History log of /sssd-io/src/providers/data_provider_fo.c
Revision Date Author Comments Expand
bf83a0faacf16196ab9bd37dcf6190b4209ccaf7 27-Jun-2016 Pavel Březina <pbrezina@redhat.com>

DP: Add org.freedesktop.sssd.DataProvider.Failover Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cc2d77d5218c188119fa954c856e858cbde76947 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd-io/Makefile.am /sssd-io/src/p11_child/p11_child_nss.c ad/ad_access.c ad/ad_gpo.c ad/ad_gpo_child.c ad/ad_srv.c ad/ad_subdomains.h backend.h be_dyndns.c be_ptask.c be_refresh.c data_provider_be.c data_provider_callbacks.c data_provider_fo.c ipa/ipa_auth.h ipa/ipa_dyndns.h ipa/ipa_subdomains.h ipa/selinux_child.c krb5/krb5_auth.h krb5/krb5_child.c krb5/krb5_common.c krb5/krb5_common.h ldap/ldap_access.c ldap/ldap_child.c ldap/ldap_common.h ldap/sdap.h ldap/sdap_access.c ldap/sdap_access.h ldap/sdap_async.h ldap/sdap_async_sudo.c ldap/sdap_autofs.c ldap/sdap_dyndns.c ldap/sdap_dyndns.h ldap/sdap_sudo.c ldap/sdap_sudo.h ldap/sdap_sudo_shared.h proxy/proxy.h proxy/proxy_child.c simple/simple_access.c simple/simple_access_check.c /sssd-io/src/tests/cmocka/test_be_ptask.c /sssd-io/src/tests/cmocka/test_data_provider_be.c
b095ba05bf54def5b2dce6bb60946e272ad27cfc 28-Jan-2016 Lukas Slebodnik <lslebodn@redhat.com>

FAILOVER: Improve reporting of errors Reviewed-by: Pavel Březina <pbrezina@redhat.com>
7fdec78178440855058be8ca1011e0b1aa45de31 19-Jan-2016 Sumit Bose <sbose@redhat.com>

FO: add be_fo_get_active_server_name() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10c07e188323a2f9824b5e34379f3b1a9b37759e 23-Oct-2015 Jakub Hrozek <jhrozek@redhat.com>

FO: Use refcount to keep track of servers returned to callers Resolves: https://fedorahosted.org/sssd/ticket/2829 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
669ce24f8157b7d79914b3eb5a18214ef42aacc8 23-Sep-2015 Jakub Hrozek <jhrozek@redhat.com>

FO: Add an API to reset all servers in a single service Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com>
c4fb8f55f2894de431478ccfec63f9a97e090d0e 14-Aug-2015 Michal Židek <mzidek@redhat.com>

DEBUG: Add new debug category for fail over. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6d 03-Mar-2015 Jakub Hrozek <jhrozek@redhat.com>

FO: Use SRV TTL in fail over code Resolves: https://fedorahosted.org/sssd/ticket/1884 Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
bf6f1b3d49e17b1adf0448c0b06e94b1e52ddffd 03-Jun-2014 Lukas Slebodnik <lslebodn@redhat.com>

Unify usage of function gethostname man gethostanme says: NOTES SUSv2 guarantees that "Host names are limited to 255 bytes". POSIX.1-2001 guarantees that "Host names (not including the terminating null byte) are limited to HOST_NAME_MAX bytes". On Linux, HOST_NAME_MAX is defined with the value 64, which has been the limit since Linux 1.0 (earlier kernels imposed a limit of 8 bytes). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
8ed6630fb25c7d5af6e2d9915786b94600198b01 14-Apr-2014 Pavel Reichl <preichl@redhat.com>

failover: Shorter retry time for failed SRV Until now there was only one timeout used to re-resolve SRV queries. This patch adds new (shorter) timeout that will be used for queries that previously failed. Resolves: https://fedorahosted.org/sssd/ticket/1885 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c data_provider_be.c data_provider_callbacks.c data_provider_fo.c data_provider_opts.c dp_auth_util.c dp_pam_data_util.c fail_over.c ipa/ipa_access.c ipa/ipa_auth.c ipa/ipa_common.c ipa/ipa_hbac_common.c ipa/ipa_hbac_hosts.c ipa/ipa_hbac_rules.c ipa/ipa_hbac_services.c ipa/ipa_hbac_users.c ipa/ipa_id.c ipa/ipa_init.c ipa/ipa_netgroups.c krb5/krb5_access.c krb5/krb5_auth.c krb5/krb5_child.c krb5/krb5_child_handler.c krb5/krb5_common.c krb5/krb5_delayed_online_authentication.c krb5/krb5_init.c krb5/krb5_init_shared.c krb5/krb5_renew_tgt.c krb5/krb5_utils.c krb5/krb5_wait_queue.c ldap/ldap_auth.c ldap/ldap_child.c ldap/ldap_common.c ldap/ldap_id.c ldap/ldap_id_cleanup.c ldap/ldap_id_netgroup.c ldap/ldap_init.c ldap/sdap.c ldap/sdap_access.c ldap/sdap_async.c ldap/sdap_async_connection.c ldap/sdap_async_enum.c ldap/sdap_async_groups.c ldap/sdap_async_initgroups.c ldap/sdap_async_initgroups_ad.c ldap/sdap_async_netgroups.c ldap/sdap_async_users.c ldap/sdap_child_helpers.c ldap/sdap_fd_events.c ldap/sdap_id_op.c proxy/proxy_auth.c proxy/proxy_child.c proxy/proxy_id.c proxy/proxy_init.c proxy/proxy_netgroup.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c ad/ad_access.c ad/ad_common.c ad/ad_domain_info.c ad/ad_dyndns.c ad/ad_id.c ad/ad_init.c ad/ad_srv.c ad/ad_subdomains.c data_provider_be.c data_provider_callbacks.c data_provider_fo.c data_provider_opts.c dp_auth_util.c dp_dyndns.c dp_pam_data_util.c dp_ptask.c dp_refresh.c fail_over.c fail_over_srv.c ipa/ipa_access.c ipa/ipa_auth.c ipa/ipa_autofs.c ipa/ipa_common.c ipa/ipa_config.c ipa/ipa_dyndns.c ipa/ipa_hbac_common.c ipa/ipa_hbac_hosts.c ipa/ipa_hbac_rules.c ipa/ipa_hbac_services.c ipa/ipa_hbac_users.c ipa/ipa_hostid.c ipa/ipa_hosts.c ipa/ipa_id.c ipa/ipa_idmap.c ipa/ipa_init.c ipa/ipa_netgroups.c ipa/ipa_s2n_exop.c ipa/ipa_selinux.c ipa/ipa_selinux_maps.c ipa/ipa_srv.c ipa/ipa_subdomains.c ipa/ipa_subdomains_ext_groups.c ipa/ipa_subdomains_id.c ipa/ipa_sudo.c krb5/krb5_access.c krb5/krb5_auth.c krb5/krb5_become_user.c krb5/krb5_child.c krb5/krb5_child_handler.c krb5/krb5_common.c krb5/krb5_delayed_online_authentication.c krb5/krb5_init.c krb5/krb5_init_shared.c krb5/krb5_renew_tgt.c krb5/krb5_utils.c krb5/krb5_wait_queue.c ldap/ldap_access.c ldap/ldap_auth.c ldap/ldap_child.c ldap/ldap_common.c ldap/ldap_id.c ldap/ldap_id_cleanup.c ldap/ldap_id_enum.c ldap/ldap_id_netgroup.c ldap/ldap_id_services.c ldap/ldap_init.c ldap/sdap.c ldap/sdap_access.c ldap/sdap_async.c ldap/sdap_async_autofs.c ldap/sdap_async_connection.c ldap/sdap_async_enum.c ldap/sdap_async_groups.c ldap/sdap_async_groups_ad.c ldap/sdap_async_initgroups.c ldap/sdap_async_initgroups_ad.c ldap/sdap_async_nested_groups.c ldap/sdap_async_netgroups.c ldap/sdap_async_services.c ldap/sdap_async_sudo.c ldap/sdap_async_sudo_hostinfo.c ldap/sdap_async_sudo_timer.c ldap/sdap_async_users.c ldap/sdap_autofs.c ldap/sdap_child_helpers.c ldap/sdap_dyndns.c ldap/sdap_fd_events.c ldap/sdap_id_op.c ldap/sdap_idmap.c ldap/sdap_range.c ldap/sdap_refresh.c ldap/sdap_reinit.c ldap/sdap_sudo.c ldap/sdap_sudo_cache.c proxy/proxy_auth.c proxy/proxy_child.c proxy/proxy_id.c proxy/proxy_init.c proxy/proxy_netgroup.c proxy/proxy_services.c simple/simple_access.c simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
9576c4b433a5f7234065aa8d53fad58f65a15d80 09-Aug-2013 Jakub Hrozek <jhrozek@redhat.com>

Use the correct resolv timeout
6176eeeae6e75d3ce78eb98d46dc478541ba6282 24-Jul-2013 Michal Zidek <mzidek@redhat.com>

Set default DNS resolution timeout to 6 seconds. Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966 To avoid the problem mentioned in the ticket above, option dns_discovery_domain must be set properly.
77d165f0629966db65753a3aee84a8b4971673af 10-Apr-2013 Pavel Březina <pbrezina@redhat.com>

DNS sites support - SRV DNS lookup plugin https://fedorahosted.org/sssd/ticket/1032 This plugin mimics the current behaviour. If discovery_domain is set it is the only domain that is tried. If discovery_domain is not set, we try to autodetect domain first and if that fails or SRV lookup on this domain fails, we fallback to SSSD domain name.
f9961e5f82e0ef474d6492371bfdf9e74e208a99 10-Apr-2013 Pavel Březina <pbrezina@redhat.com>

DNS sites support - SRV lookup plugin interface https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.
584eda085e83a428f2c39dadf0d7adeaff5c87f4 03-Apr-2013 Jakub Hrozek <jhrozek@redhat.com>

Init failover with be_res options
e148ba6dbb26a0eac162ac9a2ff550da2c883808 18-Dec-2012 Pavel Březina <pbrezina@redhat.com>

try primary server after retry_timeout + 1 seconds when switching to backup https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.
457f7bbf42a898944e3759b9bf18e1c1ec73a7a0 04-Dec-2012 Michal Zidek <mzidek@redhat.com>

Missing parameter in DEBUG message.
d25e7c659361ebd794ef011dc9305543f266e8c4 13-Sep-2012 Jakub Hrozek <jhrozek@redhat.com>

FO: Check server validity before setting status The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364
9ab243b369ba317cc964080786dbcdebaf23d6be 15-Aug-2012 Michal Zidek <mzidek@redhat.com>

Duplicate detection in fail over did not work. https://fedorahosted.org/sssd/ticket/1472
bbd33e46aa6194c1086939f7cf8538c067186455 01-Aug-2012 Jan Zeleny <jzeleny@redhat.com>

Primary server support: basic support in failover code Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
606d2d03833903f00d40f9810d4dccd04a752e76 08-Mar-2012 Jakub Hrozek <jhrozek@redhat.com>

Detect cycle in the fail over on subsequent resolve requests only
b300bad539e9a9ad7f3a88dc91253afff0425cb6 06-Mar-2012 Jakub Hrozek <jhrozek@redhat.com>

Only do one cycle when resolving a server https://fedorahosted.org/sssd/ticket/1214
e840b9da42d696eb86307c641f5196f12ec4b9c4 01-Mar-2012 Stephen Gallagher <sgallagh@redhat.com>

IPA: Set the DNS discovery domain to match ipa_domain https://fedorahosted.org/sssd/ticket/1217
3bea01f01d76e1e95a8239c0d3f67073992136a1 22-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

Don't give memory context in confdb where not needed
b8ecc581cdd8c7d097bf9db67a4cb220fbbcff6d 20-Dec-2011 Jakub Hrozek <jhrozek@redhat.com>

Failover: Introduce a per-service timeout https://fedorahosted.org/sssd/ticket/976
ac3a1f3da772cf101101c31675c63dc3549b21b5 22-Nov-2011 Jakub Hrozek <jhrozek@redhat.com>

Cleanup: Remove unused parameters

data_provider_fo.c ipa/ipa_access.c ipa/ipa_dyndns.c ipa/ipa_dyndns.h ipa/ipa_hbac_common.c ipa/ipa_hbac_hosts.c ipa/ipa_hbac_private.h ipa/ipa_hbac_rules.c ipa/ipa_hbac_services.c ipa/ipa_hbac_users.c ipa/ipa_init.c krb5/krb5_auth.c ldap/ldap_auth.c ldap/ldap_id_cleanup.c ldap/sdap.c ldap/sdap.h ldap/sdap_access.c ldap/sdap_async.c ldap/sdap_async_connection.c ldap/sdap_async_groups.c ldap/sdap_async_initgroups.c ldap/sdap_async_netgroups.c proxy/proxy.h proxy/proxy_id.c proxy/proxy_netgroup.c /sssd-io/src/python/pysss.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/tools/nscd.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/crypto/nss/nss_obfuscate.c
99dd40a885ed3d42af4bbbde7ee2fc98830544d0 25-Aug-2011 Pavel Březina <pbrezina@redhat.com>

New DEBUG facility - conversion https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)

/sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_sbus.c child_common.c data_provider.h data_provider_be.c data_provider_fo.c krb5/krb5_child.c ldap/ldap_child.c ldap/sdap_async.c ldap/sdap_fd_events.c proxy/proxy_auth.c proxy/proxy_child.c proxy/proxy_id.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/crypto-tests.c /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/util-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/util/debug.c /sssd-io/src/util/server.c /sssd-io/src/util/util.h
9b85268eabe33d624b9d184251e89c0c7ae829a2 21-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

fo_get_server_name() getter for a server name Allows to be more concise in tests and more defensive in resolve callbacks
363d2fba991eae199d017f5b2d1b458f070fac6b 21-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Rename fo_get_server_name to fo_get_server_str_name
5cce63203779c688a975d593d4f0d8ff3228e040 21-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Only print server address if one is available
3136a82b9d76283b10244a9768e1f325503995d5 11-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Split reading resolver family order into a separate function
570c8a9351b28582301d2ce6b5de3b23f72ee583 11-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Do not hardcode default resolver timeout
1240496176a07e804c57d43926509d5ccbf0fc41 15-Jun-2011 Jakub Hrozek <jhrozek@redhat.com>

Switch resolver to using resolv_hostent and honor TTL
5f4b4fb5a26ddcfa578a368688e81b36b5612d06 09-Mar-2011 Jakub Hrozek <jhrozek@redhat.com>

Run callbacks if server IP changes
9917b96e31df3fa992d235a050ed1dc0e9939b3d 21-Jan-2011 Stephen Gallagher <sgallagh@redhat.com>

Allow fallback to SSSD domain For backwards-compatibility with older versions of the SSSD (such as 1.2.x), we need to be able to have our DNS SRV record lookup be capable of falling back to using the SSSD domain name as the DNS discovery domain. This patch modifies our DNS lookups so that they behave as follows: If dns_discovery_domain is specified, it is considered authoritative. No other discovery domains will be attempted. If dns_discovery_domain is not specified, we first attempt to look up the SRV records using the domain portion of the machine's hostname. If this returns "NOTFOUND", we will try performing an SRV record query using the SSSD domain name as the DNS discovery domain. https://fedorahosted.org/sssd/ticket/754
c8708cd958c633cc3c57a3460bdb15391200e1e1 01-Dec-2010 Sumit Bose <sbose@redhat.com>

Run checks before resetting offline state Before setting the backend to online during a reset offline request the check_online method if the ID provider is called. If the check_online method returns that the ID provider is still not reachable the backend stays offline. Otherwise the backend is switched to online and the related callbacks are run. Additionally the check online test is called during the res_init request because a change in /etc/resolve.conf might also make a server reachable which was assumed offline before.
40def28805f9df3ff640209def765723cd8e2de3 01-Dec-2010 Jakub Hrozek <jhrozek@redhat.com>

Allow protocol fallback for SRV queries https://fedorahosted.org/sssd/ticket/691
54577e54d1b6300aeb348087372c14ed72530f88 09-Jul-2010 eindenbom <eindenbom@gmail.com>

Add an interface to try next fail-over server after connection to the active server was unexpectedly dropped.
faace4bdd6b84f60d2f707c00d31a84c0e84d375 09-Jul-2010 eindenbom <eindenbom@gmail.com>

Added an interface to query number of configured (and currently resolved through SRV records) failover servers.
780ffc9f6d5e1fcd4df3d390b56cb98878223cc0 30-Jun-2010 Jakub Hrozek <jhrozek@redhat.com>

Add dns_discovery_domain option The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
6f5472ad13a013bacd66d2f32a5addfe535239f3 27-May-2010 Sumit Bose <sbose@redhat.com>

Add run_callbacks flag
66da80489c0114878043b40592c5f47d41eb0ffd 07-May-2010 Jakub Hrozek <jhrozek@redhat.com>

Use service discovery in backends Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
83bc461f812b3c3df260b5f75d84b34bb1135062 30-Apr-2010 Stephen Gallagher <sgallagh@redhat.com>

Add dns_resolver_timeout option We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)
e0bb119bdc1549d731f371202428c0cb667d3388 22-Feb-2010 Jakub Hrozek <jhrozek@redhat.com>

Restrict family lookups Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb.h /sssd-io/src/confdb/confdb_private.h /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/confdb/confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po child_common.c child_common.h data_provider.h data_provider_be.c data_provider_fo.c data_provider_opts.c dp_auth_util.c dp_backend.h dp_sbus.c fail_over.c fail_over.h ipa/ipa_access.c ipa/ipa_access.h ipa/ipa_auth.c ipa/ipa_auth.h ipa/ipa_common.c ipa/ipa_common.h ipa/ipa_init.c ipa/ipa_timerules.c ipa/ipa_timerules.h krb5/krb5_auth.c krb5/krb5_auth.h krb5/krb5_become_user.c krb5/krb5_child.c krb5/krb5_common.c krb5/krb5_common.h krb5/krb5_init.c krb5/krb5_utils.c krb5/krb5_utils.h ldap/ldap_auth.c ldap/ldap_child.c ldap/ldap_common.c ldap/ldap_common.h ldap/ldap_id.c ldap/ldap_id_cleanup.c ldap/ldap_id_enum.c ldap/ldap_init.c ldap/sdap.c ldap/sdap.h ldap/sdap_async.c ldap/sdap_async.h ldap/sdap_async_accounts.c ldap/sdap_async_connection.c ldap/sdap_async_private.h ldap/sdap_child_helpers.c providers.h proxy.c sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h