History log of /sssd-io/src/providers/krb5/krb5_utils.c
Revision Date Author Comments Expand
a7f085d6a04d4ecf9ebc29b57c868ad41b744dff 22-Nov-2016 Lukas Slebodnik <lslebodn@redhat.com>

KRB5: Remove spurious warning in logs The option krb5_map_user is empty by default. Therefore we should not confuse users wih warning (Fri Nov 15 09:58:49 2016) [sssd[be[example.com]]] [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty! Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
b34ffbf33729c557c3d1aebf4707ad0ffe4f1904 22-Sep-2016 Petr Čech <pcech@redhat.com>

KRB5: Fixing FQ name of user in krb5_setup() This patch fixes creation of FQ username if krb5_map_user option ise used. Resolves: https://fedorahosted.org/sssd/ticket/3188 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
2892ddd30663dbc94d15c94a5549fa74260072ce 07-Jul-2016 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Use shortname when expanding the user template in Kerberos ccache Creating the username part of the ccache file is an output operation, it makes sense to use sss_output_name() there which parses the name out of the internal qualified name. Reviewed-by: Sumit Bose <sbose@redhat.com>
42604cc8d11743febf5aa892cb3a7d3c32bfed48 23-Feb-2016 Lukas Slebodnik <lslebodn@redhat.com>

Fix typos reported by lintian Reviewed-by: Pavel Březina <pbrezina@redhat.com>
aa8a8318aaa3270e9d9957d0c22dec6342360a37 28-May-2015 Pavel Reichl <preichl@redhat.com>

krb5: new option krb5_map_user New option `krb5_map_user` providing mapping of ID provider names to Kerberos principals. Resolves: https://fedorahosted.org/sssd/ticket/2509 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
7c5cd2e7711621af9163a41393e88896a91ac33b 18-Nov-2014 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Move checking for illegal RE to krb5_utils.c Otherwise we would have to link krb5_child with pcre and transfer the regex, which would be cumbersome. Check for illegal patterns when expanding the template instead. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
45aeb924ec3ac448bb8d174a5cc061ed98b147c7 18-Nov-2014 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Move ccache-related functions to krb5_ccache.c Add a new module krb5_ccache.c that contains all ccache-related operations. The only user of this module shall be krb5_child.c as the other modules will run unprivileged and accessing the ccache requires either privileges of root or the ccache owner. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
db18dda869bc6c52a41797b2066cf121cf10f49c 22-Jul-2014 Pavel Reichl <preichl@redhat.com>

UTIL: rename find_subdomain_by_name The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
26ce47cc3e2003c30bae8206c3085f0814c9a842 17-Apr-2014 Pavel Reichl <reichl.pavel@gmail.com>

KRB: do not check ccache directory for GID
cc19cdd4a5e3d4cee851cdd44c1ab2568bf0af19 18-Mar-2014 Pavel Reichl <preichl@redhat.com>

KRB5: log message - wrong permissions on ccache dir Resolves: https://fedorahosted.org/sssd/ticket/2037 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
a32fdbf60ace9b05ea2b823e1a539562cad53c8e 13-Mar-2014 Lukas Slebodnik <lslebodn@redhat.com>

KRB: Prevent dereference of a null pointer Reported by: scan-build krb5_free_principal(cc->context, ccprinc); ^~ warning: Access to field 'context' results in a dereference of a null pointer (loaded from variable 'cc') Variable 'cc' needn't be initialised if function sss_open_ccache_as_user fails. Reviewed-by: Sumit Bose <sbose@redhat.com>
83bf46f4066e3d5e838a32357c201de9bd6ecdfd 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c krb5_access.c krb5_auth.c krb5_child.c krb5_child_handler.c krb5_common.c krb5_delayed_online_authentication.c krb5_init.c krb5_init_shared.c krb5_renew_tgt.c krb5_utils.c krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb_autofs.c /sssd-io/src/db/sysdb_idmap.c /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_ranges.c /sssd-io/src/db/sysdb_search.c /sssd-io/src/db/sysdb_selinux.c /sssd-io/src/db/sysdb_services.c /sssd-io/src/db/sysdb_ssh.c /sssd-io/src/db/sysdb_subdomains.c /sssd-io/src/db/sysdb_sudo.c /sssd-io/src/db/sysdb_upgrade.c /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor_netlink.c /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/providers/ad/ad_access.c /sssd-io/src/providers/ad/ad_common.c /sssd-io/src/providers/ad/ad_domain_info.c /sssd-io/src/providers/ad/ad_dyndns.c /sssd-io/src/providers/ad/ad_id.c /sssd-io/src/providers/ad/ad_init.c /sssd-io/src/providers/ad/ad_srv.c /sssd-io/src/providers/ad/ad_subdomains.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_dyndns.c /sssd-io/src/providers/dp_pam_data_util.c /sssd-io/src/providers/dp_ptask.c /sssd-io/src/providers/dp_refresh.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over_srv.c /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_autofs.c /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_config.c /sssd-io/src/providers/ipa/ipa_dyndns.c /sssd-io/src/providers/ipa/ipa_hbac_common.c /sssd-io/src/providers/ipa/ipa_hbac_hosts.c /sssd-io/src/providers/ipa/ipa_hbac_rules.c /sssd-io/src/providers/ipa/ipa_hbac_services.c /sssd-io/src/providers/ipa/ipa_hbac_users.c /sssd-io/src/providers/ipa/ipa_hostid.c /sssd-io/src/providers/ipa/ipa_hosts.c /sssd-io/src/providers/ipa/ipa_id.c /sssd-io/src/providers/ipa/ipa_idmap.c /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_netgroups.c /sssd-io/src/providers/ipa/ipa_s2n_exop.c /sssd-io/src/providers/ipa/ipa_selinux.c /sssd-io/src/providers/ipa/ipa_selinux_maps.c /sssd-io/src/providers/ipa/ipa_srv.c /sssd-io/src/providers/ipa/ipa_subdomains.c /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd-io/src/providers/ipa/ipa_subdomains_id.c /sssd-io/src/providers/ipa/ipa_sudo.c krb5_access.c krb5_auth.c krb5_become_user.c krb5_child.c krb5_child_handler.c krb5_common.c krb5_delayed_online_authentication.c krb5_init.c krb5_init_shared.c krb5_renew_tgt.c krb5_utils.c krb5_wait_queue.c /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_id_netgroup.c /sssd-io/src/providers/ldap/ldap_id_services.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_autofs.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_enum.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_groups_ad.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/providers/ldap/sdap_async_nested_groups.c /sssd-io/src/providers/ldap/sdap_async_netgroups.c /sssd-io/src/providers/ldap/sdap_async_services.c /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd-io/src/providers/ldap/sdap_async_sudo_timer.c /sssd-io/src/providers/ldap/sdap_async_users.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_fd_events.c /sssd-io/src/providers/ldap/sdap_id_op.c /sssd-io/src/providers/ldap/sdap_idmap.c /sssd-io/src/providers/ldap/sdap_range.c /sssd-io/src/providers/ldap/sdap_refresh.c /sssd-io/src/providers/ldap/sdap_reinit.c /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo_cache.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/providers/proxy/proxy_init.c /sssd-io/src/providers/proxy/proxy_netgroup.c /sssd-io/src/providers/proxy/proxy_services.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv_utils.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/autofs/autofssrv_cmd.c /sssd-io/src/responder/autofs/autofssrv_dp.c /sssd-io/src/responder/common/negcache.c /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_get_domains.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/nss/nsssrv_private.h /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pac/pacsrv_utils.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pam_helpers.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_dp.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/responder/sudo/sudosrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/responder/sudo/sudosrv_query.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd-io/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/cmocka/test_dyndns.c /sssd-io/src/tests/cmocka/test_fqnames.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/cmocka/test_utils.c /sssd-io/src/tests/common_dom.c /sssd-io/src/tests/common_tev.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/krb5_child-test.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/simple_access-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tests/sysdb_ssh-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/selinux.c /sssd-io/src/tools/sss_cache.c /sssd-io/src/tools/sss_debuglevel.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/authtok.c /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/child_common.c /sssd-io/src/util/crypto/libcrypto/crypto_base64.c /sssd-io/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd-io/src/util/crypto/nss/nss_obfuscate.c /sssd-io/src/util/crypto/nss/nss_util.c /sssd-io/src/util/debug.c /sssd-io/src/util/domain_info_utils.c /sssd-io/src/util/find_uid.c /sssd-io/src/util/nscd.c /sssd-io/src/util/server.c /sssd-io/src/util/signal.c /sssd-io/src/util/sss_ini.c /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_nss.c /sssd-io/src/util/sss_selinux.c /sssd-io/src/util/sss_ssh.c /sssd-io/src/util/sss_tc_utf8.c /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h /sssd-io/src/util/util_lock.c /sssd-io/src/util/well_known_sids.c
b3292840ebaa747a9fd596ff47cc5d18198361d0 15-Nov-2013 Michal Zidek <mzidek@redhat.com>

SYSDB: Drop the sysdb_ctx parameter from the sysdb_search module

/sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/ipa/ipa_subdomains_ext_groups.c krb5_access.c krb5_auth.c krb5_utils.c /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_async_initgroups.c /sssd-io/src/providers/proxy/proxy_id.c /sssd-io/src/python/pysss.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_netgroup.c /sssd-io/src/responder/pac/pacsrv_cmd.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/ssh/sshsrv_cmd.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/tests/cmocka/test_nss_srv.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c
047ed117f80c0fcc7710d930123af4f21233c369 07-Oct-2013 Simo Sorce <simo@redhat.com>

krb5: Remove ability to create public directories Setting up public directories is the job of the admin, and current sssd syntax can't express the actual intention of the admin with regrads to which parts of the path should be public or private. Resolves: https://fedorahosted.org/sssd/ticket/2071
6a848dd05e43b3f8ae964d1417dbc4036ddec53b 26-Sep-2013 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Fix bad comparison
8c844405a785a03864b85295c604d0dc23b0e244 25-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Be more lenient on failures for old ccache Fix a check for an error return code that can be returned when the ccache is not found. Even in case of other errors still do not fail authentication but allow it to proceed using a new ccache file if necessary. Related: https://fedorahosted.org/sssd/ticket/2053
764aa04ee92dbbd0d1eca6703294135eb97fda6d 23-Sep-2013 Sumit Bose <sbose@redhat.com>

krb5: save canonical upn to sysdb If the returned TGT contains a different user principal name (upn) than used in the request, i.e. the upn was canonicalized, we currently save it to sysdb into the same attribute where the upn coming from an LDAP server is stored as well. This means the canonical upn might be overwritten when the user data is re-read from the LDAP server. To avoid this this patch add a new attribute to sysdb where the canonical upn is stored and makes sure it is used when available. Fixes https://fedorahosted.org/sssd/ticket/2060
dd7d72ec4e76ae781d739f0139e2ec43af9cf09b 12-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

KRB: Remove unused memory context mem_ctx was unused in function get_domain_or_subdomain
a4bf85ccc902490c3b75b44532010fbb32169801 11-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix formating of variables with type: gid_t
f2c346eaa486431ffa2a3adc05356159de834e2e 11-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix formating of variables with type: uid_t
c1f94194a9fee8582a0af3b151b4f2b14fa1019a 10-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

krb5: Fix warning sometimes uninitialized warning: variable 'ret' is used uninitialized whenever 'if' condition is false if (kerr) { ^~~~
14050f35224360883e20ebd810d3eb40f39267cf 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Add file/dir path precheck Add a precheck on the actual existence at all of the file/dir ccname targeted (for FILE/DIR types), and bail early if nothing is available. While testing I found out that without this check, the krb5_cc_resolve() function we call as user to check old paths would try to create the directory if it didn't exist. With a ccname of DIR:/tmp/ccdir_1000 saved in the user entry this would cause two undesirable side effects: First it would actually create a directory with the old name, when it should not. Second, because for some reason the umask is set to 0127 in sssd_be, it would create the directory with permission 600 (missing the 'x' traverse bit on the directory. If the new ccache has the same name it would cause the krb5_child process to fal to store the credential cache in it. Related: https://fedorahosted.org/sssd/ticket/2061
d20a5a74666413cadbf64c02eb656a5a3b4bb1de 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Remove unused ccache backend infrastructure Remove struct sss_krb5_cc_be and the remaining functions that reference it as they are all unused now. Resolves: https://fedorahosted.org/sssd/ticket/2061
1c022b3556f442f57326c4a3f250128b1bd232ae 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Unify function to create ccache files Only 2 types (FILE and DIR) need to precreate files or directories on the file system, and the 2 functions were basically identical. Consolidate all in one common function and use that function directly where needed instead of using indirection. Resolves: https://fedorahosted.org/sssd/ticket/2061
84ce563e3f430eec1225a6f8493eb0a6c9a3013a 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Use new function to validate ccaches This function replaces and combines check_for_valid_tgt() and type specific functions that checked for ccache existence by using generic krb5 cache function and executing them as the target user (implicitly validate the target use rcan properly access the ccache). Resolves: https://fedorahosted.org/sssd/ticket/2061
c121e65ed592bf3611053ee38032fd33c8d1b285 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Make check_for_valid_tgt() static check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there. Resolves: https://fedorahosted.org/sssd/ticket/2061
5dc3b01fd9b2fa244e7c2820ce04602c9f059370 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: move template check to initializzation The randomized template check realy only makes sense for the FILE ccache which is the only one that normally needs to use randomizing chars. Also it is better to warn the admin early rather than to warn 'when it is too late'. So move the check at initialization time when we determine what the template actually is. Resolves: https://fedorahosted.org/sssd/ticket/2061
bfd32c9e8f302d7722838a68572c6801f5640657 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Move determination of user being active The way a user is checked for being active does not depend on the ccache type so move that check out of the ccache specific functions. Resolves: https://fedorahosted.org/sssd/ticket/2061
1536e39c191a013bc50bb6fd4b8eaef11cf0d436 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Replace type-specific ccache/principal check Instead of having duplicate functions that are type custom use a signle common function that also performs access to the cache as the user owner, implicitly validating correctness of ownership. Resolves: https://fedorahosted.org/sssd/ticket/2061
a70e88f62e8ba48c5042b881f20ed6586cb135a8 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Use krb5_cc_destroy to remove old ccaches This completely replaces the per-ccache-type custom code to remove old cacches and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as the user owner. Resolves: https://fedorahosted.org/sssd/ticket/2061
04c49a183f49c28f9ef900bdbc4eb30f23278e17 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Add helper to destroy ccache as user This function safely destroy a ccache given a cache name and user crdentials. It becomes the user so no possible races can compromise the system, then uses libkrb5 functions to properly destroy a ccache, independently of the cache type. Finally restores the original credentials after closing the ccache handlers. Resolves: https://fedorahosted.org/sssd/ticket/2061
35da30eb7f97968aabcbd34d4e198e44470ad3dd 09-Sep-2013 Simo Sorce <simo@redhat.com>

krb5: Ingnore unknown expansion sequences Recently support was added to use also libkrb5 style expansions that uses a %{varname} type of template. There are a number of templates we do not care/can't expand in sssd. The current code misses tests and failed to properly preserve some of the templates we do not want to handle. Addiotionally in order to be future proof this patch treats unknown templates as pass-through templates and defer any error checking to libkrb5, so that sssd is consistent with how kinit would behave. Resolves: https://fedorahosted.org/sssd/ticket/2076
e882171a77b90745430d1680f4e59f4023567a91 03-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

KRB5: Fix warning declaration shadows global declaration src/providers/krb5/krb5_utils.c:193: warning: declaration of 'rewind' shadows a global declaration /usr/include/stdio.h:754: warning: shadowed declaration is here
dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9a 28-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

krb5: Fetch ccname template from krb5.conf In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
aeb1e654c337037b6bdb350e1ec8aaa065e86794 27-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Add support for KEYRING cache type https://fedorahosted.org/sssd/ticket/2036
8cae6755d2d2f50765d43a68de0be09ee98659ed 24-Aug-2013 Sumit Bose <sbose@redhat.com>

check_cc_validity: make sure _valid is always set In the KRB5_FCC_NOFILE code path _valid is not set leading to 'may be used uninitialized' compiler warnings.
884b1305806847e2e05a07988b77d3b5f77a37bc 22-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Only set active and valid on success The FILE cache only sets the return values of _active and _bool if the entire function succeeds. The DIR cache was setting it even on failure. This patch makes both consistent. This will benefit static analysis tools which would be able to detect if the variable is ever used uninitialized anywhere.
18dff5d8bb4081af4c94339db9342b8a5b7d121e 22-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Refactor cc_*_check_existing There was duplicated code in cc_file_check_existing() and in cc_dir_check_existing(). I pulled them into the same function. There are two changes made to the original code here: 1) Fixes a use-after-free bug in cc_file_check_existing(). In the original code, we called krb5_free_context() and then used that context immediately after that in krb5_cc_close(). This patch corrects the ordering 2) The krb5_cc_resolve() call handles KRB5_FCC_NOFILE for all cache types. Previously, this was only handled for DIR caches.
8340ca480e0fe823441633720d67efc9e4a4bc64 22-Aug-2013 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Add new #define for collection cache types Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
dbf4dd47aa7f314a6a6bb2c8f9bb4ddd09de9e8b 15-Jul-2013 Lukas Slebodnik <lslebodn@redhat.com>

Use conditional build for retrieving ccache. Some krb5 functions needn't be available for retrieving ccache with principal. Therefore ifdef is used to solve this situation with older version of libkrb5. There were two functions with similar functionality in krb5_child and krb5_utils. They were merged to one universal function, which was moved to file src/util/sss_krb5.c
e2e9c08851e8fe2b7d843c8fabc7cbc0fb298536 11-Jul-2013 Lukas Slebodnik <lslebodn@redhat.com>

Return right directory name for dircache Dircache can be either file or directory. Wrong value was used when dircache was itself directory. https://fedorahosted.org/sssd/ticket/2002
b8d703cf3aba81800cf1b8ccca64bb00ef0b30f7 28-Jun-2013 Sumit Bose <sbose@redhat.com>

Replace new_subdomain() with find_subdomain_by_name() new_subdomain() will create a new domain object and should not be used anymore in the priovder code directly. Instead a reference to the domain from the common domain object should be used.
80a874555d8b2737827bb150133ba70a83c65bb7 27-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

KRB5: guess UPN for subdomain users
fa3cdcff460d555f4a4905fb0a2d96be564fc599 26-Jun-2013 Lukas Slebodnik <lslebodn@redhat.com>

Every time return directory for krb5 cache collection. Function krb5_cc_get_full_name is called only as a way to validate that, we have the right cache. Instead of returned name, location will be returned from function cc_dir_cache_for_princ. https://fedorahosted.org/sssd/ticket/1936
7486dea9f5f7b2a6fbbacc6db740a82140b6377c 20-May-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fixing critical format string issues. --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'

/sssd-io/src/db/sysdb_idmap.c krb5_child.c krb5_utils.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_groups.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/resolv/async_resolv.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_services.c /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/responder/sudo/sudosrv_get_sudorules.c /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/tools/tools_util.c
9d890186ec2b511aa30a9574543f29e1ef56e0e8 12-Apr-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix krbcc dir creation issue with MIT krb5 1.11 In krb5-libs >= 1.11, function krb5_cc_resolve verify if credential cache dir exists. If it doesn't exist, than it will be created with process permissions and not user permissions. Function cc_residual_is_used has already checked for non existing directory, but it wasn't considered to be a failure and therefore next call of krb5_init_context will create directory with wrong permissions. Now if directory doesn't exist, it will be handled like there was not ccache attribute in sysdb cache. We also check if "primary" file in ccache directory has right permissions. But we ignore missing "primary" file. https://fedorahosted.org/sssd/ticket/1822
24ee49904e91590e192983df16818567c060e12b 26-Feb-2013 Jakub Hrozek <jhrozek@redhat.com>

Do not process success case in an else
b8dcd1216e5ea7065213c750a92dabfe01fa3b70 10-Feb-2013 Simo Sorce <simo@redhat.com>

Add realm info to sss_domain_info
af3f03d15a928168626e513e667863e9cd1dceef 30-Jan-2013 Stephen Gallagher <sgallagh@redhat.com>

Fix minor grammar error in log
e4d1e192430f6c76eee5b64decc3a799a0926979 30-Jan-2013 Pavel Březina <pbrezina@redhat.com>

krb: recreate ccache if it was deleted https://fedorahosted.org/sssd/ticket/1512 If directory where a ccache file was stored was missing and user was still logged in, we erroneously considered the ccache file still active. Thus the ccache file was not recreated and user was unable to login.
5d78919c955c945e78865f322726aac075c71203 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain argument to sysdb_get_user_attr()
53875df9ad6f0508ec6693cb14f24af3aeeb2eea 12-Nov-2012 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Rename variable to avoid shadowing a global declaration src/providers/krb5/krb5_utils.c: In function ‘cc_dir_create’: src/providers/krb5/krb5_utils.c:824: warning: declaration of ‘dirname’ shadows a global declaration /usr/include/libgen.h:27: warning: shadowed declaration is here
7c4845bd0efb1dcb44b5be52923c539316725693 26-Oct-2012 Sumit Bose <sbose@redhat.com>

krb5_auth: update with correct UPN if needed The Active Directory KDC handles request case in-sensitive and it might not always to possible to guess the UPN with the correct case. We check if the returned principal has a different case then the one used in the request and updates the principal if needed. This will help using calls from the Kerberos client libraries later on which would otherwise fail because the principal is handled case sensitive by those libraries.
29c0fdd1838a4b9892146f7019d12811c1d0d59b 26-Oct-2012 Sumit Bose <sbose@redhat.com>

Add new call find_or_guess_upn() With the current approach the upn was either a pointer to a const string in a ldb_message or a string created with the help of talloc. This new function always makes it a talloc'ed value. Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as well.
d29e91321d175dce94d87c23a44ced40d265de2c 26-Oct-2012 Sumit Bose <sbose@redhat.com>

krb5_auth_send: check for sub-domains If there is an authentication request for a user from a sub-domain a temporary sysdb context is generated to allow lookups in the corresponding sub-tree in the cache.
8fe574521b7f8b14e17aea1d9afb471b80761b83 04-Oct-2012 Ondrej Kos <okos@redhat.com>

Log possibly non-randomizable ccache file template fixes https://fedorahosted.org/sssd/ticket/1533 ccache file template is now checked for appended XXXXXX for use with mkstemp. When those characters are not present, warning is written to log.
5feb9beb0586ac97a85acec31c19acfff314fdbd 24-Sep-2012 Jakub Hrozek <jhrozek@redhat.com>

KRB5: Recover gracefully if the ccache file could not be reused https://fedorahosted.org/sssd/ticket/1384
6f68a7389fbf7297e672ffc4bc25a4e9b7897218 08-Aug-2012 Jakub Hrozek <jhrozek@redhat.com>

Allocate on top of a talloc context, not NULL
8bbf89c5ab798c112773fe23515c3a9df56dde71 18-Jul-2012 Nick Guay <nguay@redhat.com>

Fix uninitialized values https://fedorahosted.org/sssd/ticket/1379
8bfc448f771d4c264bda22fe2bd82cfc78b35f0f 15-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Avoid shadowing dirname The variable 'dirname' is a publicly declared variable in libgen.h on older systems such as RHEL 5
6ca87e797982061576885f944e2ccfaba9573897 15-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Auto-detect DIR cache support in configure We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
7cc8729dec26c1fd5b06323237acc9ba2bdaaa17 15-Jun-2012 Stephen Gallagher <sgallagh@redhat.com>

KRB5: Update DEBUG macros for create_ccache_dir and find_ccdir_parent_data
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124 14-Jun-2012 Jakub Hrozek <jhrozek@redhat.com>

Use Kerberos context in KRB5_DEBUG Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
9a3ba9ca00e73adc3fb17ce8afa532076768023b 14-Jun-2012 Jakub Hrozek <jhrozek@redhat.com>

Add support for storing credential caches in the DIR: back end https://fedorahosted.org/sssd/ticket/974
fd8595874aa06c8057740001ec465ba76b4af142 14-Jun-2012 Jakub Hrozek <jhrozek@redhat.com>

Add a credential cache back end structure To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
7b9f1e13c750fed76886513071a2b63949181ea4 14-Jun-2012 Jakub Hrozek <jhrozek@redhat.com>

Handle trailing slash in the ccname template With the DIR cache support, it's perfectly legal to specify a ccname directory that ends with a slash. The create_dir function did not handle that situation correctly.
768591607fc89d3a14fa00c9c8f78e83f3f6b565 22-Dec-2011 Stephen Gallagher <sgallagh@redhat.com>

Add compatibility layer for Heimdal Kerberos implementation
85ecf49fdacd910f804caab1be7bf68d23702dc9 21-Dec-2011 Jakub Hrozek <jhrozek@redhat.com>

Honor case sensitive flag when creating the ccname template
c1e843e07dc2cc8156b7a669add88f4a215f9ca4 20-May-2011 Jakub Hrozek <jhrozek@redhat.com>

Rename label in expand_ccname_template The label was named fail but used also in success cases.
79d7d82aa56c562e6fe2366aa63552b8d4f62834 12-May-2011 Jakub Hrozek <jhrozek@redhat.com>

Use a temporary memory context in expand_ccname_template
318f12c90208971a5b6d3574f0026601161d81c7 22-Feb-2011 Sumit Bose <sbose@redhat.com>

Check ccache file for renewable TGTs at startup
564d213ea3f0957a3337cd0f1d63e766e16ce6d8 16-Jun-2010 Stephen Gallagher <sgallagh@redhat.com>

Standardize on correct spelling of "principal" for krb5 https://fedorahosted.org/sssd/ticket/542
29752834fbf3a19e4e117668abfce4e4c7c48ee4 11-Mar-2010 Sumit Bose <sbose@redhat.com>

Add expandable sequences to krb5_ccachedir As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
953e07b7c43bc9bb7c7616180b1ba1730e22c59a 19-Feb-2010 Sumit Bose <sbose@redhat.com>

Remove unneeded items from struct pam_data
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab 18-Feb-2010 Stephen Gallagher <sgallagh@redhat.com>

Rename server/ directory to src/ Also update BUILD.txt

/sssd-io/BUILD.txt /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/Makefile.am /sssd-io/src/build_macros.m4 /sssd-io/src/conf_macros.m4 /sssd-io/src/confdb/confdb.c /sssd-io/src/confdb/confdb.h /sssd-io/src/confdb/confdb_private.h /sssd-io/src/confdb/confdb_setup.c /sssd-io/src/confdb/confdb_setup.h /sssd-io/src/config/SSSDConfig.py /sssd-io/src/config/SSSDConfigTest.py /sssd-io/src/config/etc/sssd.api.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ipa.conf /sssd-io/src/config/etc/sssd.api.d/sssd-krb5.conf /sssd-io/src/config/etc/sssd.api.d/sssd-ldap.conf /sssd-io/src/config/etc/sssd.api.d/sssd-local.conf /sssd-io/src/config/etc/sssd.api.d/sssd-proxy.conf /sssd-io/src/config/ipachangeconf.py /sssd-io/src/config/setup.py /sssd-io/src/config/testconfigs/noparse.api.conf /sssd-io/src/config/testconfigs/sssd-badversion.conf /sssd-io/src/config/testconfigs/sssd-invalid-badbool.conf /sssd-io/src/config/testconfigs/sssd-invalid.conf /sssd-io/src/config/testconfigs/sssd-noversion.conf /sssd-io/src/config/testconfigs/sssd-valid.conf /sssd-io/src/config/upgrade_config.py /sssd-io/src/configure.ac /sssd-io/src/db/sysdb.c /sssd-io/src/db/sysdb.h /sssd-io/src/db/sysdb_ops.c /sssd-io/src/db/sysdb_private.h /sssd-io/src/db/sysdb_search.c /sssd-io/src/doxy.config.in /sssd-io/src/examples/sssd.conf /sssd-io/src/examples/sssdproxytest /sssd-io/src/examples/sudo /sssd-io/src/external/crypto.m4 /sssd-io/src/external/docbook.m4 /sssd-io/src/external/krb5.m4 /sssd-io/src/external/ldap.m4 /sssd-io/src/external/libcares.m4 /sssd-io/src/external/libcollection.m4 /sssd-io/src/external/libdhash.m4 /sssd-io/src/external/libini_config.m4 /sssd-io/src/external/libldb.m4 /sssd-io/src/external/libpcre.m4 /sssd-io/src/external/libpopt.m4 /sssd-io/src/external/libtalloc.m4 /sssd-io/src/external/libtdb.m4 /sssd-io/src/external/libtevent.m4 /sssd-io/src/external/pam.m4 /sssd-io/src/external/pkg.m4 /sssd-io/src/external/platform.m4 /sssd-io/src/external/python.m4 /sssd-io/src/external/selinux.m4 /sssd-io/src/external/sizes.m4 /sssd-io/src/krb5_plugin/sssd_krb5_locator_plugin.c /sssd-io/src/ldb_modules/memberof.c /sssd-io/src/m4/.dir /sssd-io/src/man/include/failover.xml /sssd-io/src/man/include/param_help.xml /sssd-io/src/man/include/upstream.xml /sssd-io/src/man/sss_groupadd.8.xml /sssd-io/src/man/sss_groupdel.8.xml /sssd-io/src/man/sss_groupmod.8.xml /sssd-io/src/man/sss_groupshow.8.xml /sssd-io/src/man/sss_useradd.8.xml /sssd-io/src/man/sss_userdel.8.xml /sssd-io/src/man/sss_usermod.8.xml /sssd-io/src/man/sssd-ipa.5.xml /sssd-io/src/man/sssd-krb5.5.xml /sssd-io/src/man/sssd-ldap.5.xml /sssd-io/src/man/sssd.8.xml /sssd-io/src/man/sssd.conf.5.xml /sssd-io/src/man/sssd_krb5_locator_plugin.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/monitor/monitor.h /sssd-io/src/monitor/monitor_interfaces.h /sssd-io/src/monitor/monitor_sbus.c /sssd-io/src/po/LINGUAS /sssd-io/src/po/Makevars /sssd-io/src/po/POTFILES.in /sssd-io/src/po/de.po /sssd-io/src/po/es.po /sssd-io/src/po/fr.po /sssd-io/src/po/it.po /sssd-io/src/po/ja.po /sssd-io/src/po/nl.po /sssd-io/src/po/pl.po /sssd-io/src/po/pt.po /sssd-io/src/po/sss_daemon.pot /sssd-io/src/po/sv.po /sssd-io/src/providers/child_common.c /sssd-io/src/providers/child_common.h /sssd-io/src/providers/data_provider.h /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/data_provider_opts.c /sssd-io/src/providers/dp_auth_util.c /sssd-io/src/providers/dp_backend.h /sssd-io/src/providers/dp_sbus.c /sssd-io/src/providers/fail_over.c /sssd-io/src/providers/fail_over.h /sssd-io/src/providers/ipa/ipa_access.c /sssd-io/src/providers/ipa/ipa_access.h /sssd-io/src/providers/ipa/ipa_auth.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_common.c /sssd-io/src/providers/ipa/ipa_common.h /sssd-io/src/providers/ipa/ipa_init.c /sssd-io/src/providers/ipa/ipa_timerules.c /sssd-io/src/providers/ipa/ipa_timerules.h krb5_auth.c krb5_auth.h krb5_become_user.c krb5_child.c krb5_common.c krb5_common.h krb5_init.c krb5_utils.c krb5_utils.h /sssd-io/src/providers/ldap/ldap_auth.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/ldap_id.c /sssd-io/src/providers/ldap/ldap_id_cleanup.c /sssd-io/src/providers/ldap/ldap_id_enum.c /sssd-io/src/providers/ldap/ldap_init.c /sssd-io/src/providers/ldap/sdap.c /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_async.c /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_accounts.c /sssd-io/src/providers/ldap/sdap_async_connection.c /sssd-io/src/providers/ldap/sdap_async_private.h /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/providers/providers.h /sssd-io/src/providers/proxy.c /sssd-io/src/providers/sssd_be.exports /sssd-io/src/python/pysss.c /sssd-io/src/resolv/ares/ares_data.c /sssd-io/src/resolv/ares/ares_data.h /sssd-io/src/resolv/ares/ares_dns.h /sssd-io/src/resolv/ares/ares_parse_srv_reply.c /sssd-io/src/resolv/ares/ares_parse_srv_reply.h /sssd-io/src/resolv/ares/ares_parse_txt_reply.c /sssd-io/src/resolv/ares/ares_parse_txt_reply.h /sssd-io/src/resolv/async_resolv.c /sssd-io/src/resolv/async_resolv.h /sssd-io/src/responder/common/responder.h /sssd-io/src/responder/common/responder_cmd.c /sssd-io/src/responder/common/responder_common.c /sssd-io/src/responder/common/responder_dp.c /sssd-io/src/responder/common/responder_packet.c /sssd-io/src/responder/common/responder_packet.h /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/nss/nsssrv.h /sssd-io/src/responder/nss/nsssrv_cmd.c /sssd-io/src/responder/nss/nsssrv_nc.c /sssd-io/src/responder/nss/nsssrv_nc.h /sssd-io/src/responder/pam/pam_LOCAL_domain.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/pam/pamsrv.h /sssd-io/src/responder/pam/pamsrv_cmd.c /sssd-io/src/responder/pam/pamsrv_dp.c /sssd-io/src/sbus/sbus_client.c /sssd-io/src/sbus/sbus_client.h /sssd-io/src/sbus/sssd_dbus.h /sssd-io/src/sbus/sssd_dbus_common.c /sssd-io/src/sbus/sssd_dbus_connection.c /sssd-io/src/sbus/sssd_dbus_private.h /sssd-io/src/sbus/sssd_dbus_server.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/group.c /sssd-io/src/sss_client/man/pam_sss.8.xml /sssd-io/src/sss_client/pam_sss.c /sssd-io/src/sss_client/pam_test_client.c /sssd-io/src/sss_client/passwd.c /sssd-io/src/sss_client/protos.h /sssd-io/src/sss_client/sss_cli.h /sssd-io/src/sss_client/sss_nss.exports /sssd-io/src/sss_client/sss_pam.exports /sssd-io/src/sss_client/sss_pam_macros.h /sssd-io/src/sysv/SUSE/sssd /sssd-io/src/sysv/sssd /sssd-io/src/tests/auth-tests.c /sssd-io/src/tests/check_and_open-tests.c /sssd-io/src/tests/common.c /sssd-io/src/tests/common.h /sssd-io/src/tests/fail_over-tests.c /sssd-io/src/tests/files-tests.c /sssd-io/src/tests/find_uid-tests.c /sssd-io/src/tests/ipa_ldap_opt-tests.c /sssd-io/src/tests/ipa_timerules-tests.c /sssd-io/src/tests/krb5_utils-tests.c /sssd-io/src/tests/python-test.py /sssd-io/src/tests/refcount-tests.c /sssd-io/src/tests/resolv-tests.c /sssd-io/src/tests/stress-tests.c /sssd-io/src/tests/strtonum-tests.c /sssd-io/src/tests/sysdb-tests.c /sssd-io/src/tools/files.c /sssd-io/src/tools/sss_groupadd.c /sssd-io/src/tools/sss_groupdel.c /sssd-io/src/tools/sss_groupmod.c /sssd-io/src/tools/sss_groupshow.c /sssd-io/src/tools/sss_sync_ops.c /sssd-io/src/tools/sss_sync_ops.h /sssd-io/src/tools/sss_useradd.c /sssd-io/src/tools/sss_userdel.c /sssd-io/src/tools/sss_usermod.c /sssd-io/src/tools/tools_util.c /sssd-io/src/tools/tools_util.h /sssd-io/src/util/backup_file.c /sssd-io/src/util/check_and_open.c /sssd-io/src/util/crypto_sha512crypt.c /sssd-io/src/util/debug.c /sssd-io/src/util/dlinklist.h /sssd-io/src/util/find_uid.c /sssd-io/src/util/find_uid.h /sssd-io/src/util/memory.c /sssd-io/src/util/nss_sha512crypt.c /sssd-io/src/util/refcount.c /sssd-io/src/util/refcount.h /sssd-io/src/util/server.c /sssd-io/src/util/sha512crypt.h /sssd-io/src/util/signal.c /sssd-io/src/util/signal.m4 /sssd-io/src/util/sss_krb5.c /sssd-io/src/util/sss_krb5.h /sssd-io/src/util/sss_ldap.c /sssd-io/src/util/sss_ldap.h /sssd-io/src/util/strtonum.c /sssd-io/src/util/strtonum.h /sssd-io/src/util/user_info_msg.c /sssd-io/src/util/user_info_msg.h /sssd-io/src/util/usertools.c /sssd-io/src/util/util.c /sssd-io/src/util/util.h