sssctl: print active server and server list Resolves: https://fedorahosted.org/sssd/ticket/3069 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

FO: add fo_get_active_server() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

FO: Use refcount to keep track of servers returned to callers Resolves: https://fedorahosted.org/sssd/ticket/2829 Reviewed-by: Pavel Březina <pbrezina@redhat.com>

FO: Add an API to reset all servers in a single service Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com>

FO: Use SRV TTL in fail over code Resolves: https://fedorahosted.org/sssd/ticket/1884 Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

failover: Shorter retry time for failed SRV Until now there was only one timeout used to re-resolve SRV queries. This patch adds new (shorter) timeout that will be used for queries that previously failed. Resolves: https://fedorahosted.org/sssd/ticket/1885 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Remove unused constant

DNS sites support - SRV lookup plugin interface https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.

try primary server after retry_timeout + 1 seconds when switching to backup https://fedorahosted.org/sssd/ticket/1679 The problem is when we are about to reset the server status, we don't get through the timeout (30 seconds) because the "switch to primary server" task is scheduled 30 seconds after fall back to a backup server. Thus the server status remains "not working" and is resetted after another 30 seconds. We need to make sure that the server status is tried after the timeout period. retry_timeout is currently hardcoded to 30, thus the change in man page.

FO: Check server validity before setting status The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364

Duplicate detection in fail over did not work. https://fedorahosted.org/sssd/ticket/1472

Primary server support: basic support in failover code Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.

Only do one cycle when resolving a server https://fedorahosted.org/sssd/ticket/1214

Failover: Introduce a per-service timeout https://fedorahosted.org/sssd/ticket/976

fo_get_server_name() getter for a server name Allows to be more concise in tests and more defensive in resolve callbacks

Rename fo_get_server_name to fo_get_server_str_name

Switch resolver to using resolv_hostent and honor TTL

Run callbacks if server IP changes

Rename dns_domain to discovery domain for fo_add_srv_server()

Allow fallback to SSSD domain For backwards-compatibility with older versions of the SSSD (such as 1.2.x), we need to be able to have our DNS SRV record lookup be capable of falling back to using the SSSD domain name as the DNS discovery domain. This patch modifies our DNS lookups so that they behave as follows: If dns_discovery_domain is specified, it is considered authoritative. No other discovery domains will be attempted. If dns_discovery_domain is not specified, we first attempt to look up the SRV records using the domain portion of the machine's hostname. If this returns "NOTFOUND", we will try performing an SRV record query using the SSSD domain name as the DNS discovery domain. https://fedorahosted.org/sssd/ticket/754

Run checks before resetting offline state Before setting the backend to online during a reset offline request the check_online method if the ID provider is called. If the check_online method returns that the ID provider is still not reachable the backend stays offline. Otherwise the backend is switched to online and the related callbacks are run. Additionally the check online test is called during the res_init request because a change in /etc/resolve.conf might also make a server reachable which was assumed offline before.

Add an interface to try next fail-over server after connection to the active server was unexpectedly dropped.

Added an interface to query number of configured (and currently resolved through SRV records) failover servers.

Use service discovery in backends Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.

Support SRV servers in failover Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6

Restrict family lookups Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404

Fix licensing issues in SSSD

Rename server/ directory to src/ Also update BUILD.txt