History log of /sssd-io/src/providers/krb5/krb5_common.c
Revision Date Author Comments Expand
2c10819750a8d920ab755eba1278e6e20e684e93 28-Nov-2017 Sumit Bose <sbose@redhat.com>

krb5: show error message for krb5_init_context() failures If there are typos in /etc/krb5.conf (or one of the included config snippets) krb5_init_context(), the initial call always needed to do any other operation with libkrb5, fails because /etc/krb5.conf cannot be parsed. Currently the related debug/syslog messages might be misleading, e.g. failed to read keytab. This is because SSSD does not use a global krb5 context but creates a fresh one for every new request or operation (to always use the latest settings from /etc/krb5.conf) and typically there is an error message indicating that the related operation failed but not giving more details. Since krb5_init_context() is fundamental for Kerberos support this patch tries to add as much details as libkrb5 provides in the logs if the call fails. Resolves: https://pagure.io/SSSD/sssd/issue/3586 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
91141c6ae6e6a255cfd66266581671ddd16086b3 08-Jun-2017 Lukas Slebodnik <lslebodn@redhat.com>

UTIL: Remove signal.h from util/util.h signal.h is not used directly by util/util.h. The header file signal.h must be included in 19 files and after removing it from util.h it had to be added only to 12 missing files. And util.util.h is included in 381 files Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
f78b2dd73d26988068306cc22a504fd0e069d6cc 28-Nov-2016 Sumit Bose <sbose@redhat.com>

krb5: fix two memory leaks Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
7e394400eefd0e7c5ba0c64ab3fa28bee21ef2d7 28-Nov-2016 Sumit Bose <sbose@redhat.com>

krb5: Use command line arguments instead env vars for krb5_child Resolves: https://fedorahosted.org/sssd/ticket/697 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
fec23cc7cf28fbdac37e3413c5c9b5115d1e01b6 07-Jul-2016 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Rely on internal fqname when constructing UPNs Because internally, we use the same name for all users and groups regardless of the domain they belong to, we can parse the username from the qualified name in a simpler manner. Reviewed-by: Sumit Bose <sbose@redhat.com>
cc2d77d5218c188119fa954c856e858cbde76947 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd-io/Makefile.am /sssd-io/src/p11_child/p11_child_nss.c /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_gpo.c /sssd-io/src/providers/ad/ad_gpo_child.c /sssd-io/src/providers/ad/ad_srv.c /sssd-io/src/providers/ad/ad_subdomains.h /sssd-io/src/providers/backend.h /sssd-io/src/providers/be_dyndns.c /sssd-io/src/providers/be_ptask.c /sssd-io/src/providers/be_refresh.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_dyndns.h /sssd-io/src/providers/ipa/ipa_subdomains.h /sssd-io/src/providers/ipa/selinux_child.c krb5_auth.h krb5_child.c krb5_common.c krb5_common.h /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_access.h /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_dyndns.h /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo.h /sssd-io/src/providers/ldap/sdap_sudo_shared.h /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/tests/cmocka/test_be_ptask.c /sssd-io/src/tests/cmocka/test_data_provider_be.c
df07d54f881e6210c9cb6650de5617e6a99602b9 17-Aug-2015 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Use sss_unique_file when creating kdcinfo files Reviewed-by: Pavel Březina <pbrezina@redhat.com>
05ed6a29cbd3cbec177364487a2afeade51d6546 05-Aug-2015 Sumit Bose <sbose@redhat.com>

krb5: do not create kdcinfo file if proxy configuration exists Resolves https://fedorahosted.org/sssd/ticket/2652 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
c683b8d730f4ec838244147d70a0275d53459aa5 29-Sep-2014 Pavel Reichl <preichl@redhat.com>

Fix debug messages - trailing '.' Fix debug messages where '\n' was wrongly followed by '.'. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
40dd828529cf01291daf0f075b850783409e8c05 18-Mar-2014 Pavel Reichl <preichl@redhat.com>

refactor calls of sss_parse_name sss_parse_name now supports NULL as output parameters so existing calls passing arguments which were never read were substituted by NULL. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cfaa16fe871f10f5bba0a55beb39e8223dbdf001 26-Feb-2014 Lukas Slebodnik <lslebodn@redhat.com>

KRB5: Fix condition for empty string Reported by: cppcheck Finding the same expression on both sides of an operator || is suspicious and might indicate a cut and paste or logic error. Resolves: https://fedorahosted.org/sssd/ticket/2258 Reviewed-by: Michal Žídek <mzidek@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c krb5_access.c krb5_auth.c krb5_child.c krb5_child_handler.c krb5_common.c krb5_delayed_online_authentication.c krb5_init.c krb5_init_shared.c krb5_renew_tgt.c krb5_utils.c krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_common.c /sssd-io/src/providers/ad/ad_domain_info.c /sssd-io/src/providers/ad/ad_dyndns.c /sssd-io/src/providers/ad/ad_id.c /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_srv.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over_srv.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_autofs.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_config.c /sssd-io/src/providers/ipa/ipa_dyndns.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_hosts.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_idmap.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/ipa/ipa_s2n_exop.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_selinux_maps.c /sssd-io/src/providers/ipa/ipa_srv.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/ipa/ipa_sudo.c krb5_access.c krb5_auth.c krb5_become_user.c krb5_child.c krb5_child_handler.c krb5_common.c krb5_delayed_online_authentication.c krb5_init.c krb5_init_shared.c krb5_renew_tgt.c krb5_utils.c krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_id_services.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_autofs.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_groups_ad.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_nested_groups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_services.c /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd-io/src/providers/ldap/sdap_async_sudo_timer.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_range.c /sssd-io/src/providers/ldap/sdap_refresh.c /sssd-io/src/providers/ldap/sdap_reinit.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo_cache.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
3242dd4a49c3869c9b066a63afb81cebf1a35b7d 12-Nov-2013 Simo Sorce <simo@redhat.com>

Signals: Refactor termination of processes sig_term() was never used as a real signal handler, but only called by tevent signal handlers in the kerberos and ldap children. Also the same code was duplicated with separate local guard variables in other functions. Unify orderly termination handling, between all these functions.
71e234151ddc6b50576364c30bda2b72264b1083 11-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix formating of variables with type: ssize_t
57cd3443dcb7c073c5a00a9f2c3c3a3030ae2d3e 11-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix formating of variables with type: long
d20a5a74666413cadbf64c02eb656a5a3b4bb1de 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Remove unused ccache backend infrastructure Remove struct sss_krb5_cc_be and the remaining functions that reference it as they are all unused now. Resolves: https://fedorahosted.org/sssd/ticket/2061
5dc3b01fd9b2fa244e7c2820ce04602c9f059370 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: move template check to initializzation The randomized template check realy only makes sense for the FILE ccache which is the only one that normally needs to use randomizing chars. Also it is better to warn the admin early rather than to warn 'when it is too late'. So move the check at initialization time when we determine what the template actually is. Resolves: https://fedorahosted.org/sssd/ticket/2061
dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9a 28-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

krb5: Fetch ccname template from krb5.conf In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
a524b03792dc8f8dae32bba5a2af8532bc751e86 28-Aug-2013 Simo Sorce <simo@redhat.com>

krb5_common: Refactor to use a talloc temp context In preparation for handling some more allocations in the following patches and fixes a curent memleak on the opts struct. Related: https://fedorahosted.org/sssd/ticket/2036
aeb1e654c337037b6bdb350e1ec8aaa065e86794 27-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Add support for KEYRING cache type https://fedorahosted.org/sssd/ticket/2036
8340ca480e0fe823441633720d67efc9e4a4bc64 22-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Add new #define for collection cache types Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
b4486ce81fefae716549959eaa82612dac63cbe5 19-Jul-2013 Lukas Slebodnik <lslebodn@redhat.com>

Add mising argument required by format string
2db41269f8c3053fe45e3c709db75ccc34bf9a09 27-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

Fix compilation warning
80a874555d8b2737827bb150133ba70a83c65bb7 27-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

KRB5: guess UPN for subdomain users
14452cd066b51e32ca0ebad6c45ae909a1debe57 10-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

A new option krb5_use_kdcinfo https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
7119f0c483049a8850d3075c0b1062f35200a538 07-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

Do not obfuscate calls with booleans Instead of using boolean variables to denote whether the call is adding a primary or a secondary server, use a function wrapper that tells what it's doing by its name.
99b2ad71169aa02846f7843d26cbe28e1e1c81fe 31-May-2013 Sumit Bose <sbose@redhat.com>

Set canonicalize flag if enterprise principals are used In contrast to MIT KDCs AD does not automatically canonicalize the enterprise principal in an AS request but requires the canonicalize flags to be set. To be on the safe side we always enable canonicalization if enterprise principals are used.
04759b59e71c78ab23b84d13dd29d9c6dd680adb 02-Jan-2013 Michal Zidek <mzidek@redhat.com>

failover: Protect against empty host names Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
ba098f8670c680c805531dd2714f32bd2c108860 19-Nov-2012 Sumit Bose <sbose@redhat.com>

Fix compare_principal_realm() check In case of a short UPN compare_principal_realm() erroneously returns an error.
29c0fdd1838a4b9892146f7019d12811c1d0d59b 26-Oct-2012 Sumit Bose <sbose@redhat.com>

Add new call find_or_guess_upn() With the current approach the upn was either a pointer to a const string in a ldb_message or a string created with the help of talloc. This new function always makes it a talloc'ed value. Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as well.
83f24636ef8d3d2b9c5be46272781ed5e0497ca7 26-Oct-2012 Sumit Bose <sbose@redhat.com>

krb5_auth: check if principal belongs to a different realm Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
b1caacb098ae99ad65144120fdec4d0fd98ad9d5 17-Sep-2012 Pavel Březina <pbrezina@redhat.com>

Failover: use _srv_ when no primary server is defined https://fedorahosted.org/sssd/ticket/1521
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4 23-Aug-2012 Michal Zidek <mzidek@redhat.com>

Fix: IPv6 address with square brackets doesn't work. https://fedorahosted.org/sssd/ticket/1365
9ab243b369ba317cc964080786dbcdebaf23d6be 15-Aug-2012 Michal Zidek <mzidek@redhat.com>

Duplicate detection in fail over did not work. https://fedorahosted.org/sssd/ticket/1472
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15df 09-Aug-2012 Michal Zidek <mzidek@redhat.com>

SRV resolution for backup servers should not be permitted. https://fedorahosted.org/sssd/ticket/1463
b418d3b65c95f02b82268188f17d27fc1b1b49f0 01-Aug-2012 Jan Zeleny <jzeleny@redhat.com>

Primary server support: krb5 adaptation This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
bbd33e46aa6194c1086939f7cf8538c067186455 01-Aug-2012 Jan Zeleny <jzeleny@redhat.com>

Primary server support: basic support in failover code Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
69905bf968003216d444fc68d8597e139362f2e6 06-Jul-2012 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Drop memctx parameter of krb5_try_kdcip This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
387349ae092f6dbeb8e4bca291a772695836629c 20-Jun-2012 Stef Walter <stefw@gnome.org>

Move some debug lines to new debug log levels * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
6ca87e797982061576885f944e2ccfaba9573897 15-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Auto-detect DIR cache support in configure We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
9a3ba9ca00e73adc3fb17ce8afa532076768023b 14-Jun-2012 Jakub Hrozek <jhrozek@redhat.com>

Add support for storing credential caches in the DIR: back end https://fedorahosted.org/sssd/ticket/974
fd8595874aa06c8057740001ec465ba76b4af142 14-Jun-2012 Jakub Hrozek <jhrozek@redhat.com>

Add a credential cache back end structure To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
9d7d4458d94d0aac0a7edf999368eb18f89cb76a 20-Apr-2012 Jakub Hrozek <jhrozek@redhat.com>

Convert read and write operations to sss_atomic_read https://fedorahosted.org/sssd/ticket/1209
65e8f538ad35ba7d86cd9e60a3d86aec34537027 28-Mar-2012 Stephen Gallagher <sgallagh@redhat.com>

Put dp_option maps in their own file There is no functional change due to this patch.
e840b9da42d696eb86307c641f5196f12ec4b9c4 01-Mar-2012 Stephen Gallagher <sgallagh@redhat.com>

IPA: Set the DNS discovery domain to match ipa_domain https://fedorahosted.org/sssd/ticket/1217
69420a154fc9fb8b04f437125a6a0604b26b1292 19-Dec-2011 Stephen Gallagher <sgallagh@redhat.com>

Securely set umask when using mkstemp Coverity 12394, 12395, 12396, 12397 and 12398
98e0f08e3de3f8f035790adcd614cff6bf6dd34d 22-Nov-2011 Jan Zeleny <jzeleny@redhat.com>

Fixed unchecked value of setenv() in check_and_export_options() https://fedorahosted.org/sssd/ticket/1080
7dfc7617085c403d30debe9f08d4c9bcca322744 02-Nov-2011 Jan Zeleny <jzeleny@redhat.com>

Add support to request canonicalization on krb AS requests https://fedorahosted.org/sssd/ticket/957
363d2fba991eae199d017f5b2d1b458f070fac6b 21-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Rename fo_get_server_name to fo_get_server_str_name
3ae08cdd894f777aff604a906a61fb76a310b27f 13-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Remove unused krb5_service structure member
97c93859e310bc8e4ad5f011e42a5fccd4a7f369 11-Jul-2011 Jakub Hrozek <jhrozek@redhat.com>

Escape IP address in kdcinfo https://fedorahosted.org/sssd/ticket/909
1240496176a07e804c57d43926509d5ccbf0fc41 15-Jun-2011 Jakub Hrozek <jhrozek@redhat.com>

Switch resolver to using resolv_hostent and honor TTL
bfdcff2b28f399d236b592d13663c7283d6eac2c 02-Jun-2011 Jakub Hrozek <jhrozek@redhat.com>

Add utility function to return IP address as string
8cf1b4183577237d965068d70cd06bd0716aea84 25-Apr-2011 Jan Zeleny <jzeleny@redhat.com>

Allow new option to specify principal for FAST https://fedorahosted.org/sssd/ticket/700
223769ba5c8d6e1ef3deb35c9b397387968e1417 14-Dec-2010 Sumit Bose <sbose@redhat.com>

Fix incorrect return value on failure in check_and_export_options() https://fedorahosted.org/sssd/ticket/722
8d163c0a088318ed9fc0b22def2649e27992ea53 07-Dec-2010 Sumit Bose <sbose@redhat.com>

Replace krb5_kdcip by krb5_server in LDAP provider
5843ad321944a028f6dee7e1fd4f9381c4953d07 07-Dec-2010 Sumit Bose <sbose@redhat.com>

Add support for FAST in krb5 provider
5e7f370819fbfd6b4a27b037de1a6d6009096f6e 03-Dec-2010 Sumit Bose <sbose@redhat.com>

Allow krb5 lifetime values without a unit
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8 03-Dec-2010 Sumit Bose <sbose@redhat.com>

Add support for automatic Kerberos ticket renewal
c7d73cf51642c7f89c1f21e54b8ce1b262bef899 03-Dec-2010 Sumit Bose <sbose@redhat.com>

Add krb5_lifetime option
c8b8901b05da9e31dba320f305ec20301e928cfb 03-Dec-2010 Sumit Bose <sbose@redhat.com>

Add krb5_renewable_lifetime option
40def28805f9df3ff640209def765723cd8e2de3 01-Dec-2010 Jakub Hrozek <jhrozek@redhat.com>

Allow protocol fallback for SRV queries https://fedorahosted.org/sssd/ticket/691
0bbe2065770968c70fd305da4f6eda1a360a3f1b 04-Nov-2010 Sumit Bose <sbose@redhat.com>

Add krb5_get_simple_upn()
7051a30300d12163e890e4ec4b9a765567679a8b 19-Oct-2010 Jan Zeleny <jzeleny@redhat.com>

Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
93109c5f1d85c028ce5cf6e31e2249ca90a7f746 13-Oct-2010 Jakub Hrozek <jhrozek@redhat.com>

Initialize kerberos service for GSSAPI
f7fa22da5d865221f84371d6b522444e1591164c 28-Sep-2010 Sumit Bose <sbose@redhat.com>

Suppress some 'may be used uninitialized' warnings Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
780ffc9f6d5e1fcd4df3d390b56cb98878223cc0 30-Jun-2010 Jakub Hrozek <jhrozek@redhat.com>

Add dns_discovery_domain option The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
f520e7a2f4fe29747f25118621e20b0d89d296fc 14-Jun-2010 Jakub Hrozek <jhrozek@redhat.com>

Remove krb5_changepw_principal option Fixes: #531
06247775aa9c49ffce72827921eb45e2d04c6aa1 10-Jun-2010 Stephen Gallagher <sgallagh@redhat.com>

Properly handle read() and write() throughout the SSSD We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
eaf3dcc15e9eb093ecf8b934f6c3a82d01236a92 27-May-2010 Sumit Bose <sbose@redhat.com>

Refactor krb5 SIGTERM handler installation
6126d57239edc0ed0fac8082e00cd4a685c0566d 27-May-2010 Sumit Bose <sbose@redhat.com>

Add callback to remove krb5 info files when going offline
d3e7cadfc9a09d6e3f7ae1f7f33c7dddd0bb1661 27-May-2010 Sumit Bose <sbose@redhat.com>

Refactor krb5_finalize()
6e64fe7158875dc5e7f25c45b234cc4a3c584644 27-May-2010 Sumit Bose <sbose@redhat.com>

Revert "Create kdcinfo and kpasswdinfo file at startup" This reverts commit f3c31d11bf365eb6a79c4f698667915a4c81eeb7.
02e38eae1b9cb5df2036a707dafd86f6047c17de 26-May-2010 Sumit Bose <sbose@redhat.com>

Add support for delayed kinit if offline If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
928ff09ea3975edbf53df05a1ade365a588dc69d 16-May-2010 Sumit Bose <sbose@redhat.com>

New version of IPA auth and password migration The current version modified some global structures to be able to use Kerberos and LDAP authentication during the IPA password migration. This new version only uses tevent requests. Additionally the ipaMigrationEnabled attribute is read from the IPA server to see if password migration is allowed or not.
66da80489c0114878043b40592c5f47d41eb0ffd 07-May-2010 Jakub Hrozek <jhrozek@redhat.com>

Use service discovery in backends Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
f3c31d11bf365eb6a79c4f698667915a4c81eeb7 07-May-2010 Sumit Bose <sbose@redhat.com>

Create kdcinfo and kpasswdinfo file at startup
67607dda05e36c4d0be4647160ad376b89d89c51 07-May-2010 Stephen Gallagher <sgallagh@redhat.com>

Clean up kdcinfo and kpasswdinfo files when exiting
5096bb4c2242b426aa6f5ea2cb82223e0b81a345 12-Mar-2010 Sumit Bose <sbose@redhat.com>

Add krb5_kpasswd option
03e7e62d439a2ef21f3c1c074a593a15606a0e1e 11-Mar-2010 Sumit Bose <sbose@redhat.com>

Write the IP address of the KDC to the kdcinfo file
29752834fbf3a19e4e117668abfce4e4c7c48ee4 11-Mar-2010 Sumit Bose <sbose@redhat.com>

Add expandable sequences to krb5_ccachedir As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb.h /sssd-io/src/confdb/confdb_private.h /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/confdb/confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po /sssd-io/src/providers/child_common.c /sssd-io/src/providers/child_common.h /sssd-io/src/providers/data_provider.h /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/dp_sbus.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_timerules.c /sssd-io/src/providers/ipa/ipa_timerules.h krb5_auth.c krb5_auth.h krb5_become_user.c krb5_child.c krb5_common.c krb5_common.h krb5_init.c krb5_utils.c krb5_utils.h /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_accounts.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_private.h /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/providers.h /sssd-io/src/providers/proxy.c /sssd-io/src/providers/sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h