From 6c4e8869ba6121ddbc6e1eca880c39b0af3391e0 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 25 Oct 2017 11:38:55 +0300
Subject: [PATCH 15/17] configure.ac: detect extended NSS API provided by SSSD

SSSD exposes an extended NSS API via libsss_nss_idmap. This API allows
to query getpwnam()/getgrnam()/getgruid()/getpwuid()/getgrouplist()
information with a timeout per request. As result, an application has
possibility to cancel too long request.

This API also allows to ignore SSSD cache or invalidate it when
requesting certain information. slapi-nis needs this functionality when
invalidating own entries as result of changes done by other LDAP clients
in the areas which slapi-nis doesn't track directly.

For example, an update of ID override in the Default Trust View should
invalidate user or group entry for that AD object. Since retrieval of
the user/group information relies on SSSD, SSSD needs to be notified
that there is a change in ID override and evict the entry from its cache
as well.
---
 configure.ac | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/configure.ac b/configure.ac
index f82a47e..a958607 100644
--- a/configure.ac
+++ b/configure.ac
@@ -361,8 +361,13 @@ if test "x$use_nsswitch" != xno ; then
 			SSS_NSS_IDMAP_LIBS=
 		fi
 	fi
+
 	AC_SUBST(SSS_NSS_IDMAP_CFLAGS)
 	AC_SUBST(SSS_NSS_IDMAP_LIBS)
+	AC_CHECK_LIB(sss_nss_idmap,sss_nss_getpwnam_timeout)
+	if test "x$ac_cv_lib_sss_nss_idmap_sss_nss_getpwnam_timeout" = xyes ; then
+		AC_DEFINE(USE_SSS_NSS_TIMEOUT,1,[Use extended NSS API provided by SSSD])
+	fi
 
 	if test "x$use_pam" != xno ; then
 		AC_CHECK_HEADERS(security/pam_appl.h)
@@ -384,6 +389,7 @@ if test "x$use_nsswitch" != xno ; then
 	fi
 	AC_DEFINE(USE_NSSWITCH,1,[Use nsswitch API to lookup users and groups not found in the LDAP tree])
 fi
+AM_CONDITIONAL([USE_SSS_NSS_TIMEOUT], [test "x$ac_cv_lib_sss_nss_idmap_sss_nss_getpwnam_timeout" = xyes])
 
 use_idviews=true
 AC_ARG_WITH(idviews,
-- 
2.13.6