Fix minor spelling mistakes in responder/* Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sysdb: do not use objectClass for users and groups The majority of the object in the SSSD cache are users and groups. If there are many user and groups in the cache the index objects of the objectclass attributes 'user' and 'group' become large because the must hold references to all objects of those object classes. As a result the management of these index objects becomes costly because they must be parsed and split apart quite often. Additionally they are mostly useless because user and groups are lookup up by more specific attributes in general. Only when enumerating all user or groups this kind of index might be useful. There are two way of removing this kind of index from the user and group objects. Either by removing objectClass from the list of indexes and add a new attribute to all other type of object we want and index for. Or by replacing objectClass with a different attribute for the user and group objects. After some testing I think the latter one is the more reliable one and implemented it in this patch. Related to https://pagure.io/SSSD/sssd/issue/3503 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

NSS: add support for SSS_NSS_EX_FLAG_INVALIDATE_CACHE The patch adds support for the SSS_NSS_EX_FLAG_INVALIDATE_CACHE flag and makes the existing code more flexible and handle additional flags. If SSS_NSS_EX_FLAG_INVALIDATE_CACHE is set the requested object is only looked up in the cache and if it was found on-disk and memory cache entries will be invalidated. Related to https://pagure.io/SSSD/sssd/issue/2478 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

CACHE_REQ: Make use of cache_req_ncache_filter_fn() This patch makes use of cache_req_ncache_filter_fn() in order to process the result of a cache_req search and then filter out all the results that are present in the negative cache. The "post cache_req search" result processing is done basically in two different cases: - plugins which don't use name as an input token (group_by_id, user_by_id and object_by_id), but still can be affected by filter_{users,groups} options; - plugins responsible for groups and users enumeration (enum_groups and enum_users); Resolves: https://pagure.io/SSSD/sssd/issue/3362 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NSS: Move output name formatting to utils Move NSS nss_get_name_from_msg and the core of sized_output_name to the utils to make them available to provider and other responders. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Move sized_output_name() and sized_domain_name() into responder common code These functions are used to format a name into a format that the user configured for output, including case sensitiveness, replacing whitespace and qualified format. They were used only in the NSS responder, which typically returns strings to the NSS client library and then the user. But it makes sense to just reuse the same code in the IFP responder as well, since it does essentially the same job. The patch also renames sized_member_name to sized_domain_name. Previously, the function was only used to format a group member, the IFP responder would use the same function to format a group the user is a member of. Related to: https://pagure.io/SSSD/sssd/issue/3268 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

CONFDB: Make pwfield configurable per-domain Previously, the pwfield option was only configurable at the NSS level. Because it's important for the files provider to report "x" as the pwfield instead of "*" which is the SSSD default, this commit makes the pwfield configurable at the domain level. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

nss: rewrite nss responder so it uses cache_req Given the size of the current nss responder it was quite impossible to simply switch into using the cache_req interface, especially because most of the code was duplication of cache lookups. This patch completely rewrites the responder from scratch. The amount of code was reduced to less than a half lines of code with no code duplication, better documentation and better maintainability and readability. All functionality should be intact. *Code organization* All protocol (parsing input message and send a reply) is placed in nss_protocol.c. Functions that deals with creating a reply packet are placed into their specific nss_protocol_$object.c files. All supported commands are placed into nss_cmd.c. Functions that deals with cache req are in nss_get_object.c and nss_enum.c. *Code flow for non-enumeration* An nss_getby_$input-type is called for each non-enumeration command. This function parses the input message, creates a cache_req_data structure and issues nss_get_object that calls cache_req. When this request is done nss_getby_done make sure a reply is sent to the client. *Comments on enumeration* I made some effort to make sure enumeration shares the same code for users, groups, services and netgroups. Netgroups now uses nss negative cache instead of implementing its own. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>