Fix minor spelling mistakes Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESOLV: Fix "-Werror=null-dereference" caught by GCC Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: Remove limits.h from util/util.h limits.h is not used directly by util/util.h. The header file limits.h must be included in 17 files and after removing it from util.h it had to be added only to 4 missing files Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

Prevent use after free in fd_input_available When both TEVENT_FD_WRITE and TEVENT_FD_READ are set, and an error/EOF occurs when reading from the socket, we will get a use after free in the second call ares_process_fd. The first call will free the watch structure via a callback. Prevent this by calling ares_process_fd only once. Invalid read of size 4 at fd_input_available (async_resolv.c:147) by epoll_event_loop (tevent_epoll.c:728) by epoll_event_loop_once (tevent_epoll.c:926) by std_event_loop_once (tevent_standard.c:114) by _tevent_loop_once (tevent.c:533) by tevent_common_loop_wait (tevent.c:637) by std_event_loop_wait (tevent_standard.c:140) by server_loop (server.c:702) by main (data_provider_be.c:587) Address ... is 112 bytes inside a block of size 136 free'd at free (vg_replace_malloc.c:530) by _talloc_free_internal (talloc.c:1116) by _talloc_free (talloc.c:1647) by ares__close_sockets (ares__close_sockets.c:50) by handle_error (ares_process.c:679) by read_tcp_data (ares_process.c:391) by processfds (ares_process.c:138) by fd_input_available (async_resolv.c:144) by epoll_event_loop (tevent_epoll.c:728) by epoll_event_loop_once (tevent_epoll.c:926) by std_event_loop_once (tevent_standard.c:114) by _tevent_loop_once (tevent.c:533) by tevent_common_loop_wait (tevent.c:637) by std_event_loop_wait (tevent_standard.c:140) by server_loop (server.c:702) Resolves: https://fedorahosted.org/sssd/ticket/3250 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Make resolv_is_address() function public and create some basic tests Resolves: https://fedorahosted.org/sssd/ticket/2789 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Just return NULL if tevent_req_create() fails In general we just return NULL if tevent_req_create() fails because there is nothing we can do with the request anyway. Especially tevent_req_error() should not be called because it tries to dereference req. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

resolv: Use the same default timeout for SRV queries as previously When we changed the resolver code to use the TTL values from the DNS queries instead of harcoded ones, we changed the default value by accident. Add a separate SRV TTL that is backwards-compatible with the old harcoded value. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESOLV: Remove obsolete in-tree implementation of SRV and TXT parsing SSSD contained several backwards-compatible definitions of SRV and TXT APIs as well as structures that carry TTL data. These were intended for RHEL-5 and older releases. Since we don't support those upstream, it's better to remove the code -- it has drifted apart from upstream anyway. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESOLV: Add an internal function to read TTL from a DNS packet Related: https://fedorahosted.org/sssd/ticket/1884 Adds an internal resolver function that reads the TTL for SRV records as specified by RFC-2181. Several internal c-ares definitions are used until c-ares contains a function that exposes all this information via a parsing function. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

resolv: fix server sort by weight When the server list consist only from servers with zero weight the output list contained only one server. Resolves: https://fedorahosted.org/sssd/ticket/2357 Reviewed-by: Pavel Reichl <preichl@redhat.com>

resolv: Do not try to free addrinfo in case of error We should call freeaddrinfo only in situation if getaddrinfo succeeds. It is not specified in RFC2553 the behaviour of calling freeaddrinfo with the NULL argument. It is more portable to do not rely on undocumented behaviour of glibc. http://www.ietf.org/rfc/rfc2553.txt [Page 28] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Remove unused argument from resolv_gethostbyname_dns_parse Reviewed-by: Pavel Reichl <preichl@redhat.com>

resolv_gethostbyname_dns_parse(): remove tmp_ctx Resolves: https://fedorahosted.org/sssd/ticket/2198 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

resolv_sort_srv_reply: remove unnecessary mem_ctx

Lower timeout to contact DNS server c-ares timeout to wait for response from DNS server before moving to next DNS server is lowered from 5s to 2s. Partially solves https://fedorahosted.org/sssd/ticket/1966

Fixing critical format string issues. --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'

Actually use the index parameter in resolv_get_sockaddr_address_index

dyndns: New option dyndns_update_ptr https://fedorahosted.org/sssd/ticket/1832 While some servers, such as FreeIPA allow the PTR record to be synchronized when the forward record is updated, other servers, including Active Directory, require that the PTR record is synchronized manually. This patch adds a new option, dyndns_update_ptr that automatically generates appropriate DNS update message for updating the reverse zone. This option is off by default in the IPA provider. Also renames be_nsupdate_create_msg to be_nsupdate_create_fwd_msg

resolver: Return PTR record as string This is a requirement to update the PTR records. Includes a unit test.

Centralize resolv_init, remove resolv context list

Init failover with be_res options

Check for correct variable name https://fedorahosted.org/sssd/ticket/1864

use talloc_zfree when freeing rhostent in resolver We should use talloc_zfree() when freeing state variables, so we can later avoid undesirable access after free.

RESOLV: Do not steal the resulting hostent on error https://fedorahosted.org/sssd/ticket/1706

RESOLV: return ENOENT if the address list is empty

resolv_gethostbyname_send: strdup hostname to work properly when hostname is allocated on stack If we provide a hostname that was allocated on stack, it may contain invalid data in the time when it is actually resolved. This patch fixes it.

Return correct resolv_status on resolver timeout https://fedorahosted.org/sssd/ticket/1274

Resolver: Introduce a per-request timeout

resolver: Free the whole hostent structure We would only free the hostent structure itself, not its contents. Use a wrapper provided by c-ares to do so.

Use ares_search instead of ares_query for hostname resolution ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922

Allow returning arbitrary address from resolv_hostent as string

Split reading resolver family order into a separate function

Add sockaddr_storage to sdap_service

Provide TTL structure names for c-ares < 1.7 https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time.

Switch resolver to using resolv_hostent and honor TTL

Resolve hosts by name from DNS into resolv_hostent

Resolve hosts by name from files into resolv_hostent

Add new resolv_hostent data structure and utility functions

Add utility function to return IP address as string

Set c-ares to retry nameservers https://fedorahosted.org/sssd/ticket/867

Reschedule the fd timeout for secondary lookups We were unscheduling the timeout handler after the first lookup (A or AAAA) returned, but not rescheduling it if we went on to check the secondary record type. This resulted in the resolver never returning a result for the secondary lookup, which can mean that logins/screen unlocks after VPN drop or suspend/resume might never complete. Fixes https://fedorahosted.org/sssd/ticket/729

Fix timeouts for DNS resolver options.tries specifies the number of retries. Setting this to zero means to try exactly once. Previously we were always trying twice (internally). We want to simply honor the SSSD configuration and fail over to the next server (or go offline) after one try.

Internal DNS resolver should check /etc/hosts https://fedorahosted.org/sssd/ticket/686

Add dns_resolver_timeout option We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5)

Support SRV servers in failover Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6

Sort SRV replies according to RFC 2782 RFC 2782 defines a way to sort replies to a SRV query. In short, the algorithm sorts all replies by priority and then does a weight-based selection for every priority level. For details, please see the sections "Usage rules" for overview of the algorithm and section "The 'Weight' field" for description on the weight selection.

Do not mark a request as failed twice

Fix warnings from -Wmissing-field-initializers This patch removes some tab-indentations from pamsrv.c, too.

Restrict family lookups Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404

Rename server/ directory to src/ Also update BUILD.txt