History log of /sssd-io/src/providers/ipa/ipa_init.c
Revision Date Author Comments Expand
d2633d922eeed68f92be4248b9172b928c189920 25-Apr-2018 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Augment the sdap_opts structure with a data provider pointer In order to be able to use the Data Provider methods from the SDAP code to e.g. invalidate memcache when needed, add a new field to the sdap_options structure with the data_provider structure pointer. Fill the pointer value for all LDAP-based providers. Related: https://pagure.io/SSSD/sssd/issue/2653 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
47362caf4c30c3ff5a143f4f4a7fd5599db03b48 27-Feb-2018 Lukas Slebodnik <lslebodn@redhat.com>

IPA: Fix typo in debug message in sssm_ipa_selinux_init It was probably a copy&paste mistake. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
2f8d0cc83b986b1d302d431f7a3b7c90682faf99 27-Feb-2018 Lukas Slebodnik <lslebodn@redhat.com>

IPA: Drop unused ifdef HAVE_SELINUX_LOGIN_DIR Macros ALL_SERVICES and selogin_path were conditionally defined in case of existing selinux login directory at configure time (defined macro AVE_SELINUX_LOGIN_DIR) However, these macros were unused for quite a long 2.5 year and last usage was removed in commit 9c47c8c59b5c9078f342f82367cd0ad7857acef8 "IPA: Use set_seuser instead of writing selinux login file" Reviewed-by: Pavel Březina <pbrezina@redhat.com>
60a715a0dd79873d2d2607eab8fdfaf0ffd2e7d3 09-Feb-2018 Hristo Venev <hristo@venev.name>

providers: Move hostid from ipa to sdap, v2 In the ldap provider, all option names are renamed to ldap_host_*. In the ipa provider the names haven't been changed. Host lookups for both ipa and ldap are handled in the ldap provider. sss_ssh_knownhostsproxy works but hostgroups are still only available in the ipa provider. I've also added some documentation for the ldap provider. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3 06-Dec-2017 Jakub Hrozek <jhrozek@redhat.com>

DP: Create a new handler function getAccountDomain() Adds a new method getAccountDomain() which is a bit similar to getAccountInfo, except it doesn't fetch, parse and store the entry, but just returns the domain or a subdomain the entry was found in. At the moment, the method only supports requests by ID. A default handler is provided (and in this patch used by all the domains) which returns ERR_GET_ACCT_DOM_NOT_SUPPORTED. This return code should be evaluated by the responder so that this DP method is not called again, because it's not supported by the back end type. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
2754a8dcfa937d45b024a2e57419248bfd4c4919 21-Nov-2017 Pavel Březina <pbrezina@redhat.com>

ipa: implement method to refresh HBAC rules Related: https://pagure.io/SSSD/sssd/issue/2840 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
6ef14c5c9e16c4a660b5029cd2b6220496a36407 19-Oct-2017 Lukas Slebodnik <lslebodn@redhat.com>

Revert "IPA: Only generate kdcinfo files on clients" This reverts commit a309525cc47da726461aec1f238165c17aade2a6. Even though original patch was correct it is better to revert it becuse otherwise we hit a bug in MIT krb5 when fallback to admin_server if kpasswd_server is not set does not work. And it would take some time to propagate krb5 fix to downstream distributions. https://bugzilla.redhat.com/show_bug.cgi?id=1498347 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
f2e70ec742cd7aab82b74d7e4b424ba3258da7aa 14-Sep-2017 Sumit Bose <sbose@redhat.com>

IPA: fix handling of certmap_ctx This patch fixes a use-after-free in the AD provider part and initializes the certmap_ctx with data from the cache at startup. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
efa0a019f1ede87bcdd4668e70c768b222c30167 13-Sep-2017 AmitKumar <amitkuma@redhat.com>

IPA: check if IPA hostname is fully qualified Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
a309525cc47da726461aec1f238165c17aade2a6 04-Sep-2017 Jakub Hrozek <jhrozek@redhat.com>

IPA: Only generate kdcinfo files on clients In some cases, IPA masters end up having a broken SSSD configuration that also includes the SRV records. This can cause the kdcinfo files to point to a different master which uses a different PKINIT certificate which is only valid for that IPA master. This can result e.g. in webui not working. This patch prevents the kdcinfo files from being generated on the IPA masters, but keep generating them on the clients. Not generating kdcinfo files on masters has no negative performance impact, because libkrb5 is configured via krb5.conf to point to self anyway. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
cd2b8fd423c5b6fbc3b9a466a5dedafd06362116 04-Sep-2017 Jakub Hrozek <jhrozek@redhat.com>

IPA: Reword the DEBUG message about SRV resolution on IDM masters Reviewed-by: Pavel Březina <pbrezina@redhat.com>
f982039c75ec064894deb676ae53ee57de868590 28-Aug-2017 Fabiano Fidêncio <fidencio@redhat.com>

DESKPROFILE: Introduce the new IPA session provider In order to provide FleetCommander[0] integration, a session provider has been introduced for IPA. The design of this feature and more technical details can be found at [1] and [2], which are the design pages of both freeIPA and SSSD parts. As there's no way to test freeIPA integration with our upstream tests, no test has been provided yet. Is also worth to mention that the name "deskprofile" has been chosen instead of "fleetcmd" in order to match with the freeIPA plugin. It means that, for consistence, all source files, directories created, options added, functions prefixes and so on are following the choice accordingly. [0]: https://wiki.gnome.org/Projects/FleetCommander [1]: https://github.com/abbra/freeipa-desktop-profile/blob/master/plugin/Feature.mediawiki [2]: https://docs.pagure.org/SSSD.sssd/design_pages/fleet_commander_integration.html Resolves: https://pagure.io/SSSD/sssd/issue/2995 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

/sssd-io/Makefile.am /sssd-io/contrib/sssd.spec.in /sssd-io/src/confdb/confdb.h /sssd-io/src/config/SSSDConfig/__init__.py.in /sssd-io/src/config/SSSDConfig/sssd_upgrade_config.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/cfg_rules.ini /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/providers/data_provider/dp.h /sssd-io/src/providers/data_provider/dp_target_auth.c /sssd-io/src/providers/data_provider/dp_targets.c ipa_common.c ipa_common.h ipa_deskprofile_config.c ipa_deskprofile_config.h ipa_deskprofile_private.h ipa_deskprofile_rules.c ipa_deskprofile_rules.h ipa_deskprofile_rules_util.c ipa_deskprofile_rules_util.h ipa_init.c ipa_opts.c ipa_session.c ipa_session.h /sssd-io/src/responder/ifp/ifp_components.c
b3851e86af91dc1aa6e265d5b2e4279b2611ff43 30-Aug-2016 Pavel Březina <pbrezina@redhat.com>

dyndns: fix typo and unify ipa with ad debug message when off Reviewed-by: Petr Čech <pcech@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
bc7991db97482eb2ac77f7105ee4bb3d329acff7 25-Jul-2016 Lukas Slebodnik <lslebodn@redhat.com>

Amend debug messages after failure of unlink Some messages did not have errno or name of problematic file. There was also improper use of negative value. The function strerror was called with -1 instead of errno Reviewed-by: Petr Čech <pcech@redhat.com>
17dccc24e4490dfda2820d46b62a029b14ba2359 18-Jul-2016 Sumit Bose <sbose@redhat.com>

IPA: add ipa_init_get_krb5_auth_ctx() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
3d29430867cf92b2d71afa95abb679711231117c 15-Jul-2016 Pavel Březina <pbrezina@redhat.com>

DP: rename be_acct_req to dp_id_data Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
dea636af4d1902a081ee891f1b19ee2f8729d759 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

DP: Switch to new interface Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd-io/Makefile.am /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_access.h /sssd-io/src/providers/ad/ad_autofs.c /sssd-io/src/providers/ad/ad_common.h /sssd-io/src/providers/ad/ad_id.c /sssd-io/src/providers/ad/ad_id.h /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/ad/ad_subdomains.h /sssd-io/src/providers/ad/ad_sudo.c /sssd-io/src/providers/backend.h /sssd-io/src/providers/data_provider/dp_custom_data.h /sssd-io/src/providers/data_provider/dp_iface.c /sssd-io/src/providers/data_provider/dp_iface.h /sssd-io/src/providers/data_provider/dp_target_auth.c /sssd-io/src/providers/data_provider/dp_target_autofs.c /sssd-io/src/providers/data_provider/dp_target_hostid.c /sssd-io/src/providers/data_provider/dp_target_id.c /sssd-io/src/providers/data_provider/dp_target_subdomains.c /sssd-io/src/providers/data_provider/dp_target_sudo.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_req.c /sssd-io/src/providers/data_provider_req.h ipa_access.c ipa_access.h ipa_auth.c ipa_auth.h ipa_autofs.c ipa_common.h ipa_hbac_common.c ipa_hostid.c ipa_hostid.h ipa_id.c ipa_id.h ipa_init.c ipa_selinux.c ipa_selinux.h ipa_subdomains.c ipa_subdomains.h ipa_subdomains_ext_groups.c ipa_subdomains_id.c ipa_subdomains_server.c ipa_sudo.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap_access.h /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_autofs.h /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_online_check.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo.h /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_client.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/tests/cmocka/test_nested_groups.c /sssd-io/src/tests/simple_access-tests.c
892ddeb5190dd5c1ffa26a95142a10a0034fc5e3 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

Rename dp_dyndns.h to be_dyndns.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
e2d96566aeb881bd89e5c9236d663f6a9a88019a 24-Feb-2016 Jakub Hrozek <jhrozek@redhat.com>

IPA: Add interface to call into IPA provider from LDAP provider https://fedorahosted.org/sssd/ticket/2522 Adds a pluggable interface that is able to resolve the IPA group's external members. At the moment, the request calls the full be_ interface to make sure all corner cases like id-views are handled internally. Reviewed-by: Sumit Bose <sbose@redhat.com>
27e89b6925334565c73c407a9ae2809358789c81 14-Jun-2015 Jakub Hrozek <jhrozek@redhat.com>

IPA: Move server-mode functions to a separate module There is already quite a few functions that are server-mode specific and there will be even more with one-way trusts. Split the server-mode specific functions into a separate module. Reviewed-by: Sumit Bose <sbose@redhat.com>
deb28a893c76f7c94b6cc8e596742665e23d97d5 08-May-2015 Sumit Bose <sbose@redhat.com>

IPA: create preauth indicator file at startup Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
17531a398cc9084036cb08d69fe876a8f12707bb 08-Mar-2015 Pavel Březina <pbrezina@redhat.com>

be_refresh: add sdap_refresh_init Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
e0d2777620726f3f9f1f0eee911c5a9c66488443 24-Nov-2014 Jakub Hrozek <jhrozek@redhat.com>

Hint about removing sysdb if initializing ID map fails https://fedorahosted.org/sssd/ticket/2477 Reviewed-by: Pavel Reichl <preichl@redhat.com>
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8 16-Oct-2014 Sumit Bose <sbose@redhat.com>

IPA: add view support and get view name Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/fail_over.c ipa_access.c ipa_auth.c ipa_common.c ipa_hbac_common.c ipa_hbac_hosts.c ipa_hbac_rules.c ipa_hbac_services.c ipa_hbac_users.c ipa_id.c ipa_init.c ipa_netgroups.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_common.c /sssd-io/src/providers/ad/ad_domain_info.c /sssd-io/src/providers/ad/ad_dyndns.c /sssd-io/src/providers/ad/ad_id.c /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_srv.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over_srv.c ipa_access.c ipa_auth.c ipa_autofs.c ipa_common.c ipa_config.c ipa_dyndns.c ipa_hbac_common.c ipa_hbac_hosts.c ipa_hbac_rules.c ipa_hbac_services.c ipa_hbac_users.c ipa_hostid.c ipa_hosts.c ipa_id.c ipa_idmap.c ipa_init.c ipa_netgroups.c ipa_s2n_exop.c ipa_selinux.c ipa_selinux_maps.c ipa_srv.c ipa_subdomains.c ipa_subdomains_ext_groups.c ipa_subdomains_id.c ipa_sudo.c /sssd-io/src/providers/krb5/krb5_access.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_delayed_online_authentication.c /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_init_shared.c /sssd-io/src/providers/krb5/krb5_renew_tgt.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_id_services.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_autofs.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_groups_ad.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_nested_groups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_services.c /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd-io/src/providers/ldap/sdap_async_sudo_timer.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_range.c /sssd-io/src/providers/ldap/sdap_refresh.c /sssd-io/src/providers/ldap/sdap_reinit.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo_cache.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
0cbd01a928aac58bf564277a0a5458f40a1ad96e 22-Oct-2013 Jakub Hrozek <jhrozek@redhat.com>

IPA: Do not enable IPA sites in server mode When running in IPA server mode, the IPA sites should be ignored and the SSSD should only connect to the local server.
82d248c7e7d61dba7065a1a744823bc06c1b5b96 26-Sep-2013 Jakub Hrozek <jhrozek@redhat.com>

IPA: Ignore dns_discovery_domain in server mode https://fedorahosted.org/sssd/ticket/2079 If the dns_discovery_domain is set in the server mode, then the current failover code will use it to discover the AD servers as well. This patch resets the discovery domain unless the admin configured SRV resolution for IPA servers manually. In the case he did, we try to warn him that service discovery of AD servers will most likely fail.
1c4144a6ce68dbd54c7c08a517d1f982ea57f19a 28-Aug-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: Make sdap_id_setup_tasks reusable for subdomains Instead of always performing the setup for the main domain, the setup can now be performed for subdomains as well.
de307ab8e390deabc5df9884a3f762bfb1581936 28-Aug-2013 Jakub Hrozek <jhrozek@redhat.com>

IPA: Enable AD sites when in server mode https://fedorahosted.org/sssd/ticket/1964 Currently the AD sites are enabled unconditionally
48657b5de36a63b0c13ed5d53065871d59d8f10b 23-Jul-2013 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Do not send PAC in server mode The krb5 child contacts the PAC responder for any user except for the IPA native users if the PAC is configured. This works fine for the general case but the ipa_server_mode is a special one. The PAC responder is there, but since in the server mode we should be operating as AD provider default, the PAC shouldn't be analyzed either in this case.
f8a4a5f6240156809e1b5ef03816f673281e3fa0 28-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

IPA: Initialize server mode ctx if server mode is on This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121f 28-Jun-2013 Sumit Bose <sbose@redhat.com>

Add ipa_idmap_init() Use the sdap_idmap context for the IPA provider as well. https://fedorahosted.org/sssd/ticket/1961
fa4a9c4afcc0c62a693034e21f33356e64735687 25-Jun-2013 Sumit Bose <sbose@redhat.com>

krb5: do not send pac for IPA users from the local domain So far we didn't send the PAC of IPA users to the PAC responder during password authentication because group memberships for IPA users can be retrieved efficiently with LDAP calls. Recently patches added PAC support for the AD provider as well and removed the restriction for the IPA users. This patch restores the original behaviour by introducing a new flag in struct krb5_ctx which is only set for the IPA provider. Additionally a different flag is renamed to make it's purpose more clear. Fixes https://fedorahosted.org/sssd/ticket/1995
7b5e7e539ae9312ab55d75aa94feaad549b2a708 10-Jun-2013 Pavel Březina <pbrezina@redhat.com>

providers: refresh expired netgroups https://fedorahosted.org/sssd/ticket/1713
dcb44c39dda9699cdd6488fd116a51ced0687de3 07-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: sdap_id_ctx might contain several connections With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
aae5af7fb5fbdd780b06f2b5fb89dfe8ab52fb34 27-May-2013 Sumit Bose <sbose@redhat.com>

IPA: Always initialize ID mapping Because we now always want to store SIDs in the IPA provider, we also need to always initialize the ID mapping context.
eb64d3406c15dcc5cb42c94488737bdbb9a15655 20-May-2013 Jakub Hrozek <jhrozek@redhat.com>

Remove unneeded parameter of setup_child and namespace it setup_child() was accepting a parameter it didn't use. Also the function name was too generic, so I added a sdap prefix.
04868f1573f4b26ef34610b6d7069172f93bd8ab 03-May-2013 Jakub Hrozek <jhrozek@redhat.com>

Convert IPA-specific options to be back-end agnostic This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77 03-May-2013 Lukas Slebodnik <lslebodn@redhat.com>

SUDO: IPA provider This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
88275cccddf39892e01682b39b02292eb74729bd 10-Apr-2013 Pavel Březina <pbrezina@redhat.com>

DNS sites support - add IPA SRV plugin https://fedorahosted.org/sssd/ticket/1032
1abdf56dcda5f6bed7b144e544c00dbdd501b3fc 10-Apr-2013 Pavel Březina <pbrezina@redhat.com>

DNS sites support - use SRV DNS lookup plugin in all providers https://fedorahosted.org/sssd/ticket/1032 We set a plugin during an initialization of ID provider, which is an authoritative provider for a plugin choice. The plugin is set only once. When other provider is initalized (e.g. id = IPA, sudo = LDAP), we do not overwrite the plugin. Since sssm_*_id_init() is called from all module constructors, this patch relies on the fact, that ID provider is initialized before all other providers.
87ed72b47859e673b636c85f35b85f1546c7ed3d 01-Aug-2012 Simo Sorce <simo@redhat.com>

Expose an initializer function from subdomain Instead of exporting internal structures, expose an initilizer function like the autofs code and initialize everything inside the ipa_subdomains.c file.
46118ee53dc0d25e449cd7e37e624a4c62b78ee2 01-Aug-2012 Jan Zeleny <jzeleny@redhat.com>

Primary server support: new option in IPA provider This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
1ecdcf622920781a95e3d2040a2aad9ac2e31260 01-Aug-2012 Jan Zeleny <jzeleny@redhat.com>

Primary server support: IPA adaptation This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
38e2ec1c757955ab557fd95807afa58042d09482 27-Jul-2012 Jan Zeleny <jzeleny@redhat.com>

Renamed session provider to selinux provider
3441d0c2d11aea0c39b009751a1898333c009674 06-Jul-2012 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Create a common init routine for krb5_child options This will reduce code duplication between the krb5, ipa and ad providers
386a66b1aa18a176e6a06fa126556c9590c373b6 21-Jun-2012 Sumit Bose <sbose@redhat.com>

Add support for ID ranges
84c611c1b7c04cc7735ab54d4e5f48284b79e6fb 10-Jun-2012 Jan Zeleny <jzeleny@redhat.com>

IPA subdomains - ask for information about master domain The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
81165faf5d951aca69f410713730c26ff048ec44 24-Apr-2012 Sumit Bose <sbose@redhat.com>

IPA: Add get-domains target
d10350e1854cd2156567f058f5a76041994e7f2b 09-Mar-2012 Stephen Gallagher <sgallagh@redhat.com>

IPA: Check nsAccountLock during PAM_ACCT_MGMT https://fedorahosted.org/sssd/ticket/1227
fdab7bbf8933351f6254438c30ff361cd748b15a 24-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

IPA hosts refactoring
620033ce66f4827be9d508c77483fab0270d9869 07-Feb-2012 Jakub Hrozek <jhrozek@redhat.com>

AUTOFS: IPA provider
1a7d1977037864e52858058777af8ff8401547dd 07-Feb-2012 Jan Cholasta <jcholast@redhat.com>

IPA: Add host info handler
1a853121ca2ba8ede6df429ee76942131ffb0f65 06-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

Session target in IPA provider
71ad247500b417836a1a2edec257a4433a7c415f 06-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

Implemented support for multiple search bases in HBAC rules and services
c935271de3b99d35112e0faf854cbfa9dfaa104a 14-Jan-2012 Jan Zeleny <jzeleny@redhat.com>

Support multiple search bases in HBAC
8edf0e447266d68f10264eb3f3ea514cd1687041 19-Dec-2011 Jakub Hrozek <jhrozek@redhat.com>

Pass sdap_id_ctx to online check from IPA provider
87c07559af5cfcd2752295ef7c425bd3205f426f 19-Dec-2011 Stephen Gallagher <sgallagh@redhat.com>

Move child_common routines to util
6d99c0f5616969a999d78248565a47b18d40d472 29-Nov-2011 Jakub Hrozek <jhrozek@redhat.com>

IPA migration fixes * use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
f4093e062cf1646b8f01d7078e63708aeb36a95d 25-Nov-2011 Jakub Hrozek <jhrozek@redhat.com>

Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA provider This was causing a segfault during HBAC processing and any ID lookups except for netgroups
8b1f2574ce7a964965a18ab047ab09c4694380c4 23-Nov-2011 Jan Zeleny <jzeleny@redhat.com>

Added IPA account info handler Currently it is only handling netgroups by itself, other requests are forwarded to LDAP provider.
46d41cf95d520a1aab48dad2d577c885e69ef9f8 23-Nov-2011 Jan Zeleny <jzeleny@redhat.com>

New IPA ID context
ac3a1f3da772cf101101c31675c63dc3549b21b5 22-Nov-2011 Jakub Hrozek <jhrozek@redhat.com>

Cleanup: Remove unused parameters

/sssd-io/src/providers/data_provider_fo.c ipa_access.c ipa_dyndns.c ipa_dyndns.h ipa_hbac_common.c ipa_hbac_hosts.c ipa_hbac_private.h ipa_hbac_rules.c ipa_hbac_services.c ipa_hbac_users.c ipa_init.c /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/python/pysss.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/tools/nscd.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/crypto/nss/nss_obfuscate.c
7e2de117961fe247d8aa16af2ab762990965c239 11-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Check DNS records before updating https://fedorahosted.org/sssd/ticket/802
7cefb94d9f00a5629cb5c12cc71d01208e7ead63 22-Feb-2011 Stephen Gallagher <sgallagh@redhat.com>

Allow krb5_realm to override ipa_domain It is possible to set up FreeIPA servers where the Kerberos realm differs from the IPA domain name. We need to allow setting the krb5_realm explicitly to handle this.
890db77ce114fa416838f363fe2b8627ff9087e0 08-Dec-2010 Sumit Bose <sbose@redhat.com>

Remove check_access_time() from IPA access provider It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
cf1cf7b96d38c8b481a90d800cf53546ac15ce8a 07-Dec-2010 Simo Sorce <ssorce@redhat.com>

Pass sdap_id_ctx in sdap_id_op functions.
5843ad321944a028f6dee7e1fd4f9381c4953d07 07-Dec-2010 Sumit Bose <sbose@redhat.com>

Add support for FAST in krb5 provider
d8e3d9b5fb5f269ef7a0cf4b70f3ba4c8051429c 01-Dec-2010 Sumit Bose <sbose@redhat.com>

Add check_online method to LDAP ID provider
056901f031d8df43ec4fc7e67bc43dd5d967de71 09-Jul-2010 eindenbom <eindenbom@gmail.com>

Use new LDAP connection framework in IPA access backend.
8bb6aa3fd81a3c195b92270ddf189296abae65eb 27-May-2010 Sumit Bose <sbose@redhat.com>

Add offline callback to disconnect global SDAP handle
b21813c0bfa513b984fcbab81843c06d093332a5 27-May-2010 Sumit Bose <sbose@redhat.com>

Add krb5 SIGTERM handler to ipa auth provider
6126d57239edc0ed0fac8082e00cd4a685c0566d 27-May-2010 Sumit Bose <sbose@redhat.com>

Add callback to remove krb5 info files when going offline
02e38eae1b9cb5df2036a707dafd86f6047c17de 26-May-2010 Sumit Bose <sbose@redhat.com>

Add support for delayed kinit if offline If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
48a038d077ed2de18a5211e010c18ab680107293 16-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Add dynamic DNS updates to FreeIPA This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
af971fb6cf853c3a5f41aa00918013903aba1ff3 16-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Properly set up SIGCHLD handlers Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
928ff09ea3975edbf53df05a1ade365a588dc69d 16-May-2010 Sumit Bose <sbose@redhat.com>

New version of IPA auth and password migration The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
57614e56dd272db0f71abc442b1515d79fd16169 07-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Revert "Add dynamic DNS updates to FreeIPA" This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
973b7c27c0b294b8b2f120296f64c6a3a36e44b7 07-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Add dynamic DNS updates to FreeIPA This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
66da80489c0114878043b40592c5f47d41eb0ffd 07-May-2010 Jakub Hrozek <jhrozek@redhat.com>

Use service discovery in backends Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
264be69c7615a1f65a21805b95a9dbd2736d1fb4 16-Apr-2010 Stephen Gallagher <sgallagh@redhat.com>

Make ID provider init functions clearer Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb.h /sssd-io/src/confdb/confdb_private.h /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/confdb/confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po /sssd-io/src/providers/child_common.c /sssd-io/src/providers/child_common.h /sssd-io/src/providers/data_provider.h /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/dp_sbus.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over.h ipa_access.c ipa_access.h ipa_auth.c ipa_auth.h ipa_common.c ipa_common.h ipa_init.c ipa_timerules.c ipa_timerules.h /sssd-io/src/providers/krb5/krb5_auth.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_become_user.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/krb5/krb5_init.c /sssd-io/src/providers/krb5/krb5_utils.c /sssd-io/src/providers/krb5/krb5_utils.h /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_accounts.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_private.h /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/providers.h /sssd-io/src/providers/proxy.c /sssd-io/src/providers/sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h