For older platforms, do not add the 'realm' line in
the update message

Fixes for python HBAC bindings

These changes were proposed during a review:
 * Change the signature of str_concat_sequence() to const char *
 * use a getsetter for HbacRule.enabled to allow string true/false and
   integer 1/0 in addition to bool
 * fix a minor memory leak (HbacRequest.rule_name)
 * remove overzealous discard consts

Fix python HBAC bindings for python <= 2.4

Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.

The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
  arguments where they have "const char *" in recent versions.
  This caused compilation warnings this patch mitigates by using
  the discard_const hack on python 2.4

Remove dead code from python HBAC bindings

https://fedorahosted.org/sssd/ticket/935

Handle allocation error in python HBAC bindings

https://fedorahosted.org/sssd/ticket/934

HBAC rule validation Python bindings

https://fedorahosted.org/sssd/ticket/943

Add helper function msgs2attrs_array

This function converts a list of ldb_messages into a list of
sysdb_attrs.

Conflicts:

	src/providers/ldap/ldap_common.c
	src/providers/ldap/ldap_common.h

Add HBAC evaluator and tests

Add helper functions for looking up HBAC rule components

Remove old HBAC implementation

Add new HBAC lookup and evaluation routines

Conflicts:

	Makefile.am

Add ipa_hbac_refresh option

This option describes the time between refreshes of the HBAC rules
on the IPA server.

Add ipa_hbac_treat_deny_as option

By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.

Treat NULL or empty rhost as unknown

Previously, we were assuming this meant it was coming from the
localhost, but this is not a safe assumption. We will now treat it
as unknown and it will fail to match any rule that requires a
specified srchost or group of srchosts.

libipa_hbac: Support case-insensitive comparisons with UTF8

UTF8 HBAC test

Fix memory leak in ipa_hbac_evaluate_rules

https://fedorahosted.org/sssd/ticket/933

Fix incorrect NULL check in ipa_hbac_common.c

https://fedorahosted.org/sssd/ticket/936

Require matched version and release for libipa_hbac

Add rule validator to libipa_hbac

https://fedorahosted.org/sssd/ticket/943

Add sockaddr_storage to sdap_service

Add sdap_call_conn_cb() to call add connection callback directly

Use name based URI instead of IP address based URIs

Use ldap_init_fd() instead of ldap_initialize() if available

Do not access state after tevent_req_done() is called.

Call ldap_install_tls() on ldaps connections

Add new resolv_hostent data structure and utility functions

Resolve hosts by name from files into resolv_hostent

Resolve hosts by name from DNS into resolv_hostent

Switch resolver to using resolv_hostent and honor TTL

Conflicts:

	src/providers/fail_over.c

Provide TTL structure names for c-ares < 1.7

https://fedorahosted.org/sssd/ticket/898

In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to
ares_addrttl/ares_addr6ttl so they are in the ares_ namespace.

Because they are committed to stable ABI, the contents are the same, just
the name changed -- so it is safe to just #define the new name for older
c-ares version in case the new one is not detected in configure time.

Netlink 1.0 and older is buggy and unreliable, occasionally
causing tight-loops. We're no longer going to try to support it.

https://fedorahosted.org/sssd/ticket/755

libdhash version 0.4.2 is required because older versions cannot update
hash entries.