History log of /sssd-io/src/responder/common/cache_req/plugins/cache_req_enum_groups.c
Revision Date Author Comments Expand
2856dac5818265a6b4e42d768b73c65e333d14ff 06-Dec-2017 Jakub Hrozek <jhrozek@redhat.com>

CACHE_REQ: Add plugin methods required for the domain-locator request Adds three new cache_req plugin methods: - cache_req_dp_get_domain_check_fn - check if it is time to run the locator request again - cache_req_dp_get_domain_send/recv_fn - run the locator itself The reason we added also the checker is that when the locator runs, we add a temporary entry into the negative cache that would denote that the locator ran and the ordinary domain negative cache (UID negcache, GID negcache, ..) were set for the domains and can be still used to skip domains that we know do not contain the account without calling the getAccountDomain handler again. If we didn't have this checker, requesting an entry from a domain further down the domain list would always call the locator, only to always receive the same results. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>

4ef0b19a5e8a327443d027e57487c8a1e4f654ce 10-May-2017 Fabiano Fidêncio <fidencio@redhat.com>

CACHE_REQ: Make use of cache_req_ncache_filter_fn() This patch makes use of cache_req_ncache_filter_fn() in order to process the result of a cache_req search and then filter out all the results that are present in the negative cache. The "post cache_req search" result processing is done basically in two different cases: - plugins which don't use name as an input token (group_by_id, user_by_id and object_by_id), but still can be affected by filter_{users,groups} options; - plugins responsible for groups and users enumeration (enum_groups and enum_users); Resolves: https://pagure.io/SSSD/sssd/issue/3362 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

f24ee5cca4cd43e7edf26fec453fbd99392bbe4b 10-May-2017 Fabiano Fidêncio <fidencio@redhat.com>

CACHE_REQ: Add a new cache_req_ncache_filter_fn() plugin function This function will be responsible for filtering out all the results that we have that are also present in the negative cache. This is useful mainly for plugins which don't use name as an input token but can still be affected by filter_{users,groups} options. For now this new function is not being used anywhere. Related: https://pagure.io/SSSD/sssd/issue/3362 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

cee85e8fb9534ec997e5388fce59f392cf029573 30-Mar-2017 Jakub Hrozek <jhrozek@redhat.com>

CACHE_REQ: Domain type selection in cache_req Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new enumeration cache_req_dom_type. It is a tri-state that allows the caller to select which domains can be contacted - either only POSIX, only application domains or any type. Not all plugins of cache_req have the new parameter added -- only those that are usable/useful in a non-POSIX environment. For example, it makes no sense to allow the selection for calls by ID because those are inherently POSIX-specific. Also, services or netgroups are supported only coming from POSIX domains. At the moment, the patch should not change any behaviour as all calls default to contacting POSIX domains only. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

/sssd-io/src/responder/common/cache_req/cache_req.c /sssd-io/src/responder/common/cache_req/cache_req.h /sssd-io/src/responder/common/cache_req/cache_req_private.h cache_req_enum_groups.c cache_req_enum_svc.c cache_req_enum_users.c cache_req_group_by_filter.c cache_req_group_by_id.c cache_req_group_by_name.c cache_req_host_by_name.c cache_req_initgroups_by_name.c cache_req_netgroup_by_name.c cache_req_object_by_id.c cache_req_object_by_name.c cache_req_object_by_sid.c cache_req_svc_by_name.c cache_req_svc_by_port.c cache_req_user_by_cert.c cache_req_user_by_filter.c cache_req_user_by_id.c cache_req_user_by_name.c /sssd-io/src/responder/ifp/ifp_groups.c /sssd-io/src/responder/ifp/ifp_users.c /sssd-io/src/responder/ifp/ifpsrv_cmd.c /sssd-io/src/responder/nss/nss_enum.c /sssd-io/src/responder/nss/nss_get_object.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/tests/cmocka/test_responder_cache_req.c
4df7aec645f87342f3a5146062abcb15f71f4fd9 08-Feb-2017 Pavel Březina <pbrezina@redhat.com>

cache_req: move dp request to plugin This will allow to use cache req even for object that do not use account request such as hosts. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

ddfd1900b26c66a062457d4fcc1a48bafd3eadf6 08-Feb-2017 Pavel Březina <pbrezina@redhat.com>

cache_req: add ability to not use default domain suffix This will be used in the next plugin "host by name" where it is not desirable to use default domain suffix if set. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

122228f496f1a914b0763fb47a50854f168dc3b4 19-Dec-2016 Pavel Březina <pbrezina@redhat.com>

cache_req: allow to search subdomains without fqn This patch allows plugins that do not require name qualification on multi-domain search to perform lookup also in subdomains. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

8f895983e8d24b3edde4f695621f6b9a2fd20923 19-Dec-2016 Pavel Březina <pbrezina@redhat.com>

cache_req: make plug-ins definition const Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

7be55c7de03da57f43fae3db7e6114eebb117a2e 19-Dec-2016 Pavel Březina <pbrezina@redhat.com>

cache_req: allow to return well known object as result When we are looking name by sid or sid by name we want to be also able to translate well known sid/name into its pair equivalent. This adds the ability to mock cache_req_result if a well known object is found. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

12d771585a84a7523a5b7d9cf502d4bcddecb9b9 19-Dec-2016 Pavel Březina <pbrezina@redhat.com>

cache_req: add group enumeration Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>