History log of /sssd-io/src/confdb/confdb.c
Revision Date Author Comments Expand
346d6d8bf5fdb446921d754c07c8a7d913a048d5 29-Jan-2018 René Genz <liebundartig@freenet.de>

Fix minor spelling mistakes Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd-io/contrib/gdbinit /sssd-io/contrib/sssd.spec.in /sssd-io/src/conf_macros.m4 confdb.c confdb.h confdb_setup.c /sssd-io/src/config/SSSDConfig/__init__.py.in /sssd-io/src/config/SSSDConfig/ipachangeconf.py /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/external/ldap.m4 /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/lib/certmap/sss_cert_content_nss.c /sssd-io/src/man/sss-certmap.5.xml /sssd-io/src/man/sssd-ad.5.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/p11_child/p11_child_nss.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/util/authtok.h /sssd-io/src/util/become_user.c /sssd-io/src/util/cert/libcrypto/cert.c /sssd-io/src/util/cert/nss/cert.c /sssd-io/src/util/inotify.c /sssd-io/src/util/safe-format-string.h /sssd-io/src/util/server.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/util_errors.h
4928657ce937d6b08c79cfe267f206ca2db493c6 06-Dec-2017 Lukas Slebodnik <lslebodn@redhat.com>

confdb: Do not start implicit_files with proxy domain id_provider = proxy + proxy_lib_name = files is equivalent to id_provider = files. But requests to user hit implicit_files domain instead of proxy domain and therefore it broke usage of proxy domain with auth_provider = krb5. Resolves: https://pagure.io/SSSD/sssd/issue/3590 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
30621369bbf6c554401a20d84e447f872608bc53 06-Dec-2017 Lukas Slebodnik <lslebodn@redhat.com>

confdb: Fix starting of implicit files domain We did not start implicit_files domain when sssd configuration contains files domain which was disabled. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
c987e58316f729f7682aa6843f1337f4a4575e07 06-Dec-2017 Lukas Slebodnik <lslebodn@redhat.com>

confdb: Move detection files to separate function Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
d72ac2c58360cd272277b5ddde67bbff53106a74 26-Oct-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFIG: Add a new option auto_private_groups The auto_private_groups option is used to configure the domain->mpg flag which was already set automatically for subdomains, but for some time was not settable by the admin via the configuration file. The new option name, instead of the old magic_private_groups, was chosen purely because this name would hopefully be better understood by admins. The option doesn't do anything yet, it is just added to all the places a new option should be added to. Related: https://pagure.io/SSSD/sssd/issue/1872 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
c33fa33065b1211dba5ea2909bac62843a72e8b5 25-Sep-2017 AmitKumar <amitkuma@redhat.com>

Print a warning when enumeration is requested but disabled Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSS_LOG_NOTICE. Resolves: https://pagure.io/SSSD/sssd/issue/2301 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
9787bc5890865be73a6caedaa22b3fae1e3aa671 31-Aug-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Do not crash with an invalid domain_type or case_sensitive value If the domain_type parameter contained an invalid value, the error branch wouldn't have set the 'ret' parameter to an error condition, which might crash sssd. The same problem occured with CONFDB_DOMAIN_CASE_SENSITIVE Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
b4195db089bc481161b37cd129d0876571f633b4 30-Aug-2017 Fabiano Fidêncio <fidencio@redhat.com>

CONFDB: Set a default value for subdomain_refresh_interval in case an invalid value is set The code as it was seemed wrong as when an invalid value as set we neither error out nor set a default valid value there. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
734e73257fff1c1884b72b8cf988f6d75c3a7567 28-Apr-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Fix standalone application domains When a standalone application domain was configured, for example: ------------------------------------------------- [sssd] domains = appdomain [application/appdomain] id_provider=ldap ldap_uri = ldap://dc.ipa.test ldap_search_base = cn=accounts,dc=ipa,dc=test ldap_schema = rfc2307bis sudo_provider = none ldap_sasl_mech = gssapi krb5_realm = IPA.TEST krb5_server = dc.ipa.test ldap_user_uid_number = telephonenumber ldap_user_gid_number = mobile ldap_user_extra_attrs = location:l ------------------------------------------------- We would, when unrolling the application section into a domain section, first add a domain stub, equivalent to: ----------------------------- [domain/appdomain] domain_type = application ----------------------------- Which in config.ldb also contains cn. Then, whem we would add the parameters from the [application] section, but try to add the cn again. This didn't happen when inheriting from a POSIX domain, because there we would set LDB_FLAG_REPLACE for any attributes that exist in the inherited domain. This patch skips the cn attribute both when replacing an inherited domain's attributes and when writing a standalone application domain. Resolves: https://pagure.io/SSSD/sssd/issue/3355 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
3509bb03ecef49264820c9e287e8b2c7e0a8a508 10-Apr-2017 Lukas Slebodnik <lslebodn@redhat.com>

CONFDB: Fix handling of enable_files_domain The option enable_files_domain worked only if sssd was compiled with --enable-files-domain. But manual page described something else. Resolves: https://pagure.io/SSSD/sssd/issue/3340 Reviewed-by: Michal Židek <mzidek@redhat.com>
825e8bf2f73a815c2eceb36ae805145fcbacf74d 30-Mar-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Allow configuring [application] sections as non-POSIX domains Related to: https://pagure.io/SSSD/sssd/issue/3310 Allows to add a new section: [application/$name] This section internally (on the confdb level) expands to: [domain/$name] domain_type = application The reasons to add this new section is two-fold. One, to make the configuration of application domains more explicit and two, to make it possible to share configuration between two domains, one POSIX and one non-POSIX by application domain's inherit_from option: [application/$name] inherit_from = posix_domain_name Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
6324eaf1fb321c41ca9883966118df6d45259b7e 30-Mar-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Introduce SSSD domain type to distinguish POSIX and application domains Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new option that allows to distinguish domains that do contain POSIX users and groups and those that don't. The POSIX domains are the default. The non-POSIX domains are selected by selecting an "application" type domain. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
78bb3676fe8326e0fe2b60daad8bf524e4625d4e 27-Feb-2017 Jakub Hrozek <jhrozek@redhat.com>

MONITOR: Enable an implicit files domain if one is not configured If SSSD is compiled with --enable-files-domain, the loading of the domains changes such that: * if no domain with id_provider=files exists in the config file, an implicit SSSD files domain is added * this domain is always first in the list The administrator is free to create a files domain in the config file himself and either place it at the end of the list or not enable it at all. Resolves: https://pagure.io/SSSD/sssd/issue/3112 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ece2ac6889da2b58f5d4027ec0a1d97992056f66 15-Feb-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: The files domain defaults to "x" as pwfield In order to make it possible for files provider users to authenticate with pam_unix, default to "x" as the pwfield of users from the files domain. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
c778c36c5170c2b9f1cf7a6e3b0811124534df03 15-Feb-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Make pwfield configurable per-domain Previously, the pwfield option was only configurable at the NSS level. Because it's important for the files provider to report "x" as the pwfield instead of "*" which is the SSSD default, this commit makes the pwfield configurable at the domain level. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
a60e6ec802cd2858dc85eabd442cff16fb23618f 15-Feb-2017 Pavel Březina <pbrezina@redhat.com>

CONFDB: The files provider always enumerates Since the files provider always mirrors the whole passwd and group contents, the files domain should always permit its contents to be enumerated. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
90a103d6050b266fd8fc8fd0636be32de5885dec 15-Feb-2017 Jakub Hrozek <jhrozek@redhat.com>

CONFDB: Re-enable the files provider The files provider was "blacklisted" for a long time, because very old (pre-1.0) versions of sssd had the capability to create users and groups by calling into the shadow-utils binaries directly which was later removed. Since nobody is (hopefully) running these ancient versions anymore and we are about to re-enable the files provider, we can remove this check. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
867bb85ecc8117aa8bdde9add0df8857cf87236e 15-Dec-2016 Michal Židek <mzidek@redhat.com>

common: Fix domain case sensitivity init The domain case sensitivity was wrongly set in the domain context after initialization if the provider was AD. Resolves: https://fedorahosted.org/sssd/ticket/3235 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
13b1d270fb72cf2c2e18f0b2a59cb424c51f7675 29-Nov-2016 Lukas Slebodnik <lslebodn@redhat.com>

CONFDB: Supress clang false passitive warnings The errno is macro expandee into '(*__errno_location ())'. The reason is that errno is private in glibc and and the function __errno_location return address of private errno. sh$ objdump -T /lib64/libc.so.6 | grep errno 00000010 g D .tbss 00000004 GLIBC_PRIVATE errno 000208a0 g DF .text 00000011 GLIBC_2.2.5 __errno_location 001366b0 g DF .text 0000005f GLIBC_2.2.5 clnt_sperrno 00136710 g DF .text 00000074 GLIBC_2.2.5 clnt_perrno 00000064 g D .tbss 00000004 GLIBC_PRIVATE __h_errno 0011aad0 g DF .text 00000011 GLIBC_2.2.5 __h_errno_location It looks like clang static analyzer assume that value can be changed due to function call. errno = 0; val = strtol(values[0], NULL, 0); // Taking true branch => assuming "errno != 0" if (errno) { ret = errno; // errno was stored to ret but clang later assumes // that ret can be 0 goto failed; Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
052f8aa2034f7b091097dc5fdafc201b7d684525 29-Jun-2016 Simo Sorce <simo@redhat.com>

ConfDB: Add helper function to get "subsections" The secrets database will have "subsections", ie sections that are in the "secrets" namespace and look like this: [secrets/<path>] This function allows to source any section under secrets/ or under any arbitrary sub-path. Related: https://fedorahosted.org/sssd/ticket/2913 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
8b2a31634764168183506925a4b9f461afdba6f3 27-Jun-2016 Michal Židek <mzidek@redhat.com>

confdb: Check for config file errors on sssd startup Resolves: https://fedorahosted.org/sssd/ticket/2028 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
877b92e80bde510d5cd9f03dbf01e2bcf73ab072 23-Oct-2015 Michal Židek <mzidek@redhat.com>

util: Update get_next_domain's interface Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

confdb.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/monitor/monitor.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_server.c /sssd-io/src/providers/ldap/sdap_domain.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cache_req.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/ifp/ifp_cache.c /sssd-io/src/responder/ifp/ifp_domains.c /sssd-io/src/responder/ifp/ifp_groups.c /sssd-io/src/responder/ifp/ifp_users.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tools/common/sss_tools.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_override.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.h
c299f997e20011536e365bc18e59e73f68629d2c 14-Oct-2015 Petr Cech <pcech@redhat.com>

REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK) There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
3fb1ee96f508784d7e06f079111d4d32d401a99b 30-Sep-2015 Pavel Reichl <preichl@redhat.com>

confdb: warn if memcache_timeout > than entry_cache Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
b5825c74b6bf7a99ae2172392dbecb51179013a6 21-Sep-2015 Jakub Hrozek <jhrozek@redhat.com>

UTIL: Convert domain->disabled into tri-state with domain states Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
0aa18cc0bf3447ca734476926724f1632e160807 06-Jul-2015 Pavel Reichl <preichl@redhat.com>

PAM: authenticate agains cache Enable authenticating users from cache even when SSSD is in online mode. Introduce new option `cached_auth_timeout`. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8 05-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

confdb: Add new option subdomain_inherit Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl <preichl@redhat.com>
932c3e22e3c59a9c33f30dcc09e6bef257e14320 08-May-2015 Sumit Bose <sbose@redhat.com>

Add cache_credentials_minimal_first_factor_length config option Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
804df4040eb142f82a44c019c7a55b5ce524583c 11-Mar-2015 Michal Zidek <mzidek@redhat.com>

Use FQDN if default domain was set https://fedorahosted.org/sssd/ticket/2569 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
04d138472cc086fb7961f0d378852b09961b1a33 11-Mar-2015 Lukas Slebodnik <lslebodn@redhat.com>

Log reason in debug message why ldb_modify failed Reviewed-by: Sumit Bose <sbose@redhat.com>
b147a7918a4f9672058da1e0f4e06021d508cd7c 05-Jan-2015 Pavel Reichl <preichl@redhat.com>

CONFDB: Typo in debug message Reviewed-by: Sumit Bose <sbose@redhat.com>
4b6fa94d1a00b07c4310678ec721282288a186a0 28-Nov-2014 Michal Zidek <mzidek@redhat.com>

confdb: Make confdb_set_string accept const char pointer The last parameter (value) in the confdb_set_string is not modified, so it makes sense to make it const to avoid unnecessary warnings or casts. Reviewed-by: Pavel Reichl <preichl@redhat.com>
ad132722d6f3393ae1e6d720a222a0f880f2ea54 04-Nov-2014 Pavel Reichl <preichl@redhat.com>

CONFDB: Detect&fix misconf opt refresh_expired_interval Related to: https://fedorahosted.org/sssd/ticket/2102 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
e7cc651468ab8b1462a6a39e712e7b8d36a3a166 20-Oct-2014 Sumit Bose <sbose@redhat.com>

confdb: add has_views and view_name to sss_domain_info To let the responders know which view is applied and to make view handling more efficiently especially when no view is applied/available two new member are added to the sss_domain_info struct. view_name is the name of the view if available. has_views is only true if the client has a specific view applied, i.e. it is false for the case when there are no views at all (e.g. plain LDAP provider) or the client has the FreeIPA default view. This allows the responders to easily bypass any view related code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
3ac7c4fe618ede980a4df8d90341ef1fd0f1f62f 05-Sep-2014 William B <william@adelaide.edu.au>

SSS_CACHE: Allow sss_cache tool to flush SSH hosts cache Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
2b94ab415b30861f42b68725d9231905baf8c3bd 29-Jul-2014 Michal Zidek <mzidek@redhat.com>

Remove unused function confdb_set_bool Reviewed-by: Pavel Reichl <preichl@redhat.com>
ff22e829fd73fc53027d1e6ca005a9ac334086dd 29-Jul-2014 Michal Zidek <mzidek@redhat.com>

case_sensitivity = preserving If case_sensitivity is set to 'preserving', getXXnam returns name attribute in the same format as stored in LDAP. Fixes: https://fedorahosted.org/sssd/ticket/2367 Reviewed-by: Pavel Reichl <preichl@redhat.com>
5328aaeea84268b6d4e26cd33a2b3e8ea89bc349 29-Jul-2014 Michal Zidek <mzidek@redhat.com>

Add function confdb_set_string. Part of fix for: https://fedorahosted.org/sssd/ticket/2367 Reviewed-by: Pavel Reichl <preichl@redhat.com>
ae0a5011e2644eaa482ea1b9e1451eff05c676b9 02-Jun-2014 Lukas Slebodnik <lslebodn@redhat.com>

NSS: Add option to expand homedir template format LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853
d81f46fb294a6f6f64d3237ab0e0ab01f2c5ea20 28-May-2014 Pavel Březina <pbrezina@redhat.com>

confdb: add confdb_list_all_domain_names() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

confdb.c confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

confdb.c confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_common.c /sssd-io/src/providers/ad/ad_domain_info.c /sssd-io/src/providers/ad/ad_dyndns.c /sssd-io/src/providers/ad/ad_id.c /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_srv.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over_srv.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_autofs.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_config.c /sssd-io/src/providers/ipa/ipa_dyndns.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_hosts.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_idmap.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/ipa/ipa_s2n_exop.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_selinux_maps.c /sssd-io/src/providers/ipa/ipa_srv.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/ipa/ipa_sudo.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_id_services.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_autofs.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_groups_ad.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_nested_groups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_services.c /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd-io/src/providers/ldap/sdap_async_sudo_timer.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_range.c /sssd-io/src/providers/ldap/sdap_refresh.c /sssd-io/src/providers/ldap/sdap_reinit.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo_cache.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
fd520622529e26682eb8fa4c5355db18399c3121 09-Feb-2014 Pavel Reichl <preichl@redhat.com>

CONFDB: fail if there are domains with same name Fail to start sssd if the domains given in the domains option are the same as or only differ in case. Resolves: https://fedorahosted.org/sssd/ticket/2171 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
cd4cc8d8829f1ea5257bf874b91980368114275f 25-Oct-2013 Pavel Březina <pbrezina@redhat.com>

dp: make subdomains refresh interval configurable This patch makes the refresh of available subdomains configurable. New option: subdomain_refresh_interval (undocumented) Resolves: https://fedorahosted.org/sssd/ticket/1968
33c865412732554ef255e93c4e7a58b0bce963c6 28-Aug-2013 Jakub Hrozek <jhrozek@redhat.com>

Add a new option to control subdomain enumeration
0cf0e2d758d09e9b314ba72ce6638df10b258462 10-Jun-2013 Pavel Březina <pbrezina@redhat.com>

back end: add refresh expired records periodic task https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
e41ac95891837e8a818f529cef9376cb190b8507 01-Mar-2013 Jakub Hrozek <jhrozek@redhat.com>

Don't treat 0 as default for pam_pwd_expiration warning
9807576b4cb1d022e918b45bf7dabbe9b41b1c87 21-Feb-2013 Jakub Hrozek <jhrozek@redhat.com>

Fix the krb5 password expiration warning https://fedorahosted.org/sssd/ticket/1808
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17 10-Feb-2013 Simo Sorce <simo@redhat.com>

Change the way domains are linked. - Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
0232747f04b650796db56fd7b487aee8a96fab03 10-Feb-2013 Simo Sorce <simo@redhat.com>

Add function get_next_domain() Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
1d262e93850e2be65a774da070600947f1b75153 22-Jan-2013 Jakub Hrozek <jhrozek@redhat.com>

Convert the value of pwd_exp_warning to seconds When read from the domain section, the pwd_expiration_warning was properly converted to seconds from days, but not the pam_pwd_expiration_warning set in the [pam] section. https://fedorahosted.org/sssd/ticket/1773
c14184c07634801cda7864aa17c6fa8dc9ab43d1 15-Jan-2013 Simo Sorce <simo@redhat.com>

Move mpg flag to the domain where it belongs A sysdb contains now multiple domains, but the mpg property is a property of a specific domain not of the underlying database.
04759b59e71c78ab23b84d13dd29d9c6dd680adb 02-Jan-2013 Michal Zidek <mzidek@redhat.com>

failover: Protect against empty host names Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
59f136cd254d1acf2991c97221eb08803784777d 15-Nov-2012 Paul B. Henson <henson@acm.org>

Add ignore_group_members option. https://fedorahosted.org/sssd/ticket/1376
66318dfe1e7138ff3fc780c4b3f0b29c4b2d8712 18-Oct-2012 Jakub Hrozek <jhrozek@redhat.com>

Allow setting the default_shell option per-domain as well https://fedorahosted.org/sssd/ticket/1583
695bca9d2f73096254308e0883fcc74b2631850e 20-Jul-2012 Stephen Gallagher <sgallagh@redhat.com>

NSS: Add override_shell option If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
a6cbaf2932762e3e191a6bec252afec3c91bf97c 06-Jul-2012 Stephen Gallagher <sgallagh@redhat.com>

CONFDB: Add the ability to set a boolean value in the confdb
da9fd6373b94a49b748542ab568997b9e2421972 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

confdb: add entry_cache_sudo_timeout option
efc4a645d50f68d2a289c7e8a05bedf051d3c67d 25-Jun-2012 Sumit Bose <sbose@redhat.com>

Set default for subdomain_homedir
387349ae092f6dbeb8e4bca291a772695836629c 20-Jun-2012 Stef Walter <stefw@gnome.org>

Move some debug lines to new debug log levels * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
3db7aca0479a30f4a1e66a35b4b7b7bcfd81a78f 11-May-2012 Ariel Barria <arielb@fedoraproject.org>

Bad check for id_provider=local and access_provider=permit documentation-access_provider Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
f6dbb235373b122ae15643ef5dbbe821ee1307d9 10-May-2012 Stephen Gallagher <sgallagh@redhat.com>

NSS: Add fallback_homedir option This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11 04-May-2012 Jan Zeleny <jzeleny@redhat.com>

Modify behavior of pam_pwd_expiration_warning New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
53dae47b4e8995be624c74cb2d4838c6856b0ba4 24-Apr-2012 Pavel Březina <pbrezina@redhat.com>

fix copy and paste error in comment
8ccb0de226ccb9330f5a6865de487d6f0313902d 24-Apr-2012 Jan Zeleny <jzeleny@redhat.com>

New config option for subdomains subdomain_homedir - if set, it contains default value, can be overriden in further processing
d3f2fd9cb21cc10dce663a2f7d0deda07074e44e 24-Apr-2012 Jan Zeleny <jzeleny@redhat.com>

Add conn_name to allow different names for domains and connections
3bea01f01d76e1e95a8239c0d3f67073992136a1 22-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

Don't give memory context in confdb where not needed
9e80079370ff3b943832adc3c5ef430e64be0a0c 06-Feb-2012 Jakub Hrozek <jhrozek@redhat.com>

AUTOFS: responder
bd92e8ee315d4da9350b9ef0358c88a7b54aeebe 04-Feb-2012 Stephen Gallagher <sgallagh@redhat.com>

NSS: Add individual timeouts for entry types https://fedorahosted.org/sssd/ticket/1016

confdb.c confdb.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_id.h /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_services.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/responder/nss/nsssrv_netgroup.c
f1055c2a8036bb11b5788f969078edee8ba5326e 20-Dec-2011 Jakub Hrozek <jhrozek@redhat.com>

Error out if local domain is case insensitive https://fedorahosted.org/sssd/ticket/1104
b3b42c49656e192787a983aaa8b9ec744ba4cb9d 16-Dec-2011 Jakub Hrozek <jhrozek@redhat.com>

Use the case sensitivity flag in responders
324fb26ba803a999bedc29e93c46c84f27abf5b7 23-May-2011 Sumit Bose <sbose@redhat.com>

Set _GNU_SOURCE globally
d9d716b547d256c03df97b0ff8282349a0f365ad 20-May-2011 Jakub Hrozek <jhrozek@redhat.com>

Add a new option to override home directory value https://fedorahosted.org/sssd/ticket/551
54af51d2129d29258108a6dbf072a82c930bf399 20-May-2011 Jakub Hrozek <jhrozek@redhat.com>

Add a new option to override primary GID number https://fedorahosted.org/sssd/ticket/742
d94c1a6b8badd8e4cf94815ad14ce6c0c715e9d3 13-Oct-2010 Stephen Gallagher <sgallagh@redhat.com>

Store entry_cache_timeout in sss_domain_info object This is useful so that the NSS responder can identify an domain's entry timeout for expiring the memory cache for a lookup such as with netgroups.
e44e99804519b37852ee9ea24d18d2d2710110ce 15-Sep-2010 Jakub Hrozek <jhrozek@redhat.com>

Use a different min_id for local domain When we changed the default min_id to be 1, we forgot about the local domain. It makes sense to keep the minimum id larger there.
4f6a396fcf16f97b2abc3d0cba10e9aa9bc38619 08-Sep-2010 Jan Zeleny <jzeleny@redhat.com>

Dead assignments cleanup in various places in SSSD Three assignments deleted, two return code inspection added. Also found and fixed one critical bug caused by dead assignment. Ticket: #590
8f4aaae28c88c707853f8f28d8babc4efe0c1bf6 04-Mar-2010 Martin Nagy <mnagy@redhat.com>

Add forgotten \n in DEBUG statements Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
70f4c2a1c476804b4fc409923b6fb7b0c2d2aaf4 04-Mar-2010 Martin Nagy <mnagy@redhat.com>

Make confdb_init's confdb_location parameter const
c24dd6734f36f13df84d9fdb28ce1be45451a41d 23-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Revert "Change default for enumeration to TRUE" This reverts commit 75a9f18ad8ac6e885ac34cdeebc4d8f8734713f8.
94cafd6f5b63aac3ad084d14fa3be24213374021 23-Feb-2010 Sumit Bose <sbose@redhat.com>

Fix file permissions of config.ldb
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 confdb.c confdb.h confdb_private.h confdb_setup.c confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po /sssd-io/src/providers/child_common.c /sssd-io/src/providers/child_common.h /sssd-io/src/providers/data_provider.h /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/dp_sbus.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_timerules.c /sssd-io/src/providers/ipa/ipa_timerules.h /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_utils.h /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_accounts.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_private.h /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/providers.h /sssd-io/src/providers/proxy.c /sssd-io/src/providers/sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h