sssd.git/src/providers, branch subdommem

Set default DNS resolution timeout to 6 seconds.

2013-07-24T11:54:33+00:00

Partially solves ticket:
https://fedorahosted.org/sssd/ticket/1966

To avoid the problem mentioned in the ticket above, option
dns_discovery_domain must be set properly.

LDAP: Use domain-specific name where appropriate

2013-07-24T11:52:33+00:00

The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.

This is a temporary fix until we can refactor the sysdb API in #2011.

Fix possible dereference of a NULL pointer.

2013-07-23T16:18:03+00:00

We check if function ipa_get_ad_id_ctx returns NULL,
but function ipa_get_ad_id_ctx could never return NULL.
This issue was found by scan-build.

KRB5: Do not send PAC in server mode

2013-07-23T12:18:03+00:00

The krb5 child contacts the PAC responder for any user except for the
IPA native users if the PAC is configured. This works fine for the
general case but the ipa_server_mode is a special one. The PAC responder
is there, but since in the server mode we should be operating as AD
provider default, the PAC shouldn't be analyzed either in this case.

Fix warnings: uninitialized variable

2013-07-22T09:44:09+00:00

Remove unused memory context from function unpack_authtok

2013-07-22T09:00:03+00:00

Fix the default FQDN format

2013-07-19T15:49:43+00:00

Commit 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c changed the default FQDN
format by accident to the one we only ever user internally. This commit
fixes the mistake.

AD: Set the bool value same as default value in opts

2013-07-19T11:51:17+00:00

https://fedorahosted.org/sssd/ticket/2023

When the option values are copied using dp_opt_copy_map, the .val member
is used if it's not NULL. At the same time, the bool options are never
NULL, unlike integers or strings that can have special NULL-like values
such as NULL_STRING. This effectively means that when copying a bool
option, the .val member is always used.

But in the AD maps, some .val fields were set differently from the
.def_val fields. The effect was that when the AD subdomain provider was
initialized from IPA subdomain provider using only the defaults, some
options (notably referral chasing) were set to a value that didn't make
sense for the AD provider.

This patch makes sure that for all boolean option, the .val is always
the same as .def_val.

IPA: warn if full_name_format is customized in server mode

2013-07-19T11:47:05+00:00

https://fedorahosted.org/sssd/ticket/2009

If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.

The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.

However, the extdom plugin returns the user name without the domain
component.

With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic.

Add mising argument required by format string

2013-07-19T08:22:01+00:00