FILES: Handle files provider sources Setup watches on passwd and group files provided with the files provider options passwd_files and group_files lists Resolves: https://pagure.io/SSSD/sssd/issue/3402 Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Add passwd_files and group_files options Add new options to the files provider allowing an administrator to configure the files provider to read and monitor multiple or non-standard passwd and group file sources. These options default to /etc/passwd and /etc/group when unset. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

DP: Create a new handler function getAccountDomain() Adds a new method getAccountDomain() which is a bit similar to getAccountInfo, except it doesn't fetch, parse and store the entry, but just returns the domain or a subdomain the entry was found in. At the moment, the method only supports requests by ID. A default handler is provided (and in this patch used by all the domains) which returns ERR_GET_ACCT_DOM_NOT_SUPPORTED. This return code should be evaluated by the responder so that this DP method is not called again, because it's not supported by the back end type. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>

FILES: Add the files provider Adds a new provider type "files". The provider watches the UNIX password and group databases for changes using inotify and propagates its contents to the sysdb. The files provider is only built on platforms that support the inotify interface, polling or loading the entries on-deman is not supported. During initialization, the files are loaded from the environment variables SSS_FILES_PASSWD and SSS_FILES_GROUP, defaulting to /etc/passwd and /etc/group respectively. Loading the files from environment variables is mostly implemented for tests that need to load nss_wrapped files. The files provider is a bit different from other provider types in the sense that it always enumerates full contents of the database. Therefore, the requests from Data Provider are always just replied to with success. Enumerating the contents is done in full at the moment, all users and all groups are removed and added anew. Modifying the passwd and group databses should be rare enough for this to be justified and we can optimize the code later. Since with large databases, the cache update might take a bit of time, we signal the responders to disable the files domain once we receive the inotify notification and re-enable the files domain after the update is finished. The idea is that the NSS configuration would still contain "files" after "sss" so that if the domain is disabled, libc would fall back to a direct "files" lookup. Resolves: https://fedorahosted.org/sssd/ticket/3262 Reviewed-by: Pavel Březina <pbrezina@redhat.com>