cache_req: switch to new code This patch switch the old switch-based cache req code to the new plugin-based. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

IFP: Amend the InfoPipe responder for fqdns Parses the internal sysdb names and puts them on the bus using the sss_output_name() helper. Previously, the raw sysdb names were used. Reviewed-by: Sumit Bose <sbose@redhat.com>

RESPONDER: Removing ncache from ifp_ctx This patch switches ncache from ifp_ctx to resp_ctx. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Removing neg_timeout from ifp repsonder Timeout of negative cache is handled by context of negative cache itself. This patch removes neg_timeout parameter from ifp_ctx and from ifp_user_get_attr_state. Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Removing neg_timeout from pam responder It removes neg_timeout parameter from struct pam_ctx. Timeout is handled by context of negative cache internally. This patch additioanlly removes neg_timeout from struct cache_req_state. Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

IFP: Do not crash on invalid arguments to GetUserAttr Reviewed-by: Pavel Březina <pbrezina@redhat.com>

cache_req: hide input and pass parameters in struct This way it makes it a lot easier to add new parameters. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: add SID lookups Resolves: https://fedorahosted.org/sssd/ticket/2848 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: improve debugging Each debug message is matched to a specific request, this way it will be easier to follow the request flow especially when paralel request are running. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>

IFP: add FindByCertificate method for User objects Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

IFP: deprecate GetUserAttr Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: parse input name if needed The input name is now parse automatically by cache_req if none particullar domain is specified. The parsed named is returned from _recv as an output parameter. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: add support for user by uid Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

cache_req: preparations for different input type Currently cache_req takes only user name as an input parameter. However, this is not enough since we will need also UID and GID in the future. This patch creates a structure to hold input parameters so it can be simply extended to support other input types. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

IFP: unify generated interfaces names Number of interfaces will grow. It is mandatory to unify names of generated structures and methods to simplify coding and debugging. The C name is created from D-Bus lowercased interface name using the following rewrite rules: org.freedesktop.sssd.infopipe -> iface_ifp . -> _ Example: org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

IFP: use new cache interface Reviewed-by: Michal Židek <mzidek@redhat.com>

IFP: Return group names with the right case The IFP code wasn't honoring the case settings of the domain. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

IFP: support views Reviewed-by: Sumit Bose <sbose@redhat.com>

IFP: Use the override_space option https://fedorahosted.org/sssd/ticket/2397 The input of the InfoPipe responder substitutes the configured character for space and the GetUserAttrs and GetUserGroups functions substitute space for the configured character in their output. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

IFP: Fix lookups with fully-qualified names The Data Provider lookup code user the original input string as the lookup key instead of the parsed name component. For example, for an input joe@mydomain, the backend would have searched for: (&(cn=joe@mydomain)(objectclass=user)) This patch fixes the lookup to use the parsed name. https://fedorahosted.org/sssd/ticket/2402 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Remove unused parameter from ifp_user_get_groups_reply Reviewed-by: Pavel Reichl <preichl@redhat.com>

Remove unused parameter from ifp_user_get_attr_handle_reply Reviewed-by: Pavel Reichl <preichl@redhat.com>

IFP: Add a GetGroupsList method This patch adds a new method on the bus with the following synopsis: <method name="GetUserGroups"> <arg name="user" type="s" direction="in" /> <arg name="values" type="as" direction="out"/> </method> Its purpose is to return names of groups the user is a member of as a list of strings. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

IFP: Per-attribute ACL for users Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com>

IFP: Add GetUserAttrs call Adds a DBus method that allows the caller to retrieve attributes of a user. The synopsis of the call is as follows: <method name="GetUserAttr"> <arg type="s" name="user" direction="in"/> <arg type="as" name="attr" direction="in"/> <arg type="a{sv}" name="values" direction="out"/> </method> The return value is an array (one attribute per array member) of dictionaries. The key of the dictionary is the attribute name, the value is a variant containing the attribute values as strings. If an attribute does not exist or is not permitted to be read, no error is returned. If the users does not exist, the method returns an error. In future patches this function will be marked as obsolete in favor of object-oriented approach. ifp_user_get_attr_unpack_msg is a separate function to allow extending it in a later patch. The function to check the cache validity duplicates quite a bit of code with the NSS responder. The refactoring would be nice to get done along with #843. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>

IFP: use a list of allowed_uids for authentication Similar to the PAC responder, the InfoPipe uses a list of UIDs that are allowed to communicate with the IFP responder. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>

IFP: Connect to the system bus Related: https://fedorahosted.org/sssd/ticket/2072 Adds the possibility for the InfoPipe responder to connect to the system bus. At the moment, only a dummy method "Ping" is provided. The method only accepts a single string parameter that has to be 'ping'.

IFP: Re-add the InfoPipe server Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.