CACHE_REQ: Add cache_req_data_set_bypass_dp() Similar to cache_req_data_set_bypass_cache() cache_req_data_set_bypass_dp() can be used to control how the cache_req framework performs the lookup. If cache_req_data_set_bypass_dp() is used with 'true' only a cache lookup is performed and no request is send to the backend even if no entry was found. Related to https://pagure.io/SSSD/sssd/issue/2478 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: Look for name attribute also in nss_cmd_getsidbyid We always check negcache after getting data from backend since commit 4c09cd008967c5c0ec358dc658ffc6fc1cef2697 because we usually do have a name in begging of requests "* by ID". We were not interested in name in request sid by id before. However, function cache_req_search_ncache_filter always expect name otherwise it returns ERR_INTERNAL. [sssd[nss]] [cache_req_set_plugin] (0x2000): CR #8: Setting "Object by ID" plugin [sssd[nss]] [cache_req_send] (0x0400): CR #8: New request 'Object by ID' [sssd[nss]] [cache_req_select_domains] (0x0400): CR #8: Performing a multi-domain search [sssd[nss]] [cache_req_search_domains] (0x0400): CR #8: Search will check the cache and check the data provider [sssd[nss]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain sssdad2012r2.com type POSIX is valid [sssd[nss]] [cache_req_set_domain] (0x0400): CR #8: Using domain [sssdad2012r2.com] [sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Looking up ID:233600513@sssdad2012r2.com [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: Checking negative cache for [ID:233600513@sssdad2012r2.com] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/sssdad2012r2.com/233600513] [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: [ID:233600513@sssdad2012r2.com] is not present in negative cache [sssd[nss]] [cache_req_search_cache] (0x0400): CR #8: Looking up [ID:233600513@sssdad2012r2.com] in cache [sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Returning [ID:233600513@sssdad2012r2.com] from cache [sssd[nss]] [cache_req_search_ncache_filter] (0x0400): CR #8: Filtering out results by negative cache [sssd[nss]] [cache_req_search_ncache_filter] (0x0020): CR #8: sss_get_name_from_msg() returned NULL, which should never happen in this scenario! [sssd[nss]] [cache_req_process_result] (0x0400): CR #8: Finished: Error 1432158209: Internal Error [sssd[nss]] [nss_protocol_done] (0x4000): Sending reply: error [1432158209]: Internal Error [sssd[nss]] [client_recv] (0x0200): Client disconnected! Resolves: https://pagure.io/SSSD/sssd/issue/3485 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

CACHE_REQ: Don't error out when searching by id = 0 This code path can be easily triggered by calling `id 0` and SSSD should not error out in this case. Previous patches in this series already add uid and gid 0 to the negative cache and we can properly handle this situation. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

CACHE_REQ: Add cache_req_data_set_bypass_cache() This new cache_req_data method has been added because of the upcoming changes in the PAM responder. For deciding whether to contact the cache, or just query the data provider directly, PAM responder calls pam_initgr_check_timeout() which will return whether the cache entry may still be valid. The cache will be contacted only in case the cache entry is still valid, otherwise the data provider will be called. pam_initgr_check_timeout() basically checks whether the user (being looked up) is still a part of an in-memory hash table. Because the entry is a part of the hash table for really short period of time, and is automatically removed, the communication with the data provider is forced to happen quite often. As the follow-up changes should not modify this behaviour, this function was introduced so we can still call pam_initgr_check_timeout() and pass its result to the cache_req call that will perform the lookup. Related: https://fedorahosted.org/sssd/ticket/1126 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: add host by name search Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: add object by id This request returns either user or group object. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add object by name This request returns either user or group object. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: make sure that we always fetch default attrs Some plug-ins allow to specify what attributes should be returned, but we always need to make sure that operational attributes such as expiration time is returned so we can calculate the expiration status. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add support for netgroups Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add support for services enumeration Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add support for service by port Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add support for service by name Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add group enumeration Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add user enumeration Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: move from switch to plugins, add plugins This patch adds all existing functionality into plugins. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>