sssd.git/src/providers, branch intg_test sssd with jhrozek's patches HBAC: Better libhbac debugging 2015-10-01T19:37:30+00:00 Petr Cech pcech@redhat.com 2015-07-24T14:56:49+00:00 65ce66c43141f7e5c8482a8f8e7e217a23791588 Added support for logging via external log function. Log provides information about rules evaluating (HBAC_DBG_INFO level) and additionally can describe rules (HBAC_DBG_TRACE level). Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com> 
Added support for logging via external log function.
Log provides information about rules evaluating (HBAC_DBG_INFO level)
and additionally can describe rules (HBAC_DBG_TRACE level).

Resolves:
https://fedorahosted.org/sssd/ticket/2703

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
AD: add debug messages for netlogon get info 2015-09-30T13:39:11+00:00 Pavel Reichl preichl@redhat.com 2015-09-22T15:00:38+00:00 1e87219471c1220c773ea75b211ad0a4d087d869 Reviewed-by: Petr Cech <pcech@redhat.com> 
Reviewed-by: Petr Cech <pcech@redhat.com>
AD: inicialize root_domain_attrs field 2015-09-30T07:48:33+00:00 Pavel Reichl preichl@redhat.com 2015-09-24T15:03:12+00:00 101628a48d25ffae3b13c75d0b0b01577188c803 Resolves: https://fedorahosted.org/sssd/ticket/2805 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2805

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Retry fetching keytab if IPA user lookup fails 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-17T15:11:34+00:00 42bd89dbe77846b6ee60365bba50da521745bca1 Required for: https://fedorahosted.org/sssd/ticket/2639 Instead of calling ipa_get_ad_acct_send directly, call a new request ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and either tries to request a new keytab every time the lookup fails but the domain is online. be_mark_dom_offline() is called when the retry fails with the new code. The retry tries to re-setup the trusted domain. With two-way setups, the request is a no-op. With one-way trust setups, the request re-fetches new keytab unconditionally. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Required for:
    https://fedorahosted.org/sssd/ticket/2639

Instead of calling ipa_get_ad_acct_send directly, call a new request
ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
either tries to request a new keytab every time the lookup fails but the
domain is online.

be_mark_dom_offline() is called when the retry fails with the new code.

The retry tries to re-setup the trusted domain. With two-way setups, the
request is a no-op. With one-way trust setups, the request re-fetches
new keytab unconditionally.

Reviewed-by: Sumit Bose <sbose@redhat.com>
FO: Also reset the server common data in addition to SRV 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-21T10:31:38+00:00 bc58e1cfee742178f95922d964349d6c262f6df7 In a server that is expanded from a SRV query was reset, only it's 'meta-server' status was set to neutral, but the server->common structure still retained its not_working status. This patch also resets the status of the common structure so that both the SRV query and resolving the server are retried next time. Reviewed-by: Sumit Bose <sbose@redhat.com> 
In a server that is expanded from a SRV query was reset, only it's
'meta-server' status was set to neutral, but the server->common
structure still retained its not_working status.

This patch also resets the status of the common structure so that both
the SRV query and resolving the server are retried next time.

Reviewed-by: Sumit Bose <sbose@redhat.com>
FO: Add an API to reset all servers in a single service 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-21T10:31:18+00:00 669ce24f8157b7d79914b3eb5a18214ef42aacc8 Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Required for:
    https://fedorahosted.org/sssd/ticket/2639

Previously, we had a function that allowed the caller to reset the
status of all services in the global fail over context. This patch adds
a new function that allows the caller to reset a single service instead.

The main user would be IPA subdomain provider that might need to reset
the status of an AD trusted domain on demand.

Reviewed-by: Sumit Bose <sbose@redhat.com>
IPA: Change ipa_server_trust_add_send request to be reusable from ID code 2015-09-23T21:08:50+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-17T15:09:24+00:00 4c53f8b7400630ae06459aa8b5079427edcaa348 Required for: https://fedorahosted.org/sssd/ticket/2639 Expose a request ipa_server_trusted_dom_setup_send that sets up a trusted domain. The setup might include actions like retrieving a keytab for one-way trusts. Creating the AD ID context for the trused domain is now done in the caller of this new request. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Required for:
    https://fedorahosted.org/sssd/ticket/2639

Expose a request ipa_server_trusted_dom_setup_send that sets up a
trusted domain. The setup might include actions like retrieving a keytab
for one-way trusts.

Creating the AD ID context for the trused domain is now done in the
caller of this new request.

Reviewed-by: Sumit Bose <sbose@redhat.com>
DYNDNS: Return right error code in case of failure 2015-09-23T13:32:01+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-09-23T11:50:22+00:00 75889713afc99ea52f4ff13b40672a12b28bdd41 The variable will be zero if getifaddrs succeeds and therefore wrong error code will be returned in case of insufficient memory (talloc_zero failed) Reviewed-by: Pavel Reichl <preichl@redhat.com> 
The variable will be zero if getifaddrs succeeds
and therefore wrong error code will be returned
in case of insufficient memory (talloc_zero failed)

Reviewed-by: Pavel Reichl <preichl@redhat.com>
DDNS: execute nsupdate for single update of PTR rec 2015-09-22T12:51:22+00:00 Pavel Reichl preichl@redhat.com 2015-09-12T13:09:35+00:00 eeac17ebbe38f16deaa8599231cccfc97aaac85c nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
nsupdate fails definitely if any of update request fails when GSSAPI is used.

As tmp solution nsupdate is executed for each update.

Resolves:
https://fedorahosted.org/sssd/ticket/2783

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA PROVIDER: Resolve nested netgroup membership 2015-09-22T12:43:26+00:00 Petr Cech pcech@redhat.com 2015-09-02T15:51:12+00:00 e6595222c41af84288d303e8d464ce45b1408ed3 Informations about usergroup membership are stored in memberOf attribute. And informations about hostgroup membership are stored in originalMemberOf. This patch add appropriate memberOf attributes for searching in. Ticket: https://fedorahosted.org/sssd/ticket/2275 Reviewed-by: Sumit Bose <sbose@redhat.com> 
Informations about usergroup membership are stored in memberOf
attribute. And informations about hostgroup membership are stored
in originalMemberOf.
This patch add appropriate memberOf attributes
for searching in.

Ticket: https://fedorahosted.org/sssd/ticket/2275

Reviewed-by: Sumit Bose <sbose@redhat.com>