_time/2" and there it checks
whether the "current time - last request time > client_idle_time".

As said, it won't be as precise as the way done currently but it will
save us lots of memory operations.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
RESPONDER: Shutdown {dbus,socket}-activated responders in case they're idle 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-22T14:02:33+00:00 151a6de4793e0045a7085d4d72b975947662e566 This commit introduces a new option for the responders called responder_idle_timeout, which specifies the number of seconds that the responder process can be up without being used. The default value is 300 seconds (5 minutes) and can be configured per responder, being 60 seconds the minimum acceptable value. Is important to note that setting "responder_idle_timeout = 0" disables the responder timeout, which makes sense for the responders that always will be running. The shutdown timeout is activated per responder in case the responder has been {dbus,socket}-activated. In case of any commnunication with the responder the timeout is reset thereby ensuring we won't shutdown a responder that is not idle. Setting the responder's last request time is done slightly differently for socket-activated and dbus-activated responders. In both cases it's updated in any internal communication in sbus_message_handler(), but for the socket-activated responders it's also updated when the responder's socket is used. Currently it works properly with all responders but the secrets one, which has a different logic and must be treated separately in case some change is required there. Is worth to mention that this commit does not affect the responders explicitly configured in the "services" line of sssd.conf. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
This commit introduces a new option for the responders called
responder_idle_timeout, which specifies the number of seconds that the
responder process can be up without being used. The default value is
300 seconds (5 minutes) and can be configured per responder, being 60
seconds the minimum acceptable value.

Is important to note that setting "responder_idle_timeout = 0" disables
the responder timeout, which makes sense for the responders that always
will be running.

The shutdown timeout is activated per responder in case the responder
has been {dbus,socket}-activated. In case of any commnunication with the
responder the timeout is reset thereby ensuring we won't shutdown a
responder that is not idle.

Setting the responder's last request time is done slightly differently
for socket-activated and dbus-activated responders. In both cases it's
updated in any internal communication in sbus_message_handler(), but
for the socket-activated responders it's also updated when the
responder's socket is used.

Currently it works properly with all responders but the secrets one,
which has a different logic and must be treated separately in case some
change is required there.

Is worth to mention that this commit does not affect the responders
explicitly configured in the "services" line of sssd.conf.

Related:
https://fedorahosted.org/sssd/ticket/3245

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>