CACHE_REQ: Add plugin methods required for the domain-locator request Adds three new cache_req plugin methods: - cache_req_dp_get_domain_check_fn - check if it is time to run the locator request again - cache_req_dp_get_domain_send/recv_fn - run the locator itself The reason we added also the checker is that when the locator runs, we add a temporary entry into the negative cache that would denote that the locator ran and the ordinary domain negative cache (UID negcache, GID negcache, ..) were set for the domains and can be still used to skip domains that we know do not contain the account without calling the getAccountDomain handler again. If we didn't have this checker, requesting an entry from a domain further down the domain list would always call the locator, only to always receive the same results. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>

CACHE_REQ: Add a new cache_req_ncache_filter_fn() plugin function This function will be responsible for filtering out all the results that we have that are also present in the negative cache. This is useful mainly for plugins which don't use name as an input token but can still be affected by filter_{users,groups} options. For now this new function is not being used anywhere. Related: https://pagure.io/SSSD/sssd/issue/3362 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

CACHE_REQ: Domain type selection in cache_req Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new enumeration cache_req_dom_type. It is a tri-state that allows the caller to select which domains can be contacted - either only POSIX, only application domains or any type. Not all plugins of cache_req have the new parameter added -- only those that are usable/useful in a non-POSIX environment. For example, it makes no sense to allow the selection for calls by ID because those are inherently POSIX-specific. Also, services or netgroups are supported only coming from POSIX domains. At the moment, the patch should not change any behaviour as all calls default to contacting POSIX domains only. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

CACHE_REQ: Descend into subdomains on lookups Let's make all plugins, but the "host_by_name", to descend into the subdomains on lookups. This patch basically prepares the field for the coming up patches that will allow group/user resolution in all domains (or a subset of the domains) to be possible by only using the short names without the domain component. The "host_by_name" plugin was not changed as it's a specific IPA plugin and won't find anything on its subdomains. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>

cache_req: move dp request to plugin This will allow to use cache req even for object that do not use account request such as hosts. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: add ability to not use default domain suffix This will be used in the next plugin "host by name" where it is not desirable to use default domain suffix if set. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: make plug-ins definition const Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: allow to return well known object as result When we are looking name by sid or sid by name we want to be also able to translate well known sid/name into its pair equivalent. This adds the ability to mock cache_req_result if a well known object is found. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

cache_req: add support for services enumeration Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>