Fix minor spelling mistakes in responder/* Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Add parameter --logger to daemons Different binary handled information about logging differently e,g, --debug-to-files --debug-to-stderr And logging to journald was a special case of previous options (!debug_file && !debug_to_stderr). It was also tied to the monitor option "--daemon" and therefore loggind to stderr was used in interactive mode + systemd Type=notify. Resolves: https://pagure.io/SSSD/sssd/issue/3433 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

NSS: Specify memcache_timeout=0 semantics With this patch the memcache files will not be created when memcache_timeout is set to zero. Resolves: https://pagure.io/SSSD/sssd/issue/3496 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

NSS: Move memcache setup to separate function Related: https://pagure.io/SSSD/sssd/issue/3496 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

NSS: Move shell options to common responder Move all the shell-related options from the NSS responder context to the common responder context, so they can be used by other responders for retrieving original user shell, when it is overrided for session recording. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NSS: Fix typo inigroups -> initgroups Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

NSS: Make NSS responder socket-activatable As part of the effort of making all responders socket-activatable, let's make the NSS responder ready for this by providing its systemd's units. In case the administrators want to use NSS responder taking advantage of socket-activation they will need to enable sssd-nss.socket and after a restart of the sssd service, the NSS socket will be ready waiting for any activity in order to start the NSS responder. Also, the NSS responder must be removed from the services line on sssd.conf. The NSS responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Is quite important to mention that NSS responder will always run as root. The reason behind this is that systemd calls getpwnam() and getgprnam() when "User="/"Group=" is set to something different than "root". As it's done _before_ starting NSS responder, the clients would end up hanging for a few minutes (due to "default_client_timeout"), which is something that we really want to avoid. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

nss: rewrite nss responder so it uses cache_req Given the size of the current nss responder it was quite impossible to simply switch into using the cache_req interface, especially because most of the code was duplication of cache lookups. This patch completely rewrites the responder from scratch. The amount of code was reduced to less than a half lines of code with no code duplication, better documentation and better maintainability and readability. All functionality should be intact. *Code organization* All protocol (parsing input message and send a reply) is placed in nss_protocol.c. Functions that deals with creating a reply packet are placed into their specific nss_protocol_$object.c files. All supported commands are placed into nss_cmd.c. Functions that deals with cache req are in nss_get_object.c and nss_enum.c. *Code flow for non-enumeration* An nss_getby_$input-type is called for each non-enumeration command. This function parses the input message, creates a cache_req_data structure and issues nss_get_object that calls cache_req. When this request is done nss_getby_done make sure a reply is sent to the client. *Comments on enumeration* I made some effort to make sure enumeration shares the same code for users, groups, services and netgroups. Netgroups now uses nss negative cache instead of implementing its own. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

nss: move nss_ctx->global_names to rctx Global names context is used to parse AD well known SIDs and names into its opposite. This patch moves definition of this parameter from nss responder into common responder context so it can be used also by other responders. This change will be use to enable looking up well known SIDs and names directly in cache_req. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

MONITOR: Remove unused shutDown sbus method The shutDown method has not been used or set for a long time. Trim the internal interface by removing all references to this internal method. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

MONITOR: Remove deprecated pong sbus method The pong method is deprecated since we started using the watchdog. Since this is dead code, it makes sense to just remove it. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

NSS: Remove unused functions When removing the old data provider I noticed that those functions are not used at all. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

DP: Remove old data provider interface Reverse data provider interface is moved to a better location in NSS responder. All responders now can have an sbus interface defined per data provider connection. The unused old data provider interface is removed. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Responders: Make the client context more generic This is useufl to allow reusing the responder code with other protocols. Store protocol data and responder state data behind opaque pointers and use tallog_get_type to check they are of the right type. This also allows to store per responder state_ctx so that, for example, the autofs responder does not have to carry useless variables used only by the nss responder. Resolves: https://fedorahosted.org/sssd/ticket/2918 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

RESPONDER: New interface for client registration This is just a beginning of new responder interface to data provider and it is just to make the client registration work. It needs further improvement. The idea is to take the existing interface and make it work better with further extensions of data provider. The current interface has several disadvantages such as it is originally build only for account requests and doesn't take different set of output parameters. It also doesn't work well with integration into tevent-made responders. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

RESPONDER: Removing ncache from nss_ctx This patch switches ncache from nss_ctx to resp_ctx. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

RESPONDER: Removing neg_timeout from nss responder Timeout of negative cahce is handled by internal negative cache context. This patch removes neg_timeout from struct nss_ctx. Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NEGCACHE: Adding timeout to struct sss_nc_ctx It adds timeout of negative cache to handling struct sss_nc_ctx. There is one change in API of negatice cache: * int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout, <----- new struct sss_nc_ctx **_ctx); There is also one new function in common/responder: * errno_t responder_get_neg_timeout_from_confdb(struct confdb_ctx *cdb, uint32_t *ncache_timeout); Resolves: https://fedorahosted.org/sssd/ticket/2317 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

NSS: Don't ignore backslash in usernames with ldap provider The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com>

nss: Store entries in responder to initgr mmap cache Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com>

responders: reset ncache after domains are discovered during startup After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

nss: parse user_attributes option Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

RESPONDERS: Set default value for umask Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

responders: Do not initialize pipe fd if already present Allow to skip initialization of pipe file descriptor if the responder context already has one. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

NSS: Run as a user specified by monitor Adds the NSS responder to the list of services known to work as a non-root user and becomes the specified user after starting the NSS responder. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SSSD: Add the options to specify a UID and GID to run as Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>

Make the space override responder-agnostic https://fedorahosted.org/sssd/ticket/2397 In order to make the override_space option usable by other responders, we need to move the override_space option to the generic responder structure. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Only replace space with the specified substitution https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

NSS: Replace spaces with specified string in names. This patch add possibility to replace whitespace in user and group names with a specified string. With string "-", sssd will return the same result as winbind enabled option "winbind normalize names" Resolves: https://fedorahosted.org/sssd/ticket/1854 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>

IFP: Provide a SBUS method to reconnect to sysbus Introduces a new method implemented only by the IFP responder. When this method is received, the responder attempts to reconnect to the system bus, if not connected already. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>

NSS: Add option to expand homedir template format LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853

sbus: Add the sbus_request_parse_or_finish() method Some DBus types returned from dbus_message_get_args() require memory to be released when done. We automatically attach these to the talloc struct sbus_request memory context in this function. This accepts varargs similar to dbus_message_get_args(), which are rather awkward. However instead of reworking them completely, future generated marshalling code will replace most uses of these varargs. If parsing the dbus message fails, then it responds to the DBus caller with an appropriate error such as o.f.D.Error.InvalidArgs. In these cases (ie: when it returns FALSE) the sbus_request is finished. Migrated some, but not all, uses of dbus_message_get_args() to the new function. Some instances have uncommon semantics such as terminating the connection upon failure to parse a message. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Refactor how we export DBus interfaces Most importantly, stop using per connection private data. This doesn't scale when you have more than one thing exporting or exported on a connection. Remove struct sbus_interface and expand sbus_conn_add_interface() function. Remove various struct sbus_interface args to connection initialization functions and make callers use sbus_conn_add_interface() directly. The old method was optimized for exporting one interface on a connection. We'll have connections that export zero, one or more interfaces. To export an interface on a DBus server, call sbus_conn_add_interface() from within the sbus_server_conn_init_fn. To export an interface on a DBus client, call sbus_conn_add_interface() after sbus_new_connection() returns. As before struct sbus_interface represents an object exported via DBus. However it is now talloc allocated. One can set instance data on the struct sbus_interface. This instance data is passed to the various handlers and used in their implementation. However, we now have type safe interface exporting in the various high level sss_process_init() sss_monitor_init() and so on. Introspection support was not in use, and is now gone until we implement it using the metadata (future patch). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Add struct sbus_request to represent a DBus invocation struct sbus_request represents a request from a dbus client being handled by a dbus server implementation. The struct contains the message, connection and method (and in the future teh property) which is being requested. In the future it will contain caller information as well. sbus_request is a talloc memory context, and is a good place to attach any allocations and memory specific to the request. Each handler accepts an sbus_request. If a handler returns EOK, it is assumed that the handler will finish the request. Any of the sbus_request_*finish() methods can be used to complete the request and send back a reply. sbus_request_return_and_finish() uses the same argument varargs syntax as dbus_message_append_args(), which isn't a great syntax. Document it a bit, but don't try to redesign: The marshalling work (will follow this patch set) will remove the need to use varargs for most DBus implementation code. This patch migrates the monitor and data provider dbus code to use sbus_request, but does not try to rework the talloc context's to use it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

sbus: Rework sbus to use interface metadata and vtables Previous commits added support for interface metadata and handler vtables. This commit ports sbus_dbus_connection to use them. Port the internal uses of dbus to use the new scheme in a very minimal way. Further cleanup is possible here. This commit provides basic definitions of the internal dbus interfaces. The interfaces aren't fully defined, as the handlers will continue to unpack manually, and often overload DBus methods with different arguments (which is rather unorthodox, but not the end of the world). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

nss: Stop using one DBus interface with totally different methods This is an incorrect use of DBus, where we use a single interface name with completely different sets of methods. Easily fixed. Once the vtable stuff is in use then this would be automatically detected and fail to build. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

nss: save global name configuration to the nss context

Include external headers with #include <foo.h> I find it more readable to include headers from outside the sssd tree with <foo.h>, not "foo.h". The latter should be used for in-tree headers only.

nss: Wrong debug message.

util: add sss_idmap_talloc[_free] Remove code duplication.

NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759

NSS: allow removing entries from netgroup hash table There is a timed desctructor in the nss responder that, when the entry timeout passes, removes the netgroup from the hash table while the netgroup is freed. This patch adds a hash delete callback so that if the netgroup is removed from the hash table with hash_delete, its hash table pointer will be invalidated. Later, when the entry is being freed, the destructor won't attempt to remove it from the hash table.

Lookup domains at startup To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951

Add idmap context to nss context This allows the nss responder to use libsss_idmap to convert between different SID representations.

change responder contexts hierarchy https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.

do not leak memory on failure in *_process_init()

RESPONDERS: Create a common file with service names and versions The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/

Hook for mmap cache update on initgroup calls This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.

Hook to perform a mmap cache update from sssd_nss This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.

Include talloc log in our debug facility https://fedorahosted.org/sssd/ticket/1495

Fix few coding style issues

sss_cache tool invalidates records in memory cache.

NSS: Add override_shell option If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087

Add newline to DEBUG messages

Move some debug lines to new debug log levels * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113

Make re_expression and full_name_format per domain options * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663

Allow fast memcache timeout to be configurable https://fedorahosted.org/sssd/ticket/1318

NSS: Add default_shell option This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289

NSS: Add fallback_homedir option This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250

Modified responder_get_domain() Now it checks for subdomains as well as for the domain itself

nsssrv: add handling of memory cache group map

nsssrv: shared memory cache server initialization

Use the correct hash table for pending requests The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229

Don't give memory context in confdb where not needed

RESPONDERS: Make the fd_limit setting configurable This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197

RESPONDERS: Allow increasing the file-descriptor limit This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197

NSS: Use sss_hash_create instead of destructor

nsssrv: remove unused macro

Cleanup: Remove unused parameters

Enable the midpoint cache update by default https://fedorahosted.org/sssd/ticket/918

New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);

New DEBUG facility - conversion https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)

Remove unused temporary context

Add vetoed_shells option There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

Add new options to override shell value https://fedorahosted.org/sssd/ticket/742

Add a new option to override home directory value https://fedorahosted.org/sssd/ticket/551

Add a new option to override primary GID number https://fedorahosted.org/sssd/ticket/742

Allow changing the log level without restart We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.

Do not leak netgroups hash table

Remove all nss requests after a reconnect Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.

Add netgroup support to the NSS responder

Move setup of filter_users and filter_groups to negcache.c Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.

Refactor the negative cache Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h

Fix warnings from -Wmissing-field-initializers This patch removes some tab-indentations from pamsrv.c, too.

Make filter_users and filter_groups also per-domain Fixes: #290

Reopen logs when SIGHUP is caught Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332

Eliminate monitor reconfig We disabled live reconfiguration a long time ago with the intent of fixing it so that it wasn't completely broken, but we've decided that live updates are too delicate to handle all cases gracefully. For the forseeable future, we will rely on process restart for updating the configuration. Furthermore, we had not completely disabled live updates. It would still attempt to run if we sent a SIGHUP. This has also been eliminated.

Remove unnecessary "domain" parameter from DP registration This was a holdover from when the DP and the providers were unique processes. The NSS and PAM registrations do not need to send the domain, as it is not ambiguous which one they are talking to.

Rename server/ directory to src/ Also update BUILD.txt