From 85427c072c7c65bde284417498c522b4d8916690 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 20 Oct 2016 16:06:13 +0200
Subject: [PATCH] New upstream release 1.14.2

- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
---
 .gitignore                                    |   1 +
 ...ux_provider-is-a-valid-provider-type.patch |  79 ---
 ...sion_provider-does-not-exist-anymore.patch |  81 ---
 ...-fqname-when-converting-to-lowercase.patch |  40 --
 ...netgroup.py-Resolve-nested-netgroups.patch | 253 ---------
 ...xing-of-removing-netgroup-from-cache.patch |  50 --
 ...ng-support-for-netgroups-to-ldap_ent.patch |  54 --
 ...INTG-Tests-for-ldap-nested-netgroups.patch | 501 ------------------
 0008-watchdog-cope-with-time-shift.patch      |  97 ----
 ...Allow-to-read-private-pipes-for-root.patch |  82 ---
 0010-SYSDB-Rework-sysdb_cache_connect.patch   | 124 -----
 ...-timestamp-cache-for-a-newly-created.patch | 152 ------
 ...NOENT-when_deleting-a-non-existent-s.patch |  48 --
 0013-SPEC-Fix-typo-in-Summary.patch           |  27 -
 ...ied-names-when-guessing-AD-user-prin.patch |  62 ---
 ...e-lowercase-attribute-from-save_user.patch | 114 ----
 ...che_timeout-attribute-from-save_user.patch |  92 ----
 ...he_timeout-attribute-from-save_group.patch |  76 ---
 ...at-save_user-s-parameters-are-alread.patch |  40 --
 ...hare-common-code-of-save_-group-user.patch | 222 --------
 ...DB-Fix-uninitialized-scalar-variable.patch |  36 --
 ...dd-a-few-more-targets-for-intg-tests.patch |  82 ---
 0022-BUILD-Clean-up-prerelease-targets.patch  |  60 ---
 ...BUILD-Fix-typo-in-intgcheck-run-rule.patch |  34 --
 ...ove-leftover-after-sysdb-refactoring.patch |  29 -
 ...-the-no-longer-used-diag_cmd-command.patch | 239 ---------
 ...he-no-longer-used-kill_service-comma.patch | 289 ----------
 ...CHDOG-define-and-use-_MAX_TICKS-as-3.patch |  44 --
 ...-PROXY-Use-right-name-in-ldap-filter.patch |  52 --
 ...ECRETS-Make-internal-function-static.patch |  31 --
 ...ding-the-config-options-more-uniform.patch |  34 --
 ...and-unify-ipa-with-ad-debug-message-.patch |  46 --
 0032-netlink-Don-t-define-USE_GNU.patch       |  42 --
 ...NITOR-Remove-leftovers-from-diag_cmd.patch | 140 -----
 ...R-Remove-leftovers-from-kill_service.patch | 175 ------
 ...handling-in-sysdb_get_user_members_r.patch |  51 --
 ...ne-feed-to-messages-from-libsemanage.patch |  34 --
 ...t-the-ldap_user_primary_group-option.patch |  43 --
 ...ed_get_membership_diff-use-fully-qua.patch |  36 --
 0039-SYSDB-Removing-of-unused-parameter.patch |  50 --
 ...s-warning-from-clang-static-analyser.patch |  38 --
 0041-TOOLS-Fix-a-typo-in-groupadd.patch       |  33 --
 0042-TOOLS-sss_groupshow-did-not-work.patch   |  60 ---
 ...S-sss_groupadd-groupshow-regressions.patch |  76 ---
 0044-TOOLS-use-internal-fqdn-for-DN.patch     |  57 --
 0045-TESTS-Test-for-sss_user-groupmod-a.patch |  66 ---
 ...resh_nested_group-short-fqname-usage.patch | 138 -----
 ...STS-Add-FQDN-variants-for-some-tests.patch | 117 ----
 ...tput-username-not-internal-fqname-to.patch | 156 ------
 ...-disable-netlink-command-line-option.patch | 113 ----
 0050-MONITOR-Add-disable_netlink-option.patch | 163 ------
 ...S-sss_override-without-name-override.patch |  67 ---
 ...-Add-regression-test-for-ticket-3179.patch | 203 -------
 ...OOLS-sss_groupshow-fails-to-show-MPG.patch |  60 ---
 0054-TESTS-sss_groupshow-with-MPG.patch       |  55 --
 ...-Return-ERR_NETWORK_IO-on-clock-skew.patch |  37 --
 ...paging-attribute-in-sdap_get_generic.patch |  54 --
 ...OXY-Adding-proxy_max_children-option.patch | 151 ------
 ...y-the-right-type-when-checking-conta.patch |  50 --
 ...ial-results-from-adminlimit-exceeded.patch |  42 --
 ...nual-update-IPA-native-LDAP-tree-sup.patch |  44 --
 ...S11_LOGIN_TOKEN_NAME-if-gdm-smartcar.patch | 267 ----------
 0062-p11-return-a-fully-qualified-name.patch  | 100 ----
 ...am_sss-check-PKCS11_LOGIN_TOKEN_NAME.patch | 109 ----
 ...move-a-container-when-it-has-childre.patch |  81 ---
 ...ly-when-memory-is-expected-to-be-all.patch |  37 --
 ...xing-of-const-warnings-in-sbus-tests.patch |  82 ---
 ...MAKEFILE-Fixing-CFLAGS-in-some-tests.patch |  61 ---
 ...tegration-tests-for-the-sssd-secrets.patch | 395 --------------
 ...ix-offline-resolution-of-autofs-maps.patch |  58 --
 ...-Fix-offline-resolution-of-netgroups.patch |  44 --
 ...TS-Test-offline-netgroups-resolution.patch |  78 ---
 ...-double-semicolon-at-the-end-of-line.patch | 289 ----------
 ...Add-simple-test-for-double-semicolon.patch |  98 ----
 ...-normally-when-no-new-server-is-foun.patch |  81 ---
 ...ession-test-for-upstream-ticket-3131.patch | 111 ----
 ...er-and-group-unique-IDs-through-DBus.patch | 239 ---------
 ...t-fail-with-nonexisting-domains-serv.patch | 125 -----
 ...on-packages-using-macro-python_provi.patch | 268 ----------
 ...Fixing-FQ-name-of-user-in-krb5_setup.patch | 202 -------
 ...ssd-update-interface-to-version-0.13.patch | 161 ------
 sources                                       |   2 +-
 sssd.spec                                     | 103 +---
 83 files changed, 10 insertions(+), 8503 deletions(-)
 delete mode 100644 0001-CONFIG-selinux_provider-is-a-valid-provider-type.patch
 delete mode 100644 0002-CONFIG-session_provider-does-not-exist-anymore.patch
 delete mode 100644 0003-PROXY-Use-the-fqname-when-converting-to-lowercase.patch
 delete mode 100644 0004-sssd_netgroup.py-Resolve-nested-netgroups.patch
 delete mode 100644 0005-LDAP-Fixing-of-removing-netgroup-from-cache.patch
 delete mode 100644 0006-INTG-Adding-support-for-netgroups-to-ldap_ent.patch
 delete mode 100644 0007-INTG-Tests-for-ldap-nested-netgroups.patch
 delete mode 100644 0008-watchdog-cope-with-time-shift.patch
 delete mode 100644 0009-BUILD-Allow-to-read-private-pipes-for-root.patch
 delete mode 100644 0010-SYSDB-Rework-sysdb_cache_connect.patch
 delete mode 100644 0011-SYSDB-Remove-the-timestamp-cache-for-a-newly-created.patch
 delete mode 100644 0012-SECRETS-Return-ENOENT-when_deleting-a-non-existent-s.patch
 delete mode 100644 0013-SPEC-Fix-typo-in-Summary.patch
 delete mode 100644 0014-IPA-Parse-qualified-names-when-guessing-AD-user-prin.patch
 delete mode 100644 0015-PROXY-Remove-lowercase-attribute-from-save_user.patch
 delete mode 100644 0016-PROXY-Remove-cache_timeout-attribute-from-save_user.patch
 delete mode 100644 0017-PROXY-Remove-cache_timeout-attribute-from-save_group.patch
 delete mode 100644 0018-PROXY-Mention-that-save_user-s-parameters-are-alread.patch
 delete mode 100644 0019-PROXY-Share-common-code-of-save_-group-user.patch
 delete mode 100644 0020-SYSDB-Fix-uninitialized-scalar-variable.patch
 delete mode 100644 0021-BUILD-Add-a-few-more-targets-for-intg-tests.patch
 delete mode 100644 0022-BUILD-Clean-up-prerelease-targets.patch
 delete mode 100644 0023-BUILD-Fix-typo-in-intgcheck-run-rule.patch
 delete mode 100644 0024-BUILD-Remove-leftover-after-sysdb-refactoring.patch
 delete mode 100644 0025-MONITOR-Remove-the-no-longer-used-diag_cmd-command.patch
 delete mode 100644 0026-MONITOR-Remove-the-no-longer-used-kill_service-comma.patch
 delete mode 100644 0027-WATCHDOG-define-and-use-_MAX_TICKS-as-3.patch
 delete mode 100644 0028-PROXY-Use-right-name-in-ldap-filter.patch
 delete mode 100644 0029-SECRETS-Make-internal-function-static.patch
 delete mode 100644 0030-SECRETS-Make-reading-the-config-options-more-uniform.patch
 delete mode 100644 0031-dyndns-fix-typo-and-unify-ipa-with-ad-debug-message-.patch
 delete mode 100644 0032-netlink-Don-t-define-USE_GNU.patch
 delete mode 100644 0033-MONITOR-Remove-leftovers-from-diag_cmd.patch
 delete mode 100644 0034-MONITOR-Remove-leftovers-from-kill_service.patch
 delete mode 100644 0035-SYSDB-Fix-error-handling-in-sysdb_get_user_members_r.patch
 delete mode 100644 0036-DEBUG-Apend-line-feed-to-messages-from-libsemanage.patch
 delete mode 100644 0037-MAN-Document-the-ldap_user_primary_group-option.patch
 delete mode 100644 0038-sdap_initgr_nested_get_membership_diff-use-fully-qua.patch
 delete mode 100644 0039-SYSDB-Removing-of-unused-parameter.patch
 delete mode 100644 0040-SYSDB-Suppress-warning-from-clang-static-analyser.patch
 delete mode 100644 0041-TOOLS-Fix-a-typo-in-groupadd.patch
 delete mode 100644 0042-TOOLS-sss_groupshow-did-not-work.patch
 delete mode 100644 0043-TESTS-sss_groupadd-groupshow-regressions.patch
 delete mode 100644 0044-TOOLS-use-internal-fqdn-for-DN.patch
 delete mode 100644 0045-TESTS-Test-for-sss_user-groupmod-a.patch
 delete mode 100644 0046-TOOLS-sss_mc_refresh_nested_group-short-fqname-usage.patch
 delete mode 100644 0047-TESTS-Add-FQDN-variants-for-some-tests.patch
 delete mode 100644 0048-KRB5-Send-the-output-username-not-internal-fqname-to.patch
 delete mode 100644 0049-MONITOR-Remove-disable-netlink-command-line-option.patch
 delete mode 100644 0050-MONITOR-Add-disable_netlink-option.patch
 delete mode 100644 0051-TOOLS-sss_override-without-name-override.patch
 delete mode 100644 0052-TEST-Add-regression-test-for-ticket-3179.patch
 delete mode 100644 0053-TOOLS-sss_groupshow-fails-to-show-MPG.patch
 delete mode 100644 0054-TESTS-sss_groupshow-with-MPG.patch
 delete mode 100644 0055-KRB5-Return-ERR_NETWORK_IO-on-clock-skew.patch
 delete mode 100644 0056-SDAP-Fix-settig-paging-attribute-in-sdap_get_generic.patch
 delete mode 100644 0057-PROXY-Adding-proxy_max_children-option.patch
 delete mode 100644 0058-SECRETS-Search-by-the-right-type-when-checking-conta.patch
 delete mode 100644 0059-LDAP-Return-partial-results-from-adminlimit-exceeded.patch
 delete mode 100644 0060-MAN-sssd-sudo-manual-update-IPA-native-LDAP-tree-sup.patch
 delete mode 100644 0061-p11-only-set-PKCS11_LOGIN_TOKEN_NAME-if-gdm-smartcar.patch
 delete mode 100644 0062-p11-return-a-fully-qualified-name.patch
 delete mode 100644 0063-pam_sss-check-PKCS11_LOGIN_TOKEN_NAME.patch
 delete mode 100644 0064-SECRETS-Don-t-remove-a-container-when-it-has-childre.patch
 delete mode 100644 0065-PAM-call-free-only-when-memory-is-expected-to-be-all.patch
 delete mode 100644 0066-TESTS-Fixing-of-const-warnings-in-sbus-tests.patch
 delete mode 100644 0067-MAKEFILE-Fixing-CFLAGS-in-some-tests.patch
 delete mode 100644 0068-TESTS-Add-integration-tests-for-the-sssd-secrets.patch
 delete mode 100644 0069-AUTOFS-Fix-offline-resolution-of-autofs-maps.patch
 delete mode 100644 0070-NSS-Fix-offline-resolution-of-netgroups.patch
 delete mode 100644 0071-TESTS-Test-offline-netgroups-resolution.patch
 delete mode 100644 0072-Remove-double-semicolon-at-the-end-of-line.patch
 delete mode 100644 0073-TESTS-Add-simple-test-for-double-semicolon.patch
 delete mode 100644 0074-failover-proceed-normally-when-no-new-server-is-foun.patch
 delete mode 100644 0075-tests-Add-a-regression-test-for-upstream-ticket-3131.patch
 delete mode 100644 0076-IFP-expose-user-and-group-unique-IDs-through-DBus.patch
 delete mode 100644 0077-SSSDConfig-Do-not-fail-with-nonexisting-domains-serv.patch
 delete mode 100644 0078-SPEC-Rename-python-packages-using-macro-python_provi.patch
 delete mode 100644 0079-KRB5-Fixing-FQ-name-of-user-in-krb5_setup.patch
 delete mode 100644 0080-libwbclient-sssd-update-interface-to-version-0.13.patch

diff --git a/.gitignore b/.gitignore
index 9ce063f..aae043e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -72,3 +72,4 @@ sssd-1.2.91.tar.gz
 /sssd-1.14.0beta1.tar.gz
 /sssd-1.14.0.tar.gz
 /sssd-1.14.1.tar.gz
+/sssd-1.14.2.tar.gz
diff --git a/0001-CONFIG-selinux_provider-is-a-valid-provider-type.patch b/0001-CONFIG-selinux_provider-is-a-valid-provider-type.patch
deleted file mode 100644
index 06f20b6..0000000
--- a/0001-CONFIG-selinux_provider-is-a-valid-provider-type.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 78db9b76d9be4aa307fbaaba7315b121421e8826 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Fri, 19 Aug 2016 11:36:41 +0200
-Subject: [PATCH 01/39] CONFIG: selinux_provider is a valid provider type
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We should not warn about it in the validator and should allow
-selinux_provider from the config API.
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit dec00197181ee8f7efbfbdadd73629f66f80f1ff)
----
- src/config/SSSDConfig/__init__.py.in | 1 +
- src/config/SSSDConfigTest.py         | 2 ++
- src/config/cfg_rules.ini             | 1 +
- src/config/etc/sssd.api.conf         | 1 +
- 4 files changed, 5 insertions(+)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 1718a9babf390b95710ec356f25f09ea679bdd73..9683ea63e042115c20010cfb0904b2f65d76468b 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -128,6 +128,7 @@ option_strings = {
-     'autofs_provider' : _('Autofs provider'),
-     'session_provider' : _('Session-loading provider'),
-     'hostid_provider' : _('Host identity provider'),
-+    'selinux_provider' : _('SELinux provider'),
- 
-     # [domain]
-     'min_id' : _('Minimum user ID'),
-diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
-index 00c688f1e57c5f481d3adba2fe0374145216bc33..09adf1faad767968dc1df2cc1668144526ffe504 100755
---- a/src/config/SSSDConfigTest.py
-+++ b/src/config/SSSDConfigTest.py
-@@ -557,6 +557,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
-             'session_provider',
-             'hostid_provider',
-             'subdomains_provider',
-+            'selinux_provider',
-             'realmd_tags',
-             'subdomain_refresh_interval',
-             'subdomain_inherit',
-@@ -926,6 +927,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
-             'session_provider',
-             'hostid_provider',
-             'subdomains_provider',
-+            'selinux_provider',
-             'realmd_tags',
-             'subdomain_refresh_interval',
-             'subdomain_inherit',
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index ef6435b08aee416e377fe854e6768f3fa4fd9650..f0b4c4e7640aa24cf14815b2717327c742fcd89a 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -251,6 +251,7 @@ option = autofs_provider
- option = session_provider
- option = hostid_provider
- option = subdomains_provider
-+option = selinux_provider
- 
- # Options available to all domains
- option = min_id
-diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
-index 5ac6f79521f5f776fc17319c3afb87d44961afca..94edb45ad2b85e3f4200a917c914a8f4fcb29c28 100644
---- a/src/config/etc/sssd.api.conf
-+++ b/src/config/etc/sssd.api.conf
-@@ -106,6 +106,7 @@ autofs_provider = str, None, false
- session_provider = str, None, false
- hostid_provider = str, None, false
- subdomains_provider = str, None, false
-+selinux_provider = str, None, false
- 
- [domain]
- # Options available to all domains
--- 
-2.9.3
-
diff --git a/0002-CONFIG-session_provider-does-not-exist-anymore.patch b/0002-CONFIG-session_provider-does-not-exist-anymore.patch
deleted file mode 100644
index 591f553..0000000
--- a/0002-CONFIG-session_provider-does-not-exist-anymore.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From b37a86a8a84255742bbcffcb47e9e1a1dded0113 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Fri, 19 Aug 2016 11:48:20 +0200
-Subject: [PATCH 02/39] CONFIG: session_provider does not exist anymore
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The session_provider used to exist a long time ago when we used to set
-the SELinux context from it, but the provider had been removed for a
-long time. We just forgot to remove the value from the config API and
-the validator.
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit d940593e647731c0caec1fd04cf16a1b23578f32)
----
- src/config/SSSDConfig/__init__.py.in | 1 -
- src/config/SSSDConfigTest.py         | 2 --
- src/config/cfg_rules.ini             | 1 -
- src/config/etc/sssd.api.conf         | 1 -
- 4 files changed, 5 deletions(-)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 9683ea63e042115c20010cfb0904b2f65d76468b..b3f04ac26309bb5b518fb87cd0dae2962e853179 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -126,7 +126,6 @@ option_strings = {
-     'chpass_provider' : _('Password change provider'),
-     'sudo_provider' : _('SUDO provider'),
-     'autofs_provider' : _('Autofs provider'),
--    'session_provider' : _('Session-loading provider'),
-     'hostid_provider' : _('Host identity provider'),
-     'selinux_provider' : _('SELinux provider'),
- 
-diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
-index 09adf1faad767968dc1df2cc1668144526ffe504..8fcd1a55c36035a7026f1fb4c8116aaae24e78ef 100755
---- a/src/config/SSSDConfigTest.py
-+++ b/src/config/SSSDConfigTest.py
-@@ -554,7 +554,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
-             'chpass_provider',
-             'sudo_provider',
-             'autofs_provider',
--            'session_provider',
-             'hostid_provider',
-             'subdomains_provider',
-             'selinux_provider',
-@@ -924,7 +923,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
-             'chpass_provider',
-             'sudo_provider',
-             'autofs_provider',
--            'session_provider',
-             'hostid_provider',
-             'subdomains_provider',
-             'selinux_provider',
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index f0b4c4e7640aa24cf14815b2717327c742fcd89a..df10538dee4a547a1b1af62a4cfe37b89e236b18 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -248,7 +248,6 @@ option = access_provider
- option = chpass_provider
- option = sudo_provider
- option = autofs_provider
--option = session_provider
- option = hostid_provider
- option = subdomains_provider
- option = selinux_provider
-diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
-index 94edb45ad2b85e3f4200a917c914a8f4fcb29c28..5e69414f2a490977bdaf1555325814ad61202071 100644
---- a/src/config/etc/sssd.api.conf
-+++ b/src/config/etc/sssd.api.conf
-@@ -103,7 +103,6 @@ access_provider = str, None, false
- chpass_provider = str, None, false
- sudo_provider = str, None, false
- autofs_provider = str, None, false
--session_provider = str, None, false
- hostid_provider = str, None, false
- subdomains_provider = str, None, false
- selinux_provider = str, None, false
--- 
-2.9.3
-
diff --git a/0003-PROXY-Use-the-fqname-when-converting-to-lowercase.patch b/0003-PROXY-Use-the-fqname-when-converting-to-lowercase.patch
deleted file mode 100644
index 3281697..0000000
--- a/0003-PROXY-Use-the-fqname-when-converting-to-lowercase.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 224612480eb4a64b23e096a96e7c5ea0d746d25a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 23 Aug 2016 23:46:59 +0200
-Subject: [PATCH 03/39] PROXY: Use the fqname when converting to lowercase
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When saving the user there is a comparison between the "cased alias"
-and the "lowercase password name". However, the first doesn't use fully
-qualified name while the second does, resulting in a not expected
-override of the "nameAlias" attribute of a stored user when trying to
-authenticate more than once using an alias.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3134
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 5691b2d668541585d2a8ae3ddb834f29d828036e)
----
- src/providers/proxy/proxy_id.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index 26f4d7499c02272e524ba9b713108189cd910bfd..b0c82807b42d91a4212578ca98af7f96484735b1 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -256,7 +256,7 @@ static int save_user(struct sss_domain_info *domain,
-     }
- 
-     if (lowercase) {
--        lc_pw_name = sss_tc_utf8_str_tolower(attrs, pwd->pw_name);
-+        lc_pw_name = sss_tc_utf8_str_tolower(attrs, real_name);
-         if (lc_pw_name == NULL) {
-             DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
-             ret = ENOMEM;
--- 
-2.9.3
-
diff --git a/0004-sssd_netgroup.py-Resolve-nested-netgroups.patch b/0004-sssd_netgroup.py-Resolve-nested-netgroups.patch
deleted file mode 100644
index 7f003ff..0000000
--- a/0004-sssd_netgroup.py-Resolve-nested-netgroups.patch
+++ /dev/null
@@ -1,253 +0,0 @@
-From 3c1c173bab2e3ee3058f5661562080d6a65e324f Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Wed, 10 Aug 2016 20:05:52 +0200
-Subject: [PATCH 04/39] sssd_netgroup.py: Resolve nested netgroups
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit c596fc4d75304ff224cbad0aa2aecd3cbe82d2ff)
----
- src/tests/intg/sssd_netgroup.py | 204 ++++++++++++++++++++++++++++++----------
- 1 file changed, 154 insertions(+), 50 deletions(-)
-
-diff --git a/src/tests/intg/sssd_netgroup.py b/src/tests/intg/sssd_netgroup.py
-index 3525261cb28707db9031ee1dfeb144ae4c362833..2c7f76fad4da0003d1760a359ac9a1834abbb2f9 100644
---- a/src/tests/intg/sssd_netgroup.py
-+++ b/src/tests/intg/sssd_netgroup.py
-@@ -71,49 +71,173 @@ class Netgrent(Structure):
-                 ("nip", c_void_p)]
- 
- 
--def call_sssd_setnetgrent(netgroup):
--    libnss_sss_path = config.NSS_MODULE_DIR + "/libnss_sss.so.2"
--    libnss_sss = cdll.LoadLibrary(libnss_sss_path)
-+class NetgroupRetriever(object):
-+    def __init__(self, name):
-+        self.name = name
-+        self.needed_groups = []
-+        self.known_groups = []
-+        self.netgroups = []
- 
--    func = libnss_sss._nss_sss_setnetgrent
--    func.restype = c_int
--    func.argtypes = [c_char_p, POINTER(Netgrent)]
-+    @staticmethod
-+    def _setnetgrent(netgroup):
-+        """
-+        This private method is ctypes wrapper for
-+        enum nss_status _nss_sss_setnetgrent(const char *netgroup,
-+                                             struct __netgrent *result)
- 
--    result = Netgrent()
--    result_p = POINTER(Netgrent)(result)
-+        @param string name name of netgroup
- 
--    res = func(c_char_p(netgroup), result_p)
-+        @return (int, POINTER(Netgrent)) (err, result_p)
-+            err is a constant from class NssReturnCode and in case of SUCCESS
-+            result_p will contain POINTER(Netgrent) which can be used in
-+            _getnetgrent_r or _getnetgrent_r.
-+        """
-+        libnss_sss_path = config.NSS_MODULE_DIR + "/libnss_sss.so.2"
-+        libnss_sss = cdll.LoadLibrary(libnss_sss_path)
- 
--    return (int(res), result_p)
-+        func = libnss_sss._nss_sss_setnetgrent
-+        func.restype = c_int
-+        func.argtypes = [c_char_p, POINTER(Netgrent)]
- 
-+        result = Netgrent()
-+        result_p = POINTER(Netgrent)(result)
- 
--def call_sssd_getnetgrent_r(result_p, buff, buff_len):
--    libnss_sss_path = config.NSS_MODULE_DIR + "/libnss_sss.so.2"
--    libnss_sss = cdll.LoadLibrary(libnss_sss_path)
-+        res = func(c_char_p(netgroup), result_p)
- 
--    func = libnss_sss._nss_sss_getnetgrent_r
--    func.restype = c_int
--    func.argtypes = [POINTER(Netgrent), POINTER(c_char), c_size_t,
--                     POINTER(c_int)]
-+        return (int(res), result_p)
- 
--    errno = POINTER(c_int)(c_int(0))
-+    @staticmethod
-+    def _getnetgrent_r(result_p, buff, buff_len):
-+        """
-+        This private method is ctypes wrapper for
-+        enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result,
-+                                               char *buffer, size_t buflen,
-+                                               int *errnop)
-+        @param POINTER(Netgrent) result_p pointer to initialized C structure
-+               struct __netgrent
-+        @param ctypes.c_char_Array buff buffer used by C functions
-+        @param int buff_len size of c_char_Array passed as a paramere buff
- 
--    res = func(result_p, buff, buff_len, errno)
-+        @return (int, int, List[(string, string, string])
-+                (err, errno, netgroups)
-+            if err is NssReturnCode.SUCCESS netgroups will contain list of
-+            touples. Each touple will consist of 3 elemets either string or
-+        """
-+        libnss_sss_path = config.NSS_MODULE_DIR + "/libnss_sss.so.2"
-+        libnss_sss = cdll.LoadLibrary(libnss_sss_path)
- 
--    return (int(res), int(errno[0]), result_p)
-+        func = libnss_sss._nss_sss_getnetgrent_r
-+        func.restype = c_int
-+        func.argtypes = [POINTER(Netgrent), POINTER(c_char), c_size_t,
-+                         POINTER(c_int)]
- 
-+        errno = POINTER(c_int)(c_int(0))
- 
--def call_sssd_endnetgrent(result_p):
--    libnss_sss_path = config.NSS_MODULE_DIR + "/libnss_sss.so.2"
--    libnss_sss = cdll.LoadLibrary(libnss_sss_path)
-+        res = func(result_p, buff, buff_len, errno)
- 
--    func = libnss_sss._nss_sss_endnetgrent
--    func.restype = c_int
--    func.argtypes = [POINTER(Netgrent)]
-+        return (int(res), int(errno[0]), result_p)
- 
--    res = func(result_p)
-+    @staticmethod
-+    def _endnetgrent(result_p):
-+        """
-+        This private method is ctypes wrapper for
-+        enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
- 
--    return int(res)
-+        @param POINTER(Netgrent) result_p pointer to initialized C structure
-+               struct __netgrent
-+
-+        @return int a constant from class NssReturnCode
-+        """
-+        libnss_sss_path = config.NSS_MODULE_DIR + "/libnss_sss.so.2"
-+        libnss_sss = cdll.LoadLibrary(libnss_sss_path)
-+
-+        func = libnss_sss._nss_sss_endnetgrent
-+        func.restype = c_int
-+        func.argtypes = [POINTER(Netgrent)]
-+
-+        res = func(result_p)
-+
-+        return int(res)
-+
-+    def get_netgroups(self):
-+        """
-+        Function will return netgroup triplets for given user. All nested
-+        netgroups will be retieved as part of executions and will content
-+        will be merged with direct triplets.
-+        Missing nested netgroups will not cause failure and are considered
-+        as an empty netgroup without triplets.
-+
-+        @param string name name of netgroup
-+
-+        @return (int, int, List[(string, string, string])
-+                (err, errno, netgroups)
-+            if err is NssReturnCode.SUCCESS netgroups will contain list of
-+            touples. Each touple will consist of 3 elemets either string or
-+            None (host, user, domain).
-+        """
-+        res, errno, result = self._flat_fetch_netgroups(self.name)
-+        if res != NssReturnCode.SUCCESS:
-+            return (res, errno, self.netgroups)
-+
-+        self.netgroups += result
-+
-+        while self.needed_groups:
-+            name = self.needed_groups.pop(0)
-+
-+            nest_res, nest_errno, result = self._flat_fetch_netgroups(name)
-+            # do not fail for missing nested netgroup
-+            if nest_res not in (NssReturnCode.SUCCESS, NssReturnCode.NOTFOUND):
-+                return (nest_res, nest_errno, self.netgroups)
-+
-+            self.netgroups = result + self.netgroups
-+
-+        return (res, errno, self.netgroups)
-+
-+    def _flat_fetch_netgroups(self, name):
-+        """
-+        Function will return netgroup triplets for given user. The nested
-+        netgroups will not be returned. Missing nested netgroups will be
-+        appended to the array needed_groups
-+
-+        @param string name name of netgroup
-+
-+        @return (int, int, List[(string, string, string])
-+                (err, errno, netgroups)
-+            if err is NssReturnCode.SUCCESS netgroups will contain list of
-+            touples. Each touple will consist of 3 elemets either string or
-+            None (host, user, domain).
-+        """
-+        buff_len = 1024 * 1024
-+        buff = create_string_buffer(buff_len)
-+
-+        result = []
-+
-+        res, result_p = self._setnetgrent(name)
-+        if res != NssReturnCode.SUCCESS:
-+            return (res, get_errno(), result)
-+
-+        res, errno, result_p = self._getnetgrent_r(result_p, buff, buff_len)
-+        while res == NssReturnCode.SUCCESS:
-+            if result_p[0].type == NetgroupType.GROUP_VAL:
-+                nested_netgroup = result_p[0].val.group
-+                if nested_netgroup not in self.known_groups:
-+                    self.needed_groups.append(nested_netgroup)
-+                    self.known_groups.append(nested_netgroup)
-+
-+            if result_p[0].type == NetgroupType.TRIPLE_VAL:
-+                result.append((result_p[0].val.triple.host,
-+                               result_p[0].val.triple.user,
-+                               result_p[0].val.triple.domain))
-+
-+            res, errno, result_p = self._getnetgrent_r(result_p, buff,
-+                                                       buff_len)
-+
-+        if res != NssReturnCode.RETURN:
-+            return (res, errno, result)
-+
-+        res = self._endnetgrent(result_p)
-+
-+        return (res, errno, result)
- 
- 
- def get_sssd_netgroups(name):
-@@ -129,27 +253,7 @@ def get_sssd_netgroups(name):
-         Each touple will consist of 3 elemets either string or None
-         (host, user, domain).
-     """
--    buff_len = 1024 * 1024
--    buff = create_string_buffer(buff_len)
- 
--    result = []
-+    retriever = NetgroupRetriever(name)
- 
--    res, result_p = call_sssd_setnetgrent(name)
--    if res != NssReturnCode.SUCCESS:
--        return (res, get_errno(), result)
--
--    res, errno, result_p = call_sssd_getnetgrent_r(result_p, buff, buff_len)
--    while res == NssReturnCode.SUCCESS:
--        assert result_p[0].type == NetgroupType.TRIPLE_VAL
--        result.append((result_p[0].val.triple.host,
--                       result_p[0].val.triple.user,
--                       result_p[0].val.triple.domain))
--        res, errno, result_p = call_sssd_getnetgrent_r(result_p, buff,
--                                                       buff_len)
--
--    if res != NssReturnCode.RETURN:
--        return (res, errno, result)
--
--    res = call_sssd_endnetgrent(result_p)
--
--    return (res, errno, result)
-+    return retriever.get_netgroups()
--- 
-2.9.3
-
diff --git a/0005-LDAP-Fixing-of-removing-netgroup-from-cache.patch b/0005-LDAP-Fixing-of-removing-netgroup-from-cache.patch
deleted file mode 100644
index d20d59d..0000000
--- a/0005-LDAP-Fixing-of-removing-netgroup-from-cache.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 5ac050f0f5160dc433aba21fd1ae2f2a8ffa9a88 Mon Sep 17 00:00:00 2001
-From: Petr Cech <pcech@redhat.com>
-Date: Fri, 22 Jul 2016 14:28:54 +0200
-Subject: [PATCH 05/39] LDAP: Fixing of removing netgroup from cache
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There were problem with local key which wasn't properly removed.
-This patch fixes it.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/2841
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit bf141e052a81b28ee0ad2f61ff8b4879e4faa13b)
----
- src/providers/ldap/sdap_async_netgroups.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
-index df233d956df70cfcb5f68bd2afc9e2a23c50c3bb..e1d69ad769f542cccffca50547932a5bfb352230 100644
---- a/src/providers/ldap/sdap_async_netgroups.c
-+++ b/src/providers/ldap/sdap_async_netgroups.c
-@@ -138,6 +138,22 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
-         goto fail;
-     }
- 
-+    /* We store memberNisNetgroup from LDAP as originalMemberNisNetgroup in
-+     * sysdb. It may contain simple name or DN. That's the reason why we always
-+     * translate/generate simple name and store it in SYSDB_NETGROUP_MEMBER
-+     * (memberNisNetgroup) in sysdb which is internally used for searching
-+     * netgropus.
-+     * We need to ensure if originalMemberNisNetgroup is missing,
-+     * memberNisNetgroup is missing too.
-+     */
-+    if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
-+        ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into list\n");
-+            goto fail;
-+        }
-+    }
-+
-     ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
-                              dom->netgroup_timeout, now);
-     if (ret) goto fail;
--- 
-2.9.3
-
diff --git a/0006-INTG-Adding-support-for-netgroups-to-ldap_ent.patch b/0006-INTG-Adding-support-for-netgroups-to-ldap_ent.patch
deleted file mode 100644
index 159383a..0000000
--- a/0006-INTG-Adding-support-for-netgroups-to-ldap_ent.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From f3f50d7a9ca36d0d56f29d25e4fceaa50c9a06e9 Mon Sep 17 00:00:00 2001
-From: Petr Cech <pcech@redhat.com>
-Date: Wed, 17 Aug 2016 14:01:09 +0200
-Subject: [PATCH 06/39] INTG: Adding support for netgroups to ldap_ent
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/2841
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 1cba321946084231c220e9561487555671b944c3)
----
- src/tests/intg/ldap_ent.py | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
-index f8f2f7fe6977aec6fd704ad1c78a476a163a16f1..c912844b063cfeb9c48744d593685d0b7fbcc706 100644
---- a/src/tests/intg/ldap_ent.py
-+++ b/src/tests/intg/ldap_ent.py
-@@ -87,6 +87,20 @@ def group_bis(base_dn, cn, gidNumber, member_uids=[], member_gids=[]):
-     return ("cn=" + cn + ",ou=Groups," + base_dn, attr_list)
- 
- 
-+def netgroup(base_dn, cn, triples=(), members=()):
-+    """
-+    Generate an RFC2307bis netgroup add-modlist for passing to ldap.add*.
-+    """
-+    attr_list = [
-+        ('objectClass', ['top', 'nisNetgroup'])
-+    ]
-+    if triples:
-+        attr_list.append(('nisNetgroupTriple', triples))
-+    if members:
-+        attr_list.append(('memberNisNetgroup', members))
-+    return ("cn=" + cn + ",ou=Netgroups," + base_dn, attr_list)
-+
-+
- class List(list):
-     """LDAP add-modlist list"""
- 
-@@ -124,3 +138,8 @@ class List(list):
-         self.append(group_bis(base_dn or self.base_dn,
-                               cn, gidNumber,
-                               member_uids, member_gids))
-+
-+    def add_netgroup(self, cn, triples=(), members=(), base_dn=None):
-+        """Add an RFC2307bis netgroup add-modlist."""
-+        self.append(netgroup(base_dn or self.base_dn,
-+                             cn, triples, members))
--- 
-2.9.3
-
diff --git a/0007-INTG-Tests-for-ldap-nested-netgroups.patch b/0007-INTG-Tests-for-ldap-nested-netgroups.patch
deleted file mode 100644
index 6a6bc42..0000000
--- a/0007-INTG-Tests-for-ldap-nested-netgroups.patch
+++ /dev/null
@@ -1,501 +0,0 @@
-From 620d402a126580a13730f446dd99bf50814c9fb8 Mon Sep 17 00:00:00 2001
-From: Petr Cech <pcech@redhat.com>
-Date: Wed, 17 Aug 2016 13:58:30 +0200
-Subject: [PATCH 07/39] INTG: Tests for ldap nested netgroups
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds tests on reproducer of t2841.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/2841
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 05457ed0e399aaacc919b7aacee5d8210e1c1072)
----
- src/tests/intg/Makefile.am      |   1 +
- src/tests/intg/test_netgroup.py | 459 ++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 460 insertions(+)
- create mode 100644 src/tests/intg/test_netgroup.py
-
-diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
-index d73e4216310ccd1c90e6b7eb0a0e60068fc45bd5..75422a4417046116bec11a8a680fe2248e3afb69 100644
---- a/src/tests/intg/Makefile.am
-+++ b/src/tests/intg/Makefile.am
-@@ -15,6 +15,7 @@ dist_noinst_DATA = \
-     test_ldap.py \
-     test_memory_cache.py \
-     test_ts_cache.py \
-+    test_netgroup.py \
-     $(NULL)
- 
- config.py: config.py.m4
-diff --git a/src/tests/intg/test_netgroup.py b/src/tests/intg/test_netgroup.py
-new file mode 100644
-index 0000000000000000000000000000000000000000..b99476126844e35d5dbc1793077720b4020c2fb7
---- /dev/null
-+++ b/src/tests/intg/test_netgroup.py
-@@ -0,0 +1,459 @@
-+#
-+# Netgroup integration test
-+#
-+# Copyright (c) 2016 Red Hat, Inc.
-+# Author: Petr Cech <pcech@redhat.com>
-+#
-+# This is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; version 2 only
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+#
-+
-+import os
-+import stat
-+import signal
-+import subprocess
-+import time
-+import ldap
-+import ldap.modlist
-+import pytest
-+
-+import config
-+import ds_openldap
-+import ldap_ent
-+from util import unindent
-+import sssd_netgroup
-+
-+LDAP_BASE_DN = "dc=example,dc=com"
-+
-+
-+@pytest.fixture(scope="module")
-+def ds_inst(request):
-+    """LDAP server instance fixture"""
-+    ds_inst = ds_openldap.DSOpenLDAP(
-+        config.PREFIX, 10389, LDAP_BASE_DN,
-+        "cn=admin", "Secret123"
-+    )
-+
-+    try:
-+        ds_inst.setup()
-+    except:
-+        ds_inst.teardown()
-+        raise
-+    request.addfinalizer(ds_inst.teardown)
-+    return ds_inst
-+
-+
-+@pytest.fixture(scope="module")
-+def ldap_conn(request, ds_inst):
-+    """LDAP server connection fixture"""
-+    ldap_conn = ds_inst.bind()
-+    ldap_conn.ds_inst = ds_inst
-+    request.addfinalizer(ldap_conn.unbind_s)
-+    return ldap_conn
-+
-+
-+def create_ldap_entries(ldap_conn, ent_list=None):
-+    """Add LDAP entries from ent_list"""
-+    if ent_list is not None:
-+        for entry in ent_list:
-+            ldap_conn.add_s(entry[0], entry[1])
-+
-+
-+def cleanup_ldap_entries(ldap_conn, ent_list=None):
-+    """Remove LDAP entries added by create_ldap_entries"""
-+    if ent_list is None:
-+        for ou in ("Users", "Groups", "Netgroups", "Services", "Policies"):
-+            for entry in ldap_conn.search_s("ou=" + ou + "," +
-+                                            ldap_conn.ds_inst.base_dn,
-+                                            ldap.SCOPE_ONELEVEL,
-+                                            attrlist=[]):
-+                ldap_conn.delete_s(entry[0])
-+    else:
-+        for entry in ent_list:
-+            ldap_conn.delete_s(entry[0])
-+
-+
-+def create_ldap_cleanup(request, ldap_conn, ent_list=None):
-+    """Add teardown for removing all user/group LDAP entries"""
-+    request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn, ent_list))
-+
-+
-+def create_ldap_fixture(request, ldap_conn, ent_list=None):
-+    """Add LDAP entries and add teardown for removing them"""
-+    create_ldap_entries(ldap_conn, ent_list)
-+    create_ldap_cleanup(request, ldap_conn, ent_list)
-+
-+
-+SCHEMA_RFC2307_BIS = "rfc2307bis"
-+
-+
-+def format_basic_conf(ldap_conn, schema):
-+    """Format a basic SSSD configuration"""
-+    schema_conf = "ldap_schema         = " + schema + "\n"
-+    schema_conf += "ldap_group_object_class = groupOfNames\n"
-+    return unindent("""\
-+        [sssd]
-+        domains             = LDAP
-+        services            = nss
-+
-+        [domain/LDAP]
-+        {schema_conf}
-+        id_provider         = ldap
-+        auth_provider       = ldap
-+        ldap_uri            = {ldap_conn.ds_inst.ldap_url}
-+        ldap_search_base    = {ldap_conn.ds_inst.base_dn}
-+        ldap_netgroup_search_base = ou=Netgroups,{ldap_conn.ds_inst.base_dn}
-+    """).format(**locals())
-+
-+
-+def create_conf_file(contents):
-+    """Create sssd.conf with specified contents"""
-+    conf = open(config.CONF_PATH, "w")
-+    conf.write(contents)
-+    conf.close()
-+    os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
-+
-+
-+def cleanup_conf_file():
-+    """Remove sssd.conf, if it exists"""
-+    if os.path.lexists(config.CONF_PATH):
-+        os.unlink(config.CONF_PATH)
-+
-+
-+def create_conf_cleanup(request):
-+    """Add teardown for removing sssd.conf"""
-+    request.addfinalizer(cleanup_conf_file)
-+
-+
-+def create_conf_fixture(request, contents):
-+    """
-+    Create sssd.conf with specified contents and add teardown for removing it
-+    """
-+    create_conf_file(contents)
-+    create_conf_cleanup(request)
-+
-+
-+def create_sssd_process():
-+    """Start the SSSD process"""
-+    if subprocess.call(["sssd", "-D", "-f"]) != 0:
-+        raise Exception("sssd start failed")
-+
-+
-+def cleanup_sssd_process():
-+    """Stop the SSSD process and remove its state"""
-+    try:
-+        pid_file = open(config.PIDFILE_PATH, "r")
-+        pid = int(pid_file.read())
-+        os.kill(pid, signal.SIGTERM)
-+        while True:
-+            try:
-+                os.kill(pid, signal.SIGCONT)
-+            except:
-+                break
-+            time.sleep(1)
-+    except:
-+        pass
-+    for path in os.listdir(config.DB_PATH):
-+        os.unlink(config.DB_PATH + "/" + path)
-+    for path in os.listdir(config.MCACHE_PATH):
-+        os.unlink(config.MCACHE_PATH + "/" + path)
-+
-+
-+def create_sssd_cleanup(request):
-+    """Add teardown for stopping SSSD and removing its state"""
-+    request.addfinalizer(cleanup_sssd_process)
-+
-+
-+def create_sssd_fixture(request):
-+    """Start SSSD and add teardown for stopping it and removing its state"""
-+    create_sssd_process()
-+    create_sssd_cleanup(request)
-+
-+
-+@pytest.fixture
-+def add_empty_netgroup(request, ldap_conn):
-+    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
-+
-+    ent_list.add_netgroup("empty_netgroup")
-+
-+    create_ldap_fixture(request, ldap_conn, ent_list)
-+    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
-+    create_conf_fixture(request, conf)
-+    create_sssd_fixture(request)
-+    return None
-+
-+
-+def test_add_empty_netgroup(add_empty_netgroup):
-+    """
-+    Adding empty netgroup.
-+    """
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("empty_netgroup")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == []
-+
-+
-+@pytest.fixture
-+def add_tripled_netgroup(request, ldap_conn):
-+    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
-+
-+    ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"])
-+
-+    ent_list.add_netgroup("adv_tripled_netgroup", ["(host1,user1,domain1)",
-+                                                   "(host2,user2,domain2)"])
-+
-+    create_ldap_fixture(request, ldap_conn, ent_list)
-+    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
-+    create_conf_fixture(request, conf)
-+    create_sssd_fixture(request)
-+    return None
-+
-+
-+def test_add_tripled_netgroup(add_tripled_netgroup):
-+    """
-+    Adding netgroup with triplet.
-+    """
-+
-+    res, _, netgrps = sssd_netgroup.get_sssd_netgroups("tripled_netgroup")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgrps == [("host", "user", "domain")]
-+
-+    res, _, netgrps = sssd_netgroup.get_sssd_netgroups("adv_tripled_netgroup")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert sorted(netgrps) == sorted([("host1", "user1", "domain1"),
-+                                      ("host2", "user2", "domain2")])
-+
-+
-+@pytest.fixture
-+def add_mixed_netgroup(request, ldap_conn):
-+    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
-+
-+    ent_list.add_netgroup("mixed_netgroup1")
-+    ent_list.add_netgroup("mixed_netgroup2", members=["mixed_netgroup1"])
-+
-+    ent_list.add_netgroup("mixed_netgroup3", ["(host1,user1,domain1)"])
-+    ent_list.add_netgroup("mixed_netgroup4",
-+                          ["(host2,user2,domain2)", "(host3,user3,domain3)"])
-+
-+    ent_list.add_netgroup("mixed_netgroup5",
-+                          ["(host4,user4,domain4)"],
-+                          ["mixed_netgroup1"])
-+    ent_list.add_netgroup("mixed_netgroup6",
-+                          ["(host5,user5,domain5)"],
-+                          ["mixed_netgroup2"])
-+
-+    ent_list.add_netgroup("mixed_netgroup7", members=["mixed_netgroup3"])
-+    ent_list.add_netgroup("mixed_netgroup8",
-+                          members=["mixed_netgroup3", "mixed_netgroup4"])
-+
-+    ent_list.add_netgroup("mixed_netgroup9",
-+                          ["(host6,user6,domain6)"],
-+                          ["mixed_netgroup3", "mixed_netgroup4"])
-+
-+    create_ldap_fixture(request, ldap_conn, ent_list)
-+    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
-+    create_conf_fixture(request, conf)
-+    create_sssd_fixture(request)
-+    return None
-+
-+
-+def test_add_mixed_netgroup(add_mixed_netgroup):
-+    """
-+    Adding many netgroups of different type.
-+    """
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == []
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == []
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup3")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [("host1", "user1", "domain1")]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup4")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert sorted(netgroups) == sorted([("host2", "user2", "domain2"),
-+                                        ("host3", "user3", "domain3")])
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup5")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [("host4", "user4", "domain4")]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup6")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [("host5", "user5", "domain5")]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup7")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [("host1", "user1", "domain1")]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup8")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
-+                                        ("host2", "user2", "domain2"),
-+                                        ("host3", "user3", "domain3")])
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("mixed_netgroup9")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert sorted(netgroups) == sorted([("host1", "user1", "domain1"),
-+                                        ("host2", "user2", "domain2"),
-+                                        ("host3", "user3", "domain3"),
-+                                        ("host6", "user6", "domain6")])
-+
-+
-+@pytest.fixture
-+def remove_step_by_step(request, ldap_conn):
-+    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
-+
-+    ent_list.add_netgroup("rm_empty_netgroup1", ["(host1,user1,domain1)"])
-+    ent_list.add_netgroup("rm_empty_netgroup2",
-+                          ["(host2,user2,domain2)"],
-+                          ["rm_empty_netgroup1"])
-+
-+    create_ldap_fixture(request, ldap_conn, ent_list)
-+    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
-+    create_conf_fixture(request, conf)
-+    create_sssd_fixture(request)
-+    return ent_list
-+
-+
-+def test_remove_step_by_step(remove_step_by_step, ldap_conn):
-+    """
-+    Removing netgroups step by step.
-+    """
-+
-+    ent_list = remove_step_by_step
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("rm_empty_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host1', 'user1', 'domain1')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("rm_empty_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert sorted(netgroups) == sorted([('host1', 'user1', 'domain1'),
-+                                        ('host2', 'user2', 'domain2')])
-+
-+    # removing of rm_empty_netgroup1
-+    ldap_conn.delete_s(ent_list[0][0])
-+    ent_list.remove(ent_list[0])
-+
-+    if subprocess.call(["sss_cache", "-N"]) != 0:
-+        raise Exception("sssd_cache failed")
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("rm_empty_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.NOTFOUND
-+    assert netgroups == []
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("rm_empty_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host2', 'user2', 'domain2')]
-+
-+    # removing of rm_empty_netgroup2
-+    ldap_conn.delete_s(ent_list[0][0])
-+    ent_list.remove(ent_list[0])
-+
-+    if subprocess.call(["sss_cache", "-N"]) != 0:
-+        raise Exception("sssd_cache failed")
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("rm_empty_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.NOTFOUND
-+    assert netgroups == []
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("rm_empty_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.NOTFOUND
-+    assert netgroups == []
-+
-+
-+@pytest.fixture
-+def removing_nested_netgroups(request, ldap_conn):
-+    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
-+
-+    ent_list.add_netgroup("t2841_netgroup1", ["(host1,user1,domain1)"])
-+    ent_list.add_netgroup("t2841_netgroup2", ["(host2,user2,domain2)"])
-+    ent_list.add_netgroup("t2841_netgroup3",
-+                          members=["t2841_netgroup1", "t2841_netgroup2"])
-+
-+    create_ldap_fixture(request, ldap_conn, ent_list)
-+    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
-+    create_conf_fixture(request, conf)
-+    create_sssd_fixture(request)
-+    return None
-+
-+
-+def test_removing_nested_netgroups(removing_nested_netgroups, ldap_conn):
-+    """
-+    Regression test for ticket 2841.
-+    https://fedorahosted.org/sssd/ticket/2841
-+    """
-+
-+    netgrp_dn = 'cn=t2841_netgroup3,ou=Netgroups,' + ldap_conn.ds_inst.base_dn
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host1', 'user1', 'domain1')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host2', 'user2', 'domain2')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup3")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert sorted(netgroups) == sorted([('host1', 'user1', 'domain1'),
-+                                        ('host2', 'user2', 'domain2')])
-+
-+    # removing of t2841_netgroup1 from t2841_netgroup3
-+    old = {'memberNisNetgroup': ["t2841_netgroup1", "t2841_netgroup2"]}
-+    new = {'memberNisNetgroup': ["t2841_netgroup2"]}
-+
-+    ldif = ldap.modlist.modifyModlist(old, new)
-+    ldap_conn.modify_s(netgrp_dn, ldif)
-+
-+    if subprocess.call(["sss_cache", "-N"]) != 0:
-+        raise Exception("sssd_cache failed")
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host1', 'user1', 'domain1')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host2', 'user2', 'domain2')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup3")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host2', 'user2', 'domain2')]
-+
-+    # removing of t2841_netgroup2 from t2841_netgroup3
-+    old = {'memberNisNetgroup': ["t2841_netgroup2"]}
-+    new = {'memberNisNetgroup': []}
-+
-+    ldif = ldap.modlist.modifyModlist(old, new)
-+    ldap_conn.modify_s(netgrp_dn, ldif)
-+
-+    if subprocess.call(["sss_cache", "-N"]) != 0:
-+        raise Exception("sssd_cache failed")
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup1")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host1', 'user1', 'domain1')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup2")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == [('host2', 'user2', 'domain2')]
-+
-+    res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup3")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgroups == []
--- 
-2.9.3
-
diff --git a/0008-watchdog-cope-with-time-shift.patch b/0008-watchdog-cope-with-time-shift.patch
deleted file mode 100644
index a8f58e5..0000000
--- a/0008-watchdog-cope-with-time-shift.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From 2263fb23bdbbf313535edf54440fe20627b57d7f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 22 Aug 2016 13:15:04 +0200
-Subject: [PATCH 08/39] watchdog: cope with time shift
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When a time is changed into the past during sssd runtime
-(e.g. on boot during time correction), it is possible that
-we never hit watchdog tevent timer since it is based on
-system time.
-
-This patch adds a past-time shift detection mechanism. If a time
-shift is detected we restart watchdog.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3154
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit b8ceaeb80cffb00c26390913ea959b77f7e848b9)
----
- src/util/util_watchdog.c | 41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c
-index 5032fddba1b94b3fc7e560162c392dfa57d699cf..1c27d73f13b3042ecb549a2184e1368e8339d199 100644
---- a/src/util/util_watchdog.c
-+++ b/src/util/util_watchdog.c
-@@ -29,8 +29,39 @@ struct watchdog_ctx {
-     struct timeval interval;
-     struct tevent_timer *te;
-     volatile int ticks;
-+
-+    /* To detect time shift. */
-+    struct tevent_context *ev;
-+    int input_interval;
-+    time_t timestamp;
- } watchdog_ctx;
- 
-+static bool watchdog_detect_timeshift(void)
-+{
-+    time_t prev_time;
-+    time_t cur_time;
-+    errno_t ret;
-+
-+    prev_time = watchdog_ctx.timestamp;
-+    cur_time = watchdog_ctx.timestamp = time(NULL);
-+    if (cur_time < prev_time) {
-+        /* Time shift detected. We need to restart watchdog. */
-+        DEBUG(SSSDBG_IMPORTANT_INFO, "Time shift detected, "
-+              "restarting watchdog!\n");
-+        teardown_watchdog();
-+        ret = setup_watchdog(watchdog_ctx.ev, watchdog_ctx.input_interval);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_FATAL_FAILURE, "Unable to restart watchdog "
-+                  "[%d]: %s\n", ret, sss_strerror(ret));
-+            orderly_shutdown(1);
-+        }
-+
-+        return true;
-+    }
-+
-+    return false;
-+}
-+
- /* the watchdog is purposefully *not* handled by the tevent
-  * signal handler as it is meant to check if the daemon is
-  * still processing the event queue itself. A stuck process
-@@ -38,6 +69,12 @@ struct watchdog_ctx {
-  * signals either */
- static void watchdog_handler(int sig)
- {
-+    /* Do not count ticks if time shift was detected
-+     * since watchdog was restarted. */
-+    if (watchdog_detect_timeshift()) {
-+        return;
-+    }
-+
-     /* if 3 ticks passed by kills itself */
- 
-     if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > 3) {
-@@ -101,6 +138,10 @@ int setup_watchdog(struct tevent_context *ev, int interval)
-     watchdog_ctx.interval.tv_sec = interval;
-     watchdog_ctx.interval.tv_usec = 0;
- 
-+    watchdog_ctx.ev = ev;
-+    watchdog_ctx.input_interval = interval;
-+    watchdog_ctx.timestamp = time(NULL);
-+
-     /* Start the timer */
-     /* we give 1 second head start to the watchdog event */
-     its.it_value.tv_sec = interval + 1;
--- 
-2.9.3
-
diff --git a/0009-BUILD-Allow-to-read-private-pipes-for-root.patch b/0009-BUILD-Allow-to-read-private-pipes-for-root.patch
deleted file mode 100644
index fb261c7..0000000
--- a/0009-BUILD-Allow-to-read-private-pipes-for-root.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From d5a5ff043c5872eb159aa096e1a1fa7863db4f86 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Fri, 19 Aug 2016 10:46:12 +0200
-Subject: [PATCH 09/39] BUILD: Allow to read private pipes for root
-
-Root can read anything from any directory even with permissions 000.
-
-However SELinux checks discretionary access control (DAC)
-and deny access if access is not allowed for root by DAC.
-The pam_sss use different unix socket /var/lib/sss/pipes/private/pam
-for user with uid 0. Therefore root need to be able read content
-of directory with private pipes.
-
-type=AVC msg=audit(08/19/2016 10:58:34.081:3369) : avc:  denied
-  { dac_read_search } for  pid=20257 comm=vsftpd capability=dac_read_search
-  scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
-  tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability
-
-type=AVC msg=audit(08/19/2016 10:58:34.081:3369) : avc:  denied
-  { dac_override } for  pid=20257 comm=vsftpd capability=dac_override
-  scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
-  tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3143
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit f49724cd6b3e0e3274302c3d475e93f7a7094f40)
----
- Makefile.am          | 8 ++++----
- contrib/sssd.spec.in | 2 +-
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 8b9240f4485c0bce976fdabff6904e648f44356e..6219682de0d1fd4b3a813ee2f95b8185531e62bf 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3952,7 +3952,6 @@ SSSD_USER_DIRS = \
-     $(DESTDIR)$(keytabdir) \
-     $(DESTDIR)$(mcpath) \
-     $(DESTDIR)$(pipepath) \
--    $(DESTDIR)$(pipepath)/private \
-     $(DESTDIR)$(pubconfpath) \
-     $(DESTDIR)$(pubconfpath)/krb5.include.d \
-     $(DESTDIR)$(gpocachepath) \
-@@ -3979,16 +3978,17 @@ installsssddirs::
-     $(DESTDIR)$(sssddatadir) \
-     $(DESTDIR)$(sudolibdir) \
-     $(DESTDIR)$(autofslibdir) \
-+    $(DESTDIR)$(pipepath)/private \
-     $(SSSD_USER_DIRS) \
-     $(NULL);
- if SSSD_USER
--	-chown $(SSSD_USER):$(SSSD_USER) \
--	$(SSSD_USER_DIRS)
-+	-chown $(SSSD_USER):$(SSSD_USER) $(SSSD_USER_DIRS)
-+	-chown $(SSSD_USER) $(DESTDIR)$(pipepath)/private
- endif
- 	$(INSTALL) -d -m 0700 $(DESTDIR)$(dbpath) $(DESTDIR)$(logpath) \
--            $(DESTDIR)$(pipepath)/private \
- 	    $(DESTDIR)$(keytabdir) \
- 	    $(NULL)
-+	$(INSTALL) -d -m 0750 $(DESTDIR)$(pipepath)/private
- 	$(INSTALL) -d -m 0755 $(DESTDIR)$(mcpath) $(DESTDIR)$(pipepath) \
-             $(DESTDIR)$(pubconfpath) \
-             $(DESTDIR)$(pubconfpath)/krb5.include.d $(DESTDIR)$(gpocachepath)
-diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
-index 24af8d518bd065388b14d812de7c1c61975f0cca..1e058ca63c25513253c4b350d286208f40f6b660 100644
---- a/contrib/sssd.spec.in
-+++ b/contrib/sssd.spec.in
-@@ -791,7 +791,7 @@ done
- %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
- %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
- %attr(755,sssd,sssd) %dir %{pipepath}
--%attr(700,sssd,sssd) %dir %{pipepath}/private
-+%attr(750,sssd,root) %dir %{pipepath}/private
- %attr(755,sssd,sssd) %dir %{pubconfpath}
- %attr(755,sssd,sssd) %dir %{gpocachepath}
- %attr(750,sssd,sssd) %dir %{_var}/log/%{name}
--- 
-2.9.3
-
diff --git a/0010-SYSDB-Rework-sysdb_cache_connect.patch b/0010-SYSDB-Rework-sysdb_cache_connect.patch
deleted file mode 100644
index 66ae3ef..0000000
--- a/0010-SYSDB-Rework-sysdb_cache_connect.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 3258fa9d328f364fa41fd1a5bc5fc3250e87df8e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 16 Aug 2016 11:20:49 +0200
-Subject: [PATCH 10/39] SYSDB: Rework sysdb_cache_connect()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As sysdb_cache_connect() has two very specific use cases (connect to the
-cache and connect to the timestamp cache) and each of those calls have a
-predetermined/fixed sets of values for a few parameters, let's try to
-make the code a bit simpler to follow by having explicit functions for
-connecting to the cache and connecting to the timestamp cache.
-
-Macros could be used as well, but I have a slightly preference for
-having two new functions instead of macros accessing internal parameters
-of the macro's parameter.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3128
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit b6d1cd5eaab4c7c73df8ee041944ec05630a9630)
----
- src/db/sysdb_init.c | 53 ++++++++++++++++++++++++++++++++++-------------------
- 1 file changed, 34 insertions(+), 19 deletions(-)
-
-diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
-index 9e3646bfeb9a494ebff2d348ab1c53336f8a5c03..59934701c4d2b9d770385a202af058404a6d3eb9 100644
---- a/src/db/sysdb_init.c
-+++ b/src/db/sysdb_init.c
-@@ -511,14 +511,14 @@ done:
-     return ret;
- }
- 
--static errno_t sysdb_cache_connect(TALLOC_CTX *mem_ctx,
--                                   struct sss_domain_info *domain,
--                                   const char *ldb_file,
--                                   int flags,
--                                   const char *exp_version,
--                                   const char *base_ldif,
--                                   struct ldb_context **_ldb,
--                                   const char **_version)
-+static errno_t sysdb_cache_connect_helper(TALLOC_CTX *mem_ctx,
-+                                          struct sss_domain_info *domain,
-+                                          const char *ldb_file,
-+                                          int flags,
-+                                          const char *exp_version,
-+                                          const char *base_ldif,
-+                                          struct ldb_context **_ldb,
-+                                          const char **_version)
- {
-     TALLOC_CTX *tmp_ctx = NULL;
-     struct ldb_message_element *el;
-@@ -619,6 +619,29 @@ done:
-     return ret;
- }
- 
-+static errno_t sysdb_cache_connect(TALLOC_CTX *mem_ctx,
-+                                   struct sysdb_ctx *sysdb,
-+                                   struct sss_domain_info *domain,
-+                                   struct ldb_context **ldb,
-+                                   const char **version)
-+{
-+    return sysdb_cache_connect_helper(mem_ctx, domain, sysdb->ldb_file,
-+                                      0, SYSDB_VERSION, SYSDB_BASE_LDIF,
-+                                      ldb, version);
-+}
-+
-+static errno_t sysdb_ts_cache_connect(TALLOC_CTX *mem_ctx,
-+                                      struct sysdb_ctx *sysdb,
-+                                      struct sss_domain_info *domain,
-+                                      struct ldb_context **ldb,
-+                                      const char **version)
-+{
-+    return sysdb_cache_connect_helper(mem_ctx, domain, sysdb->ldb_ts_file,
-+                                      LDB_FLG_NOSYNC, SYSDB_TS_VERSION,
-+                                      SYSDB_TS_BASE_LDIF,
-+                                      ldb, version);
-+}
-+
- static errno_t remove_ts_cache(struct sysdb_ctx *sysdb)
- {
-     errno_t ret;
-@@ -649,9 +672,7 @@ static int sysdb_domain_cache_connect(struct sysdb_ctx *sysdb,
-         return ENOMEM;
-     }
- 
--    ret = sysdb_cache_connect(tmp_ctx, domain, sysdb->ldb_file, 0,
--                              SYSDB_VERSION, SYSDB_BASE_LDIF,
--                              &ldb, &version);
-+    ret = sysdb_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
-     switch (ret) {
-     case ERR_SYSDB_VERSION_TOO_OLD:
-         if (upgrade_ctx == NULL) {
-@@ -731,10 +752,7 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb,
-         return ENOMEM;
-     }
- 
--    ret = sysdb_cache_connect(tmp_ctx, domain,
--                              sysdb->ldb_ts_file, LDB_FLG_NOSYNC,
--                              SYSDB_TS_VERSION, SYSDB_TS_BASE_LDIF,
--                              &ldb, &version);
-+    ret = sysdb_ts_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
-     switch (ret) {
-     case ERR_SYSDB_VERSION_TOO_OLD:
-         if (upgrade_ctx == NULL) {
-@@ -801,10 +819,7 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb,
-         /* Now the connect must succeed because the previous cache doesn't
-          * exist anymore.
-          */
--        ret = sysdb_cache_connect(tmp_ctx, domain,
--                                  sysdb->ldb_ts_file, LDB_FLG_NOSYNC,
--                                  SYSDB_TS_VERSION, SYSDB_TS_BASE_LDIF,
--                                  &ldb, &version);
-+        ret = sysdb_ts_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
-         if (ret != EOK) {
-             DEBUG(SSSDBG_MINOR_FAILURE,
-                   "Could not delete the timestamp ldb file (%d) (%s)\n",
--- 
-2.9.3
-
diff --git a/0011-SYSDB-Remove-the-timestamp-cache-for-a-newly-created.patch b/0011-SYSDB-Remove-the-timestamp-cache-for-a-newly-created.patch
deleted file mode 100644
index 85a40d2..0000000
--- a/0011-SYSDB-Remove-the-timestamp-cache-for-a-newly-created.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From 85fed431388c7f7f70dbf5bcd0b4f8a889c60bc6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 16 Aug 2016 11:46:41 +0200
-Subject: [PATCH 11/39] SYSDB: Remove the timestamp cache for a newly created
- cache
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As many users are used to remove the persistent cache without removing
-the timestamp cache, let's throw away the timestamp cache in this case.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3128
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 9023bf51de6c84337af024388f1860ac1051924c)
----
- src/db/sysdb_init.c | 69 ++++++++++++++++++++++++++++++++++++-----------------
- 1 file changed, 47 insertions(+), 22 deletions(-)
-
-diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
-index 59934701c4d2b9d770385a202af058404a6d3eb9..c387c1b12c116f38d5a13f1adeac5ef64d593af8 100644
---- a/src/db/sysdb_init.c
-+++ b/src/db/sysdb_init.c
-@@ -511,12 +511,30 @@ done:
-     return ret;
- }
- 
-+static errno_t remove_ts_cache(struct sysdb_ctx *sysdb)
-+{
-+    errno_t ret;
-+
-+    if (sysdb->ldb_ts_file == NULL) {
-+        return EOK;
-+    }
-+
-+    ret = unlink(sysdb->ldb_ts_file);
-+    if (ret != EOK && errno != ENOENT) {
-+        return errno;
-+    }
-+
-+    return EOK;
-+}
-+
- static errno_t sysdb_cache_connect_helper(TALLOC_CTX *mem_ctx,
-+                                          struct sysdb_ctx *sysdb,
-                                           struct sss_domain_info *domain,
-                                           const char *ldb_file,
-                                           int flags,
-                                           const char *exp_version,
-                                           const char *base_ldif,
-+                                          bool *_newly_created,
-                                           struct ldb_context **_ldb,
-                                           const char **_version)
- {
-@@ -527,6 +545,7 @@ static errno_t sysdb_cache_connect_helper(TALLOC_CTX *mem_ctx,
-     const char *version = NULL;
-     int ret;
-     struct ldb_context *ldb;
-+    bool newly_created;
- 
-     tmp_ctx = talloc_new(NULL);
-     if (!tmp_ctx) {
-@@ -592,8 +611,9 @@ static errno_t sysdb_cache_connect_helper(TALLOC_CTX *mem_ctx,
-         goto done;
-     }
- 
--    /* The cache has been newly created.
--     * We need to reopen the LDB to ensure that
-+    newly_created = true;
-+
-+    /* We need to reopen the LDB to ensure that
-      * all of the special values take effect
-      * (such as enabling the memberOf plugin and
-      * the various indexes).
-@@ -613,6 +633,9 @@ static errno_t sysdb_cache_connect_helper(TALLOC_CTX *mem_ctx,
-     }
- done:
-     if (ret == EOK) {
-+        if (_newly_created != NULL) {
-+            *_newly_created = newly_created;
-+        }
-         *_ldb = talloc_steal(mem_ctx, ldb);
-     }
-     talloc_free(tmp_ctx);
-@@ -625,9 +648,27 @@ static errno_t sysdb_cache_connect(TALLOC_CTX *mem_ctx,
-                                    struct ldb_context **ldb,
-                                    const char **version)
- {
--    return sysdb_cache_connect_helper(mem_ctx, domain, sysdb->ldb_file,
-+    bool newly_created;
-+    bool ldb_file_exists;
-+    errno_t ret;
-+
-+    ldb_file_exists = !(access(sysdb->ldb_file, F_OK) == -1 && errno == ENOENT);
-+
-+    ret = sysdb_cache_connect_helper(mem_ctx, sysdb, domain, sysdb->ldb_file,
-                                       0, SYSDB_VERSION, SYSDB_BASE_LDIF,
--                                      ldb, version);
-+                                      &newly_created, ldb, version);
-+
-+    /* The cache has been newly created. */
-+    if (ret == EOK && newly_created && !ldb_file_exists) {
-+        ret = remove_ts_cache(sysdb);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_MINOR_FAILURE,
-+                  "Could not delete the timestamp ldb file (%d) (%s)\n",
-+                  ret, sss_strerror(ret));
-+        }
-+    }
-+
-+    return ret;
- }
- 
- static errno_t sysdb_ts_cache_connect(TALLOC_CTX *mem_ctx,
-@@ -636,28 +677,12 @@ static errno_t sysdb_ts_cache_connect(TALLOC_CTX *mem_ctx,
-                                       struct ldb_context **ldb,
-                                       const char **version)
- {
--    return sysdb_cache_connect_helper(mem_ctx, domain, sysdb->ldb_ts_file,
-+    return sysdb_cache_connect_helper(mem_ctx, sysdb, domain, sysdb->ldb_ts_file,
-                                       LDB_FLG_NOSYNC, SYSDB_TS_VERSION,
--                                      SYSDB_TS_BASE_LDIF,
-+                                      SYSDB_TS_BASE_LDIF, NULL,
-                                       ldb, version);
- }
- 
--static errno_t remove_ts_cache(struct sysdb_ctx *sysdb)
--{
--    errno_t ret;
--
--    if (sysdb->ldb_ts_file == NULL) {
--        return EOK;
--    }
--
--    ret = unlink(sysdb->ldb_ts_file);
--    if (ret != EOK && errno != ENOENT) {
--        return errno;
--    }
--
--    return EOK;
--}
--
- static int sysdb_domain_cache_connect(struct sysdb_ctx *sysdb,
-                                       struct sss_domain_info *domain,
-                                       struct sysdb_dom_upgrade_ctx *upgrade_ctx)
--- 
-2.9.3
-
diff --git a/0012-SECRETS-Return-ENOENT-when_deleting-a-non-existent-s.patch b/0012-SECRETS-Return-ENOENT-when_deleting-a-non-existent-s.patch
deleted file mode 100644
index 86e1bb6..0000000
--- a/0012-SECRETS-Return-ENOENT-when_deleting-a-non-existent-s.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 2a287173752a2854df5e4bdb6b27328837be4805 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 17 Aug 2016 13:12:21 +0200
-Subject: [PATCH 12/39] SECRETS: Return ENOENT when_deleting a non-existent
- secret
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-For this, just make use of the sysdb_error_to_errno() function.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3125
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit c4a3b24dc70fb50c8c0cc5490c29a3755d8b1b73)
----
- src/responder/secrets/local.c | 9 ++-------
- 1 file changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
-index 17469249b357cbdc5e50ddff6b563fdf2f377577..ac3049b62fa77f69d44ec5792139fe3378afb3f4 100644
---- a/src/responder/secrets/local.c
-+++ b/src/responder/secrets/local.c
-@@ -375,15 +375,10 @@ int local_db_delete(TALLOC_CTX *mem_ctx,
-     int ret;
- 
-     ret = local_db_dn(mem_ctx, lctx->ldb, req_path, &dn);
--    if (ret != EOK) goto done;
-+    if (ret != EOK) return ret;
- 
-     ret = ldb_delete(lctx->ldb, dn);
--    if (ret != EOK) {
--        ret = EIO;
--    }
--
--done:
--    return ret;
-+    return sysdb_error_to_errno(ret);
- }
- 
- int local_db_create(TALLOC_CTX *mem_ctx,
--- 
-2.9.3
-
diff --git a/0013-SPEC-Fix-typo-in-Summary.patch b/0013-SPEC-Fix-typo-in-Summary.patch
deleted file mode 100644
index e7e9ce1..0000000
--- a/0013-SPEC-Fix-typo-in-Summary.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 8fbc37dac506556c53f7fcb63a219af71eeaa9be Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Fri, 19 Aug 2016 18:06:45 +0200
-Subject: [PATCH 13/39] SPEC: Fix typo in Summary
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit afa6891a809db262a49f68913f82a3a6137d8e2e)
----
- contrib/sssd.spec.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
-index 1e058ca63c25513253c4b350d286208f40f6b660..1f79ca7cd0a56dc1ab9c951abe11dc216ef3ad03 100644
---- a/contrib/sssd.spec.in
-+++ b/contrib/sssd.spec.in
-@@ -588,7 +588,7 @@ License: GPLv3+ and LGPLv3+
- Development libraries for the SSSD libwbclient implementation.
- 
- %package winbind-idmap
--Summary: SSSSD's idmap_sss Backend for Winbind
-+Summary: SSSD's idmap_sss Backend for Winbind
- Group:  Applications/System
- License: GPLv3+ and LGPLv3+
- 
--- 
-2.9.3
-
diff --git a/0014-IPA-Parse-qualified-names-when-guessing-AD-user-prin.patch b/0014-IPA-Parse-qualified-names-when-guessing-AD-user-prin.patch
deleted file mode 100644
index fe276e1..0000000
--- a/0014-IPA-Parse-qualified-names-when-guessing-AD-user-prin.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 82ccc38b4143b996ca9741f3682c2bb1f2694bef Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 9 Aug 2016 22:08:27 +0200
-Subject: [PATCH 14/39] IPA: Parse qualified names when guessing AD user
- principal
-
-Most AD users store their UPN in an attribute. If they don't, or the sssd
-was configured (typically in earlier versions to work around a bug) to not
-look at the principal attribute, then sssd is supposed to guess
-the attribute.
-
-That currently doesn't work in 1.14, because the username is already
-qualified and then we also append the realm name to it. We need to parse
-the simple username from the qualified name first.
-
-The issue can be reproduced simply by authenticating as the Administrator
-account in IPA-AD trust setups.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3127
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
-(cherry picked from commit 0302e3e7b3b06b809bd63c7911a42ab3e0a7ebf9)
----
- src/providers/ipa/ipa_s2n_exop.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
-index a8c415b4c86ccd3bd3b180c8df835c75420fbb21..07bbb2b4d252c8ca9ada4d890c36c903c9f75773 100644
---- a/src/providers/ipa/ipa_s2n_exop.c
-+++ b/src/providers/ipa/ipa_s2n_exop.c
-@@ -1941,6 +1941,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
-     struct sss_nss_homedir_ctx homedir_ctx;
-     char *name = NULL;
-     char *realm;
-+    char *short_name = NULL;
-     char *upn = NULL;
-     gid_t gid;
-     gid_t orig_gid = 0;
-@@ -2092,8 +2093,17 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
-                     ret = ENOMEM;
-                     goto done;
-                 }
--                upn = talloc_asprintf(tmp_ctx, "%s@%s",
--                                      attrs->a.user.pw_name, realm);
-+
-+                ret = sss_parse_internal_fqname(tmp_ctx, attrs->a.user.pw_name,
-+                                                &short_name, NULL);
-+                if (ret != EOK) {
-+                    DEBUG(SSSDBG_CRIT_FAILURE,
-+                          "Cannot parse internal name %s\n",
-+                          attrs->a.user.pw_name);
-+                    goto done;
-+                }
-+
-+                upn = talloc_asprintf(tmp_ctx, "%s@%s", short_name, realm);
-                 if (!upn) {
-                     DEBUG(SSSDBG_OP_FAILURE, "failed to format UPN.\n");
-                     ret = ENOMEM;
--- 
-2.9.3
-
diff --git a/0015-PROXY-Remove-lowercase-attribute-from-save_user.patch b/0015-PROXY-Remove-lowercase-attribute-from-save_user.patch
deleted file mode 100644
index 1b90810..0000000
--- a/0015-PROXY-Remove-lowercase-attribute-from-save_user.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 18c3db957a198351f8d3c13c51dff976ad736021 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 24 Aug 2016 13:16:31 +0200
-Subject: [PATCH 15/39] PROXY: Remove lowercase attribute from save_user()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As this function already receives a struct sss_domain_info * parameter
-as argument, we can simply check whether we will need a lowercase name
-by accessing domain->case_sensitive.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3134
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 413aef1529fb3d5ed4d0f38e219f5456d7fe3ae0)
----
- src/providers/proxy/proxy_id.c | 22 +++++++++-------------
- 1 file changed, 9 insertions(+), 13 deletions(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index b0c82807b42d91a4212578ca98af7f96484735b1..ff2631c9b493c8c688919139114da5520b428e04 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -31,7 +31,7 @@
- /* =Getpwnam-wrapper======================================================*/
- 
- static int save_user(struct sss_domain_info *domain,
--                     bool lowercase, struct passwd *pwd, const char *real_name,
-+                     struct passwd *pwd, const char *real_name,
-                      const char *alias, uint64_t cache_timeout);
- 
- static int
-@@ -143,8 +143,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx,
-     }
- 
-     /* Both lookups went fine, we can save the user now */
--    ret = save_user(dom, !dom->case_sensitive, pwd,
--                    real_name, i_name, dom->user_timeout);
-+    ret = save_user(dom, pwd, real_name, i_name, dom->user_timeout);
- 
- done:
-     talloc_zfree(tmpctx);
-@@ -224,7 +223,7 @@ delete_user(struct sss_domain_info *domain,
- }
- 
- static int save_user(struct sss_domain_info *domain,
--                     bool lowercase, struct passwd *pwd, const char *real_name,
-+                     struct passwd *pwd, const char *real_name,
-                      const char *alias, uint64_t cache_timeout)
- {
-     const char *shell;
-@@ -246,7 +245,7 @@ static int save_user(struct sss_domain_info *domain,
-         gecos = NULL;
-     }
- 
--    if (lowercase || alias) {
-+    if (!domain->case_sensitive || alias) {
-         attrs = sysdb_new_attrs(NULL);
-         if (!attrs) {
-             DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
-@@ -255,7 +254,7 @@ static int save_user(struct sss_domain_info *domain,
-         }
-     }
- 
--    if (lowercase) {
-+    if (!domain->case_sensitive) {
-         lc_pw_name = sss_tc_utf8_str_tolower(attrs, real_name);
-         if (lc_pw_name == NULL) {
-             DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
-@@ -273,7 +272,7 @@ static int save_user(struct sss_domain_info *domain,
-     }
- 
-     if (alias) {
--        cased_alias = sss_get_cased_name(attrs, alias, !lowercase);
-+        cased_alias = sss_get_cased_name(attrs, alias, domain->case_sensitive);
-         if (!cased_alias) {
-             ret = ENOMEM;
-             goto done;
-@@ -366,8 +365,7 @@ static int get_pw_uid(struct proxy_id_ctx *ctx,
-               pwd->pw_name);
-         goto done;
-     }
--    ret = save_user(dom, !dom->case_sensitive, pwd,
--                    name, NULL, dom->user_timeout);
-+    ret = save_user(dom, pwd, name, NULL, dom->user_timeout);
- 
- done:
-     talloc_zfree(tmpctx);
-@@ -497,8 +495,7 @@ static int enum_users(TALLOC_CTX *mem_ctx,
-                           pwd->pw_name);
-                     goto done;
-                 }
--                ret = save_user(dom, !dom->case_sensitive, pwd,
--                                name, NULL, dom->user_timeout);
-+                ret = save_user(dom, pwd, name, NULL, dom->user_timeout);
-                 if (ret) {
-                     /* Do not fail completely on errors.
-                      * Just report the failure to save and go on */
-@@ -1331,8 +1328,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx,
-         goto done;
-     }
- 
--    ret = save_user(dom, !dom->case_sensitive, pwd,
--                    real_name, i_name, dom->user_timeout);
-+    ret = save_user(dom, pwd, real_name, i_name, dom->user_timeout);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE, "Could not save user\n");
-         goto fail;
--- 
-2.9.3
-
diff --git a/0016-PROXY-Remove-cache_timeout-attribute-from-save_user.patch b/0016-PROXY-Remove-cache_timeout-attribute-from-save_user.patch
deleted file mode 100644
index abc5c18..0000000
--- a/0016-PROXY-Remove-cache_timeout-attribute-from-save_user.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 87bce14e200e16b3f6ec9a79333b2a9da0274fbf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 24 Aug 2016 13:25:44 +0200
-Subject: [PATCH 16/39] PROXY: Remove cache_timeout attribute from save_user()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As this function already receives a struct sss_domain_info * parameter
-as argument, we can simply get the cache_timeout attribute by accessing
-domain->user_timeout.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3134
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 2537fe318a3866780abca100cf6eb7c258f9d02b)
----
- src/providers/proxy/proxy_id.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index ff2631c9b493c8c688919139114da5520b428e04..bdcac66319897981c21e7fd7da7334ee97d010f6 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -32,7 +32,7 @@
- 
- static int save_user(struct sss_domain_info *domain,
-                      struct passwd *pwd, const char *real_name,
--                     const char *alias, uint64_t cache_timeout);
-+                     const char *alias);
- 
- static int
- handle_getpw_result(enum nss_status status, struct passwd *pwd,
-@@ -143,7 +143,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx,
-     }
- 
-     /* Both lookups went fine, we can save the user now */
--    ret = save_user(dom, pwd, real_name, i_name, dom->user_timeout);
-+    ret = save_user(dom, pwd, real_name, i_name);
- 
- done:
-     talloc_zfree(tmpctx);
-@@ -224,7 +224,7 @@ delete_user(struct sss_domain_info *domain,
- 
- static int save_user(struct sss_domain_info *domain,
-                      struct passwd *pwd, const char *real_name,
--                     const char *alias, uint64_t cache_timeout)
-+                     const char *alias)
- {
-     const char *shell;
-     const char *gecos;
-@@ -299,7 +299,7 @@ static int save_user(struct sss_domain_info *domain,
-                            NULL,
-                            attrs,
-                            NULL,
--                           cache_timeout,
-+                           domain->user_timeout,
-                            0);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE, "Could not add user to cache\n");
-@@ -365,7 +365,7 @@ static int get_pw_uid(struct proxy_id_ctx *ctx,
-               pwd->pw_name);
-         goto done;
-     }
--    ret = save_user(dom, pwd, name, NULL, dom->user_timeout);
-+    ret = save_user(dom, pwd, name, NULL);
- 
- done:
-     talloc_zfree(tmpctx);
-@@ -495,7 +495,7 @@ static int enum_users(TALLOC_CTX *mem_ctx,
-                           pwd->pw_name);
-                     goto done;
-                 }
--                ret = save_user(dom, pwd, name, NULL, dom->user_timeout);
-+                ret = save_user(dom, pwd, name, NULL);
-                 if (ret) {
-                     /* Do not fail completely on errors.
-                      * Just report the failure to save and go on */
-@@ -1328,7 +1328,7 @@ static int get_initgr(TALLOC_CTX *mem_ctx,
-         goto done;
-     }
- 
--    ret = save_user(dom, pwd, real_name, i_name, dom->user_timeout);
-+    ret = save_user(dom, pwd, real_name, i_name);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE, "Could not save user\n");
-         goto fail;
--- 
-2.9.3
-
diff --git a/0017-PROXY-Remove-cache_timeout-attribute-from-save_group.patch b/0017-PROXY-Remove-cache_timeout-attribute-from-save_group.patch
deleted file mode 100644
index a78130d..0000000
--- a/0017-PROXY-Remove-cache_timeout-attribute-from-save_group.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From c919d358561f4b26b4017f4379fc7b9b791f5cd8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 24 Aug 2016 13:29:17 +0200
-Subject: [PATCH 17/39] PROXY: Remove cache_timeout attribute from save_group()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As this function already receives a struct sss_domain_info * parameter
-as argument, we can simply get the cache_timeout attribute by accessing
-domain->group_timeout.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3134
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 221d70ae3c5b7bc7384f57ffd3f88f89a3e6ae6a)
----
- src/providers/proxy/proxy_id.c | 12 +++++-------
- 1 file changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index bdcac66319897981c21e7fd7da7334ee97d010f6..c4d68f8e6855941dda386658758c37b4c9080712 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -558,8 +558,7 @@ static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb,
- static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
-                       struct group *grp,
-                       const char *real_name, /* already qualified */
--                      const char *alias, /* already qualified */
--                      uint64_t cache_timeout)
-+                      const char *alias) /* already qualified */
- {
-     errno_t ret, sret;
-     struct sysdb_attrs *attrs = NULL;
-@@ -664,7 +663,7 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
-                             real_name,
-                             grp->gr_gid,
-                             attrs,
--                            cache_timeout,
-+                            dom->group_timeout,
-                             now);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE, "Could not add group to cache\n");
-@@ -947,7 +946,7 @@ static int get_gr_name(struct proxy_id_ctx *ctx,
-         goto done;
-     }
- 
--    ret = save_group(sysdb, dom, grp, real_name, i_name, dom->group_timeout);
-+    ret = save_group(sysdb, dom, grp, real_name, i_name);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE,
-               "Cannot save group [%d]: %s\n", ret, strerror(ret));
-@@ -1032,7 +1031,7 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx,
-         goto done;
-     }
- 
--    ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout);
-+    ret = save_group(sysdb, dom, grp, name, NULL);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE,
-               "Cannot save user [%d]: %s\n", ret, strerror(ret));
-@@ -1165,8 +1164,7 @@ static int enum_groups(TALLOC_CTX *mem_ctx,
-                           "Ignoring\n");
-                     ret = ENOMEM;
-                 }
--                ret = save_group(sysdb, dom, grp, name,
--                        NULL, dom->group_timeout);
-+                ret = save_group(sysdb, dom, grp, name, NULL);
-                 if (ret) {
-                     /* Do not fail completely on errors.
-                      * Just report the failure to save and go on */
--- 
-2.9.3
-
diff --git a/0018-PROXY-Mention-that-save_user-s-parameters-are-alread.patch b/0018-PROXY-Mention-that-save_user-s-parameters-are-alread.patch
deleted file mode 100644
index 8b54b1b..0000000
--- a/0018-PROXY-Mention-that-save_user-s-parameters-are-alread.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 232b543cb667cbd0769608b4e5c790ab73f4c2b4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 24 Aug 2016 13:32:10 +0200
-Subject: [PATCH 18/39] PROXY: Mention that save_user()'s parameters are
- already qualified
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Those comments are similar to what we have in the save_group() function.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3134
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 9900d2b153ebb7d994ccd05275f18b973556d5b3)
----
- src/providers/proxy/proxy_id.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index c4d68f8e6855941dda386658758c37b4c9080712..921b5253a5ffe90526c73b8078067d69f83c75e6 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -223,8 +223,9 @@ delete_user(struct sss_domain_info *domain,
- }
- 
- static int save_user(struct sss_domain_info *domain,
--                     struct passwd *pwd, const char *real_name,
--                     const char *alias)
-+                     struct passwd *pwd,
-+                     const char *real_name, /* already qualified */
-+                     const char *alias) /* already qualified */
- {
-     const char *shell;
-     const char *gecos;
--- 
-2.9.3
-
diff --git a/0019-PROXY-Share-common-code-of-save_-group-user.patch b/0019-PROXY-Share-common-code-of-save_-group-user.patch
deleted file mode 100644
index a927a7b..0000000
--- a/0019-PROXY-Share-common-code-of-save_-group-user.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From b05544a1ba3b49a880b14c8c5c9cafa378c86e24 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 24 Aug 2016 14:28:42 +0200
-Subject: [PATCH 19/39] PROXY: Share common code of save_{group,user}()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-These two functions (save_user() and save_group()) share, between
-themselves, the code preparing the attributes that are going to be
-stored in the sysdb.
-
-This patch basically splits this code out of those functions and
-introduces the new prepare_attrs_for_saving_ops().
-
-Related:
-https://fedorahosted.org/sssd/ticket/3134
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505)
----
- src/providers/proxy/proxy_id.c | 155 +++++++++++++++++++----------------------
- 1 file changed, 70 insertions(+), 85 deletions(-)
-
-diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
-index 921b5253a5ffe90526c73b8078067d69f83c75e6..48f552925447d1f31c4282e89a5994364dbc074d 100644
---- a/src/providers/proxy/proxy_id.c
-+++ b/src/providers/proxy/proxy_id.c
-@@ -222,6 +222,68 @@ delete_user(struct sss_domain_info *domain,
-     return ret;
- }
- 
-+static int
-+prepare_attrs_for_saving_ops(TALLOC_CTX *mem_ctx,
-+                             bool case_sensitive,
-+                             const char *real_name, /* already_qualified */
-+                             const char *alias, /* already qualified */
-+                             struct sysdb_attrs **attrs)
-+{
-+    const char *lc_name = NULL;
-+    const char *cased_alias = NULL;
-+    errno_t ret;
-+
-+    if (!case_sensitive || alias != NULL) {
-+        if (*attrs == NULL) {
-+            *attrs = sysdb_new_attrs(mem_ctx);
-+            if (*attrs == NULL) {
-+                DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
-+                ret = ENOMEM;
-+                goto done;
-+            }
-+        }
-+    }
-+
-+    if (!case_sensitive) {
-+        lc_name = sss_tc_utf8_str_tolower(*attrs, real_name);
-+        if (lc_name == NULL) {
-+            DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+
-+        ret = sysdb_attrs_add_string(*attrs, SYSDB_NAME_ALIAS, lc_name);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+
-+    }
-+
-+    if (alias != NULL) {
-+        cased_alias = sss_get_cased_name(*attrs, alias, case_sensitive);
-+        if (cased_alias == NULL) {
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+
-+        /* Add the alias only if it differs from lowercased pw_name */
-+        if (lc_name == NULL || strcmp(cased_alias, lc_name) != 0) {
-+            ret = sysdb_attrs_add_string(*attrs, SYSDB_NAME_ALIAS,
-+                                         cased_alias);
-+            if (ret != EOK) {
-+                DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
-+                goto done;
-+            }
-+        }
-+    }
-+
-+    ret = EOK;
-+done:
-+    return ret;
-+}
-+
- static int save_user(struct sss_domain_info *domain,
-                      struct passwd *pwd,
-                      const char *real_name, /* already qualified */
-@@ -231,8 +293,6 @@ static int save_user(struct sss_domain_info *domain,
-     const char *gecos;
-     struct sysdb_attrs *attrs = NULL;
-     errno_t ret;
--    const char *cased_alias;
--    const char *lc_pw_name = NULL;
- 
-     if (pwd->pw_shell && pwd->pw_shell[0] != '\0') {
-         shell = pwd->pw_shell;
-@@ -246,47 +306,10 @@ static int save_user(struct sss_domain_info *domain,
-         gecos = NULL;
-     }
- 
--    if (!domain->case_sensitive || alias) {
--        attrs = sysdb_new_attrs(NULL);
--        if (!attrs) {
--            DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
--            ret = ENOMEM;
--            goto done;
--        }
--    }
--
--    if (!domain->case_sensitive) {
--        lc_pw_name = sss_tc_utf8_str_tolower(attrs, real_name);
--        if (lc_pw_name == NULL) {
--            DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
--            ret = ENOMEM;
--            goto done;
--        }
--
--        ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lc_pw_name);
--        if (ret) {
--            DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
--            ret = ENOMEM;
--            goto done;
--        }
--
--    }
--
--    if (alias) {
--        cased_alias = sss_get_cased_name(attrs, alias, domain->case_sensitive);
--        if (!cased_alias) {
--            ret = ENOMEM;
--            goto done;
--        }
--
--        /* Add the alias only if it differs from lowercased pw_name */
--        if (lc_pw_name == NULL || strcmp(cased_alias, lc_pw_name) != 0) {
--            ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, cased_alias);
--            if (ret) {
--                DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
--                goto done;
--            }
--        }
-+    ret = prepare_attrs_for_saving_ops(NULL, domain->case_sensitive,
-+                                       real_name, alias, &attrs);
-+    if (ret != EOK) {
-+        goto done;
-     }
- 
-     ret = sysdb_store_user(domain,
-@@ -563,8 +586,6 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
- {
-     errno_t ret, sret;
-     struct sysdb_attrs *attrs = NULL;
--    const char *cased_alias;
--    const char *lc_gr_name = NULL;
-     TALLOC_CTX *tmp_ctx;
-     time_t now = time(NULL);
-     bool in_transaction = false;
-@@ -618,46 +639,10 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
-         }
-     }
- 
--    if (dom->case_sensitive == false || alias) {
--        if (!attrs) {
--            attrs = sysdb_new_attrs(tmp_ctx);
--            if (!attrs) {
--                DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
--                ret = ENOMEM;
--                goto done;
--            }
--        }
--    }
--
--    if (dom->case_sensitive == false) {
--        lc_gr_name = sss_tc_utf8_str_tolower(attrs, real_name);
--        if (lc_gr_name == NULL) {
--            DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
--            ret = ENOMEM;
--            goto done;
--        }
--
--        ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lc_gr_name);
--        if (ret != EOK) {
--            goto done;
--        }
--    }
--
--    if (alias) {
--        cased_alias = sss_get_cased_name(attrs, alias, dom->case_sensitive);
--        if (!cased_alias) {
--            ret = ENOMEM;
--            DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
--            goto done;
--        }
--
--        if (lc_gr_name == NULL || strcmp(cased_alias, lc_gr_name)) {
--            ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, cased_alias);
--            if (ret) {
--                DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
--                goto done;
--            }
--        }
-+    ret = prepare_attrs_for_saving_ops(tmp_ctx, dom->case_sensitive,
-+                                       real_name, alias, &attrs);
-+    if (ret != EOK) {
-+        goto done;
-     }
- 
-     ret = sysdb_store_group(dom,
--- 
-2.9.3
-
diff --git a/0020-SYSDB-Fix-uninitialized-scalar-variable.patch b/0020-SYSDB-Fix-uninitialized-scalar-variable.patch
deleted file mode 100644
index bb2bdd9..0000000
--- a/0020-SYSDB-Fix-uninitialized-scalar-variable.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 007341bedfcc7e356f4bcb1af8b29acab133300a Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Mon, 29 Aug 2016 09:13:49 +0200
-Subject: [PATCH 20/39] SYSDB: Fix uninitialized scalar variable
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The boolean variable newly_created could be used uninitialized
-in done section in case of failure. The variable was firstly initialized
-to true after succesfull execution of function sysdb_cache_create_empty.
-
-Uninitialized variable usually means true for boolean variable.
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit 975d0b67a40847265523d195438bf4753d18ff1c)
----
- src/db/sysdb_init.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
-index c387c1b12c116f38d5a13f1adeac5ef64d593af8..d110aa7a2878e47650db177cfd342d0ac32248ab 100644
---- a/src/db/sysdb_init.c
-+++ b/src/db/sysdb_init.c
-@@ -545,7 +545,7 @@ static errno_t sysdb_cache_connect_helper(TALLOC_CTX *mem_ctx,
-     const char *version = NULL;
-     int ret;
-     struct ldb_context *ldb;
--    bool newly_created;
-+    bool newly_created = false;
- 
-     tmp_ctx = talloc_new(NULL);
-     if (!tmp_ctx) {
--- 
-2.9.3
-
diff --git a/0021-BUILD-Add-a-few-more-targets-for-intg-tests.patch b/0021-BUILD-Add-a-few-more-targets-for-intg-tests.patch
deleted file mode 100644
index ed238b1..0000000
--- a/0021-BUILD-Add-a-few-more-targets-for-intg-tests.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 9a3ae9e00405501c964b489ac3415482ba3b3974 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Thu, 18 Aug 2016 16:24:17 +0200
-Subject: [PATCH 21/39] BUILD: Add a few more targets for intg tests
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Running "make intgcheck" has been proven to be a bit painful (mainly
-when the developer is just writing down a single test case), as it
-cleans up the build directory and fireis a new build before, finally,
-run the tests.
-
-In order to make it a little less painful, let's break the whole
-operation into 3 new targets:
-    intgcheck-{prepare,run,clean}.
-
-As expected, "make intgcheck" calls these 3 new operations in the same
-order they were presented, not changing then the current behavior.
-
-Each operation will trigger the previous one in case there is no
-"$$prefix" directory created and the directory is _only_ created in the
-very first operation (intghcheck-prepare).
-
-A note must be done about how to run a simple test file or a simple test
-from a test file when running "make intgcheck-run". The option always
-been here but only makes sense now that we have the intgcheck split in a
-few useful steps. See the examples below (and for more detailed
-information, check the py.test documentation):
- #Run a single file
- make intgcheck-run INTGCHECK_PYTEST_ARGS="-k test_netgroup.py"
- #Run a single test from a single file
- make intgcheck-run INTGCHECK_PYTEST_ARGS="-k test_add_empty_netgroup"
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 6159c33125f8ee82e88d495ea2aa5d00018ea844)
----
- Makefile.am | 17 +++++++++++++++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 6219682de0d1fd4b3a813ee2f95b8185531e62bf..6299ac7a7bf1c2ed41dfeeda7063c8901214941a 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3076,7 +3076,7 @@ endif
- # Integration tests #
- #####################
- 
--intgcheck:
-+intgcheck-prepare:
- 	echo "temporarily disabled"
- 	set -e; \
- 	rm -Rf intg; \
-@@ -3096,10 +3096,23 @@ intgcheck:
- 	$(MAKE) $(AM_MAKEFLAGS) -j1 install; \
- 	: Remove .la files from LDB module directory to avoid loader warnings; \
- 	rm "$$prefix"/lib/ldb/*.la; \
-+	cd ../..
-+
-+intgcheck-run:
-+	if [ ! -d intg/pfx ]; then $(MAKE) intgcheck-build; fi; \
-+	cd intg/bld; \
- 	$(MAKE) $(AM_MAKEFLAGS) -C src/tests/intg intgcheck-installed; \
--	cd ../..; \
-+	cd ../..
-+
-+intgcheck-clean:
-+	prefix=`readlink -e intg/pfx`; \
- 	rm -Rf "$$prefix" intg
- 
-+intgcheck:
-+	$(MAKE) intgcheck-prepare
-+	$(MAKE) intgcheck-run
-+	$(MAKE) intgcheck-clean
-+
- ####################
- # Client Libraries #
- ####################
--- 
-2.9.3
-
diff --git a/0022-BUILD-Clean-up-prerelease-targets.patch b/0022-BUILD-Clean-up-prerelease-targets.patch
deleted file mode 100644
index 251278d..0000000
--- a/0022-BUILD-Clean-up-prerelease-targets.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 557e0e8c28a77b423a3746168a3be8e8a8d5462d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Wed, 17 Aug 2016 21:08:23 +0200
-Subject: [PATCH 22/39] BUILD: Clean up prerelease targets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Clean up the pre-release targets in order to avoid lines exceeding 80
-characters.
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 01d970a8afa6ffed82b3e8dda96e08118222e16e)
----
- Makefile.am | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 6299ac7a7bf1c2ed41dfeeda7063c8901214941a..4a56d8b0a3ea49c9fae35bf5717871ea515813b8 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -4202,6 +4202,14 @@ rpmroot:
- 	$(MKDIR_P) $(RPMBUILD)/SPECS
- 	$(MKDIR_P) $(RPMBUILD)/SRPMS
- 
-+# pre-release related vars
-+
-+PR_VERSION_DATE := $(shell date +%Y%m%d.%H%M)
-+PR_VERSION_COMMIT_HASH := $(shell git log -1 --pretty=format:%h)
-+PR_VERSION_NUMBER = $(PR_VERSION_DATE).git$(PR_VERSION_COMMIT_HASH)
-+PR_VERSION_REGEX = m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])
-+PR_VERSION_REPL = m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.$(PR_VERSION_NUMBER)\])
-+
- rpmbrprep: dist-gzip rpmroot
- if GIT_CHECKOUT
- # When we're building RPMs from a git checkout,
-@@ -4219,7 +4227,8 @@ rpms: rpmbrprep
- if GIT_CHECKOUT
- prerelease-rpms:
- 	cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig
--	sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4
-+	sed -e "s/$(PR_VERSION_REGEX)/$(PR_VERSION_REPL)/" \
-+		< $(srcdir)/version.m4.orig > $(srcdir)/version.m4
- 	$(MAKE) rpms
- 	mv $(srcdir)/version.m4.orig $(srcdir)/version.m4
- endif
-@@ -4234,7 +4243,8 @@ srpm: rpmbrprep
- if GIT_CHECKOUT
- prerelease-srpm:
- 	cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig
--	sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4
-+	sed -e "s/$(PR_VERSION_REGEX)/$(PR_VERSION_REPL)/" \
-+		< $(srcdir)/version.m4.orig > $(srcdir)/version.m4
- 	$(MAKE) srpm
- 	mv $(srcdir)/version.m4.orig $(srcdir)/version.m4
- endif
--- 
-2.9.3
-
diff --git a/0023-BUILD-Fix-typo-in-intgcheck-run-rule.patch b/0023-BUILD-Fix-typo-in-intgcheck-run-rule.patch
deleted file mode 100644
index 647a5a3..0000000
--- a/0023-BUILD-Fix-typo-in-intgcheck-run-rule.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 665ef221b1c2144a78ed9f98263bb8b9acce6f6d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Mon, 29 Aug 2016 16:01:59 +0200
-Subject: [PATCH 23/39] BUILD: Fix typo in intgcheck-run rule
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-During the review process "intgcheck-build" ended up being merged to the
-"intgcheck-prepare" rule.
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 9639cf410dd6ba9670748535811f061e0c475bc6)
----
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 4a56d8b0a3ea49c9fae35bf5717871ea515813b8..25a81b93b8881ec6dfa18397ddcc3430e6a3ebd0 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3099,7 +3099,7 @@ intgcheck-prepare:
- 	cd ../..
- 
- intgcheck-run:
--	if [ ! -d intg/pfx ]; then $(MAKE) intgcheck-build; fi; \
-+	if [ ! -d intg/pfx ]; then $(MAKE) intgcheck-prepare; fi; \
- 	cd intg/bld; \
- 	$(MAKE) $(AM_MAKEFLAGS) -C src/tests/intg intgcheck-installed; \
- 	cd ../..
--- 
-2.9.3
-
diff --git a/0024-BUILD-Remove-leftover-after-sysdb-refactoring.patch b/0024-BUILD-Remove-leftover-after-sysdb-refactoring.patch
deleted file mode 100644
index 8273d65..0000000
--- a/0024-BUILD-Remove-leftover-after-sysdb-refactoring.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From ce87fa6dd3fb47f28f9e80b730c50f23b099e835 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Mon, 29 Aug 2016 17:50:17 +0200
-Subject: [PATCH 24/39] BUILD: Remove leftover after sysdb refactoring
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit 4229ffb929bd7029f8b94d92099032d3350f5cf4)
----
- Makefile.am | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 25a81b93b8881ec6dfa18397ddcc3430e6a3ebd0..f89af5a9d6d26c732574aa3651de8c175f538b28 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3077,7 +3077,6 @@ endif
- #####################
- 
- intgcheck-prepare:
--	echo "temporarily disabled"
- 	set -e; \
- 	rm -Rf intg; \
- 	$(MKDIR_P) intg/bld; \
--- 
-2.9.3
-
diff --git a/0025-MONITOR-Remove-the-no-longer-used-diag_cmd-command.patch b/0025-MONITOR-Remove-the-no-longer-used-diag_cmd-command.patch
deleted file mode 100644
index 1e56dca..0000000
--- a/0025-MONITOR-Remove-the-no-longer-used-diag_cmd-command.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 854db7ed3fc4c0c58b1df0f93bb5b896eea417e8 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Sun, 8 May 2016 14:41:35 +0200
-Subject: [PATCH 25/39] MONITOR: Remove the no longer used diag_cmd command
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-After introducing the watchdog, the diag_cmd is longer used and makes no
-sense trying to make it usable by watchdog as the result of "pstack %p"
-seems next to useless in this context.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3051
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit 1620f435dbe7013f985128dcdf001e9158cb00e3)
----
- src/confdb/confdb.h   |   1 -
- src/monitor/monitor.c | 163 --------------------------------------------------
- 2 files changed, 164 deletions(-)
-
-diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
-index 72adbd80ea534eb0becd3e517c00b0c26d00444c..58a085ba954cf75a5c756d6f8fbd04e6fa49a687 100644
---- a/src/confdb/confdb.h
-+++ b/src/confdb/confdb.h
-@@ -73,7 +73,6 @@
- #define CONFDB_MONITOR_DEFAULT_DOMAIN "default_domain_suffix"
- #define CONFDB_MONITOR_OVERRIDE_SPACE "override_space"
- #define CONFDB_MONITOR_USER_RUNAS "user"
--#define CONFDB_MONITOR_PRE_KILL_CMD "diag_cmd"
- #define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification"
- 
- /* Both monitor and domains */
-diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
-index 7a9ef569bbd565d6240cebed8493d0bd85aba89e..f97b2a960b1835540357714b608feac54c2d72c5 100644
---- a/src/monitor/monitor.c
-+++ b/src/monitor/monitor.c
-@@ -112,7 +112,6 @@ struct mt_svc {
-     char *identity;
-     pid_t pid;
- 
--    char *diag_cmd;
-     int kill_time;
- 
-     struct tevent_timer *kill_timer;
-@@ -373,77 +372,6 @@ static int add_svc_conn_spy(struct mt_svc *svc)
-     return EOK;
- }
- 
--static char *expand_diag_cmd(struct mt_svc *svc,
--                             const char *template)
--{
--    TALLOC_CTX *tmp_ctx = NULL;
--    char *copy;
--    char *p_copy;
--    char *n;
--    char *result = NULL;
--    char action;
--    char *res = NULL;
--
--    if (template == NULL) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n");
--        return NULL;
--    }
--
--    tmp_ctx = talloc_new(NULL);
--    if (!tmp_ctx) return NULL;
--
--    copy = talloc_strdup(tmp_ctx, template);
--    if (copy == NULL) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
--        goto done;
--    }
--
--    result = talloc_strdup(tmp_ctx, "");
--    if (result == NULL) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
--        goto done;
--    }
--
--    p_copy = copy;
--    while ((n = strchr(p_copy, '%')) != NULL) {
--        *n = '\0';
--        n++;
--        if ( *n == '\0' ) {
--            DEBUG(SSSDBG_CRIT_FAILURE,
--                  "format error, single %% at the end of the template.\n");
--            goto done;
--        }
--
--        action = *n;
--        switch (action) {
--        case 'p':
--            result = talloc_asprintf_append(result, "%s%d", p_copy, svc->pid);
--            break;
--        default:
--            DEBUG(SSSDBG_CRIT_FAILURE,
--                  "format error, unknown template [%%%c].\n", *n);
--            goto done;
--        }
--
--        if (result == NULL) {
--            DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
--            goto done;
--        }
--
--        p_copy = n + 1;
--    }
--
--    result = talloc_asprintf_append(result, "%s", p_copy);
--    if (result == NULL) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
--        goto done;
--    }
--
--    res = talloc_move(svc, &result);
--done:
--    talloc_zfree(tmp_ctx);
--    return res;
--}
- 
- static void svc_child_info(struct mt_svc *svc, int wait_status)
- {
-@@ -467,82 +395,6 @@ static void svc_child_info(struct mt_svc *svc, int wait_status)
-     }
- }
- 
--static void svc_diag_cmd_exit_handler(int pid, int wait_status, void *pvt)
--{
--    struct mt_svc *svc = talloc_get_type(pvt, struct mt_svc);
--
--    svc_child_info(svc, wait_status);
--}
--
--static void svc_run_diag_cmd(struct mt_svc *svc)
--{
--    pid_t pkc_pid;
--    char **args;
--    int ret;
--    int debug_fd;
--    char *diag_cmd;
--    struct sss_child_ctx *diag_child_ctx;
--
--    if (svc->diag_cmd == NULL) {
--        return;
--    }
--
--    pkc_pid = fork();
--    if (pkc_pid != 0) {
--        /* parent, schedule SIGKILL */
--
--        ret = sss_child_register(svc,
--                                 svc->mt_ctx->sigchld_ctx,
--                                 pkc_pid,
--                                 svc_diag_cmd_exit_handler,
--                                 svc,
--                                 &diag_child_ctx);
--        if (ret != EOK) {
--            DEBUG(SSSDBG_CRIT_FAILURE, "Cannot register child %d\n", pkc_pid);
--            /* Try to go on ... */
--        }
--
--        return;
--    }
--
--    /* child, execute diagnostics */
--    diag_cmd = expand_diag_cmd(svc, svc->diag_cmd);
--    if (diag_cmd == NULL) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              "Failed to expand [%s]\n", svc->diag_cmd);
--        _exit(1);
--    }
--
--    if (debug_level >= SSSDBG_TRACE_LIBS) {
--        debug_fd = get_fd_from_debug_file();
--        ret = dup2(debug_fd, STDERR_FILENO);
--        if (ret == -1) {
--            ret = errno;
--            DEBUG(SSSDBG_MINOR_FAILURE,
--                "dup2 failed for stderr [%d][%s].\n", ret, sss_strerror(ret));
--            /* failure to redirect stderr is not fatal */
--        }
--
--        ret = dup2(debug_fd, STDOUT_FILENO);
--        if (ret == -1) {
--            ret = errno;
--            DEBUG(SSSDBG_MINOR_FAILURE,
--                "dup2 failed for stdout [%d][%s].\n", ret, sss_strerror(ret));
--            /* failure to redirect stdout is not fatal */
--        }
--    }
--
--    args = parse_args(diag_cmd);
--    execvp(args[0], args);
--
--    /* If we are here, exec() has failed
--     * Print errno and abort quickly */
--    ret = errno;
--    DEBUG(SSSDBG_FATAL_FAILURE,
--          "Could not exec %s, reason: %s\n", svc->diag_cmd, strerror(ret));
--    _exit(1);
--}
--
- static int mark_service_as_started(struct mt_svc *svc)
- {
-     struct mt_ctx *ctx = svc->mt_ctx;
-@@ -712,8 +564,6 @@ static int monitor_kill_service (struct mt_svc *svc)
-         return EOK;
-     }
- 
--    svc_run_diag_cmd(svc);
--
-     /* Set up a timer to send SIGKILL if this process
-      * doesn't exit within the configured interval
-      */
-@@ -1147,19 +997,6 @@ static errno_t get_kill_config(struct mt_ctx *ctx, const char *path,
- {
-     errno_t ret;
- 
--    ret = confdb_get_string(ctx->cdb, svc, path,
--                            CONFDB_MONITOR_PRE_KILL_CMD,
--                            NULL, &svc->diag_cmd);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              "Failed to get diagnostics command for %s\n", svc->name);
--        return ret;
--    }
--    if (svc->diag_cmd) {
--        DEBUG(SSSDBG_CONF_SETTINGS,
--              "Diagnostics command: [%s]\n", svc->diag_cmd);
--    }
--
-     ret = confdb_get_int(ctx->cdb, path,
-                          CONFDB_SERVICE_FORCE_TIMEOUT,
-                          MONITOR_DEF_FORCE_TIME, &svc->kill_time);
--- 
-2.9.3
-
diff --git a/0026-MONITOR-Remove-the-no-longer-used-kill_service-comma.patch b/0026-MONITOR-Remove-the-no-longer-used-kill_service-comma.patch
deleted file mode 100644
index ea46440..0000000
--- a/0026-MONITOR-Remove-the-no-longer-used-kill_service-comma.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From 10e635167418fdf7a896b2cb3d095fd345053103 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Sun, 8 May 2016 14:46:25 +0200
-Subject: [PATCH 26/39] MONITOR: Remove the no longer used kill_service command
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-After introducing the watchdog, the force_timeout option is no longer
-used.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3052
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit fa93cd0f0fc75a6d635079e67788f8a9fe183c3c)
----
- src/confdb/confdb.h     |   1 -
- src/man/sssd.conf.5.xml |  33 ------------
- src/monitor/monitor.c   | 141 ------------------------------------------------
- 3 files changed, 175 deletions(-)
-
-diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
-index 58a085ba954cf75a5c756d6f8fbd04e6fa49a687..401e5fbf7ed6bb9e8d7158dfab378c8159aa03db 100644
---- a/src/confdb/confdb.h
-+++ b/src/confdb/confdb.h
-@@ -58,7 +58,6 @@
- #define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
- #define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds"
- #define CONFDB_SERVICE_DEBUG_TO_FILES "debug_to_files"
--#define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout"
- #define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries"
- #define CONFDB_SERVICE_FD_LIMIT "fd_limit"
- #define CONFDB_SERVICE_ALLOWED_UIDS "allowed_uids"
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index e95a7e7e213e07c15e79185730d481e5afceb69c..ae291e0fc8f2f9afabcdf32f18a5ec12252bbbbf 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -549,22 +549,6 @@
-                     </listitem>
-                 </varlistentry>
-                 <varlistentry>
--                    <term>force_timeout (integer)</term>
--                    <listitem>
--                        <para>
--                            If a service is not responding to ping checks (see
--                            the <quote>timeout</quote> option), it is first sent
--                            the SIGTERM signal that instructs it to quit gracefully.
--                            If the service does not terminate after <quote>force_timeout</quote>
--                            seconds, the monitor will forcibly shut it down by
--                            sending a SIGKILL signal.
--                        </para>
--                        <para>
--                            Default: 60
--                        </para>
--                    </listitem>
--                </varlistentry>
--                <varlistentry>
-                     <term>offline_timeout (integer)</term>
-                     <listitem>
-                         <para>
-@@ -1453,23 +1437,6 @@ pam_account_locked_message = Account locked, please contact help desk.
-                 </varlistentry>
- 
-                 <varlistentry>
--                    <term>force_timeout (integer)</term>
--                    <listitem>
--                        <para>
--                            If a service is not responding to ping checks (see
--                            the <quote>timeout</quote> option), it is first sent
--                            the SIGTERM signal that instructs it to quit gracefully.
--                            If the service does not terminate after <quote>force_timeout</quote>
--                            seconds, the monitor will forcibly shut it down by
--                            sending a SIGKILL signal.
--                        </para>
--                        <para>
--                            Default: 60
--                        </para>
--                    </listitem>
--                </varlistentry>
--
--                <varlistentry>
-                     <term>entry_cache_timeout (integer)</term>
-                     <listitem>
-                         <para>
-diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
-index f97b2a960b1835540357714b608feac54c2d72c5..1f89c5a79feab8a921ce2f9132763b37ab506596 100644
---- a/src/monitor/monitor.c
-+++ b/src/monitor/monitor.c
-@@ -114,8 +114,6 @@ struct mt_svc {
- 
-     int kill_time;
- 
--    struct tevent_timer *kill_timer;
--
-     bool svc_started;
- 
-     int restarts;
-@@ -176,8 +174,6 @@ static int monitor_service_init(struct sbus_connection *conn, void *data);
- 
- static int service_signal_reset_offline(struct mt_svc *svc);
- 
--static int monitor_kill_service (struct mt_svc *svc);
--
- static int get_service_config(struct mt_ctx *ctx, const char *name,
-                               struct mt_svc **svc_cfg);
- static int get_provider_config(struct mt_ctx *ctx, const char *name,
-@@ -542,95 +538,6 @@ static int monitor_dbus_init(struct mt_ctx *ctx)
- }
- 
- static void monitor_restart_service(struct mt_svc *svc);
--static void mt_svc_sigkill(struct tevent_context *ev,
--                           struct tevent_timer *te,
--                           struct timeval t, void *ptr);
--static int monitor_kill_service (struct mt_svc *svc)
--{
--    int ret;
--    struct timeval tv;
--
--    ret = kill(svc->pid, SIGTERM);
--    if (ret == -1) {
--        ret = errno;
--        DEBUG(SSSDBG_FATAL_FAILURE,
--              "Sending signal to child (%s:%d) failed: [%d]: %s! "
--               "Ignore and pretend child is dead.\n",
--               svc->name, svc->pid, ret, strerror(ret));
--        /* The only thing we can try here is to launch a new process
--         * and hope that it works.
--         */
--        monitor_restart_service(svc);
--        return EOK;
--    }
--
--    /* Set up a timer to send SIGKILL if this process
--     * doesn't exit within the configured interval
--     */
--    tv = tevent_timeval_current_ofs(svc->kill_time, 0);
--    svc->kill_timer = tevent_add_timer(svc->mt_ctx->ev,
--                                       svc,
--                                       tv,
--                                       mt_svc_sigkill,
--                                       svc);
--    if (svc->kill_timer == NULL) {
--        /* Nothing much we can do */
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              "Failed to allocate timed event: mt_svc_sigkill.\n");
--        /* We'll just have to hope that the SIGTERM succeeds */
--    }
--    return EOK;
--}
--
--static void mt_svc_sigkill(struct tevent_context *ev,
--                           struct tevent_timer *te,
--                           struct timeval t, void *ptr)
--{
--    int ret;
--    struct mt_svc *svc = talloc_get_type(ptr, struct mt_svc);
--
--    DEBUG(SSSDBG_FATAL_FAILURE,
--          "[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n",
--           svc->name, svc->pid);
--    sss_log(SSS_LOG_ERR,
--            "[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n",
--            svc->name, svc->pid);
--
--    /* timer was succesfully executed and it will be released by tevent */
--    svc->kill_timer = NULL;
--
--    ret = kill(svc->pid, SIGKILL);
--    if (ret != EOK) {
--        ret = errno;
--        DEBUG(SSSDBG_FATAL_FAILURE,
--              "Sending signal to child (%s:%d) failed! "
--              "Ignore and pretend child is dead.\n",
--              svc->name, svc->pid);
--
--        if (ret == ESRCH) {
--            /* The process doesn't exist
--             * This most likely means we hit a race where
--             * the SIGTERM concluded just after the timer
--             * fired but before we called kill() here.
--             * We'll just do nothing, since the
--             * mt_svc_exit_handler() should be doing the
--             * necessary work.
--             */
--            return;
--        }
--
--        /* Something went really wrong.
--         * The only thing we can try here is to launch a new process
--         * and hope that it works.
--         */
--        monitor_restart_service(svc);
--    }
--
--    /* The process should terminate immediately and then be
--     * restarted by the mt_svc_exit_handler()
--     */
--    return;
--}
- 
- static void reload_reply(DBusPendingCall *pending, void *data)
- {
-@@ -708,7 +615,6 @@ static int service_signal(struct mt_svc *svc, const char *svc_signal)
-         DEBUG(SSSDBG_FATAL_FAILURE,
-               "Out of memory trying to allocate memory to invoke: %s\n",
-                svc_signal);
--        monitor_kill_service(svc);
-         return ENOMEM;
-     }
- 
-@@ -992,32 +898,6 @@ static int get_monitor_config(struct mt_ctx *ctx)
-     return EOK;
- }
- 
--static errno_t get_kill_config(struct mt_ctx *ctx, const char *path,
--                               struct mt_svc *svc)
--{
--    errno_t ret;
--
--    ret = confdb_get_int(ctx->cdb, path,
--                         CONFDB_SERVICE_FORCE_TIMEOUT,
--                         MONITOR_DEF_FORCE_TIME, &svc->kill_time);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              "Failed to get kill timeout for %s\n", svc->name);
--        return ret;
--    }
--
--    /* 'force_timeout = 0' should be translated to the default */
--    if (svc->kill_time == 0) {
--        svc->kill_time = MONITOR_DEF_FORCE_TIME;
--    }
--
--    DEBUG(SSSDBG_CONF_SETTINGS,
--          "Time between SIGTERM and SIGKILL for [%s]: [%d]\n",
--           svc->name, svc->kill_time);
--
--    return EOK;
--}
--
- /* This is a temporary function that returns false if the service
-  * being started was only tested when running as root.
-  */
-@@ -1154,14 +1034,6 @@ static int get_service_config(struct mt_ctx *ctx, const char *name,
-         }
-     }
- 
--    ret = get_kill_config(ctx, path, svc);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              "Failed to get kill timeouts for %s\n", svc->name);
--        talloc_free(svc);
--        return ret;
--    }
--
-     svc->last_restart = now;
- 
-     *svc_cfg = svc;
-@@ -1249,14 +1121,6 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name,
-         return ret;
-     }
- 
--    ret = get_kill_config(ctx, path, svc);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_CRIT_FAILURE,
--              "Failed to get kill timeouts for %s\n", svc->name);
--        talloc_free(svc);
--        return ret;
--    }
--
-     talloc_free(path);
- 
-     /* if no provider is present do not run the domain */
-@@ -2540,11 +2404,6 @@ static void mt_svc_exit_handler(int pid, int wait_status, void *pvt)
-           "SIGCHLD handler of service %s called\n", svc->name);
-     svc_child_info(svc, wait_status);
- 
--    /* Clear the kill_timer so we don't try to SIGKILL it after it's
--     * already gone.
--     */
--    talloc_zfree(svc->kill_timer);
--
-     /* Check the number of restart tries and relaunch the service */
-     monitor_restart_service(svc);
- 
--- 
-2.9.3
-
diff --git a/0027-WATCHDOG-define-and-use-_MAX_TICKS-as-3.patch b/0027-WATCHDOG-define-and-use-_MAX_TICKS-as-3.patch
deleted file mode 100644
index b141bc5..0000000
--- a/0027-WATCHDOG-define-and-use-_MAX_TICKS-as-3.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From e293e3a1418e95560498f29147c4e5b1be0b729a Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Mon, 15 Aug 2016 12:54:20 +0200
-Subject: [PATCH 27/39] WATCHDOG: define and use _MAX_TICKS as 3
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Instead of using the number 3 directly, let's introduce and use
-WATCHDOG_MAX_TICKS.
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit d7075a255a1f28e890539072e06d0140ffe0927c)
----
- src/util/util_watchdog.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c
-index 1c27d73f13b3042ecb549a2184e1368e8339d199..c184fbd759bdbca4a9eae379ff0d87e2d1628470 100644
---- a/src/util/util_watchdog.c
-+++ b/src/util/util_watchdog.c
-@@ -22,6 +22,7 @@
- #include "util/util.h"
- 
- #define WATCHDOG_DEF_INTERVAL 10
-+#define WATCHDOG_MAX_TICKS 3
- 
- /* this is intentionally a global variable */
- struct watchdog_ctx {
-@@ -75,9 +76,8 @@ static void watchdog_handler(int sig)
-         return;
-     }
- 
--    /* if 3 ticks passed by kills itself */
--
--    if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > 3) {
-+    /* if a pre-defined number of ticks passed by kills itself */
-+    if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) {
-         DEBUG(SSSDBG_FATAL_FAILURE,
-               "Watchdog timer overflow, killing process!\n");
-         orderly_shutdown(1);
--- 
-2.9.3
-
diff --git a/0028-PROXY-Use-right-name-in-ldap-filter.patch b/0028-PROXY-Use-right-name-in-ldap-filter.patch
deleted file mode 100644
index 813ff74..0000000
--- a/0028-PROXY-Use-right-name-in-ldap-filter.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f7c519962070d797822c960d297f7de7fa42426a Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Fri, 26 Aug 2016 14:57:22 +0200
-Subject: [PATCH 28/39] PROXY: Use right name in ldap filter
-
-We used internal fq name in ldap filter
-with id_provider proxy to files and auth provider
-ldap
-
-[sssd[be[LDAP]]] [sdap_get_generic_ext_step]
-    (0x0400): calling ldap_search_ext with
-    [(&(uid=testuser1@ldap)(objectclass=posixAccount))][dc=example,dc=com].
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit b4c6060b10b14257e6f01038ae44e46c5a429f33)
----
- src/providers/ldap/ldap_auth.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
-index 35f16b0d4a6f8e566b0cf63b65ba46f31e7c1bcd..00d38284e428eea42254820fd08ee4fb125235a6 100644
---- a/src/providers/ldap/ldap_auth.c
-+++ b/src/providers/ldap/ldap_auth.c
-@@ -361,7 +361,7 @@ shadow_fail:
- 
- /* ==Get-User-DN========================================================== */
- struct get_user_dn_state {
--    const char *username;
-+    char *username;
- 
-     char *orig_dn;
- };
-@@ -386,9 +386,14 @@ static struct tevent_req *get_user_dn_send(TALLOC_CTX *memctx,
-     req = tevent_req_create(memctx, &state, struct get_user_dn_state);
-     if (!req) return NULL;
- 
--    state->username = username;
-+    ret = sss_parse_internal_fqname(state, username,
-+                                    &state->username, NULL);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", username);
-+        goto done;
-+    }
- 
--    ret = sss_filter_sanitize(state, username, &clean_name);
-+    ret = sss_filter_sanitize(state, state->username, &clean_name);
-     if (ret != EOK) {
-         goto done;
-     }
--- 
-2.9.3
-
diff --git a/0029-SECRETS-Make-internal-function-static.patch b/0029-SECRETS-Make-internal-function-static.patch
deleted file mode 100644
index fbab4f1..0000000
--- a/0029-SECRETS-Make-internal-function-static.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2dc376b266eb5f3b3aecc980f1a854eeac7d151b Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 16 Aug 2016 20:53:19 +0200
-Subject: [PATCH 29/39] SECRETS: Make internal function static
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit cf902c2b247c1b5793ae0ba58fd2dcbb0f78b686)
----
- src/responder/secrets/providers.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/responder/secrets/providers.c b/src/responder/secrets/providers.c
-index 8d815b4837ce71bac648f38a6a8956771dd0520d..4c601988696dac7856cb1c1eb27264180a9347f9 100644
---- a/src/responder/secrets/providers.c
-+++ b/src/responder/secrets/providers.c
-@@ -24,7 +24,8 @@
- #include "responder/secrets/secsrv_proxy.h"
- #include <jansson.h>
- 
--int sec_map_url_to_user_path(struct sec_req_ctx *secreq, char **mapped_path)
-+static int sec_map_url_to_user_path(struct sec_req_ctx *secreq,
-+                                    char **mapped_path)
- {
-     uid_t c_euid;
- 
--- 
-2.9.3
-
diff --git a/0030-SECRETS-Make-reading-the-config-options-more-uniform.patch b/0030-SECRETS-Make-reading-the-config-options-more-uniform.patch
deleted file mode 100644
index 28be190..0000000
--- a/0030-SECRETS-Make-reading-the-config-options-more-uniform.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e099a2654aa25f98a5f9e7a0e1f0820e8322c372 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 16 Aug 2016 20:59:30 +0200
-Subject: [PATCH 30/39] SECRETS: Make reading the config options more uniform
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-One of confdb_get_ calls in sec_get_config() used a variable referenced
-from rctx, the other used a hardcoded string. Use one of them on both
-places instead.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit ff35d4ffe5eedcb484deb7ef1a04c02c19e634c9)
----
- src/responder/secrets/secsrv.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c
-index 6f8052bdf25fe903683d6b26d92b2a4c31743470..eb194a179ae5e3a48547fb00a038f31b8e0264cd 100644
---- a/src/responder/secrets/secsrv.c
-+++ b/src/responder/secrets/secsrv.c
-@@ -35,7 +35,7 @@ static int sec_get_config(struct sec_ctx *sctx)
-     int ret;
- 
-     ret = confdb_get_int(sctx->rctx->cdb,
--                         CONFDB_SEC_CONF_ENTRY,
-+                         sctx->rctx->confdb_service_path,
-                          CONFDB_SERVICE_FD_LIMIT,
-                          DEFAULT_SEC_FD_LIMIT,
-                          &sctx->fd_limit);
--- 
-2.9.3
-
diff --git a/0031-dyndns-fix-typo-and-unify-ipa-with-ad-debug-message-.patch b/0031-dyndns-fix-typo-and-unify-ipa-with-ad-debug-message-.patch
deleted file mode 100644
index a58c3ce..0000000
--- a/0031-dyndns-fix-typo-and-unify-ipa-with-ad-debug-message-.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 279b4f57263abcdb84e2386f4cb4256981fb8c2d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 4 Aug 2016 14:10:09 +0200
-Subject: [PATCH 31/39] dyndns: fix typo and unify ipa with ad debug message
- when off
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit b3851e86af91dc1aa6e265d5b2e4279b2611ff43)
----
- src/providers/ad/ad_dyndns.c | 2 +-
- src/providers/ipa/ipa_init.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c
-index e3f1812837f7cee9d18ef001233871e0fcc16b4c..00190485e8f0ca7362ed60b2df022c74c53988c9 100644
---- a/src/providers/ad/ad_dyndns.c
-+++ b/src/providers/ad/ad_dyndns.c
-@@ -47,7 +47,7 @@ errno_t ad_dyndns_init(struct be_ctx *be_ctx,
- 
-     if (dp_opt_get_bool(ad_opts->dyndns_ctx->opts,
-                         DP_OPT_DYNDNS_UPDATE) == false) {
--        DEBUG(SSSDBG_CONF_SETTINGS, "Dynamic DNS updates not set\n");
-+        DEBUG(SSSDBG_CONF_SETTINGS, "Dynamic DNS updates are off.\n");
-         return EOK;
-     }
- 
-diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
-index ca99200a1ba1d9508ac0affffecaa08149552fee..7dec4d1fb8541a48470d4e44f10838e5bea67ad5 100644
---- a/src/providers/ipa/ipa_init.c
-+++ b/src/providers/ipa/ipa_init.c
-@@ -200,7 +200,7 @@ static errno_t ipa_init_dyndns(struct be_ctx *be_ctx,
-     enabled = dp_opt_get_bool(ipa_options->dyndns_ctx->opts,
-                               DP_OPT_DYNDNS_UPDATE);
-     if (!enabled) {
--        DEBUG(SSSDBG_CONF_SETTINGS, "Dynamic DNS updates are of.\n");
-+        DEBUG(SSSDBG_CONF_SETTINGS, "Dynamic DNS updates are off.\n");
-         return EOK;
-     }
- 
--- 
-2.9.3
-
diff --git a/0032-netlink-Don-t-define-USE_GNU.patch b/0032-netlink-Don-t-define-USE_GNU.patch
deleted file mode 100644
index 1e69b14..0000000
--- a/0032-netlink-Don-t-define-USE_GNU.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2d1d157a07a2b445d6d26573a9763ec62928790f Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 30 Aug 2016 15:26:27 +0200
-Subject: [PATCH 32/39] netlink: Don't define USE_GNU
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Applications should never #define USE_GNU themselves, but rather
-_GNU_SOURCE. This patch removes USE_GNU and replaces it with including
-config.h which has _GNU_SOURCE defined if applicable for that platform
-
-See for example:
-    https://gcc.gnu.org/ml/fortran/2005-10/msg00365.html
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit 1384d0ce6ea741aefb56b0006b6268d76e6cc2c2)
----
- src/monitor/monitor_netlink.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/monitor/monitor_netlink.c b/src/monitor/monitor_netlink.c
-index 22262949c67744493dfa722ff38257a75a5b8291..c4d56b39f29b7686b60da1d561d7db390c272a4d 100644
---- a/src/monitor/monitor_netlink.c
-+++ b/src/monitor/monitor_netlink.c
-@@ -21,11 +21,12 @@
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
- 
-+#include "config.h"
-+
- #include <talloc.h>
- #include <tevent.h>
- #include <sys/types.h>
- #include <sys/ioctl.h>
--#define __USE_GNU /* needed for struct ucred */
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
--- 
-2.9.3
-
diff --git a/0033-MONITOR-Remove-leftovers-from-diag_cmd.patch b/0033-MONITOR-Remove-leftovers-from-diag_cmd.patch
deleted file mode 100644
index d3c9650..0000000
--- a/0033-MONITOR-Remove-leftovers-from-diag_cmd.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From d58c29636abcd20ef8e90fae90d8754419c394fa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 30 Aug 2016 18:17:46 +0200
-Subject: [PATCH 33/39] MONITOR: Remove leftovers from diag_cmd
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Seems that when I sent the v2 of 7579cf99 I attached the wrong patch
-that ended up being pushed.
-That patch was incomplete as there are still some leftovers.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3051
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit e04df9feca0c9877c69aa46450d04c556bcb23ad)
----
- src/config/SSSDConfig/__init__.py.in | 1 -
- src/config/SSSDConfigTest.py         | 1 -
- src/config/cfg_rules.ini             | 9 ---------
- src/config/etc/sssd.api.conf         | 1 -
- 4 files changed, 12 deletions(-)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index b3f04ac26309bb5b518fb87cd0dae2962e853179..fb071270208341f4e993fef95af4e8dc6b58fdbd 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -51,7 +51,6 @@ option_strings = {
-     'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
-     'fd_limit' : _('The number of file descriptors that may be opened by this responder'),
-     'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
--    'diag_cmd' : _('The command to run when a service ping times out'),
- 
-     # [sssd]
-     'services' : _('SSSD Services to start'),
-diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
-index 8fcd1a55c36035a7026f1fb4c8116aaae24e78ef..575a12450eec2e23e7fa30acf72030a0e7e07a50 100755
---- a/src/config/SSSDConfigTest.py
-+++ b/src/config/SSSDConfigTest.py
-@@ -309,7 +309,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
-             'reconnection_retries',
-             'fd_limit',
-             'client_idle_timeout',
--            'diag_cmd',
-             'description',
-             'certificate_verification',
-             'override_space']
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index df10538dee4a547a1b1af62a4cfe37b89e236b18..a2c3fa2d5994dc051b72be17e13c512d7f124141 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -25,7 +25,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # Monitor service
- option = services
-@@ -57,7 +56,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # Name service
- option = user_attributes
-@@ -96,7 +94,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # Authentication service
- option = offline_credentials_expiration
-@@ -130,7 +127,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # sudo service
- option = sudo_timed
-@@ -152,7 +148,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # autofs service
- option = autofs_negative_timeout
-@@ -173,7 +168,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # ssh service
- option = ssh_hash_known_hosts
-@@ -196,7 +190,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # PAC responder
- option = allowed_uids
-@@ -218,7 +211,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- # InfoPipe responder
- option = allowed_uids
-@@ -239,7 +231,6 @@ option = fd_limit
- option = client_idle_timeout
- option = force_timeout
- option = description
--option = diag_cmd
- 
- #Available provider types
- option = id_provider
-diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
-index 5e69414f2a490977bdaf1555325814ad61202071..b2f20c5b71fa6bf94656d6270ccd08385a88c06e 100644
---- a/src/config/etc/sssd.api.conf
-+++ b/src/config/etc/sssd.api.conf
-@@ -15,7 +15,6 @@ fd_limit = int, None, false
- client_idle_timeout = int, None, false
- force_timeout = int, None, false
- description = str, None, false
--diag_cmd = str, None, false
- 
- [sssd]
- # Monitor service
--- 
-2.9.3
-
diff --git a/0034-MONITOR-Remove-leftovers-from-kill_service.patch b/0034-MONITOR-Remove-leftovers-from-kill_service.patch
deleted file mode 100644
index 0b66314..0000000
--- a/0034-MONITOR-Remove-leftovers-from-kill_service.patch
+++ /dev/null
@@ -1,175 +0,0 @@
-From a2145190df8f4faa68a9662a2b5162dd87eca0a6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 30 Aug 2016 18:25:21 +0200
-Subject: [PATCH 34/39] MONITOR: Remove leftovers from kill_service
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Seems that wen I sent the v2 of ac35fe74 I attached the wrong pacth that
-ended up being pushed.
-The patch was incomplete as there are still some leftovers.
-
-The .po and sssd-docs.pot were not touched as I do believe they are
-autogenerated from Zanata.
-
-Related:
-https://fedorahosted.org/sssd/ticket/3052
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit 5b0735876aa66464b24cb7736a74fafd8ec82128)
----
- src/config/SSSDConfig/__init__.py.in |  1 -
- src/config/SSSDConfigTest.py         |  3 ---
- src/config/cfg_rules.ini             | 10 ----------
- src/config/etc/sssd.api.conf         |  2 --
- 4 files changed, 16 deletions(-)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index fb071270208341f4e993fef95af4e8dc6b58fdbd..0191920f93ab9016508e08785c25dd043c180c0b 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -46,7 +46,6 @@ option_strings = {
-     'debug_microseconds' : _('Include microseconds in timestamps in debug logs'),
-     'debug_to_files' : _('Write debug messages to logfiles'),
-     'timeout' : _('Watchdog timeout before restarting service'),
--    'force_timeout' : _('Timeout between three failed ping checks and forcibly killing the service'),
-     'command' : _('Command to start service'),
-     'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
-     'fd_limit' : _('The number of file descriptors that may be opened by this responder'),
-diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
-index 575a12450eec2e23e7fa30acf72030a0e7e07a50..6a0fdf0ea5215103b48dc8521a43ae945342c0e2 100755
---- a/src/config/SSSDConfigTest.py
-+++ b/src/config/SSSDConfigTest.py
-@@ -293,7 +293,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
-             'services',
-             'domains',
-             'timeout',
--            'force_timeout',
-             'sbus_timeout',
-             're_expression',
-             'full_name_format',
-@@ -505,7 +504,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
-             'min_id',
-             'max_id',
-             'timeout',
--            'force_timeout',
-             'offline_timeout',
-             'try_inotify',
-             'command',
-@@ -874,7 +872,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
-             'min_id',
-             'max_id',
-             'timeout',
--            'force_timeout',
-             'offline_timeout',
-             'try_inotify',
-             'command',
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index a2c3fa2d5994dc051b72be17e13c512d7f124141..5e248066bd554d2a654a764f406f6b33c4d66733 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -23,7 +23,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # Monitor service
-@@ -54,7 +53,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # Name service
-@@ -92,7 +90,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # Authentication service
-@@ -125,7 +122,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # sudo service
-@@ -146,7 +142,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # autofs service
-@@ -166,7 +161,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # ssh service
-@@ -188,7 +182,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # PAC responder
-@@ -209,7 +202,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- # InfoPipe responder
-@@ -229,7 +221,6 @@ option = command
- option = reconnection_retries
- option = fd_limit
- option = client_idle_timeout
--option = force_timeout
- option = description
- 
- #Available provider types
-@@ -250,7 +241,6 @@ option = timeout
- option = try_inotify
- option = enumerate
- option = subdomain_enumerate
--option = force_timeout
- option = offline_timeout
- option = cache_credentials
- option = cache_credentials_minimal_first_factor_length
-diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
-index b2f20c5b71fa6bf94656d6270ccd08385a88c06e..525f939cd204f4d484caa7b490d85b0d50de00ef 100644
---- a/src/config/etc/sssd.api.conf
-+++ b/src/config/etc/sssd.api.conf
-@@ -13,7 +13,6 @@ command = str, None, false
- reconnection_retries = int, None, false
- fd_limit = int, None, false
- client_idle_timeout = int, None, false
--force_timeout = int, None, false
- description = str, None, false
- 
- [sssd]
-@@ -119,7 +118,6 @@ timeout = int, None, false
- try_inotify = bool, None, false
- enumerate = bool, None, false
- subdomain_enumerate = str, None, false
--force_timeout = int, None, false
- offline_timeout = int, None, false
- cache_credentials = bool, None, false
- cache_credentials_minimal_first_factor_length = int, None, false
--- 
-2.9.3
-
diff --git a/0035-SYSDB-Fix-error-handling-in-sysdb_get_user_members_r.patch b/0035-SYSDB-Fix-error-handling-in-sysdb_get_user_members_r.patch
deleted file mode 100644
index a4c2cdc..0000000
--- a/0035-SYSDB-Fix-error-handling-in-sysdb_get_user_members_r.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 223395a44a3016c3124aa5ed841c7023068607d8 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Tue, 30 Aug 2016 15:37:43 +0200
-Subject: [PATCH 35/39] SYSDB: Fix error handling in
- sysdb_get_user_members_recursively
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We ignored failures from sysdb_search_entry
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-(cherry picked from commit b969ccc2cc58fdf761e5d314de9217f2d914bc9b)
----
- src/db/sysdb_ops.c   | 3 +++
- src/db/sysdb_views.c | 5 ++++-
- 2 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
-index 44fb5b70e6d33fffbca5824f831a3229254ecb57..e4c8e1e285e3bc49710f71c896ba9a30c742d4fa 100644
---- a/src/db/sysdb_ops.c
-+++ b/src/db/sysdb_ops.c
-@@ -4738,6 +4738,9 @@ errno_t sysdb_get_user_members_recursively(TALLOC_CTX *mem_ctx,
- 
-     ret = sysdb_search_entry(tmp_ctx, dom->sysdb, base_dn, LDB_SCOPE_SUBTREE,
-                              filter, attrs, &count, &msgs);
-+    if (ret != EOK) {
-+        goto done;
-+    }
- 
-     res = talloc_zero(tmp_ctx, struct ldb_result);
-     if (res == NULL) {
-diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
-index 79f513d13ba41212a6cd84e1d9e609df6acba29c..9dc48f5b6c414bbc7c64bcd1fe73553f388588bd 100644
---- a/src/db/sysdb_views.c
-+++ b/src/db/sysdb_views.c
-@@ -1374,7 +1374,10 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
- 
-     ret = sysdb_get_user_members_recursively(tmp_ctx, domain, obj->dn,
-                                              &res_members);
--    if (ret != EOK) {
-+    if (ret == ENOENT) {
-+        ret = EOK;
-+        goto done;
-+    } else if (ret != EOK) {
-         DEBUG(SSSDBG_OP_FAILURE,
-               "sysdb_get_user_members_recursively failed.\n");
-         goto done;
--- 
-2.9.3
-
diff --git a/0036-DEBUG-Apend-line-feed-to-messages-from-libsemanage.patch b/0036-DEBUG-Apend-line-feed-to-messages-from-libsemanage.patch
deleted file mode 100644
index 3a70aa4..0000000
--- a/0036-DEBUG-Apend-line-feed-to-messages-from-libsemanage.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9e21f9157d7eaf62e48ee9ab43332d336c12708c Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Thu, 1 Sep 2016 08:08:00 +0200
-Subject: [PATCH 36/39] DEBUG: Apend line feed to messages from libsemanage
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It wasn't simple to read log files from libsemanage
-because they were on single line.
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit a6d279489c35896432e60daa70be5728f0b6c243)
----
- src/util/sss_semanage.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
-index 81068da98db611e55df8ac2de1a55f5980c3e552..fe06bee1dfec3abca3aa3cd5e85e55386ac11343 100644
---- a/src/util/sss_semanage.c
-+++ b/src/util/sss_semanage.c
-@@ -55,7 +55,8 @@ static void sss_semanage_error_callback(void *varg,
- 
-     va_start(ap, fmt);
-     if (DEBUG_IS_SET(level)) {
--        sss_vdebug_fn(__FILE__, __LINE__, "libsemanage", level, 0, fmt, ap);
-+        sss_vdebug_fn(__FILE__, __LINE__, "libsemanage", level,
-+                      APPEND_LINE_FEED, fmt, ap);
-     }
-     va_end(ap);
- }
--- 
-2.9.3
-
diff --git a/0037-MAN-Document-the-ldap_user_primary_group-option.patch b/0037-MAN-Document-the-ldap_user_primary_group-option.patch
deleted file mode 100644
index a95ca4e..0000000
--- a/0037-MAN-Document-the-ldap_user_primary_group-option.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 4417b8170e7bb09fd8d724e36e23ddf89d95cb33 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Wed, 31 Aug 2016 10:17:17 +0200
-Subject: [PATCH 37/39] MAN: Document the ldap_user_primary_group option
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit 6f59bb822d1e54e178207be45e382f4ee173c434)
----
- src/man/sssd-ldap.5.xml | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
-index 6009dd8dfa787874c085c293b2d1f8aac6d95714..bfccfab2222e5b2d68b83ca473e9a3aa0f5308e5 100644
---- a/src/man/sssd-ldap.5.xml
-+++ b/src/man/sssd-ldap.5.xml
-@@ -299,6 +299,21 @@
-                 </varlistentry>
- 
-                 <varlistentry>
-+                    <term>ldap_user_primary_group (string)</term>
-+                    <listitem>
-+                        <para>
-+                            Active Directory primary group attribute
-+                            for ID-mapping. Note that this attribute should
-+                            only be set manually if you are running the
-+                            <quote>ldap</quote> provider with ID mapping.
-+                        </para>
-+                        <para>
-+                            Default: unset (LDAP), primaryGroupID (AD)
-+                        </para>
-+                    </listitem>
-+                </varlistentry>
-+
-+                <varlistentry>
-                     <term>ldap_user_gecos (string)</term>
-                     <listitem>
-                         <para>
--- 
-2.9.3
-
diff --git a/0038-sdap_initgr_nested_get_membership_diff-use-fully-qua.patch b/0038-sdap_initgr_nested_get_membership_diff-use-fully-qua.patch
deleted file mode 100644
index bfa928b..0000000
--- a/0038-sdap_initgr_nested_get_membership_diff-use-fully-qua.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1a28f2ce26d49617eaf865e39d52136181d9663d Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 30 Aug 2016 17:30:10 +0200
-Subject: [PATCH 38/39] sdap_initgr_nested_get_membership_diff: use
- fully-qualified names
-
-I think this is a leftover from the change to use fully-qualified names
-in sysdb. To verify this you can create a nested group in IPA. Without
-this patch the id command will only show the groups the user is a direct
-member of. With the patch the indirect groups memberships should be
-shown as well.
-
-https://fedorahosted.org/sssd/ticket/3163
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 5bd3bef4a655fdfacd2f5df8a2343fe7bc68a771)
----
- src/providers/ldap/sdap_async_initgroups.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
-index 82c708c226bf1a645ff5a395947dfdbad71e0f1f..f9593f0dfaa2dc6e33fd6c9d1f0c9b78cad3a1d9 100644
---- a/src/providers/ldap/sdap_async_initgroups.c
-+++ b/src/providers/ldap/sdap_async_initgroups.c
-@@ -1414,7 +1414,7 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
-                group_name, parents_count);
- 
-     if (parents_count > 0) {
--        ret = sysdb_attrs_primary_name_list(dom, tmp_ctx,
-+        ret = sysdb_attrs_primary_fqdn_list(dom, tmp_ctx,
-                                             ldap_parentlist,
-                                             parents_count,
-                                             opts->group_map[SDAP_AT_GROUP_NAME].name,
--- 
-2.9.3
-
diff --git a/0039-SYSDB-Removing-of-unused-parameter.patch b/0039-SYSDB-Removing-of-unused-parameter.patch
deleted file mode 100644
index dda1bc1..0000000
--- a/0039-SYSDB-Removing-of-unused-parameter.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From c620bb359ff03f40ffbc36a03d74c921346ecfc3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
-Date: Wed, 31 Aug 2016 08:50:01 +0200
-Subject: [PATCH 39/39] SYSDB: Removing of unused parameter
-
-There were unused parameter struct ldb_message *cached_group
-in sysdb_store_group_attrs().
-
-This parameter was introduced by
-40de79d69860ec7f04bf7795bd88b641ec42fd23
-SYSDB: Check if group attributes differ before saving a group
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 0d1d9d8001232f74eca63cbba6c400d507b33823)
----
- src/db/sysdb_ops.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
-index e4c8e1e285e3bc49710f71c896ba9a30c742d4fa..5d9c9fb24a149f8215b3027dcb4b0e1a183e4b43 100644
---- a/src/db/sysdb_ops.c
-+++ b/src/db/sysdb_ops.c
-@@ -2661,7 +2661,6 @@ static errno_t sysdb_store_new_group(struct sss_domain_info *domain,
- static errno_t sysdb_store_group_attrs(struct sss_domain_info *domain,
-                                        const char *name,
-                                        gid_t gid,
--                                       struct ldb_message *cached_group,
-                                        struct sysdb_attrs *attrs,
-                                        uint64_t cache_timeout,
-                                        time_t now);
-@@ -2731,7 +2730,7 @@ int sysdb_store_group(struct sss_domain_info *domain,
-         ret = sysdb_store_new_group(domain, name, gid, attrs,
-                                     cache_timeout, now);
-     } else {
--        ret = sysdb_store_group_attrs(domain, name, gid, msg, attrs,
-+        ret = sysdb_store_group_attrs(domain, name, gid, attrs,
-                                       cache_timeout, now);
-     }
-     if (ret != EOK) {
-@@ -2811,7 +2810,6 @@ static errno_t sysdb_store_new_group(struct sss_domain_info *domain,
- static errno_t sysdb_store_group_attrs(struct sss_domain_info *domain,
-                                        const char *name,
-                                        gid_t gid,
--                                       struct ldb_message *cached_group,
-                                        struct sysdb_attrs *attrs,
-                                        uint64_t cache_timeout,
-                                        time_t now)
--- 
-2.9.3
-
diff --git a/0040-SYSDB-Suppress-warning-from-clang-static-analyser.patch b/0040-SYSDB-Suppress-warning-from-clang-static-analyser.patch
deleted file mode 100644
index 5ec5e0b..0000000
--- a/0040-SYSDB-Suppress-warning-from-clang-static-analyser.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 344773c4c6949757d9719850191229481c9733a9 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Thu, 1 Sep 2016 17:25:23 +0200
-Subject: [PATCH 40/79] SYSDB: Suppress warning from clang static analyser
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-scan-build wrongly assumes that output variable
-"version" is not initialized if function sysdb_cache_connect
-returns ERR_SYSDB_VERSION_TOO_OLD or ERR_SYSDB_VERSION_TOO_NEW
-
-The reality is that output variable "version" is initialized
-especially for these two case. Initialisation to NULL suppresses
-these false positive reports.
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit 3f6aecfe5061e165c10829142854ec7189029407)
----
- src/db/sysdb_init.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
-index d110aa7a2878e47650db177cfd342d0ac32248ab..538ba027cd94e274ba328d398cc565b11ea56f39 100644
---- a/src/db/sysdb_init.c
-+++ b/src/db/sysdb_init.c
-@@ -688,7 +688,7 @@ static int sysdb_domain_cache_connect(struct sysdb_ctx *sysdb,
-                                       struct sysdb_dom_upgrade_ctx *upgrade_ctx)
- {
-     errno_t ret;
--    const char *version;
-+    const char *version = NULL;
-     TALLOC_CTX *tmp_ctx;
-     struct ldb_context *ldb;
- 
--- 
-2.9.3
-
diff --git a/0041-TOOLS-Fix-a-typo-in-groupadd.patch b/0041-TOOLS-Fix-a-typo-in-groupadd.patch
deleted file mode 100644
index aa85dc7..0000000
--- a/0041-TOOLS-Fix-a-typo-in-groupadd.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 96e8cf44298c257d509219dd9c45b8cdae792ab5 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 6 Sep 2016 12:13:08 +0200
-Subject: [PATCH 41/79] TOOLS: Fix a typo in groupadd()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3173
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 6be723a089a1e07a1cd19b4fa53fd142c13f0c69)
----
- src/tools/sss_sync_ops.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
-index a23a0b8c30366d2fb68554bfed184b8fce675e2b..39ef5bec96bd3942da8a8adfd21c99b03a77e551 100644
---- a/src/tools/sss_sync_ops.c
-+++ b/src/tools/sss_sync_ops.c
-@@ -657,7 +657,7 @@ int groupadd(struct ops_ctx *data)
-     int ret;
- 
-     data->sysdb_fqname = sss_create_internal_fqname(data,
--                                                    data->sysdb_fqname,
-+                                                    data->name,
-                                                     data->domain->name);
-     if (data->sysdb_fqname == NULL) {
-         return ENOMEM;
--- 
-2.9.3
-
diff --git a/0042-TOOLS-sss_groupshow-did-not-work.patch b/0042-TOOLS-sss_groupshow-did-not-work.patch
deleted file mode 100644
index fac4af0..0000000
--- a/0042-TOOLS-sss_groupshow-did-not-work.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From e69c1ed1452b43fafb31e252589d7a5aa37f9cf7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Tue, 6 Sep 2016 13:46:53 +0200
-Subject: [PATCH 42/79] TOOLS: sss_groupshow did not work
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-sss_groupshow used shortname to search
-in sysdb database. We have to u e sysdb_fqname
-(aka internal_fqname) format for all sysdb
-oprations.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3175
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 5210c5d3a5a83b5d08396ee23d88f6ba0994097d)
----
- src/tools/sss_groupshow.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c
-index 41d7475cef1093a4cb214ec4b017db59e6c26fe2..5870cc802c70366c47a0d30cb0d9795cf6035bc5 100644
---- a/src/tools/sss_groupshow.c
-+++ b/src/tools/sss_groupshow.c
-@@ -318,7 +318,7 @@ int group_show(TALLOC_CTX *mem_ctx,
-                struct sysdb_ctx *sysdb,
-                struct sss_domain_info *domain,
-                bool   recursive,
--               const char *name,
-+               const char *shortname,
-                struct group_info **res)
- {
-     struct group_info *root;
-@@ -326,11 +326,20 @@ int group_show(TALLOC_CTX *mem_ctx,
-     struct ldb_message *msg = NULL;
-     const char **group_members = NULL;
-     int nmembers = 0;
-+    char *sysdb_fqname = NULL;
-     int ret;
-     int i;
- 
-+    sysdb_fqname = sss_create_internal_fqname(mem_ctx,
-+                                              shortname,
-+                                              domain->name);
-+    if (sysdb_fqname == NULL) {
-+        return ENOMEM;
-+    }
-+
-     /* First, search for the root group */
--    ret = sysdb_search_group_by_name(mem_ctx, domain, name, attrs, &msg);
-+    ret = sysdb_search_group_by_name(mem_ctx, domain, sysdb_fqname, attrs,
-+                                     &msg);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE,
-               "Search failed: %s (%d)\n", strerror(ret), ret);
--- 
-2.9.3
-
diff --git a/0043-TESTS-sss_groupadd-groupshow-regressions.patch b/0043-TESTS-sss_groupadd-groupshow-regressions.patch
deleted file mode 100644
index 8b90deb..0000000
--- a/0043-TESTS-sss_groupadd-groupshow-regressions.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From b5ce7cefc1af161f25e5857aacec88ebd9e47130 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Tue, 6 Sep 2016 17:37:14 +0200
-Subject: [PATCH 43/79] TESTS: sss_groupadd/groupshow regressions
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Adds regression CI test for ticket #3173 and #3175.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3173
-https://fedorahosted.org/sssd/ticket/3175
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 20c2d76d9430a1fc069531ff537df046a74c8f61)
----
- src/tests/intg/test_local_domain.py | 26 ++++++++++++++++++++++++++
- 1 file changed, 26 insertions(+)
-
-diff --git a/src/tests/intg/test_local_domain.py b/src/tests/intg/test_local_domain.py
-index b83e56d1b44619083506093ca8cfb9413437c821..56e3812b113b36301d1ec6049e5a1210d3070442 100644
---- a/src/tests/intg/test_local_domain.py
-+++ b/src/tests/intg/test_local_domain.py
-@@ -19,11 +19,13 @@
- import os
- import stat
- import pwd
-+import grp
- import time
- import config
- import signal
- import subprocess
- import pytest
-+import ent
- from util import unindent
- 
- 
-@@ -90,6 +92,11 @@ def assert_nonexistent_user(name):
-         pwd.getpwnam(name)
- 
- 
-+def assert_nonexistent_group(name):
-+    with pytest.raises(KeyError):
-+        grp.getgrnam(name)
-+
-+
- def test_wrong_LC_ALL(local_domain_only):
-     """
-     Regression test for ticket
-@@ -107,3 +114,22 @@ def test_wrong_LC_ALL(local_domain_only):
-     subprocess.check_call(["sss_userdel", "foo", "-R"])
-     assert_nonexistent_user("foo")
-     os.environ["LC_ALL"] = oldvalue
-+
-+
-+def test_sss_group_add_show_del(local_domain_only):
-+    """
-+    Regression test for tickets
-+    https://fedorahosted.org/sssd/ticket/3173
-+    https://fedorahosted.org/sssd/ticket/3175
-+    """
-+
-+    subprocess.check_call(["sss_groupadd", "foo", "-g", "10001"])
-+
-+    "This should not raise KeyError"
-+    ent.assert_group_by_name("foo", dict(name="foo", gid=10001))
-+
-+    "sss_grupshow should return 0 with existing group name"
-+    subprocess.check_call(["sss_groupshow", "foo"])
-+
-+    subprocess.check_call(["sss_groupdel", "foo"])
-+    assert_nonexistent_group("foo")
--- 
-2.9.3
-
diff --git a/0044-TOOLS-use-internal-fqdn-for-DN.patch b/0044-TOOLS-use-internal-fqdn-for-DN.patch
deleted file mode 100644
index 12cad8c..0000000
--- a/0044-TOOLS-use-internal-fqdn-for-DN.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From aa17cda3887309ccd67c256a24b980fbd8c2f89a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 7 Sep 2016 10:58:25 +0200
-Subject: [PATCH 44/79] TOOLS: use internal fqdn for DN
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use internal fqdn when creating sysdb group dn.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3178
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 5e2142b66589e5e50cb404fc972ed5418bbaa772)
----
- src/tools/sss_sync_ops.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
-index 39ef5bec96bd3942da8a8adfd21c99b03a77e551..a0291baeada49b9f21e040a54e303214d5a46332 100644
---- a/src/tools/sss_sync_ops.c
-+++ b/src/tools/sss_sync_ops.c
-@@ -137,6 +137,7 @@ static int mod_groups_member(struct sss_domain_info *dom,
-     struct ldb_dn *parent_dn;
-     int ret;
-     int i;
-+    char *grp_sysdb_fqname = NULL;
- 
-     tmpctx = talloc_new(NULL);
-     if (!tmpctx) {
-@@ -145,13 +146,21 @@ static int mod_groups_member(struct sss_domain_info *dom,
- 
- /* FIXME: add transaction around loop */
-     for (i = 0; grouplist[i]; i++) {
-+        grp_sysdb_fqname = sss_create_internal_fqname(tmpctx, grouplist[i],
-+                                                      dom->name);
-+        if (grp_sysdb_fqname == NULL) {
-+            ret = ENOMEM;
-+            goto done;
-+        }
- 
--        parent_dn = sysdb_group_dn(tmpctx, dom, grouplist[i]);
-+        parent_dn = sysdb_group_dn(tmpctx, dom, grp_sysdb_fqname);
-         if (!parent_dn) {
-             ret = ENOMEM;
-             goto done;
-         }
- 
-+        talloc_free(grp_sysdb_fqname);
-+
-         ret = sysdb_mod_group_member(dom, member_dn, parent_dn, optype);
-         if (ret) {
-             goto done;
--- 
-2.9.3
-
diff --git a/0045-TESTS-Test-for-sss_user-groupmod-a.patch b/0045-TESTS-Test-for-sss_user-groupmod-a.patch
deleted file mode 100644
index b820eb4..0000000
--- a/0045-TESTS-Test-for-sss_user-groupmod-a.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 1b692a1142ec59e27ebb99666634a6e0464317d1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 7 Sep 2016 13:08:59 +0200
-Subject: [PATCH 45/79] TESTS: Test for sss_user/groupmod -a
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Regression tests for ticket #3178.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3178
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 7fa4964d84f41bd80a6d971ffaeef87a7c2f19be)
----
- src/tests/intg/test_local_domain.py | 36 ++++++++++++++++++++++++++++++++++++
- 1 file changed, 36 insertions(+)
-
-diff --git a/src/tests/intg/test_local_domain.py b/src/tests/intg/test_local_domain.py
-index 56e3812b113b36301d1ec6049e5a1210d3070442..5e3e3d4d1cdc6db5d68a6e5b9d96d94c2c694b14 100644
---- a/src/tests/intg/test_local_domain.py
-+++ b/src/tests/intg/test_local_domain.py
-@@ -133,3 +133,39 @@ def test_sss_group_add_show_del(local_domain_only):
- 
-     subprocess.check_call(["sss_groupdel", "foo"])
-     assert_nonexistent_group("foo")
-+
-+
-+def test_add_local_user_to_local_group(local_domain_only):
-+    """
-+    Regression test for ticket
-+    https://fedorahosted.org/sssd/ticket/3178
-+    """
-+    subprocess.check_call(["sss_groupadd", "-g", "10009", "group10009"])
-+    subprocess.check_call(["sss_useradd", "-u", "10009", "-M", "user10009"])
-+    subprocess.check_call(["sss_usermod", "-a", "group10009", "user10009"])
-+
-+    ent.assert_group_by_name(
-+        "group10009",
-+        dict(name="group10009", passwd="*", gid=10009,
-+             mem=ent.contains_only("user10009")))
-+
-+
-+def test_add_local_group_to_local_group(local_domain_only):
-+    """
-+    Regression test for tickets
-+    https://fedorahosted.org/sssd/ticket/3178
-+    """
-+    subprocess.check_call(["sss_groupadd", "-g", "10009", "group_child"])
-+    subprocess.check_call(["sss_useradd", "-u", "10009", "-M", "user_child"])
-+    subprocess.check_call(["sss_usermod", "-a", "group_child", "user_child"])
-+
-+    subprocess.check_call(["sss_groupadd", "-g", "10008", "group_parent"])
-+    subprocess.check_call(
-+        ["sss_groupmod", "-a", "group_parent", "group_child"])
-+
-+    # User from child_group is member of parent_group, so child_group's
-+    # member must be also parent_group's member
-+    ent.assert_group_by_name(
-+        "group_parent",
-+        dict(name="group_parent", passwd="*", gid=10008,
-+             mem=ent.contains_only("user_child")))
--- 
-2.9.3
-
diff --git a/0046-TOOLS-sss_mc_refresh_nested_group-short-fqname-usage.patch b/0046-TOOLS-sss_mc_refresh_nested_group-short-fqname-usage.patch
deleted file mode 100644
index 7813acd..0000000
--- a/0046-TOOLS-sss_mc_refresh_nested_group-short-fqname-usage.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From ce402d01616b2a8ea5c3354085a07910e4903820 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 7 Sep 2016 14:43:13 +0200
-Subject: [PATCH 46/79] TOOLS: sss_mc_refresh_nested_group short/fqname usage
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We use shortname to refresh memory cache, but in case of nested groups,
-we used internal_fqname to refresh parent groups.
-
-We also wrongly used the shortname for sysdb_search operation.
-Which caused error message to be printed when sss_usermod -a or
-sss_groupmod -a where called.
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit cb54dbad6be907d277ce6aa39524338643e2f5a4)
----
- src/tools/tools_mc_util.c | 66 +++++++++++++++++++++++++++++++++--------------
- 1 file changed, 47 insertions(+), 19 deletions(-)
-
-diff --git a/src/tools/tools_mc_util.c b/src/tools/tools_mc_util.c
-index 2516a1981ddd965d4cae8c469ed79aaef8fa7193..716e3760f67d958f2139adbb49998d9e352d23f4 100644
---- a/src/tools/tools_mc_util.c
-+++ b/src/tools/tools_mc_util.c
-@@ -293,62 +293,90 @@ errno_t sss_mc_refresh_group(const char *groupname)
-     return sss_mc_refresh_ent(groupname, SSS_TOOLS_GROUP);
- }
- 
--errno_t sss_mc_refresh_nested_group(struct tools_ctx *tctx,
--                                    const char *name)
-+static errno_t sss_mc_refresh_nested_group(struct tools_ctx *tctx,
-+                                           const char *shortname)
- {
-     errno_t ret;
--    struct ldb_message *msg;
-+    struct ldb_message *msg = NULL;
-     struct ldb_message_element *el;
-     const char *attrs[] = { SYSDB_MEMBEROF,
-                             SYSDB_NAME,
-                             NULL };
-     size_t i;
--    char *parent_name;
-+    char *parent_internal_name;
-+    char *parent_outname;
-+    char *internal_name;
-+    TALLOC_CTX *tmpctx;
- 
--    ret = sss_mc_refresh_group(name);
-+    tmpctx = talloc_new(tctx);
-+    if (tmpctx == NULL) {
-+        return ENOMEM;
-+    }
-+
-+    internal_name = sss_create_internal_fqname(tmpctx, shortname,
-+                                               tctx->local->name);
-+    if (internal_name == NULL) {
-+        ret = ENOMEM;
-+        goto done;
-+    }
-+
-+    ret = sss_mc_refresh_group(shortname);
-     if (ret != EOK) {
-         DEBUG(SSSDBG_MINOR_FAILURE,
--              "Cannot refresh group %s from memory cache\n", name);
-+              "Cannot refresh group %s from memory cache\n", shortname);
-         /* try to carry on */
-     }
- 
--    ret = sysdb_search_group_by_name(tctx, tctx->local, name, attrs, &msg);
-+    ret = sysdb_search_group_by_name(tmpctx, tctx->local, internal_name, attrs,
-+                                     &msg);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE,
-                "Search failed: %s (%d)\n", strerror(ret), ret);
--        return ret;
-+        goto done;
-     }
- 
-     el = ldb_msg_find_element(msg, SYSDB_MEMBEROF);
-     if (!el || el->num_values == 0) {
--        DEBUG(SSSDBG_TRACE_INTERNAL, "Group %s has no parents\n", name);
--        talloc_free(msg);
--        return EOK;
-+        DEBUG(SSSDBG_TRACE_INTERNAL, "Group %s has no parents\n",
-+              internal_name);
-+        ret = EOK;
-+        goto done;
-     }
- 
-     /* This group is nested. We need to invalidate all its parents, too */
-     for (i=0; i < el->num_values; i++) {
--        ret = sysdb_group_dn_name(tctx->sysdb, tctx,
-+        ret = sysdb_group_dn_name(tctx->sysdb, tmpctx,
-                                   (const char *) el->values[i].data,
--                                  &parent_name);
-+                                  &parent_internal_name);
-         if (ret != EOK) {
-             DEBUG(SSSDBG_MINOR_FAILURE, "Malformed DN [%s]? Skipping\n",
-                   (const char *) el->values[i].data);
--            talloc_free(parent_name);
-+            talloc_free(parent_internal_name);
-             continue;
-         }
- 
--        ret = sss_mc_refresh_group(parent_name);
--        talloc_free(parent_name);
-+        parent_outname = sss_output_name(tmpctx, parent_internal_name,
-+                                         tctx->local->case_preserve, 0);
-+        if (parent_outname == NULL) {
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+
-+        ret = sss_mc_refresh_group(parent_outname);
-+        talloc_free(parent_internal_name);
-+        talloc_free(parent_outname);
-         if (ret != EOK) {
-             DEBUG(SSSDBG_MINOR_FAILURE,
--                  "Cannot refresh group %s from memory cache\n", name);
-+                  "Cannot refresh group %s from memory cache\n", parent_outname);
-             /* try to carry on */
-         }
-     }
- 
--    talloc_free(msg);
--    return EOK;
-+    ret = EOK;
-+
-+done:
-+    talloc_free(tmpctx);
-+    return ret;
- }
- 
- errno_t sss_mc_refresh_grouplist(struct tools_ctx *tctx,
--- 
-2.9.3
-
diff --git a/0047-TESTS-Add-FQDN-variants-for-some-tests.patch b/0047-TESTS-Add-FQDN-variants-for-some-tests.patch
deleted file mode 100644
index acc43d2..0000000
--- a/0047-TESTS-Add-FQDN-variants-for-some-tests.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 8f08ebcc6897b8b18f18554adfa5c55ab1313f2a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 7 Sep 2016 15:00:12 +0200
-Subject: [PATCH 47/79] TESTS: Add FQDN variants for some tests
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Adds FQDN variants of some already existing tests.
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit f2d1d90a14267c01155eab7bb95b8eb34128acc9)
----
- src/tests/intg/test_local_domain.py | 83 +++++++++++++++++++++++++++++++++++++
- 1 file changed, 83 insertions(+)
-
-diff --git a/src/tests/intg/test_local_domain.py b/src/tests/intg/test_local_domain.py
-index 5e3e3d4d1cdc6db5d68a6e5b9d96d94c2c694b14..b34e4a3d31cdbc1dc257d8fffcf0f5a07803b20c 100644
---- a/src/tests/intg/test_local_domain.py
-+++ b/src/tests/intg/test_local_domain.py
-@@ -87,6 +87,27 @@ def local_domain_only(request):
-     return None
- 
- 
-+@pytest.fixture
-+def local_domain_only_fqdn(request):
-+    conf = unindent("""\
-+        [sssd]
-+        domains = LOCAL
-+        services = nss
-+
-+        [nss]
-+        memcache_timeout = 0
-+
-+        [domain/LOCAL]
-+        id_provider = local
-+        min_id = 10000
-+        max_id = 20000
-+        use_fully_qualified_names = True
-+    """).format(**locals())
-+    create_conf_fixture(request, conf)
-+    create_sssd_fixture(request)
-+    return None
-+
-+
- def assert_nonexistent_user(name):
-     with pytest.raises(KeyError):
-         pwd.getpwnam(name)
-@@ -169,3 +190,65 @@ def test_add_local_group_to_local_group(local_domain_only):
-         "group_parent",
-         dict(name="group_parent", passwd="*", gid=10008,
-              mem=ent.contains_only("user_child")))
-+
-+
-+def test_sss_group_add_show_del_fqdn(local_domain_only_fqdn):
-+    """
-+    Regression test for tickets
-+    https://fedorahosted.org/sssd/ticket/3173
-+    https://fedorahosted.org/sssd/ticket/3175
-+    """
-+
-+    subprocess.check_call(["sss_groupadd", "foo@LOCAL", "-g", "10001"])
-+
-+    "This should not raise KeyError"
-+    ent.assert_group_by_name("foo@LOCAL", dict(name="foo@LOCAL", gid=10001))
-+
-+    "sss_grupshow should return 0 with existing group name"
-+    subprocess.check_call(["sss_groupshow", "foo@LOCAL"])
-+
-+    subprocess.check_call(["sss_groupdel", "foo@LOCAL"])
-+    assert_nonexistent_group("foo@LOCAL")
-+
-+
-+def test_add_local_user_to_local_group_fqdn(local_domain_only_fqdn):
-+    """
-+    Regression test for ticket
-+    https://fedorahosted.org/sssd/ticket/3178
-+    """
-+    subprocess.check_call(
-+        ["sss_groupadd", "-g", "10009", "group10009@LOCAL"])
-+    subprocess.check_call(
-+        ["sss_useradd", "-u", "10009", "-M", "user10009@LOCAL"])
-+    subprocess.check_call(
-+        ["sss_usermod", "-a", "group10009@LOCAL", "user10009@LOCAL"])
-+
-+    ent.assert_group_by_name(
-+        "group10009@LOCAL",
-+        dict(name="group10009@LOCAL", passwd="*", gid=10009,
-+             mem=ent.contains_only("user10009@LOCAL")))
-+
-+
-+def test_add_local_group_to_local_group_fqdn(local_domain_only_fqdn):
-+    """
-+    Regression test for tickets
-+    https://fedorahosted.org/sssd/ticket/3178
-+    """
-+    subprocess.check_call(
-+        ["sss_groupadd", "-g", "10009", "group_child@LOCAL"])
-+    subprocess.check_call(
-+        ["sss_useradd", "-u", "10009", "-M", "user_child@LOCAL"])
-+    subprocess.check_call(
-+        ["sss_usermod", "-a", "group_child@LOCAL", "user_child@LOCAL"])
-+
-+    subprocess.check_call(
-+        ["sss_groupadd", "-g", "10008", "group_parent@LOCAL"])
-+    subprocess.check_call(
-+        ["sss_groupmod", "-a", "group_parent@LOCAL", "group_child@LOCAL"])
-+
-+    # User from child_group is member of parent_group, so child_group's
-+    # member must be also parent_group's member
-+    ent.assert_group_by_name(
-+        "group_parent@LOCAL",
-+        dict(name="group_parent@LOCAL", passwd="*", gid=10008,
-+             mem=ent.contains_only("user_child@LOCAL")))
--- 
-2.9.3
-
diff --git a/0048-KRB5-Send-the-output-username-not-internal-fqname-to.patch b/0048-KRB5-Send-the-output-username-not-internal-fqname-to.patch
deleted file mode 100644
index 0ec611f..0000000
--- a/0048-KRB5-Send-the-output-username-not-internal-fqname-to.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-From 99e3e869ae031ce70f6f7a0d7435bf9969cf3108 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Wed, 7 Sep 2016 12:07:36 +0200
-Subject: [PATCH 48/79] KRB5: Send the output username, not internal fqname to
- krb5_child
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-krb5_child calls krb5_kuserok() during the access phase which checks if
-a particular user is allowed to authenticate as a particular principal.
-We used to pass the internal fqname to krb5_kuserok() which broke the
-functionality and all users were denied access.
-
-This patch changes that to send the 'output' username to krb5_child,
-because that's the username the system receives through getpwnam() or
-getpwuid() anyway. The patch also adds a new structure member fo the
-krb5child_req structure to avoid reusing the pd->user variable but have
-an explicit one that serves as the input for the child process.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3172
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit fedfb7c62b4efa89d18d0d3a7895a2a34ec4ce42)
----
- src/providers/krb5/krb5_access.c        | 10 ++++++++--
- src/providers/krb5/krb5_auth.c          | 18 ++++++++++++++----
- src/providers/krb5/krb5_auth.h          |  9 ++++++---
- src/providers/krb5/krb5_child_handler.c |  4 ++--
- 4 files changed, 30 insertions(+), 11 deletions(-)
-
-diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c
-index 3afb90150d77ef4ab2c1b5b79abb95d68eb131f6..be9068c0f9180f8de0de259aae368534effaf7fb 100644
---- a/src/providers/krb5/krb5_access.c
-+++ b/src/providers/krb5/krb5_access.c
-@@ -51,6 +51,7 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
-     int ret;
-     const char **attrs;
-     struct ldb_result *res;
-+    struct sss_domain_info *dom;
- 
-     req = tevent_req_create(mem_ctx, &state, struct krb5_access_state);
-     if (req == NULL) {
-@@ -64,8 +65,13 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
-     state->krb5_ctx = krb5_ctx;
-     state->access_allowed = false;
- 
--    ret = krb5_setup(state, pd, krb5_ctx, be_ctx->domain->case_sensitive,
--                     &state->kr);
-+    ret = get_domain_or_subdomain(be_ctx, pd->domain, &dom);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_OP_FAILURE, "get_domain_or_subdomain failed.\n");
-+        goto done;
-+    }
-+
-+    ret = krb5_setup(state, pd, dom, krb5_ctx, &state->kr);
-     if (ret != EOK) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n");
-         goto done;
-diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
-index dabf55cf24a8afda16fee6697120c7c6f088b796..f0f2280022a3ee951ccfa0040b616c48c3b25706 100644
---- a/src/providers/krb5/krb5_auth.c
-+++ b/src/providers/krb5/krb5_auth.c
-@@ -174,8 +174,10 @@ done:
-     return ret;
- }
- 
--errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
--                   struct krb5_ctx *krb5_ctx, bool cs,
-+errno_t krb5_setup(TALLOC_CTX *mem_ctx,
-+                   struct pam_data *pd,
-+                   struct sss_domain_info *dom,
-+                   struct krb5_ctx *krb5_ctx,
-                    struct krb5child_req **_krb5_req)
- {
-     struct krb5child_req *kr;
-@@ -201,13 +203,21 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
-     kr->krb5_ctx = krb5_ctx;
- 
-     ret = get_krb_primary(krb5_ctx->name_to_primary,
--                          pd->user, cs, &mapped_name);
-+                          pd->user, dom->case_sensitive, &mapped_name);
-     if (ret == EOK) {
-         DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name);
-         kr->user = mapped_name;
-+        kr->kuserok_user = mapped_name;
-     } else if (ret == ENOENT) {
-         DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
-         kr->user = pd->user;
-+
-+        kr->kuserok_user = sss_output_name(kr, kr->user,
-+                                           dom->case_sensitive, 0);
-+        if (kr->kuserok_user == NULL) {
-+            ret = ENOMEM;
-+            goto done;
-+        }
-     } else {
-         DEBUG(SSSDBG_CRIT_FAILURE, "get_krb_primary failed - %s:[%d]\n",
-               sss_strerror(ret), ret);
-@@ -534,7 +544,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
-     attrs[6] = SYSDB_AUTH_TYPE;
-     attrs[7] = NULL;
- 
--    ret = krb5_setup(state, pd, krb5_ctx, state->domain->case_sensitive,
-+    ret = krb5_setup(state, pd, state->domain, krb5_ctx,
-                      &state->kr);
-     if (ret != EOK) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "krb5_setup failed.\n");
-diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
-index dbad061f0203b6383daeeab506bf9950d892ea4b..11bb595833269177b7e2c5fc6372d6a6fb6d93d2 100644
---- a/src/providers/krb5/krb5_auth.h
-+++ b/src/providers/krb5/krb5_auth.h
-@@ -57,11 +57,14 @@ struct krb5child_req {
-     bool send_pac;
- 
-     const char *user;
-+    const char *kuserok_user;
- };
- 
--errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
--                   struct krb5_ctx *krb5_ctx, bool case_sensitive,
--                   struct krb5child_req **krb5_req);
-+errno_t krb5_setup(TALLOC_CTX *mem_ctx,
-+                   struct pam_data *pd,
-+                   struct sss_domain_info *dom,
-+                   struct krb5_ctx *krb5_ctx,
-+                   struct krb5child_req **_krb5_req);
- 
- struct tevent_req *
- krb5_pam_handler_send(TALLOC_CTX *mem_ctx,
-diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
-index 09a1e5f59494a5c07d5c9eefb94919ca9389cb27..1eec7261f00976b3725fee9323755edecd5409a5 100644
---- a/src/providers/krb5/krb5_child_handler.c
-+++ b/src/providers/krb5/krb5_child_handler.c
-@@ -161,7 +161,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
-     }
- 
-     if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) {
--        username_len = strlen(kr->pd->user);
-+        username_len = strlen(kr->kuserok_user);
-         buf->size += sizeof(uint32_t) + username_len;
-     }
- 
-@@ -217,7 +217,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
- 
-     if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) {
-         SAFEALIGN_SET_UINT32(&buf->data[rp], username_len, &rp);
--        safealign_memcpy(&buf->data[rp], kr->pd->user, username_len, &rp);
-+        safealign_memcpy(&buf->data[rp], kr->kuserok_user, username_len, &rp);
-     }
- 
-     *io_buf = buf;
--- 
-2.9.3
-
diff --git a/0049-MONITOR-Remove-disable-netlink-command-line-option.patch b/0049-MONITOR-Remove-disable-netlink-command-line-option.patch
deleted file mode 100644
index e22c890..0000000
--- a/0049-MONITOR-Remove-disable-netlink-command-line-option.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 29a4731b129d759870a4706525396948814c8e27 Mon Sep 17 00:00:00 2001
-From: Justin Stephenson <jstephen@redhat.com>
-Date: Fri, 26 Aug 2016 15:15:32 -0400
-Subject: [PATCH 49/79] MONITOR: Remove --disable-netlink command-line option
-
-    Removing monitor command-line option, to be superceded by
-    sssd.conf option
-
-Reviewed-by: Petr Cech <pcech@redhat.com>
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 632fc5d8991d167eea20769c823163551c3f1d8c)
----
- src/man/sssd.8.xml    | 11 -----------
- src/monitor/monitor.c | 33 ++++++++++++++++++++-------------
- 2 files changed, 20 insertions(+), 24 deletions(-)
-
-diff --git a/src/man/sssd.8.xml b/src/man/sssd.8.xml
-index ca8444d31ebca3d65a3baf83e20d458226ed5cd4..923da6824907f0d2d140d9ca83f87338e7664f83 100644
---- a/src/man/sssd.8.xml
-+++ b/src/man/sssd.8.xml
-@@ -114,17 +114,6 @@
-             </varlistentry>
-             <varlistentry>
-                 <term>
--                    <option>--disable-netlink</option>
--                </term>
--                <listitem>
--                    <para>
--                        sssd will ignore Netlink changes when making decisions
--                        about resetting online and offline operational status.
--                    </para>
--                </listitem>
--            </varlistentry>
--            <varlistentry>
--                <term>
-                     <option>-c</option>,<option>--config</option>
-                 </term>
-                 <listitem>
-diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
-index 1f89c5a79feab8a921ce2f9132763b37ab506596..442bdbc423aaa1224d17b9f357193ec73b045d29 100644
---- a/src/monitor/monitor.c
-+++ b/src/monitor/monitor.c
-@@ -2041,8 +2041,7 @@ static void missing_resolv_conf(struct tevent_context *ev,
- }
- 
- static int monitor_process_init(struct mt_ctx *ctx,
--                                const char *config_file,
--                                bool opt_netlinkoff)
-+                                const char *config_file)
- {
-     TALLOC_CTX *tmp_ctx;
-     struct tevent_signal *tes;
-@@ -2173,14 +2172,12 @@ static int monitor_process_init(struct mt_ctx *ctx,
-         return ret;
-     }
- 
--    if (opt_netlinkoff == false) {
--        ret = setup_netlink(ctx, ctx->ev, network_status_change_cb,
--                            ctx, &ctx->nlctx);
--        if (ret != EOK) {
--            DEBUG(SSSDBG_OP_FAILURE,
--                  "Cannot set up listening for network notifications\n");
--            return ret;
--        }
-+    ret = setup_netlink(ctx, ctx->ev, network_status_change_cb,
-+                        ctx, &ctx->nlctx);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_OP_FAILURE,
-+              "Cannot set up listening for network notifications\n");
-+        return ret;
-     }
- 
-     /* start providers */
-@@ -2488,7 +2485,8 @@ int main(int argc, const char *argv[])
-          _("Become a daemon (default)"), NULL }, \
-         {"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0, \
-          _("Run interactive (not a daemon)"), NULL}, \
--        {"disable-netlink", '\0', POPT_ARG_NONE, &opt_netlinkoff, 0, \
-+        {"disable-netlink", '\0', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN,
-+            &opt_netlinkoff, 0, \
-          _("Disable netlink interface"), NULL}, \
-         {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \
-          _("Specify a non-default config file"), NULL}, \
-@@ -2575,6 +2573,15 @@ int main(int argc, const char *argv[])
-         config_file = talloc_strdup(tmp_ctx, SSSD_CONFIG_FILE);
-     }
- 
-+    if (opt_netlinkoff) {
-+        DEBUG(SSSDBG_MINOR_FAILURE,
-+              "Option --disable-netlink has been removed and "
-+              "replaced as a monitor option in sssd.conf\n");
-+        sss_log(SSS_LOG_ALERT,
-+                "--disable-netlink has been deprecated, tunable option "
-+                "disable_netlink available as replacement(man sssd.conf)");
-+    }
-+
-     if (!config_file) {
-         return 6;
-     }
-@@ -2692,8 +2699,8 @@ int main(int argc, const char *argv[])
-     monitor->ev = main_ctx->event_ctx;
-     talloc_steal(main_ctx, monitor);
- 
--    ret = monitor_process_init(monitor, config_file,
--                               opt_netlinkoff);
-+    ret = monitor_process_init(monitor, config_file);
-+
-     if (ret != EOK) return 3;
-     talloc_free(tmp_ctx);
- 
--- 
-2.9.3
-
diff --git a/0050-MONITOR-Add-disable_netlink-option.patch b/0050-MONITOR-Add-disable_netlink-option.patch
deleted file mode 100644
index 28ec2b7..0000000
--- a/0050-MONITOR-Add-disable_netlink-option.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From ed7875afc4ab7e8441eb70f346c774dd49ddfd9b Mon Sep 17 00:00:00 2001
-From: Justin Stephenson <jstephen@redhat.com>
-Date: Fri, 26 Aug 2016 17:43:25 -0400
-Subject: [PATCH 50/79] MONITOR: Add disable_netlink option
-
-Adding a new monitor boolean option to disable netlink support.
-This will give users more control over sssd state changes without
-having to modify systemd unit files.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3142
-
-Reviewed-by: Petr Cech <pcech@redhat.com>
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 081c6d8c7c8e75487d1c4e42862964be1e85b575)
----
- src/confdb/confdb.h                  |  1 +
- src/config/SSSDConfig/__init__.py.in |  1 +
- src/config/SSSDConfigTest.py         |  3 ++-
- src/config/cfg_rules.ini             |  1 +
- src/config/etc/sssd.api.conf         |  1 +
- src/man/sssd.conf.5.xml              | 18 ++++++++++++++++++
- src/monitor/monitor.c                | 21 ++++++++++++++++++---
- 7 files changed, 42 insertions(+), 4 deletions(-)
-
-diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
-index 401e5fbf7ed6bb9e8d7158dfab378c8159aa03db..2d650900170d5f2214aa56f00fc749980e53f516 100644
---- a/src/confdb/confdb.h
-+++ b/src/confdb/confdb.h
-@@ -73,6 +73,7 @@
- #define CONFDB_MONITOR_OVERRIDE_SPACE "override_space"
- #define CONFDB_MONITOR_USER_RUNAS "user"
- #define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification"
-+#define CONFDB_MONITOR_DISABLE_NETLINK "disable_netlink"
- 
- /* Both monitor and domains */
- #define CONFDB_NAME_REGEX   "re_expression"
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 0191920f93ab9016508e08785c25dd043c180c0b..2027028f7b4e972c7bc0dd5156fd85157ae192f4 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -62,6 +62,7 @@ option_strings = {
-     'user' : _('The user to drop privileges to'),
-     'certificate_verification' : _('Tune certificate verification'),
-     'override_space': _('All spaces in group or user names will be replaced with this character'),
-+    'disable_netlink' : _('Tune sssd to honor or ignore netlink state changes'),
- 
-     # [nss]
-     'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'),
-diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
-index 6a0fdf0ea5215103b48dc8521a43ae945342c0e2..8a64a257ab978b81ae4b26918c683b25a30fe7c1 100755
---- a/src/config/SSSDConfigTest.py
-+++ b/src/config/SSSDConfigTest.py
-@@ -310,7 +310,8 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
-             'client_idle_timeout',
-             'description',
-             'certificate_verification',
--            'override_space']
-+            'override_space',
-+            'disable_netlink']
- 
-         self.assertTrue(type(options) == dict,
-                         "Options should be a dictionary")
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 5e248066bd554d2a654a764f406f6b33c4d66733..93c10e2b7892027f0ee7a7af096814fb7cac333a 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -38,6 +38,7 @@ option = default_domain_suffix
- option = certificate_verification
- option = override_space
- option = config_file_version
-+option = disable_netlink
- 
- [rule/allowed_nss_options]
- validator = ini_allowed_options
-diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
-index 525f939cd204f4d484caa7b490d85b0d50de00ef..9e4bf2f6e5d536099af75a82126bc577e10386b4 100644
---- a/src/config/etc/sssd.api.conf
-+++ b/src/config/etc/sssd.api.conf
-@@ -28,6 +28,7 @@ user = str, None, false
- default_domain_suffix = str, None, false
- certificate_verification = str, None, false
- override_space = str, None, false
-+disable_netlink = bool, None, false
- 
- [nss]
- # Name service
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index ae291e0fc8f2f9afabcdf32f18a5ec12252bbbbf..6f231b8ab8fc078d83331bb7ef5b980528a30bd6 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -482,6 +482,24 @@
-                             </para>
-                         </listitem>
-                     </varlistentry>
-+                    <varlistentry>
-+                        <term>disable_netlink (boolean)</term>
-+                        <listitem>
-+                            <para>
-+                                SSSD hooks into the netlink interface to
-+                                monitor changes to routes, addresses, links
-+                                and trigger certain actions.
-+                            </para>
-+                            <para>
-+                                The SSSD state changes caused by netlink
-+                                events may be undesirable and can be disabled
-+                                by setting this option to 'true'
-+                            </para>
-+                            <para>
-+                                Default: false (netlink changes are detected)
-+                            </para>
-+                        </listitem>
-+                    </varlistentry>
-                 </variablelist>
-             </para>
-         </refsect2>
-diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
-index 442bdbc423aaa1224d17b9f357193ec73b045d29..84a144e56294c7af5d818b71fbe3664cd2fc1a94 100644
---- a/src/monitor/monitor.c
-+++ b/src/monitor/monitor.c
-@@ -2052,6 +2052,7 @@ static int monitor_process_init(struct mt_ctx *ctx,
-     int num_providers;
-     int ret;
-     int error;
-+    bool disable_netlink;
-     struct sysdb_upgrade_ctx db_up_ctx;
- 
-     /* Set up the environment variable for the Kerberos Replay Cache */
-@@ -2172,14 +2173,28 @@ static int monitor_process_init(struct mt_ctx *ctx,
-         return ret;
-     }
- 
--    ret = setup_netlink(ctx, ctx->ev, network_status_change_cb,
--                        ctx, &ctx->nlctx);
-+    ret = confdb_get_bool(ctx->cdb,
-+                          CONFDB_MONITOR_CONF_ENTRY,
-+                          CONFDB_MONITOR_DISABLE_NETLINK,
-+                          false, &disable_netlink);
-+
-     if (ret != EOK) {
-         DEBUG(SSSDBG_OP_FAILURE,
--              "Cannot set up listening for network notifications\n");
-+              "Failed to read disable_netlink from confdb: [%d] %s\n",
-+              ret, sss_strerror(ret));
-         return ret;
-     }
- 
-+    if (disable_netlink == false) {
-+        ret = setup_netlink(ctx, ctx->ev, network_status_change_cb,
-+                            ctx, &ctx->nlctx);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_OP_FAILURE,
-+                  "Cannot set up listening for network notifications\n");
-+            return ret;
-+        }
-+    }
-+
-     /* start providers */
-     num_providers = 0;
-     for (dom = ctx->domains; dom; dom = get_next_domain(dom, 0)) {
--- 
-2.9.3
-
diff --git a/0051-TOOLS-sss_override-without-name-override.patch b/0051-TOOLS-sss_override-without-name-override.patch
deleted file mode 100644
index f8e38f0..0000000
--- a/0051-TOOLS-sss_override-without-name-override.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 467253ff3b281f34668a482c5ece7ece11a4b213 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 7 Sep 2016 17:09:53 +0200
-Subject: [PATCH 51/79] TOOLS: sss_override without name override
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-sss_override failed to export user/group overrides
-if user had no overrides for name.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3179
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit 07e7683f5a86991feaa764e2055116554ada1b93)
----
- src/tools/sss_override.c | 24 ++++++++++++++----------
- 1 file changed, 14 insertions(+), 10 deletions(-)
-
-diff --git a/src/tools/sss_override.c b/src/tools/sss_override.c
-index d41da52e69acdb67b5a6d624254e3b89a8aa27b8..212bf9ab84b20d4777fc2601359fad58596bb7c4 100644
---- a/src/tools/sss_override.c
-+++ b/src/tools/sss_override.c
-@@ -1159,12 +1159,14 @@ list_user_overrides(TALLOC_CTX *mem_ctx,
-         }
- 
-         fqname = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
--        ret = sss_parse_internal_fqname(tmp_ctx, fqname, &name, NULL);
--        if (ret != EOK) {
--            ret = ERR_WRONG_NAME_FORMAT;
--            goto done;
-+        if (fqname != NULL) {
-+            ret = sss_parse_internal_fqname(tmp_ctx, fqname, &name, NULL);
-+            if (ret != EOK) {
-+                ret = ERR_WRONG_NAME_FORMAT;
-+                goto done;
-+            }
-+            objs[i].name = talloc_steal(objs, name);
-         }
--        objs[i].name = talloc_steal(objs, name);
- 
-         objs[i].uid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_UIDNUM, 0);
-         objs[i].gid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
-@@ -1248,12 +1250,14 @@ list_group_overrides(TALLOC_CTX *mem_ctx,
-         talloc_steal(objs, objs[i].orig_name);
- 
-         fqname = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
--        ret = sss_parse_internal_fqname(tmp_ctx, fqname, &name, NULL);
--        if (ret != EOK) {
--            ret = ERR_WRONG_NAME_FORMAT;
--            goto done;
-+        if (fqname != NULL) {
-+            ret = sss_parse_internal_fqname(tmp_ctx, fqname, &name, NULL);
-+            if (ret != EOK) {
-+                ret = ERR_WRONG_NAME_FORMAT;
-+                goto done;
-+            }
-+            objs[i].name = talloc_steal(objs, name);
-         }
--        objs[i].name = talloc_steal(objs, name);
- 
-         objs[i].gid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
-     }
--- 
-2.9.3
-
diff --git a/0052-TEST-Add-regression-test-for-ticket-3179.patch b/0052-TEST-Add-regression-test-for-ticket-3179.patch
deleted file mode 100644
index 6b8da5b..0000000
--- a/0052-TEST-Add-regression-test-for-ticket-3179.patch
+++ /dev/null
@@ -1,203 +0,0 @@
-From b7886a50d6467d9130fade4d0e94a818c2cc6300 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 7 Sep 2016 18:23:16 +0200
-Subject: [PATCH 52/79] TEST: Add regression test for ticket #3179
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3179
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit 1c72723cde8bea0d390b928c7cd29e48e7a7deab)
----
- src/tests/intg/ldap_local_override_test.py | 126 ++++++++++++++++++++++++++---
- 1 file changed, 114 insertions(+), 12 deletions(-)
-
-diff --git a/src/tests/intg/ldap_local_override_test.py b/src/tests/intg/ldap_local_override_test.py
-index 63de836d4d645b2e2be968bb23ce84f0cb90189a..714268f024d0f7b01309c55a84f56d0d1aec58f9 100644
---- a/src/tests/intg/ldap_local_override_test.py
-+++ b/src/tests/intg/ldap_local_override_test.py
-@@ -205,27 +205,38 @@ def assert_user_default():
-     ent.assert_passwd_by_name('user2@LDAP', user2)
- 
- 
--def assert_user_overriden():
-+def assert_user_overriden(override_name=True):
- 
--    user1 = dict(name='ov_user1', passwd='*', uid=10010, gid=20010,
-+    if override_name:
-+        name1 = "ov_user1"
-+        name2 = "ov_user2"
-+    else:
-+        name1 = "user1"
-+        name2 = "user2"
-+
-+    user1 = dict(name=name1, passwd='*', uid=10010, gid=20010,
-                  gecos='Overriden User 1',
-                  dir='/home/ov/user1',
-                  shell='/bin/ov_user1_shell')
- 
--    user2 = dict(name='ov_user2', passwd='*', uid=10020, gid=20020,
-+    user2 = dict(name=name2, passwd='*', uid=10020, gid=20020,
-                  gecos='Overriden User 2',
-                  dir='/home/ov/user2',
-                  shell='/bin/ov_user2_shell')
- 
-     ent.assert_passwd_by_name('user1', user1)
-     ent.assert_passwd_by_name('user1@LDAP', user1)
--    ent.assert_passwd_by_name('ov_user1', user1)
--    ent.assert_passwd_by_name('ov_user1@LDAP', user1)
-+
-+    if override_name:
-+        ent.assert_passwd_by_name('ov_user1', user1)
-+        ent.assert_passwd_by_name('ov_user1@LDAP', user1)
- 
-     ent.assert_passwd_by_name('user2', user2)
-     ent.assert_passwd_by_name('user2@LDAP', user2)
--    ent.assert_passwd_by_name('ov_user2', user2)
--    ent.assert_passwd_by_name('ov_user2@LDAP', user2)
-+
-+    if override_name:
-+        ent.assert_passwd_by_name('ov_user2', user2)
-+        ent.assert_passwd_by_name('ov_user2@LDAP', user2)
- 
- 
- #
-@@ -514,6 +525,54 @@ def test_imp_exp_user_override(ldap_conn, env_imp_exp_user_override):
-     assert_user_overriden()
- 
- 
-+# Regression test for bug 3179
-+
-+
-+def test_imp_exp_user_overrride_noname(ldap_conn,
-+                                       env_two_users_and_group):
-+
-+    # Override
-+    subprocess.check_call(["sss_override", "user-add", "user1",
-+                           "-u", "10010",
-+                           "-g", "20010",
-+                           "-c", "Overriden User 1",
-+                           "-h", "/home/ov/user1",
-+                           "-s", "/bin/ov_user1_shell"])
-+
-+    subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
-+                           "-u", "10020",
-+                           "-g", "20020",
-+                           "-c", "Overriden User 2",
-+                           "-h", "/home/ov/user2",
-+                           "-s", "/bin/ov_user2_shell"])
-+
-+    # Restart SSSD so the override might take effect
-+    restart_sssd()
-+
-+    # Assert entries are overriden
-+    assert_user_overriden(override_name=False)
-+
-+    # Export overrides
-+    subprocess.check_call(["sss_override", "user-export", OVERRIDE_FILENAME])
-+
-+    # Drop all overrides
-+    subprocess.check_call(["sss_override", "user-del", "user1"])
-+    subprocess.check_call(["sss_override", "user-del", "user2@LDAP"])
-+
-+    # Avoid hitting memory cache
-+    time.sleep(2)
-+
-+    # Assert entries are not overridden
-+    assert_user_default()
-+
-+    # Import overrides
-+    subprocess.check_call(["sss_override", "user-import",
-+                           OVERRIDE_FILENAME])
-+    restart_sssd()
-+
-+    assert_user_overriden(override_name=False)
-+
-+
- #
- # Override user-show
- #
-@@ -581,7 +640,7 @@ def test_find_user_override(ldap_conn, env_find_user_override):
- # Common group asserts
- #
- 
--def assert_group_overriden():
-+def assert_group_overriden(override_name=True):
- 
-     # Assert entries are overridden
-     empty_group = dict(gid=3002, mem=ent.contains_only())
-@@ -589,13 +648,17 @@ def assert_group_overriden():
- 
-     ent.assert_group_by_name("group", group)
-     ent.assert_group_by_name("group@LDAP", group)
--    ent.assert_group_by_name("ov_group", group)
--    ent.assert_group_by_name("ov_group@LDAP", group)
-+
-+    if override_name:
-+        ent.assert_group_by_name("ov_group", group)
-+        ent.assert_group_by_name("ov_group@LDAP", group)
- 
-     ent.assert_group_by_name("empty_group", empty_group)
-     ent.assert_group_by_name("empty_group@LDAP", empty_group)
--    ent.assert_group_by_name("ov_empty_group", empty_group)
--    ent.assert_group_by_name("ov_empty_group@LDAP", empty_group)
-+
-+    if override_name:
-+        ent.assert_group_by_name("ov_empty_group", empty_group)
-+        ent.assert_group_by_name("ov_empty_group@LDAP", empty_group)
- 
- 
- def assert_group_default():
-@@ -841,6 +904,45 @@ def test_imp_exp_group_override(ldap_conn, env_imp_exp_group_override):
-     assert_group_overriden()
- 
- 
-+# Regression test for bug 3179
-+
-+
-+def test_imp_exp_group_override_noname(ldap_conn, env_group_basic):
-+
-+    # Override - do not use -n here)
-+    subprocess.check_call(["sss_override", "group-add", "group",
-+                           "-g", "3001"])
-+
-+    subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
-+                           "--gid", "3002"])
-+
-+    # Restart SSSD so the override might take effect
-+    restart_sssd()
-+
-+    # Assert entries are overridden
-+    assert_group_overriden(override_name=False)
-+
-+    # Export overrides
-+    subprocess.check_call(["sss_override", "group-export",
-+                           OVERRIDE_FILENAME])
-+
-+    # Drop all overrides
-+    subprocess.check_call(["sss_override", "group-del", "group"])
-+    subprocess.check_call(["sss_override", "group-del", "empty_group@LDAP"])
-+
-+    # Avoid hitting memory cache
-+    time.sleep(2)
-+
-+    assert_group_default()
-+
-+    # Import overrides
-+    subprocess.check_call(["sss_override", "group-import",
-+                           OVERRIDE_FILENAME])
-+    restart_sssd()
-+
-+    assert_group_overriden(override_name=False)
-+
-+
- # Regression test for bug #2802
- # sss_override segfaults when accidentally adding --help flag to some commands
- 
--- 
-2.9.3
-
diff --git a/0053-TOOLS-sss_groupshow-fails-to-show-MPG.patch b/0053-TOOLS-sss_groupshow-fails-to-show-MPG.patch
deleted file mode 100644
index c5c0bc4..0000000
--- a/0053-TOOLS-sss_groupshow-fails-to-show-MPG.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 5e42bd82ea08e3a45cf8369d51f68587f5bd796e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Mon, 12 Sep 2016 19:22:56 +0200
-Subject: [PATCH 53/79] TOOLS: sss_groupshow fails to show MPG
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The MPG search uses it's own search function
-that used sysdb operation with shortname,
-but it expects internal fqname.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3184
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 812bed08943df8bf3fd1ff9eabcaf5bedc635c92)
----
- src/tools/sss_groupshow.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c
-index 5870cc802c70366c47a0d30cb0d9795cf6035bc5..00f6f12939b6bef2dd10085f8cf99304e87f1211 100644
---- a/src/tools/sss_groupshow.c
-+++ b/src/tools/sss_groupshow.c
-@@ -553,13 +553,14 @@ int group_show_recurse(TALLOC_CTX *mem_ctx,
- 
- static int group_show_mpg(TALLOC_CTX *mem_ctx,
-                           struct sss_domain_info *domain,
--                          const char *name,
-+                          const char *shortname,
-                           struct group_info **res)
- {
-     const char *attrs[] = GROUP_SHOW_MPG_ATTRS;
-     struct ldb_message *msg;
-     struct group_info *info;
-     int ret;
-+    char *sysdb_fqname;
- 
-     info = talloc_zero(mem_ctx, struct group_info);
-     if (!info) {
-@@ -567,7 +568,14 @@ static int group_show_mpg(TALLOC_CTX *mem_ctx,
-         goto fail;
-     }
- 
--    ret = sysdb_search_user_by_name(info, domain, name, attrs, &msg);
-+    sysdb_fqname = sss_create_internal_fqname(mem_ctx,
-+                                              shortname,
-+                                              domain->name);
-+    if (sysdb_fqname == NULL) {
-+        return ENOMEM;
-+    }
-+
-+    ret = sysdb_search_user_by_name(info, domain, sysdb_fqname, attrs, &msg);
-     if (ret) {
-         DEBUG(SSSDBG_OP_FAILURE,
-               "Search failed: %s (%d)\n", strerror(ret), ret);
--- 
-2.9.3
-
diff --git a/0054-TESTS-sss_groupshow-with-MPG.patch b/0054-TESTS-sss_groupshow-with-MPG.patch
deleted file mode 100644
index 5cb2821..0000000
--- a/0054-TESTS-sss_groupshow-with-MPG.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 702f4c8aed1bc997e99ab28349269c4cc151beda Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Mon, 12 Sep 2016 19:25:13 +0200
-Subject: [PATCH 54/79] TESTS: sss_groupshow with MPG
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Regression test for ticket #3184
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3184
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit bb14556c1df503314644fc424fbbf95759791db9)
----
- src/tests/intg/test_local_domain.py | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/src/tests/intg/test_local_domain.py b/src/tests/intg/test_local_domain.py
-index b34e4a3d31cdbc1dc257d8fffcf0f5a07803b20c..8e1d6fb2b69f5e6e033ae06d4bd52cc88e54872b 100644
---- a/src/tests/intg/test_local_domain.py
-+++ b/src/tests/intg/test_local_domain.py
-@@ -118,6 +118,28 @@ def assert_nonexistent_group(name):
-         grp.getgrnam(name)
- 
- 
-+def test_groupshow_mpg(local_domain_only):
-+    """
-+    Regression test for ticket
-+    https://fedorahosted.org/sssd/ticket/3184
-+    """
-+    subprocess.check_call(["sss_useradd", "foo", "-M"])
-+
-+    # The user's mpg has to be found (should return 0)
-+    subprocess.check_call(["sss_groupshow", "foo"])
-+
-+
-+def test_groupshow_mpg_fqdn(local_domain_only_fqdn):
-+    """
-+    Regression test for ticket (fq variant)
-+    https://fedorahosted.org/sssd/ticket/3184
-+    """
-+    subprocess.check_call(["sss_useradd", "foo@LOCAL", "-M"])
-+
-+    # The user's mpg has to be found (should return 0)
-+    subprocess.check_call(["sss_groupshow", "foo@LOCAL"])
-+
-+
- def test_wrong_LC_ALL(local_domain_only):
-     """
-     Regression test for ticket
--- 
-2.9.3
-
diff --git a/0055-KRB5-Return-ERR_NETWORK_IO-on-clock-skew.patch b/0055-KRB5-Return-ERR_NETWORK_IO-on-clock-skew.patch
deleted file mode 100644
index 2dd7b2f..0000000
--- a/0055-KRB5-Return-ERR_NETWORK_IO-on-clock-skew.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 4add586753c50b3222c0899ced0d95a2263828c6 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Tue, 6 Sep 2016 12:27:51 +0200
-Subject: [PATCH 55/79] KRB5: Return ERR_NETWORK_IO on clock skew
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Adds two more return codes to the list of codes we translate to
-ERR_NETWORK_IO.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3174
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-Reviewed-by: Sumit Bose <sbose@redhat.com>
-(cherry picked from commit d3348f49260998880bb7cd3b2fb72d562b1b7a64)
----
- src/providers/krb5/krb5_child.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
-index a0a0f74d7e39866828c1c9ee4b18e57c36a30bb9..82522995e310f20c58922f814e14e81a84b9bcb9 100644
---- a/src/providers/krb5/krb5_child.c
-+++ b/src/providers/krb5/krb5_child.c
-@@ -1374,6 +1374,8 @@ static errno_t map_krb5_error(krb5_error_code kerr)
- 
-     case KRB5_KDCREP_SKEW:
-     case KRB5KRB_AP_ERR_SKEW:
-+    case KRB5KRB_AP_ERR_TKT_EXPIRED:
-+    case KRB5KRB_AP_ERR_TKT_NYV:
-     case KRB5_KDC_UNREACH:
-     case KRB5_REALM_CANT_RESOLVE:
-     case KRB5_REALM_UNKNOWN:
--- 
-2.9.3
-
diff --git a/0056-SDAP-Fix-settig-paging-attribute-in-sdap_get_generic.patch b/0056-SDAP-Fix-settig-paging-attribute-in-sdap_get_generic.patch
deleted file mode 100644
index 0650d72..0000000
--- a/0056-SDAP-Fix-settig-paging-attribute-in-sdap_get_generic.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From b42d29d5fed3df1662dc7b9b46a57ab27298b138 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Tue, 30 Aug 2016 16:39:49 +0200
-Subject: [PATCH 56/79] SDAP: Fix settig paging attribute in
- sdap_get_generic_ext_send
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We should set pagging flag in state and not in local
-variable which is not read anywhere in the function.
-
-Found by clang static analyzer.
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit 6c335dee38da943796710b5e336472a10cf641f2)
----
- src/providers/ldap/sdap_async.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
-index 4195ba95d911f3956f8cca665310b4b92091e6cd..e9ce2d5fd7c835919fff615e7b553d95f72d65a7 100644
---- a/src/providers/ldap/sdap_async.c
-+++ b/src/providers/ldap/sdap_async.c
-@@ -1254,7 +1254,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
-      */
-     if (scope == LDAP_SCOPE_BASE && (flags & SDAP_SRCH_FLG_PAGING)) {
-         /* Disable paging */
--        flags &= ~SDAP_SRCH_FLG_PAGING;
-+        state->flags &= ~SDAP_SRCH_FLG_PAGING;
-         DEBUG(SSSDBG_TRACE_FUNC,
-               "WARNING: Disabling paging because scope is set to base.\n");
-     }
-@@ -1267,7 +1267,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
-                                 serverctrls,
-                                 NULL);
-     if (control) {
--        flags |= SDAP_SRCH_FLG_PAGING;
-+        state->flags |= SDAP_SRCH_FLG_PAGING;
-     }
- 
-     /* ASQ */
-@@ -1275,7 +1275,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
-                                 serverctrls,
-                                 NULL);
-     if (control) {
--        flags |= SDAP_SRCH_FLG_PAGING;
-+        state->flags |= SDAP_SRCH_FLG_PAGING;
-     }
- 
-     for (state->nserverctrls=0;
--- 
-2.9.3
-
diff --git a/0057-PROXY-Adding-proxy_max_children-option.patch b/0057-PROXY-Adding-proxy_max_children-option.patch
deleted file mode 100644
index 12d3487..0000000
--- a/0057-PROXY-Adding-proxy_max_children-option.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From a700cdddcc989d1820cbd71bc9a378772c3f87ed Mon Sep 17 00:00:00 2001
-From: Petr Cech <pcech@redhat.com>
-Date: Wed, 24 Aug 2016 14:41:09 +0200
-Subject: [PATCH 57/79] PROXY: Adding proxy_max_children option
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The new option 'proxy_max_children' is applicable
-in domain section. Default value is 10.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3153
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit aef0171e0bdc9a683958d69c7ee984fb10cd5de7)
----
- src/confdb/confdb.h                       |  1 +
- src/config/SSSDConfig/__init__.py.in      |  3 +++
- src/config/cfg_rules.ini                  |  1 +
- src/config/etc/sssd.api.d/sssd-proxy.conf |  1 +
- src/man/sssd.conf.5.xml                   | 16 ++++++++++++++++
- src/providers/proxy/proxy_init.c          | 22 ++++++++++++++++++++--
- 6 files changed, 42 insertions(+), 2 deletions(-)
-
-diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
-index 2d650900170d5f2214aa56f00fc749980e53f516..36a2f21a0ff07ac4ae94ffdbb47087de05907505 100644
---- a/src/confdb/confdb.h
-+++ b/src/confdb/confdb.h
-@@ -219,6 +219,7 @@
- #define CONFDB_PROXY_LIBNAME "proxy_lib_name"
- #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target"
- #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias"
-+#define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children"
- 
- /* Secrets Service */
- #define CONFDB_SEC_CONF_ENTRY "config/secrets"
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 2027028f7b4e972c7bc0dd5156fd85157ae192f4..0acb751e234ee0c3e6fee332a2ba22f9ac353221 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -429,6 +429,9 @@ option_strings = {
-     'default_shell' : _('Default shell, /bin/bash'),
-     'base_directory' : _('Base for home directories'),
- 
-+    # [provider/proxy]
-+    'proxy_max_children' : _('The number of preforked proxy children.'),
-+
-     # [provider/proxy/id]
-     'proxy_lib_name' : _('The name of the NSS library to use'),
-     'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'),
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 93c10e2b7892027f0ee7a7af096814fb7cac333a..01be0c6e610161b64897e3974cefe1ccdc317fd3 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -305,6 +305,7 @@ option = base_directory
- option = proxy_lib_name
- option = proxy_fast_alias
- option = proxy_pam_target
-+option = proxy_max_children
- 
- # simple access provider specific options
- option = simple_allow_users
-diff --git a/src/config/etc/sssd.api.d/sssd-proxy.conf b/src/config/etc/sssd.api.d/sssd-proxy.conf
-index 89a6503f9b84b7eab5fb3b0dd591dea905b43adb..09bf82affcb4263de3abbb67d1d484f6b01a1824 100644
---- a/src/config/etc/sssd.api.d/sssd-proxy.conf
-+++ b/src/config/etc/sssd.api.d/sssd-proxy.conf
-@@ -1,4 +1,5 @@
- [provider/proxy]
-+proxy_max_children = int, None, false
- 
- [provider/proxy/id]
- proxy_lib_name = str, None, true
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index 6f231b8ab8fc078d83331bb7ef5b980528a30bd6..8b862eb0cef7cb35215c4aba7a77a553f31e47c8 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -2482,6 +2482,22 @@ subdomain_inherit = ldap_purge_cache_timeout
-                     </listitem>
-                 </varlistentry>
- 
-+                <varlistentry>
-+                    <term>proxy_max_children (integer)</term>
-+                    <listitem>
-+                        <para>
-+                            This option specifies the number of pre-forked
-+                            proxy children. It is useful for high-load SSSD
-+                            environments where sssd may run out of available
-+                            child slots, which would cause some issues due to
-+                            the requests being queued.
-+                        </para>
-+                        <para>
-+                            Default: 10
-+                        </para>
-+                    </listitem>
-+                </varlistentry>
-+
-             </variablelist>
-         </para>
- 
-diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
-index 1edf4fd64e54f4f0df7a78a9e56eb232a1d3e948..2241dafb8e21bbc0b904df3fa548c906877a5194 100644
---- a/src/providers/proxy/proxy_init.c
-+++ b/src/providers/proxy/proxy_init.c
-@@ -29,6 +29,8 @@
- 
- #define NSS_FN_NAME "_nss_%s_%s"
- 
-+#define OPT_MAX_CHILDREN_DEFAULT 10
-+
- #define ERROR_INITGR "The '%s' library does not provides the " \
-                          "_nss_XXX_initgroups_dyn function!\n" \
-                          "initgroups will be slow as it will require " \
-@@ -220,6 +222,7 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx,
-     struct proxy_auth_ctx *auth_ctx;
-     errno_t ret;
-     int hret;
-+    int max_children;
- 
-     auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx);
-     if (auth_ctx == NULL) {
-@@ -241,8 +244,23 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx,
-     }
- 
-     /* Set up request hash table */
--    /* FIXME: get max_children from configuration file */
--    auth_ctx->max_children = 10;
-+    ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path,
-+                         CONFDB_PROXY_MAX_CHILDREN,
-+                         OPT_MAX_CHILDREN_DEFAULT,
-+                         &max_children);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_CRIT_FAILURE,
-+              "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret));
-+        goto done;
-+    }
-+
-+    if (max_children < 1) {
-+        DEBUG(SSSDBG_CRIT_FAILURE,
-+              "Option " CONFDB_PROXY_MAX_CHILDREN " must be higher then 0\n");
-+        ret = EINVAL;
-+        goto done;
-+    }
-+    auth_ctx->max_children = max_children;
- 
-     hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table,
-                        NULL, NULL);
--- 
-2.9.3
-
diff --git a/0058-SECRETS-Search-by-the-right-type-when-checking-conta.patch b/0058-SECRETS-Search-by-the-right-type-when-checking-conta.patch
deleted file mode 100644
index dfa9776..0000000
--- a/0058-SECRETS-Search-by-the-right-type-when-checking-conta.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 4a5e9bea88983643a6fd7b95a6cfcf16f29044ec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 30 Aug 2016 10:42:58 +0200
-Subject: [PATCH 58/79] SECRETS: Search by the right type when checking
- containers
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We've been searching for the wrong type ("simple") in
-local_db_check_containers(), which always gives us a NULL result.
-
-Let's introduce the new LOCAL_CONTAINER_FILTER and do the search for the
-right type ("container") from now on.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3137
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit a8361f37af31a8a9767056bd27c418c947293f56)
----
- src/responder/secrets/local.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
-index ac3049b62fa77f69d44ec5792139fe3378afb3f4..5b5745d6732987c6057788b2099f45ad0799f151 100644
---- a/src/responder/secrets/local.c
-+++ b/src/responder/secrets/local.c
-@@ -168,6 +168,7 @@ char *local_dn_to_path(TALLOC_CTX *mem_ctx,
- }
- 
- #define LOCAL_SIMPLE_FILTER "(type=simple)"
-+#define LOCAL_CONTAINER_FILTER "(type=container)"
- 
- int local_db_get_simple(TALLOC_CTX *mem_ctx,
-                         struct local_context *lctx,
-@@ -306,7 +307,7 @@ int local_db_check_containers(TALLOC_CTX *mem_ctx,
- 
-         /* and check the parent container exists */
-         ret = ldb_search(lctx->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE,
--                         attrs, LOCAL_SIMPLE_FILTER);
-+                         attrs, LOCAL_CONTAINER_FILTER);
-         if (ret != LDB_SUCCESS) return ENOENT;
-         if (res->count != 1) return ENOENT;
-         talloc_free(res);
--- 
-2.9.3
-
diff --git a/0059-LDAP-Return-partial-results-from-adminlimit-exceeded.patch b/0059-LDAP-Return-partial-results-from-adminlimit-exceeded.patch
deleted file mode 100644
index 9775804..0000000
--- a/0059-LDAP-Return-partial-results-from-adminlimit-exceeded.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2ee5783d8c8bb51f169988a0a45ec711cfd47e41 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Mon, 12 Sep 2016 17:36:09 +0200
-Subject: [PATCH 59/79] LDAP: Return partial results from adminlimit exceeded
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves:
-    https://fedorahosted.org/sssd/ticket/3185
-
-Since commit c420ce830ac0b0b288a2a887ec2cfce5c748018c we try to move to
-the next server on any error on the connection, which in case there is
-only one server sends SSSD offline.
-
-It's more graceful to try to process the results, same as we already do
-with sizelimit exceeded.
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 3319d964721396c07daba383ded6aaaf33ed6e3b)
----
- src/providers/ldap/sdap_async.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
-index e9ce2d5fd7c835919fff615e7b553d95f72d65a7..f374112935a7befa1d059df97f3119c14d8f5da5 100644
---- a/src/providers/ldap/sdap_async.c
-+++ b/src/providers/ldap/sdap_async.c
-@@ -1526,7 +1526,8 @@ static void sdap_get_generic_op_finished(struct sdap_op *op,
-                   sss_ldap_err2string(result), result,
-                   errmsg ? errmsg : "no errmsg set");
- 
--        if (result == LDAP_SIZELIMIT_EXCEEDED) {
-+        if (result == LDAP_SIZELIMIT_EXCEEDED
-+                || result == LDAP_ADMINLIMIT_EXCEEDED) {
-             /* Try to return what we've got */
- 
-             if ( ! (state->flags & SDAP_SRCH_FLG_SIZELIMIT_SILENT)) {
--- 
-2.9.3
-
diff --git a/0060-MAN-sssd-sudo-manual-update-IPA-native-LDAP-tree-sup.patch b/0060-MAN-sssd-sudo-manual-update-IPA-native-LDAP-tree-sup.patch
deleted file mode 100644
index 0f04169..0000000
--- a/0060-MAN-sssd-sudo-manual-update-IPA-native-LDAP-tree-sup.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From d7a48ee6cde1e80dc2e63500d94017afe498a52a Mon Sep 17 00:00:00 2001
-From: Justin Stephenson <jstephen@redhat.com>
-Date: Mon, 29 Aug 2016 11:20:00 -0400
-Subject: [PATCH 60/79] MAN: sssd-sudo manual update IPA native LDAP tree
- support
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Update sssd-sudo man page to reflect native IPA sudo support
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3145
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 72bab5640b3ec57950b53dad0fb3042ea563592c)
----
- src/man/sssd-sudo.5.xml | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
-index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627 100644
---- a/src/man/sssd-sudo.5.xml
-+++ b/src/man/sssd-sudo.5.xml
-@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
- </programlisting>
-         </para>
-         <para>
--            When the SSSD is configured to use IPA as the ID provider,
--            the sudo provider is automatically enabled. The sudo search base
--            is configured to use the compat tree (ou=sudoers,$DC).
-+            When SSSD is configured to use IPA as the ID provider, the
-+            sudo provider is automatically enabled. The sudo search base is
-+            configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX).
-+            If any other search base is defined in sssd.conf, this value will be
-+            used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer
-+            required for IPA sudo functionality.
-         </para>
-     </refsect1>
- 
--- 
-2.9.3
-
diff --git a/0061-p11-only-set-PKCS11_LOGIN_TOKEN_NAME-if-gdm-smartcar.patch b/0061-p11-only-set-PKCS11_LOGIN_TOKEN_NAME-if-gdm-smartcar.patch
deleted file mode 100644
index 063f4be..0000000
--- a/0061-p11-only-set-PKCS11_LOGIN_TOKEN_NAME-if-gdm-smartcar.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From 8173003ed876f1cc0831a838e20332b274b39c4f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 31 Aug 2016 14:32:31 +0200
-Subject: [PATCH 61/79] p11: only set PKCS11_LOGIN_TOKEN_NAME if gdm-smartcard
- is used
-
-Resolves https://fedorahosted.org/sssd/ticket/3165
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 71cd9f98150577224559bdc12c53c01ce6f2c3d9)
----
- src/responder/pam/pamsrv_p11.c  | 33 +++++++++------
- src/tests/cmocka/test_pam_srv.c | 89 +++++++++++++++++++++++++++++++++++------
- 2 files changed, 97 insertions(+), 25 deletions(-)
-
-diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
-index a2514f6a1d699de3a245063f49db1b7e51a2b10b..22da33067d5c479153376927855dcd6b43322d8b 100644
---- a/src/responder/pam/pamsrv_p11.c
-+++ b/src/responder/pam/pamsrv_p11.c
-@@ -505,7 +505,11 @@ errno_t pam_check_cert_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- }
- 
- /* The PKCS11_LOGIN_TOKEN_NAME environment variable is e.g. used by the Gnome
-- * Settings Daemon to determine the name of the token used for login */
-+ * Settings Daemon to determine the name of the token used for login but it
-+ * should be only set if SSSD is called by gdm-smartcard. Otherwise desktop
-+ * components might assume that gdm-smartcard PAM stack is configured
-+ * correctly which might not be the case e.g. if Smartcard authentication was
-+ * used when running gdm-password. */
- #define PKCS11_LOGIN_TOKEN_ENV_NAME "PKCS11_LOGIN_TOKEN_NAME"
- 
- errno_t add_pam_cert_response(struct pam_data *pd, const char *sysdb_username,
-@@ -553,19 +557,22 @@ errno_t add_pam_cert_response(struct pam_data *pd, const char *sysdb_username,
-         return ret;
-     }
- 
--    env = talloc_asprintf(pd, "%s=%s", PKCS11_LOGIN_TOKEN_ENV_NAME, token_name);
--    if (env == NULL) {
--        DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
--        return ENOMEM;
--    }
-+    if (strcmp(pd->service, "gdm-smartcard") == 0) {
-+        env = talloc_asprintf(pd, "%s=%s", PKCS11_LOGIN_TOKEN_ENV_NAME,
-+                              token_name);
-+        if (env == NULL) {
-+            DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
-+            return ENOMEM;
-+        }
- 
--    ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(env) + 1,
--                           (uint8_t *)env);
--    talloc_free(env);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_OP_FAILURE,
--              "pam_add_response failed to add environment variable.\n");
--        return ret;
-+        ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(env) + 1,
-+                               (uint8_t *)env);
-+        talloc_free(env);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_OP_FAILURE,
-+                  "pam_add_response failed to add environment variable.\n");
-+            return ret;
-+        }
-     }
- 
-     return ret;
-diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
-index 5de092d0f19318d1d6c773355dbb38e345600133..02199e6f121cab0784389256cdaac38baf9d73e3 100644
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -554,7 +554,7 @@ static void mock_input_pam(TALLOC_CTX *mem_ctx, const char *name,
- }
- 
- static void mock_input_pam_cert(TALLOC_CTX *mem_ctx, const char *name,
--                                const char *pin)
-+                                const char *pin, const char *service)
- {
-     size_t buf_size;
-     uint8_t *m_buf;
-@@ -576,7 +576,7 @@ static void mock_input_pam_cert(TALLOC_CTX *mem_ctx, const char *name,
-         pi.pam_authtok_type = SSS_AUTHTOK_TYPE_SC_PIN;
-     }
- 
--    pi.pam_service = "login";
-+    pi.pam_service = service == NULL ? "login" : service;
-     pi.pam_service_size = strlen(pi.pam_service) + 1;
-     pi.pam_tty = "/dev/tty";
-     pi.pam_tty_size = strlen(pi.pam_tty) + 1;
-@@ -626,7 +626,8 @@ static int test_pam_simple_check(uint32_t status, uint8_t *body, size_t blen)
- 
- #define PKCS11_LOGIN_TOKEN_ENV_NAME "PKCS11_LOGIN_TOKEN_NAME"
- 
--static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
-+static int test_pam_cert_check_gdm_smartcard(uint32_t status, uint8_t *body,
-+                                             size_t blen)
- {
-     size_t rp = 0;
-     uint32_t val;
-@@ -675,6 +676,44 @@ static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
-     return EOK;
- }
- 
-+static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
-+{
-+    size_t rp = 0;
-+    uint32_t val;
-+
-+    assert_int_equal(status, 0);
-+
-+    SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
-+    assert_int_equal(val, pam_test_ctx->exp_pam_status);
-+
-+    SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
-+    assert_int_equal(val, 2);
-+
-+    SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
-+    assert_int_equal(val, SSS_PAM_DOMAIN_NAME);
-+
-+    SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
-+    assert_int_equal(val, 9);
-+
-+    assert_int_equal(*(body + rp + val - 1), 0);
-+    assert_string_equal(body + rp, TEST_DOM_NAME);
-+    rp += val;
-+
-+    SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
-+    assert_int_equal(val, SSS_PAM_CERT_INFO);
-+
-+    SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
-+    assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME)));
-+
-+    assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0);
-+    assert_string_equal(body + rp, "pamuser");
-+    rp += sizeof("pamuser");
-+
-+    assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
-+    assert_string_equal(body + rp, TEST_TOKEN_NAME);
-+
-+    return EOK;
-+}
- 
- static int test_pam_offline_chauthtok_check(uint32_t status,
-                                             uint8_t *body, size_t blen)
-@@ -1438,7 +1477,7 @@ void test_pam_preauth_no_logon_name(void **state)
- {
-     int ret;
- 
--    mock_input_pam_cert(pam_test_ctx, NULL, NULL);
-+    mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1465,7 +1504,7 @@ void test_pam_preauth_cert_nocert(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, "/no/path");
- 
--    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
-+    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1544,7 +1583,7 @@ void test_pam_preauth_cert_nomatch(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
- 
--    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
-+    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1566,7 +1605,7 @@ void test_pam_preauth_cert_match(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
- 
--    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
-+    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1583,13 +1622,37 @@ void test_pam_preauth_cert_match(void **state)
-     assert_int_equal(ret, EOK);
- }
- 
-+/* Test if PKCS11_LOGIN_TOKEN_NAME is added for the gdm-smartcard service */
-+void test_pam_preauth_cert_match_gdm_smartcard(void **state)
-+{
-+    int ret;
-+
-+    set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
-+
-+    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, "gdm-smartcard");
-+
-+    will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-+    will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+    mock_account_recv(0, 0, NULL, test_lookup_by_cert_cb,
-+                      discard_const(TEST_TOKEN_CERT));
-+
-+    set_cmd_cb(test_pam_cert_check_gdm_smartcard);
-+    ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
-+                          pam_test_ctx->pam_cmds);
-+    assert_int_equal(ret, EOK);
-+
-+    /* Wait until the test finishes with EOK */
-+    ret = test_ev_loop(pam_test_ctx->tctx);
-+    assert_int_equal(ret, EOK);
-+}
-+
- void test_pam_preauth_cert_match_wrong_user(void **state)
- {
-     int ret;
- 
-     set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
- 
--    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
-+    mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1613,7 +1676,7 @@ void test_pam_preauth_cert_no_logon_name(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
- 
--    mock_input_pam_cert(pam_test_ctx, NULL, NULL);
-+    mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1636,7 +1699,7 @@ void test_pam_preauth_no_cert_no_logon_name(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, "/no/path");
- 
--    mock_input_pam_cert(pam_test_ctx, NULL, NULL);
-+    mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1657,7 +1720,7 @@ void test_pam_preauth_cert_no_logon_name_no_match(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
- 
--    mock_input_pam_cert(pam_test_ctx, NULL, NULL);
-+    mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1679,7 +1742,7 @@ void test_pam_cert_auth(void **state)
- 
-     set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
- 
--    mock_input_pam_cert(pam_test_ctx, "pamuser", "123456");
-+    mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", NULL);
- 
-     will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
-     will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-@@ -1790,6 +1853,8 @@ int main(int argc, const char *argv[])
-                                         pam_test_setup, pam_test_teardown),
-         cmocka_unit_test_setup_teardown(test_pam_preauth_cert_match,
-                                         pam_test_setup, pam_test_teardown),
-+        cmocka_unit_test_setup_teardown(test_pam_preauth_cert_match_gdm_smartcard,
-+                                        pam_test_setup, pam_test_teardown),
-         cmocka_unit_test_setup_teardown(test_pam_preauth_cert_match_wrong_user,
-                                         pam_test_setup, pam_test_teardown),
-         cmocka_unit_test_setup_teardown(test_pam_preauth_cert_no_logon_name,
--- 
-2.9.3
-
diff --git a/0062-p11-return-a-fully-qualified-name.patch b/0062-p11-return-a-fully-qualified-name.patch
deleted file mode 100644
index 5eb10ce..0000000
--- a/0062-p11-return-a-fully-qualified-name.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From aeb1038017723e473eeb2f405d3b5ff4f5d4af02 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 16 Sep 2016 11:47:40 +0200
-Subject: [PATCH 62/79] p11: return a fully-qualified name
-
-Related to https://fedorahosted.org/sssd/ticket/3165
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 3649b959709f1ab187092f054d4aace0798c98fa)
----
- src/responder/pam/pamsrv_p11.c  | 20 +++++++++-----------
- src/tests/cmocka/test_pam_srv.c | 16 ++++++++--------
- 2 files changed, 17 insertions(+), 19 deletions(-)
-
-diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
-index 22da33067d5c479153376927855dcd6b43322d8b..570bfe09d4385a038e7e03fcb64c72dd794774a6 100644
---- a/src/responder/pam/pamsrv_p11.c
-+++ b/src/responder/pam/pamsrv_p11.c
-@@ -521,33 +521,31 @@ errno_t add_pam_cert_response(struct pam_data *pd, const char *sysdb_username,
-     size_t msg_len;
-     size_t slot_len;
-     int ret;
--    char *username;
- 
-     if (sysdb_username == NULL || token_name == NULL) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "Missing mandatory user or slot name.\n");
-         return EINVAL;
-     }
- 
--    ret = sss_parse_internal_fqname(pd, sysdb_username, &username, NULL);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse [%s]\n", sysdb_username);
--        return ret;
--    }
--
--    user_len = strlen(username) + 1;
-+    user_len = strlen(sysdb_username) + 1;
-     slot_len = strlen(token_name) + 1;
-     msg_len = user_len + slot_len;
- 
-     msg = talloc_zero_size(pd, msg_len);
-     if (msg == NULL) {
-         DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_size failed.\n");
--        talloc_free(username);
-         return ENOMEM;
-     }
- 
--    memcpy(msg, username, user_len);
-+    /* sysdb_username is a fully-qualified name which is used by pam_sss when
-+     * prompting the user for the PIN and as login name if it wasn't set by
-+     * the PAM caller but has to be determined based on the inserted
-+     * Smartcard. If this type of name is irritating at the PIN prompt or the
-+     * re_expression config option was set in a way that user@domain cannot be
-+     * handled anymore some more logic has to be added here. But for the time
-+     * being I think using sysdb_username is fine. */
-+    memcpy(msg, sysdb_username, user_len);
-     memcpy(msg + user_len, token_name, slot_len);
--    talloc_free(username);
- 
-     ret = pam_add_response(pd, SSS_PAM_CERT_INFO, msg_len, msg);
-     talloc_free(msg);
-diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
-index 02199e6f121cab0784389256cdaac38baf9d73e3..4b2dea4be6a819b23afd243ba99cd9bd57c16c20 100644
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -664,11 +664,11 @@ static int test_pam_cert_check_gdm_smartcard(uint32_t status, uint8_t *body,
-     assert_int_equal(val, SSS_PAM_CERT_INFO);
- 
-     SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
--    assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME)));
-+    assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME)));
- 
--    assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0);
--    assert_string_equal(body + rp, "pamuser");
--    rp += sizeof("pamuser");
-+    assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0);
-+    assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME);
-+    rp += sizeof("pamuser@"TEST_DOM_NAME);
- 
-     assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
-     assert_string_equal(body + rp, TEST_TOKEN_NAME);
-@@ -703,11 +703,11 @@ static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
-     assert_int_equal(val, SSS_PAM_CERT_INFO);
- 
-     SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
--    assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME)));
-+    assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME)));
- 
--    assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0);
--    assert_string_equal(body + rp, "pamuser");
--    rp += sizeof("pamuser");
-+    assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0);
-+    assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME);
-+    rp += sizeof("pamuser@"TEST_DOM_NAME);
- 
-     assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
-     assert_string_equal(body + rp, TEST_TOKEN_NAME);
--- 
-2.9.3
-
diff --git a/0063-pam_sss-check-PKCS11_LOGIN_TOKEN_NAME.patch b/0063-pam_sss-check-PKCS11_LOGIN_TOKEN_NAME.patch
deleted file mode 100644
index 45c7946..0000000
--- a/0063-pam_sss-check-PKCS11_LOGIN_TOKEN_NAME.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 540f0f9e2b35315703b56989d398c11da49992e2 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 16 Sep 2016 11:48:18 +0200
-Subject: [PATCH 63/79] pam_sss: check PKCS11_LOGIN_TOKEN_NAME
-
-Check if PKCS11_LOGIN_TOKEN_NAME is set and prompt the user if the
-matching Smartcard is not inserted.
-
-Related to https://fedorahosted.org/sssd/ticket/3165
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 35ba922bc51416f02877b53a6f25c04104ae5f03)
----
- src/sss_client/pam_sss.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 65 insertions(+)
-
-diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
-index fdb9c907644f1317b6f8e58619f01ad2753deafc..2049d5fb0c6092aaaa914385c79d02d8f44b447e 100644
---- a/src/sss_client/pam_sss.c
-+++ b/src/sss_client/pam_sss.c
-@@ -1410,6 +1410,7 @@ done:
- }
- 
- #define SC_PROMPT_FMT "PIN for %s for user %s"
-+
- static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi)
- {
-     int ret;
-@@ -1691,6 +1692,62 @@ static int get_authtok_for_password_change(pam_handle_t *pamh,
-     return PAM_SUCCESS;
- }
- 
-+#define SC_ENTER_FMT "Please enter smart card labeled\n %s\nand press enter"
-+
-+static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
-+                                  bool quiet_mode)
-+{
-+    int ret;
-+    int pam_status;
-+    char *login_token_name;
-+    char *prompt = NULL;
-+    size_t size;
-+    char *answer = NULL;
-+
-+    login_token_name = getenv("PKCS11_LOGIN_TOKEN_NAME");
-+    if (login_token_name == NULL) {
-+        return PAM_SUCCESS;
-+    }
-+
-+    while (pi->token_name == NULL
-+            || strcmp(login_token_name, pi->token_name) != 0) {
-+        size = sizeof(SC_ENTER_FMT) + strlen(login_token_name);
-+        prompt = malloc(size);
-+        if (prompt == NULL) {
-+            D(("malloc failed."));
-+            return ENOMEM;
-+        }
-+
-+        ret = snprintf(prompt, size, SC_ENTER_FMT,
-+                       login_token_name);
-+        if (ret < 0 || ret >= size) {
-+            D(("snprintf failed."));
-+            free(prompt);
-+            return EFAULT;
-+        }
-+
-+        ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, prompt,
-+                                  NULL, &answer);
-+        free(prompt);
-+        free(answer);
-+        if (ret != PAM_SUCCESS) {
-+            D(("do_pam_conversation failed."));
-+            return ret;
-+        }
-+
-+        pam_status = send_and_receive(pamh, pi, SSS_PAM_PREAUTH, quiet_mode);
-+        if (pam_status != PAM_SUCCESS) {
-+            D(("send_and_receive returned [%d] during pre-auth", pam_status));
-+        /*
-+         * Since we are waiting for the right Smartcard to be inserted errors
-+         * can be ignored here.
-+         */
-+        }
-+    }
-+
-+    return PAM_SUCCESS;
-+}
-+
- static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
-                    int pam_flags, int argc, const char **argv)
- {
-@@ -1758,6 +1815,14 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
-                     }
-                 }
- 
-+                if (strcmp(pi.pam_service, "gdm-smartcard") == 0) {
-+                    ret = check_login_token_name(pamh, &pi, quiet_mode);
-+                    if (ret != PAM_SUCCESS) {
-+                        D(("check_login_token_name failed.\n"));
-+                        return ret;
-+                    }
-+                }
-+
-                 ret = get_authtok_for_authentication(pamh, &pi, flags);
-                 if (ret != PAM_SUCCESS) {
-                     D(("failed to get authentication token: %s",
--- 
-2.9.3
-
diff --git a/0064-SECRETS-Don-t-remove-a-container-when-it-has-childre.patch b/0064-SECRETS-Don-t-remove-a-container-when-it-has-childre.patch
deleted file mode 100644
index 847f213..0000000
--- a/0064-SECRETS-Don-t-remove-a-container-when-it-has-childre.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From b1fe893002a506ace1b2930a0cb5d5bd5d4fa9f7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Thu, 1 Sep 2016 12:04:30 +0200
-Subject: [PATCH 64/79] SECRETS: Don't remove a container when it has children
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Let's return and log an error in case the container to be removed has
-children.
-
-The approach taken introduced at least one new search in every delete
-operation. As far as I understand searching in the BASE scope is quite
-cheap and that's the reason I decided to just do the search in the
-ONELEVEL scope when the requested to be deleted dn is for sure a
-container.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3167
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit ab7b33fd7d820688545d5994a402cedf4bcdb6e1)
----
- src/responder/secrets/local.c | 33 +++++++++++++++++++++++++++++++--
- 1 file changed, 31 insertions(+), 2 deletions(-)
-
-diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
-index 5b5745d6732987c6057788b2099f45ad0799f151..b13e77f0453f3201d1f9f352bb0b331792de1106 100644
---- a/src/responder/secrets/local.c
-+++ b/src/responder/secrets/local.c
-@@ -372,14 +372,43 @@ int local_db_delete(TALLOC_CTX *mem_ctx,
-                     struct local_context *lctx,
-                     const char *req_path)
- {
-+    TALLOC_CTX *tmp_ctx;
-     struct ldb_dn *dn;
-+    static const char *attrs[] = { NULL };
-+    struct ldb_result *res;
-     int ret;
- 
-+    tmp_ctx = talloc_new(mem_ctx);
-+    if (!tmp_ctx) return ENOMEM;
-+
-     ret = local_db_dn(mem_ctx, lctx->ldb, req_path, &dn);
--    if (ret != EOK) return ret;
-+    if (ret != EOK) goto done;
-+
-+    ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
-+                    attrs, LOCAL_CONTAINER_FILTER);
-+    if (ret != EOK) goto done;
-+
-+    if (res->count == 1) {
-+        ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_ONELEVEL,
-+                         attrs, NULL);
-+        if (ret != EOK) goto done;
-+
-+        if (res->count > 0) {
-+            ret = EEXIST;
-+            DEBUG(SSSDBG_OP_FAILURE,
-+                  "Failed to remove '%s': Container is not empty\n",
-+                  ldb_dn_get_linearized(dn));
-+
-+            goto done;
-+        }
-+    }
- 
-     ret = ldb_delete(lctx->ldb, dn);
--    return sysdb_error_to_errno(ret);
-+    ret = sysdb_error_to_errno(ret);
-+
-+done:
-+    talloc_free(tmp_ctx);
-+    return ret;
- }
- 
- int local_db_create(TALLOC_CTX *mem_ctx,
--- 
-2.9.3
-
diff --git a/0065-PAM-call-free-only-when-memory-is-expected-to-be-all.patch b/0065-PAM-call-free-only-when-memory-is-expected-to-be-all.patch
deleted file mode 100644
index 27388ae..0000000
--- a/0065-PAM-call-free-only-when-memory-is-expected-to-be-all.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 958e633f0cc364f758f9d417002e9eba60f15642 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 19 Sep 2016 10:53:51 +0200
-Subject: [PATCH 65/79] PAM: call free only when memory is expected to be
- allocated
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reborted by Coverity
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit a8631161c47cbaefe7fd14b88202238bbdcc3dc8)
----
- src/sss_client/pam_sss.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
-index 2049d5fb0c6092aaaa914385c79d02d8f44b447e..be697c7fcfb47a57b5b498c61f60fcf4bfbbd57f 100644
---- a/src/sss_client/pam_sss.c
-+++ b/src/sss_client/pam_sss.c
-@@ -1729,10 +1729,11 @@ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
-         ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, prompt,
-                                   NULL, &answer);
-         free(prompt);
--        free(answer);
-         if (ret != PAM_SUCCESS) {
-             D(("do_pam_conversation failed."));
-             return ret;
-+        } else {
-+            free(answer);
-         }
- 
-         pam_status = send_and_receive(pamh, pi, SSS_PAM_PREAUTH, quiet_mode);
--- 
-2.9.3
-
diff --git a/0066-TESTS-Fixing-of-const-warnings-in-sbus-tests.patch b/0066-TESTS-Fixing-of-const-warnings-in-sbus-tests.patch
deleted file mode 100644
index 5775dcf..0000000
--- a/0066-TESTS-Fixing-of-const-warnings-in-sbus-tests.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From b44ec31e6fe2b41e52c3f055d4322c253303471d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
-Date: Mon, 19 Sep 2016 06:28:57 -0400
-Subject: [PATCH 66/79] TESTS: Fixing of 'const' warnings in sbus tests
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 626d8217a2e578ba641ae3c968752aa15284a210)
----
- src/tests/sbus_codegen_tests.c | 13 +++++++------
- src/tests/sbus_tests.c         |  4 ++--
- 2 files changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/src/tests/sbus_codegen_tests.c b/src/tests/sbus_codegen_tests.c
-index 55d4657385cfc697985b570e4310164558e2d647..262bfd49e34be72196e1cf1fe451d96b43b067ae 100644
---- a/src/tests/sbus_codegen_tests.c
-+++ b/src/tests/sbus_codegen_tests.c
-@@ -634,7 +634,7 @@ static int pilot_test_server_init(struct sbus_connection *server, void *unused)
-     int ret;
- 
-     ret = sbus_conn_register_iface(server, &pilot_iface.vtable, "/test/leela",
--                                   "Crash into the billboard");
-+                                   discard_const("Crash into the billboard"));
-     ck_assert_int_eq(ret, EOK);
- 
-     return EOK;
-@@ -645,7 +645,8 @@ static int special_test_server_init(struct sbus_connection *server, void *unused
-     int ret;
- 
-     ret = sbus_conn_register_iface(server, &special_iface.vtable,
--                                   "/test/special", "Crash into the billboard");
-+                                   "/test/special",
-+                                   discard_const("Crash into the billboard"));
-     ck_assert_int_eq(ret, EOK);
- 
-     return EOK;
-@@ -673,8 +674,8 @@ START_TEST(test_marshal_basic_types)
-     dbus_int64_t v_int64[] = { INT64_C(-6666666666666666), INT64_C(7777777777777777) };
-     dbus_uint64_t v_uint64[] = { UINT64_C(7777777777777777), INT64_C(888888888888888888) };
-     double v_double[] = { 1.1, 2.2, 3.3 };
--    char *v_string[] = { "bears", "bears", "bears" };
--    char *v_object_path[] = { "/original", "/original" };
-+    const char *v_string[] = { "bears", "bears", "bears" };
-+    const char *v_object_path[] = { "/original", "/original" };
- 
-     unsigned char *arr_byte = v_byte;
-     dbus_int16_t *arr_int16 = v_int16;
-@@ -684,8 +685,8 @@ START_TEST(test_marshal_basic_types)
-     dbus_int64_t *arr_int64 = v_int64;
-     dbus_uint64_t *arr_uint64 = v_uint64;
-     double *arr_double = v_double;
--    char **arr_string = v_string;
--    char **arr_object_path = v_object_path;
-+    char **arr_string = discard_const(v_string);
-+    char **arr_object_path = discard_const(v_object_path);
- 
-     int len_byte = N_ELEMENTS(v_byte);
-     int len_int16 = N_ELEMENTS(v_int16);
-diff --git a/src/tests/sbus_tests.c b/src/tests/sbus_tests.c
-index b472659639e3dce0733dde4ed54a55dcb40c191e..6bf71dc1bbe73b52455c18353531865da1ba6eac 100644
---- a/src/tests/sbus_tests.c
-+++ b/src/tests/sbus_tests.c
-@@ -201,12 +201,12 @@ static int pilot_test_server_init(struct sbus_connection *server, void *unused)
-     int ret;
- 
-     ret = sbus_conn_register_iface(server, &pilot_impl.vtable, "/test/leela",
--                                   "Crash into the billboard");
-+                                   discard_const("Crash into the billboard"));
-     ck_assert_int_eq(ret, EOK);
- 
- 
-     ret = sbus_conn_register_iface(server, &pilot_impl.vtable, "/test/fry",
--                                   "Don't crash");
-+                                   discard_const("Don't crash"));
-     ck_assert_int_eq(ret, EOK);
- 
-     return EOK;
--- 
-2.9.3
-
diff --git a/0067-MAKEFILE-Fixing-CFLAGS-in-some-tests.patch b/0067-MAKEFILE-Fixing-CFLAGS-in-some-tests.patch
deleted file mode 100644
index 4f0ef7e..0000000
--- a/0067-MAKEFILE-Fixing-CFLAGS-in-some-tests.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 4fe173d0e1333659479da47306b3b7957bc2e6d7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
-Date: Thu, 15 Sep 2016 09:54:18 -0400
-Subject: [PATCH 67/79] MAKEFILE: Fixing CFLAGS in some tests
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit 4f2509f8d23d9e921f07b2ead63392ae82ad3a38)
----
- Makefile.am | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/Makefile.am b/Makefile.am
-index f89af5a9d6d26c732574aa3651de8c175f538b28..f792ed6a6b531d9e6e2c886c2fbe64e1e2345b73 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1828,6 +1828,7 @@ refcount_tests_SOURCES = \
-     src/tests/refcount-tests.c \
-     $(NULL)
- refcount_tests_CFLAGS = \
-+    $(AM_CFLAGS) \
-     $(CHECK_CFLAGS)
- refcount_tests_LDADD = \
-     $(SSSD_LIBS) \
-@@ -1840,6 +1841,7 @@ fail_over_tests_SOURCES = \
-     $(SSSD_FAILOVER_OBJ) \
-     $(NULL)
- fail_over_tests_CFLAGS = \
-+    $(AM_CFLAGS) \
-     $(CHECK_CFLAGS)
- fail_over_tests_LDADD = \
-     $(SSSD_LIBS) \
-@@ -2044,6 +2046,7 @@ sbus_tests_SOURCES = \
-    src/tests/common_dbus.c \
-    src/tests/sbus_tests.c
- sbus_tests_CFLAGS = \
-+    $(AM_CFLAGS) \
-     $(CHECK_CFLAGS)
- sbus_tests_LDADD = \
-     $(SSSD_INTERNAL_LTLIBS) \
-@@ -2056,6 +2059,7 @@ sbus_codegen_tests_SOURCES = \
-     src/tests/sbus_codegen_tests_generated.c \
-     $(NULL)
- sbus_codegen_tests_CFLAGS = \
-+    $(AM_CFLAGS) \
-     $(CHECK_CFLAGS)
- sbus_codegen_tests_LDADD = \
-     $(SSSD_INTERNAL_LTLIBS) \
-@@ -2468,6 +2472,7 @@ ad_common_tests_SOURCES = \
-     src/providers/ldap/sdap_async_initgroups_ad.c \
-     $(NULL)
- ad_common_tests_CFLAGS = \
-+    $(AM_CFLAGS) \
-     $(NDR_NBT_CFLAGS) \
-     $(NDR_KRB5PAC_CFLAGS) \
-     $(NULL)
--- 
-2.9.3
-
diff --git a/0068-TESTS-Add-integration-tests-for-the-sssd-secrets.patch b/0068-TESTS-Add-integration-tests-for-the-sssd-secrets.patch
deleted file mode 100644
index a881975..0000000
--- a/0068-TESTS-Add-integration-tests-for-the-sssd-secrets.patch
+++ /dev/null
@@ -1,395 +0,0 @@
-From 0718b1bf4af69712d18f6ea3a427c1cab2e377da Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Mon, 8 Aug 2016 17:49:05 +0200
-Subject: [PATCH 68/79] TESTS: Add integration tests for the sssd-secrets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Implements a simple HTTP client and uses it to talk to the sssd-secrets
-responder. Only the local provider is tested at the moment.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3054
-
-Reviewed-by: Petr Čech <pcech@redhat.com>
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit db0982c52294ee5ea08ed242d27660783fde29cd)
----
- contrib/ci/deps.sh             |   2 +
- src/tests/intg/Makefile.am     |   5 ++
- src/tests/intg/config.py.m4    |   3 +
- src/tests/intg/secrets.py      | 137 ++++++++++++++++++++++++++++++++++
- src/tests/intg/test_secrets.py | 162 +++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 309 insertions(+)
- create mode 100644 src/tests/intg/secrets.py
- create mode 100644 src/tests/intg/test_secrets.py
-
-diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
-index 1a94e3df2ee1d43dd34ef8cda1542aab1166bccd..9a7098c399df319753858a4a7fee23d4204c1f1c 100644
---- a/contrib/ci/deps.sh
-+++ b/contrib/ci/deps.sh
-@@ -45,6 +45,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
-         pyldb
-         rpm-build
-         uid_wrapper
-+        python-requests
-     )
-     _DEPS_LIST_SPEC=`
-         sed -e 's/@PACKAGE_VERSION@/0/g' \
-@@ -114,6 +115,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
-         python-pytest
-         python-ldap
-         python-ldb
-+        python-requests
-         ldap-utils
-         slapd
-         systemtap-sdt-dev
-diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
-index 75422a4417046116bec11a8a680fe2248e3afb69..1e08eadcbbdebcca6f0f3550cc084c1a1762c0c4 100644
---- a/src/tests/intg/Makefile.am
-+++ b/src/tests/intg/Makefile.am
-@@ -16,6 +16,8 @@ dist_noinst_DATA = \
-     test_memory_cache.py \
-     test_ts_cache.py \
-     test_netgroup.py \
-+    secrets.py \
-+    test_secrets.py \
-     $(NULL)
- 
- config.py: config.py.m4
-@@ -25,6 +27,9 @@ config.py: config.py.m4
- 	   -D "pidpath=\`$(pidpath)'" \
- 	   -D "logpath=\`$(logpath)'" \
- 	   -D "mcpath=\`$(mcpath)'" \
-+	   -D "secdbpath=\`$(secdbpath)'" \
-+	   -D "libexecpath=\`$(libexecdir)'" \
-+	   -D "runstatedir=\`$(runstatedir)'" \
- 	   $< > $@
- 
- root:
-diff --git a/src/tests/intg/config.py.m4 b/src/tests/intg/config.py.m4
-index 77aa47b7958783217132b724159d9d3d247e1079..65e17e55a25372754ff7e49ac75607bcc985912c 100644
---- a/src/tests/intg/config.py.m4
-+++ b/src/tests/intg/config.py.m4
-@@ -12,3 +12,6 @@ PID_PATH            = "pidpath"
- PIDFILE_PATH        = PID_PATH + "/sssd.pid"
- LOG_PATH            = "logpath"
- MCACHE_PATH         = "mcpath"
-+SECDB_PATH          = "secdbpath"
-+LIBEXEC_PATH        = "libexecpath"
-+RUNSTATEDIR         = "runstatedir"
-diff --git a/src/tests/intg/secrets.py b/src/tests/intg/secrets.py
-new file mode 100644
-index 0000000000000000000000000000000000000000..5d4c0e2f28db9601fa0e3a21dd90a7444c7c8978
---- /dev/null
-+++ b/src/tests/intg/secrets.py
-@@ -0,0 +1,137 @@
-+#
-+# Secrets responder test client
-+#
-+# Copyright (c) 2016 Red Hat, Inc.
-+#
-+# This is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; version 2 only
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+#
-+
-+import socket
-+import requests
-+
-+from requests.adapters import HTTPAdapter
-+from requests.packages.urllib3.connection import HTTPConnection
-+from requests.packages.urllib3.connectionpool import HTTPConnectionPool
-+from requests.compat import quote, unquote, urlparse
-+
-+
-+class HTTPUnixConnection(HTTPConnection):
-+    def __init__(self, host, timeout=60, **kwargs):
-+        super(HTTPUnixConnection, self).__init__('localhost')
-+        self.unix_socket = host
-+        self.timeout = timeout
-+
-+    def connect(self):
-+        sock = socket.socket(family=socket.AF_UNIX)
-+        sock.settimeout(self.timeout)
-+        sock.connect(self.unix_socket)
-+        self.sock = sock
-+
-+
-+class HTTPUnixConnectionPool(HTTPConnectionPool):
-+    scheme = 'http+unix'
-+    ConnectionCls = HTTPUnixConnection
-+
-+
-+class HTTPUnixAdapter(HTTPAdapter):
-+    def get_connection(self, url, proxies=None):
-+        # proxies, silently ignored
-+        path = unquote(urlparse(url).netloc)
-+        return HTTPUnixConnectionPool(path)
-+
-+
-+class SecretsHttpClient(object):
-+    secrets_sock_path = '/var/run/secrets.socket'
-+    secrets_container = 'secrets'
-+
-+    def __init__(self, content_type='application/json', sock_path=None):
-+        if sock_path is None:
-+            sock_path = self.secrets_sock_path
-+
-+        self.content_type = content_type
-+        self.session = requests.Session()
-+        self.session.mount('http+unix://', HTTPUnixAdapter())
-+        self.headers = dict({'Content-Type': content_type})
-+        self.url = 'http+unix://' + \
-+            quote(sock_path, safe='') + \
-+            '/' + \
-+            self.secrets_container
-+        self._last_response = None
-+
-+    def _join_url(self, resource):
-+        path = self.url.rstrip('/') + '/'
-+        if resource is not None:
-+            path = path + resource.lstrip('/')
-+        return path
-+
-+    def _add_headers(self, **kwargs):
-+        headers = kwargs.get('headers', None)
-+        if headers is None:
-+            headers = dict()
-+        headers.update(self.headers)
-+        return headers
-+
-+    def _request(self, cmd, path, **kwargs):
-+        self._last_response = None
-+        url = self._join_url(path)
-+        kwargs['headers'] = self._add_headers(**kwargs)
-+        self._last_response = cmd(url, **kwargs)
-+        return self._last_response
-+
-+    @property
-+    def last_response(self):
-+        return self._last_response
-+
-+    def get(self, path, **kwargs):
-+        return self._request(self.session.get, path, **kwargs)
-+
-+    def list(self, **kwargs):
-+        return self._request(self.session.get, None, **kwargs)
-+
-+    def put(self, name, **kwargs):
-+        return self._request(self.session.put, name, **kwargs)
-+
-+    def delete(self, name, **kwargs):
-+        return self._request(self.session.delete, name, **kwargs)
-+
-+    def post(self, name, **kwargs):
-+        return self._request(self.session.post, name, **kwargs)
-+
-+
-+class SecretsLocalClient(SecretsHttpClient):
-+    def list_secrets(self):
-+        res = self.list()
-+        res.raise_for_status()
-+        simple = res.json()
-+        return simple
-+
-+    def get_secret(self, name):
-+        res = self.get(name)
-+        res.raise_for_status()
-+        simple = res.json()
-+        ktype = simple.get("type", None)
-+        if ktype != "simple":
-+            raise TypeError("Invalid key type: %s" % ktype)
-+        return simple["value"]
-+
-+    def set_secret(self, name, value):
-+        res = self.put(name, json={"type": "simple", "value": value})
-+        res.raise_for_status()
-+
-+    def del_secret(self, name):
-+        res = self.delete(name)
-+        res.raise_for_status()
-+
-+    def create_container(self, name):
-+        res = self.post(name)
-+        res.raise_for_status()
-diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
-new file mode 100644
-index 0000000000000000000000000000000000000000..e394d1275e35e686a14a604943796e793fe29119
---- /dev/null
-+++ b/src/tests/intg/test_secrets.py
-@@ -0,0 +1,162 @@
-+#
-+# Secrets responder integration tests
-+#
-+# Copyright (c) 2016 Red Hat, Inc.
-+#
-+# This is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; version 2 only
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+#
-+
-+import os
-+import stat
-+import config
-+import signal
-+import subprocess
-+import time
-+import socket
-+import pytest
-+from requests import HTTPError
-+
-+from util import unindent
-+from secrets import SecretsLocalClient
-+
-+
-+def create_conf_fixture(request, contents):
-+    """Generate sssd.conf and add teardown for removing it"""
-+    conf = open(config.CONF_PATH, "w")
-+    conf.write(contents)
-+    conf.close()
-+    os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
-+    request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
-+
-+
-+def create_sssd_secrets_fixture(request):
-+    if subprocess.call(['sssd', "--genconf"]) != 0:
-+        raise Exception("failed to regenerate confdb")
-+
-+    resp_path = os.path.join(config.LIBEXEC_PATH, "sssd", "sssd_secrets")
-+
-+    secpid = os.fork()
-+    if secpid == 0:
-+        if subprocess.call([resp_path, "--uid=0", "--gid=0"]) != 0:
-+            raise Exception("sssd_secrets failed to start")
-+
-+    sock_path = os.path.join(config.RUNSTATEDIR, "secrets.socket")
-+    sck = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-+    for _ in range(1, 10):
-+        try:
-+            sck.connect(sock_path)
-+        except:
-+            time.sleep(0.1)
-+        else:
-+            break
-+    sck.close()
-+
-+    def sec_teardown():
-+        if secpid == 0:
-+            return
-+
-+        os.kill(secpid, signal.SIGTERM)
-+        for secdb_file in os.listdir(config.SECDB_PATH):
-+            os.unlink(config.SECDB_PATH + "/" + secdb_file)
-+    request.addfinalizer(sec_teardown)
-+
-+
-+@pytest.fixture
-+def setup_for_secrets(request):
-+    """
-+    Just set up the local provider for tests and enable the secrets
-+    responder
-+    """
-+    conf = unindent("""\
-+        [sssd]
-+        domains = local
-+        services = nss
-+
-+        [domain/local]
-+        id_provider = local
-+    """).format(**locals())
-+
-+    create_conf_fixture(request, conf)
-+    create_sssd_secrets_fixture(request)
-+    return None
-+
-+
-+@pytest.fixture
-+def secrets_cli(request):
-+    sock_path = os.path.join(config.RUNSTATEDIR, "secrets.socket")
-+    cli = SecretsLocalClient(sock_path=sock_path)
-+    return cli
-+
-+
-+def test_crd_ops(setup_for_secrets, secrets_cli):
-+    """
-+    Test that the basic Create, Retrieve, Delete operations work
-+    """
-+    cli = secrets_cli
-+
-+    # Listing a totally empty database yields a 404 error, no secrets are there
-+    with pytest.raises(HTTPError) as err404:
-+        secrets = cli.list_secrets()
-+    assert str(err404.value).startswith("404")
-+
-+    # Set some value, should succeed
-+    cli.set_secret("foo", "bar")
-+
-+    fooval = cli.get_secret("foo")
-+    assert fooval == "bar"
-+
-+    # Listing secrets should work now as well
-+    secrets = cli.list_secrets()
-+    assert len(secrets) == 1
-+    assert "foo" in secrets
-+
-+    # Overwriting a secret is an error
-+    with pytest.raises(HTTPError) as err409:
-+        cli.set_secret("foo", "baz")
-+    assert str(err409.value).startswith("409")
-+
-+    # Delete a secret
-+    cli.del_secret("foo")
-+    with pytest.raises(HTTPError) as err404:
-+        fooval = cli.get_secret("foo")
-+    assert str(err404.value).startswith("404")
-+
-+    # Delete a non-existent secret must yield a 404
-+    with pytest.raises(HTTPError) as err404:
-+        cli.del_secret("foo")
-+    assert str(err404.value).startswith("404")
-+
-+
-+def test_containers(setup_for_secrets, secrets_cli):
-+    """
-+    Test that storing secrets inside containers works
-+    """
-+    cli = secrets_cli
-+
-+    # No trailing slash, no game..
-+    with pytest.raises(HTTPError) as err400:
-+        cli.create_container("mycontainer")
-+    assert str(err400.value).startswith("400")
-+
-+    cli.create_container("mycontainer/")
-+    cli.set_secret("mycontainer/foo", "containedfooval")
-+    assert cli.get_secret("mycontainer/foo") == "containedfooval"
-+
-+    # Removing a non-empty container should not succeed
-+    with pytest.raises(HTTPError) as err409:
-+        cli.del_secret("mycontainer/")
-+    assert str(err409.value).startswith("409")
-+
-+    # Try removing the secret first, then the container
-+    cli.del_secret("mycontainer/foo")
-+    cli.del_secret("mycontainer/")
--- 
-2.9.3
-
diff --git a/0069-AUTOFS-Fix-offline-resolution-of-autofs-maps.patch b/0069-AUTOFS-Fix-offline-resolution-of-autofs-maps.patch
deleted file mode 100644
index c04f9da..0000000
--- a/0069-AUTOFS-Fix-offline-resolution-of-autofs-maps.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From c0f663b1a497182cfd2eaf92dda0459342ba6685 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Thu, 4 Aug 2016 17:58:32 +0200
-Subject: [PATCH 69/79] AUTOFS: Fix offline resolution of autofs maps
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If talking to the Data Provider failed, we never re-tried looking into
-the cache. We should consult the cache on DP failures and return cached
-results, if possible.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3080
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit b9e155da725e711ab306ca8a96e3ba6fbda41a3a)
----
- src/responder/autofs/autofssrv_cmd.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/src/responder/autofs/autofssrv_cmd.c b/src/responder/autofs/autofssrv_cmd.c
-index 9666ab2d195a581f18eaa7ff9bbc4c8167a71b15..f5aa25a483c3b3352f40e8cc66dfd3a24a60af0d 100644
---- a/src/responder/autofs/autofssrv_cmd.c
-+++ b/src/responder/autofs/autofssrv_cmd.c
-@@ -871,17 +871,25 @@ static void lookup_automntmap_cache_updated(uint16_t err_maj, uint32_t err_min,
-     if (err_maj) {
-         DEBUG(SSSDBG_CRIT_FAILURE,
-               "Unable to get information from Data Provider\n"
--               "Error: %u, %u, %s\n"
--               "Will try to return what we have in cache\n",
-+              "Error: %u, %u, %s\n"
-+              "Will try to return what we have in cache\n",
-                (unsigned int)err_maj, (unsigned int)err_min, err_msg);
--        /* Loop to the next domain if possible */
-+
-+        /* Try to fall back to cache */
-+        ret = lookup_automntmap_step(lookup_ctx);
-+        if (ret == EOK) {
-+            /* We have cached results to return */
-+            autofs_setent_notify(lookup_ctx->map, ret);
-+            return;
-+        }
-+
-+        /* Otherwise try the next domain */
-         if (dctx->cmd_ctx->check_next
-                 && (dctx->domain = get_next_domain(dctx->domain, 0))) {
-             dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
-         }
-     }
- 
--    /* ok the backend returned, search to see if we have updated results */
-     ret = lookup_automntmap_step(lookup_ctx);
-     if (ret != EOK) {
-         if (ret == EAGAIN) {
--- 
-2.9.3
-
diff --git a/0070-NSS-Fix-offline-resolution-of-netgroups.patch b/0070-NSS-Fix-offline-resolution-of-netgroups.patch
deleted file mode 100644
index d7227b9..0000000
--- a/0070-NSS-Fix-offline-resolution-of-netgroups.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 068aadc5169380c37459c7cb50d397e93d5f121d Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Thu, 4 Aug 2016 17:58:47 +0200
-Subject: [PATCH 70/79] NSS: Fix offline resolution of netgroups
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If talking to the Data Provider failed, we never re-tried looking into
-the cache. We should consult the cache on DP failures and return cached
-results, if possible.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3123
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit a3108c5cd1ebb05c133c8e8990278ac4f4b8e25c)
----
- src/responder/nss/nsssrv_netgroup.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
-index e42976b245952291cd1eb36480138514e3d4ec09..49ef0f5c9b264a6252880a2944e8a1bd38ae0527 100644
---- a/src/responder/nss/nsssrv_netgroup.c
-+++ b/src/responder/nss/nsssrv_netgroup.c
-@@ -674,6 +674,15 @@ static void lookup_netgr_dp_callback(uint16_t err_maj, uint32_t err_min,
-                   "Error: %u, %u, %s\n"
-                   "Will try to return what we have in cache\n",
-                   (unsigned int)err_maj, (unsigned int)err_min, err_msg);
-+
-+        /* Try to fall back to cache */
-+        ret = lookup_netgr_step(step_ctx);
-+        if (ret == EOK) {
-+            /* We have cached results to return */
-+            nss_setent_notify_done(dctx->netgr);
-+            return;
-+        }
-+
-         /* Loop to the next domain if possible */
-         if (cmdctx->check_next
-                 && (dctx->domain = get_next_domain(dctx->domain, 0))) {
--- 
-2.9.3
-
diff --git a/0071-TESTS-Test-offline-netgroups-resolution.patch b/0071-TESTS-Test-offline-netgroups-resolution.patch
deleted file mode 100644
index cfc5481..0000000
--- a/0071-TESTS-Test-offline-netgroups-resolution.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 39ab6bfc8f822c77144d0056bb87b82ca3e8af3e Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Fri, 9 Sep 2016 12:23:04 +0200
-Subject: [PATCH 71/79] TESTS: Test offline netgroups resolution
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-(cherry picked from commit c0ee12832555b42c17e48cdf731731454a97972e)
----
- src/tests/intg/test_netgroup.py | 29 +++++++++++++++++++++++++++--
- 1 file changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/src/tests/intg/test_netgroup.py b/src/tests/intg/test_netgroup.py
-index b99476126844e35d5dbc1793077720b4020c2fb7..f1d801f48a954baf4d244ec533348a1de2f2d2c8 100644
---- a/src/tests/intg/test_netgroup.py
-+++ b/src/tests/intg/test_netgroup.py
-@@ -104,6 +104,7 @@ def format_basic_conf(ldap_conn, schema):
-         [sssd]
-         domains             = LDAP
-         services            = nss
-+        disable_netlink     = true
- 
-         [domain/LDAP]
-         {schema_conf}
-@@ -148,11 +149,16 @@ def create_sssd_process():
-         raise Exception("sssd start failed")
- 
- 
-+def get_sssd_pid():
-+    pid_file = open(config.PIDFILE_PATH, "r")
-+    pid = int(pid_file.read())
-+    return pid
-+
-+
- def cleanup_sssd_process():
-     """Stop the SSSD process and remove its state"""
-     try:
--        pid_file = open(config.PIDFILE_PATH, "r")
--        pid = int(pid_file.read())
-+        pid = get_sssd_pid()
-         os.kill(pid, signal.SIGTERM)
-         while True:
-             try:
-@@ -173,6 +179,11 @@ def create_sssd_cleanup(request):
-     request.addfinalizer(cleanup_sssd_process)
- 
- 
-+def simulate_offline():
-+    pid = get_sssd_pid()
-+    os.kill(pid, signal.SIGUSR1)
-+
-+
- def create_sssd_fixture(request):
-     """Start SSSD and add teardown for stopping it and removing its state"""
-     create_sssd_process()
-@@ -457,3 +468,17 @@ def test_removing_nested_netgroups(removing_nested_netgroups, ldap_conn):
-     res, _, netgroups = sssd_netgroup.get_sssd_netgroups("t2841_netgroup3")
-     assert res == sssd_netgroup.NssReturnCode.SUCCESS
-     assert netgroups == []
-+
-+
-+def test_offline_netgroups(add_tripled_netgroup):
-+    res, _, netgrps = sssd_netgroup.get_sssd_netgroups("tripled_netgroup")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgrps == [("host", "user", "domain")]
-+
-+    subprocess.check_call(["sss_cache", "-N"])
-+
-+    simulate_offline()
-+
-+    res, _, netgrps = sssd_netgroup.get_sssd_netgroups("tripled_netgroup")
-+    assert res == sssd_netgroup.NssReturnCode.SUCCESS
-+    assert netgrps == [("host", "user", "domain")]
--- 
-2.9.3
-
diff --git a/0072-Remove-double-semicolon-at-the-end-of-line.patch b/0072-Remove-double-semicolon-at-the-end-of-line.patch
deleted file mode 100644
index 46d4d11..0000000
--- a/0072-Remove-double-semicolon-at-the-end-of-line.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From e166ad6facb9812249376683ae936c5f3f5682af Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Sat, 17 Sep 2016 21:05:36 +0200
-Subject: [PATCH 72/79] Remove double semicolon at the end of line
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit b9941359b3181c42f415530d5ccad0f4664d85fa)
----
- src/db/sysdb_ops.c                         |  2 +-
- src/lib/idmap/sss_idmap.c                  |  2 +-
- src/lib/sifp/sss_sifp_parser.c             |  2 +-
- src/providers/ad/ad_gpo.c                  |  2 +-
- src/providers/ipa/ipa_subdomains_id.c      |  2 +-
- src/providers/ipa/ipa_sudo_conversion.c    |  2 +-
- src/providers/krb5/krb5_child.c            |  2 +-
- src/providers/ldap/sdap_async.c            |  6 +++---
- src/providers/ldap/sdap_async_initgroups.c |  2 +-
- src/providers/ldap/sdap_async_netgroups.c  |  2 +-
- src/responder/pam/pamsrv_cmd.c             |  2 +-
- src/sss_client/sudo/sss_sudo.c             |  2 +-
- src/tests/krb5_child-test.c                | 10 +++++-----
- src/tests/sbus_codegen_tests.c             |  4 ++--
- src/tools/sss_groupshow.c                  |  2 +-
- src/util/string_utils.c                    |  2 +-
- src/util/usertools.c                       |  2 +-
- 17 files changed, 24 insertions(+), 24 deletions(-)
-
-diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
-index 5d9c9fb24a149f8215b3027dcb4b0e1a183e4b43..29f4b1d1597bd98541a152dd6462caa864fbf2fd 100644
---- a/src/db/sysdb_ops.c
-+++ b/src/db/sysdb_ops.c
-@@ -4815,7 +4815,7 @@ errno_t sysdb_handle_original_uuid(const char *orig_name,
- 
-     if (ret != EOK) {
-         DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string failed.\n");
--        return ret;;
-+        return ret;
-     }
- 
-     return EOK;
-diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
-index 58b0ec62118c9e01b61d987bf77179e774313b11..ffb218c844bff18e8a000398e9d646556ca295cf 100644
---- a/src/lib/idmap/sss_idmap.c
-+++ b/src/lib/idmap/sss_idmap.c
-@@ -916,7 +916,7 @@ get_range(struct sss_idmap_ctx *ctx,
-           long long rid,
-           struct idmap_range_params **_range)
- {
--    char *secondary_name = NULL;;
-+    char *secondary_name = NULL;
-     enum idmap_error_code err;
-     int first_rid;
-     struct idmap_range_params *range;
-diff --git a/src/lib/sifp/sss_sifp_parser.c b/src/lib/sifp/sss_sifp_parser.c
-index eaa57d8d5e67ec07d0fe89e003ee011dcd40a75f..65babb5bc5430a541ade4cec0350e0846962fd67 100644
---- a/src/lib/sifp/sss_sifp_parser.c
-+++ b/src/lib/sifp/sss_sifp_parser.c
-@@ -469,7 +469,7 @@ sss_sifp_parse_variant(sss_sifp_ctx *ctx,
-         /* case DBUS_TYPE_DICT_ENTRY may only be contained within an array
-          * in variant */
-         case DBUS_TYPE_ARRAY:
--            ret = sss_sifp_parse_array(ctx, &variant_iter, attr);;
-+            ret = sss_sifp_parse_array(ctx, &variant_iter, attr);
-             break;
-         default:
-             ret = SSS_SIFP_NOT_SUPPORTED;
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index 63c68ce35922ca0407ae6ea32c0a78100e14504b..2b06a0ec8c24a0da44b0da00718c84c228242d24 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -2491,7 +2491,7 @@ ad_gpo_populate_som_list(TALLOC_CTX *mem_ctx,
-     }
- 
-     /* first, populate the OU and Domain SOMs */
--    tmp_dn = target_dn;;
-+    tmp_dn = target_dn;
-     while ((ad_gpo_parent_dn(tmp_ctx, ldb_ctx, tmp_dn, &parent_dn)) == EOK) {
- 
-         if ((strncasecmp(parent_dn, "OU=", strlen("OU=")) == 0) ||
-diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
-index 5369ec4c624544f7f3aec88ddaa30eac91c51735..97c96e3818f37d0cf3e282f68d3a013122a2a55b 100644
---- a/src/providers/ipa/ipa_subdomains_id.c
-+++ b/src/providers/ipa/ipa_subdomains_id.c
-@@ -669,7 +669,7 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
-     struct ipa_get_ad_acct_state *state;
-     struct sdap_domain *sdom;
-     struct sdap_id_conn_ctx **clist;
--    struct sdap_id_ctx *sdap_id_ctx;;
-+    struct sdap_id_ctx *sdap_id_ctx;
-     struct ad_id_ctx *ad_id_ctx;
- 
-     req = tevent_req_create(mem_ctx, &state, struct ipa_get_ad_acct_state);
-diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
-index 21186d2455fb28c2743131ef98920eb00753f0d6..9dbc8604df544ce0865a2e99facf92cfd697123b 100644
---- a/src/providers/ipa/ipa_sudo_conversion.c
-+++ b/src/providers/ipa/ipa_sudo_conversion.c
-@@ -634,7 +634,7 @@ static errno_t get_sudo_cmd_rdn(TALLOC_CTX *mem_ctx,
-     }
- 
-     *_rdn_val = rdn_val;
--    *_rdn_attr = map[IPA_AT_SUDOCMD_CMD].name;;
-+    *_rdn_attr = map[IPA_AT_SUDOCMD_CMD].name;
- 
-     return EOK;
- }
-diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
-index 82522995e310f20c58922f814e14e81a84b9bcb9..df94bc4c481b090d50f9b0119ccde5a373d9e20b 100644
---- a/src/providers/krb5/krb5_child.c
-+++ b/src/providers/krb5/krb5_child.c
-@@ -2612,7 +2612,7 @@ static krb5_error_code privileged_krb5_setup(struct krb5_req *kr,
-     ret = check_use_fast(&kr->fast_val);
-     if (ret != EOK) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "check_use_fast failed.\n");
--        return ret;;
-+        return ret;
-     }
- 
-     /* For ccache types FILE: and DIR: we might need to create some directory
-diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
-index f374112935a7befa1d059df97f3119c14d8f5da5..246e12a1f386da1841963d5c1d1c4d2870cc1b6b 100644
---- a/src/providers/ldap/sdap_async.c
-+++ b/src/providers/ldap/sdap_async.c
-@@ -2097,7 +2097,7 @@ static void sdap_x_deref_search_done(struct tevent_req *subreq)
- 
- static int sdap_x_deref_search_ctrls_destructor(void *ptr)
- {
--    LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);;
-+    LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);
- 
-     if (ctrls && ctrls[0]) {
-         ldap_control_free(ctrls[0]);
-@@ -2289,7 +2289,7 @@ static void sdap_sd_search_done(struct tevent_req *subreq)
- 
- static int sdap_sd_search_ctrls_destructor(void *ptr)
- {
--    LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);;
-+    LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);
-     if (ctrls && ctrls[0]) {
-         ldap_control_free(ctrls[0]);
-     }
-@@ -2548,7 +2548,7 @@ static void sdap_asq_search_done(struct tevent_req *subreq)
- 
- static int sdap_asq_search_ctrls_destructor(void *ptr)
- {
--    LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);;
-+    LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);
- 
-     if (ctrls && ctrls[0]) {
-         ldap_control_free(ctrls[0]);
-diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
-index f9593f0dfaa2dc6e33fd6c9d1f0c9b78cad3a1d9..df39de3cc5daf9ce23e1d9abe8b72f06ae45e9cd 100644
---- a/src/providers/ldap/sdap_async_initgroups.c
-+++ b/src/providers/ldap/sdap_async_initgroups.c
-@@ -816,7 +816,7 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
-     }
- 
-     state->groups = talloc_zero_array(state, struct sysdb_attrs *,
--                                      state->memberof->num_values + 1);;
-+                                      state->memberof->num_values + 1);
-     if (!state->groups) {
-         ret = ENOMEM;
-         goto immediate;
-diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
-index e1d69ad769f542cccffca50547932a5bfb352230..f4a1d165f77a15f150e99844d69716c6c8785bee 100644
---- a/src/providers/ldap/sdap_async_netgroups.c
-+++ b/src/providers/ldap/sdap_async_netgroups.c
-@@ -313,7 +313,7 @@ struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx,
-     dn_filter = talloc_strdup(state, "(|");
-     if (dn_filter == NULL) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
--        ret = ENOMEM;;
-+        ret = ENOMEM;
-         goto fail;
-     }
- 
-diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
-index be54fbf9b627d0ec1c3b0416401885245794cf9f..e52fc764245a2dd604bd149b956f8204fa865342 100644
---- a/src/responder/pam/pamsrv_cmd.c
-+++ b/src/responder/pam/pamsrv_cmd.c
-@@ -1286,7 +1286,7 @@ static void pam_forwarder_cert_cb(struct tevent_req *req)
-         if (pd->logon_name == NULL) {
-             DEBUG(SSSDBG_CRIT_FAILURE,
-                   "No certificate found and no logon name given, " \
--                  "authentication not possible.\n");;
-+                  "authentication not possible.\n");
-             ret = ENOENT;
-         } else {
-             if (pd->cmd == SSS_PAM_AUTHENTICATE) {
-diff --git a/src/sss_client/sudo/sss_sudo.c b/src/sss_client/sudo/sss_sudo.c
-index 202029934ccb7c979b9b740fc7e466888825e042..3651740019349c590877a18f9e42c23b9ad41d0d 100644
---- a/src/sss_client/sudo/sss_sudo.c
-+++ b/src/sss_client/sudo/sss_sudo.c
-@@ -226,7 +226,7 @@ void sss_sudo_free_rules(unsigned int num_rules, struct sss_sudo_rule *rules)
- 
- void sss_sudo_free_attrs(unsigned int num_attrs, struct sss_sudo_attr *attrs)
- {
--    struct sss_sudo_attr *attr = NULL;;
-+    struct sss_sudo_attr *attr = NULL;
-     int i, j;
- 
-     if (attrs == NULL) {
-diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
-index 50acc88ed0c312b2662f01fe41247781f235a54d..d570d52229a23a557d1f32b90cbb815239b57e74 100644
---- a/src/tests/krb5_child-test.c
-+++ b/src/tests/krb5_child-test.c
-@@ -390,11 +390,11 @@ main(int argc, const char *argv[])
- 
-     int pc_debug = 0;
-     int pc_timeout = 0;
--    const char *pc_user = NULL;;
--    const char *pc_passwd = NULL;;
--    const char *pc_realm = NULL;;
--    const char *pc_ccname = NULL;;
--    const char *pc_ccname_tp = NULL;;
-+    const char *pc_user = NULL;
-+    const char *pc_passwd = NULL;
-+    const char *pc_realm = NULL;
-+    const char *pc_ccname = NULL;
-+    const char *pc_ccname_tp = NULL;
-     char *password = NULL;
-     bool rm_ccache = true;
- 
-diff --git a/src/tests/sbus_codegen_tests.c b/src/tests/sbus_codegen_tests.c
-index 262bfd49e34be72196e1cf1fe451d96b43b067ae..05eb78d7d8f0917a62a47bf684d7f7135fe7b005 100644
---- a/src/tests/sbus_codegen_tests.c
-+++ b/src/tests/sbus_codegen_tests.c
-@@ -967,7 +967,7 @@ static void parse_get_array_reply(DBusMessage *reply, const int type,
-     ck_assert_int_eq(dbus_message_iter_get_element_type(&variter), type);
-     dbus_message_iter_recurse(&variter, &arriter);
-     if (type == DBUS_TYPE_STRING || type == DBUS_TYPE_OBJECT_PATH) {
--        int n = 0, i = 0;;
-+        int n = 0, i = 0;
-         const char **strings;
-         const char *s;
- 
-@@ -1326,7 +1326,7 @@ void check_arr_prop(DBusMessageIter *variter, struct prop_test *p)
- 
-     dbus_message_iter_recurse(variter, &arriter);
-     if (type == DBUS_TYPE_STRING || type == DBUS_TYPE_OBJECT_PATH) {
--        int n = 0, i = 0;;
-+        int n = 0, i = 0;
-         const char *s;
- 
-         do {
-diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c
-index 00f6f12939b6bef2dd10085f8cf99304e87f1211..258d458b0d1a4cb56c8fb61060cb43a1c88c1ed0 100644
---- a/src/tools/sss_groupshow.c
-+++ b/src/tools/sss_groupshow.c
-@@ -58,7 +58,7 @@ const char *rdn_as_string(TALLOC_CTX *mem_ctx,
-         return NULL;
-     }
- 
--    return ldb_dn_escape_value(mem_ctx, *val);;
-+    return ldb_dn_escape_value(mem_ctx, *val);
- }
- 
- static int parse_memberofs(struct ldb_context *ldb,
-diff --git a/src/util/string_utils.c b/src/util/string_utils.c
-index 5e43bbef34e8b514e29ffc5e576f8b57dbab4890..872b7e29e55e8628085affd07f3363019aae5ee9 100644
---- a/src/util/string_utils.c
-+++ b/src/util/string_utils.c
-@@ -100,7 +100,7 @@ errno_t guid_blob_to_string_buf(const uint8_t *blob, char *str_buf,
-          blob[5], blob[4],
-          blob[7], blob[6],
-          blob[8], blob[9],
--         blob[10], blob[11],blob[12], blob[13],blob[14], blob[15]);;
-+         blob[10], blob[11],blob[12], blob[13],blob[14], blob[15]);
-     if (ret != (GUID_STR_BUF_SIZE -1)) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed.\n");
-         return EIO;
-diff --git a/src/util/usertools.c b/src/util/usertools.c
-index e0d520ad1057b4ddcfd7830674afa9dfa3b37ebd..12fc85b8f20858975b01c49468834be158b43f1c 100644
---- a/src/util/usertools.c
-+++ b/src/util/usertools.c
-@@ -210,7 +210,7 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
- {
-     TALLOC_CTX *tmpctx = NULL;
-     char *conf_path = NULL;
--    char *re_pattern = NULL;;
-+    char *re_pattern = NULL;
-     char *fq_fmt = NULL;
-     int ret;
- 
--- 
-2.9.3
-
diff --git a/0073-TESTS-Add-simple-test-for-double-semicolon.patch b/0073-TESTS-Add-simple-test-for-double-semicolon.patch
deleted file mode 100644
index ad1d310..0000000
--- a/0073-TESTS-Add-simple-test-for-double-semicolon.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 7017c022affd3ad1d0c29cb89aa825231c93fa29 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Sat, 17 Sep 2016 21:12:36 +0200
-Subject: [PATCH 73/79] TESTS: Add simple test for double semicolon
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit 6ad1f2da4055e2cfe9bf8c79b79e408dba171691)
----
- Makefile.am                     |  2 ++
- contrib/ci/run                  |  3 ++-
- src/tests/double_semicolon_test | 38 ++++++++++++++++++++++++++++++++++++++
- 3 files changed, 42 insertions(+), 1 deletion(-)
- create mode 100755 src/tests/double_semicolon_test
-
-diff --git a/Makefile.am b/Makefile.am
-index f792ed6a6b531d9e6e2c886c2fbe64e1e2345b73..17c5f26ce9db1e183b30178f1a8714deca1dab03 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -321,6 +321,7 @@ TESTS = \
-     $(non_interactive_cmocka_based_tests) \
-     $(non_interactive_check_based_tests) \
-     src/tests/whitespace_test \
-+    src/tests/double_semicolon_test \
-     $(NULL)
- 
- sssdlib_LTLIBRARIES = \
-@@ -410,6 +411,7 @@ dist_noinst_SCRIPTS = \
-     src/tests/pysss_murmur-test.py3.sh \
-     src/tests/python-test.py \
-     src/tests/whitespace_test \
-+    src/tests/double_semicolon_test \
-     src/tests/krb5_proxy_check_test_data.conf \
-     $(NULL)
- 
-diff --git a/contrib/ci/run b/contrib/ci/run
-index 1b230f584b7c42d66bfc8c99c118420478d4128b..f96476ff8d4e118375777abf7f1e3475c1ed07bb 100755
---- a/contrib/ci/run
-+++ b/contrib/ci/run
-@@ -187,7 +187,8 @@ function build_debug()
- {
-     # Extended glob pattern matching tests to run under Valgrind.
-     # NOTE: The particular pattern below is inverted
--    declare -r valgrind_test_pattern="!(*.py|*/dlopen-tests|*/whitespace_test)"
-+    declare -r valgrind_test_pattern="\
-+        !(*.py|*/dlopen-tests|*/whitespace_test|*/double_semicolon_test)"
-     export CFLAGS="$DEBUG_CFLAGS"
-     declare test_dir
-     declare test_dir_distcheck
-diff --git a/src/tests/double_semicolon_test b/src/tests/double_semicolon_test
-new file mode 100755
-index 0000000000000000000000000000000000000000..bbc05fa22ab557919daacbf5a222bb6f1d9678b4
---- /dev/null
-+++ b/src/tests/double_semicolon_test
-@@ -0,0 +1,38 @@
-+#!/bin/bash
-+
-+set -e -u -o pipefail
-+
-+# An AWK regex matching tracked file paths to be included for the search.
-+# Example: '.*\.po|README'
-+PATH_INCLUDE_REGEX='.*\.c|.*\.h'
-+
-+export GIT_DIR="$ABS_TOP_SRCDIR/.git"
-+export GIT_WORK_TREE="$ABS_TOP_SRCDIR"
-+
-+if [ ! -d "$GIT_DIR" ]; then
-+    echo "Git repository is required for this test!" 1>&2
-+    exit 77
-+fi
-+
-+{
-+    # Look for lines with double semicolon at the end of line
-+    # in all files tracked by Git
-+    git grep -n -I ';\s*;$' -- "$(git rev-parse --show-toplevel)" ||
-+        # Don't fail if no such lines were found anywhere
-+        [[ $? == 1 ]]
-+} |
-+    awk -- "
-+        BEGIN {
-+            found = 0
-+        }
-+        /^($PATH_INCLUDE_REGEX):/ {
-+            if (!found) {
-+                print \"Double semicolon found:\"
-+                found = 1
-+            }
-+            print
-+        }
-+        END {
-+            exit found
-+        }
-+    "
--- 
-2.9.3
-
diff --git a/0074-failover-proceed-normally-when-no-new-server-is-foun.patch b/0074-failover-proceed-normally-when-no-new-server-is-foun.patch
deleted file mode 100644
index 9b05a49..0000000
--- a/0074-failover-proceed-normally-when-no-new-server-is-foun.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 3b5dc99956715bb0251c48f18c05b3e0317b661f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 24 Aug 2016 14:21:12 +0200
-Subject: [PATCH 74/79] failover: proceed normally when no new server is found
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Multiple failover requests come in same time, the first one will
-result in collapsing the meta server but multiple resolution of
-SRV records are triggered. The first one finishes normally but the
-others won't find any new server thus ends with an error.
-
-This patch makes failover to proceed normally even in such case.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3131
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit 03cb5ac6aa4c60d2c64c6fdc2daae656bf5493f4)
----
- src/providers/fail_over.c | 25 +++++++++++++++++++++----
- 1 file changed, 21 insertions(+), 4 deletions(-)
-
-diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c
-index 8ab39f27f77e19e601855632196006a8dbbdf136..77084098831a312bc8629513ccfc2a91165241ba 100644
---- a/src/providers/fail_over.c
-+++ b/src/providers/fail_over.c
-@@ -1112,7 +1112,9 @@ fo_resolve_service_cont(struct tevent_req *subreq)
-     ret = resolve_srv_recv(subreq, &state->server);
-     talloc_zfree(subreq);
- 
--    if (ret) {
-+    /* We will proceed normally on ERR_SRV_DUPLICATES and if the server
-+     * is already being resolved, we hook to that request. */
-+    if (ret != EOK && ret != ERR_SRV_DUPLICATES) {
-         tevent_req_error(req, ret);
-         return;
-     }
-@@ -1398,11 +1400,23 @@ resolve_srv_done(struct tevent_req *subreq)
-         }
- 
-         if (last_server == state->meta) {
--            /* SRV lookup returned only those servers
--             * that are already present. */
-+            /* SRV lookup returned only those servers that are already present.
-+             * This may happen only when an ongoing SRV resolution already
-+             * exist. We will return server, but won't set any state. */
-             DEBUG(SSSDBG_TRACE_FUNC, "SRV lookup did not return "
-                                       "any new server.\n");
-             ret = ERR_SRV_DUPLICATES;
-+
-+            /* Since no new server is returned, state->meta->next is NULL.
-+             * We return last tried server if possible which is server
-+             * from previous resolution of SRV record, and first server
-+             * otherwise. */
-+            if (state->service->last_tried_server != NULL) {
-+                state->out = state->service->last_tried_server;
-+                goto done;
-+            }
-+
-+            state->out = state->service->server_list;
-             goto done;
-         }
- 
-@@ -1438,7 +1452,10 @@ resolve_srv_done(struct tevent_req *subreq)
-     }
- 
- done:
--    if (ret != EOK) {
-+    if (ret == ERR_SRV_DUPLICATES) {
-+        tevent_req_error(req, ret);
-+        return;
-+    } else if (ret != EOK) {
-         state->out = state->meta;
-         set_srv_data_status(state->meta->srv_data, SRV_RESOLVE_ERROR);
-         tevent_req_error(req, ret);
--- 
-2.9.3
-
diff --git a/0075-tests-Add-a-regression-test-for-upstream-ticket-3131.patch b/0075-tests-Add-a-regression-test-for-upstream-ticket-3131.patch
deleted file mode 100644
index f1041ef..0000000
--- a/0075-tests-Add-a-regression-test-for-upstream-ticket-3131.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 0db69ed514decc0ccdc0084c44b31102b1314bef Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Wed, 21 Sep 2016 10:44:36 +0200
-Subject: [PATCH 75/79] tests: Add a regression test for upstream ticket #3131
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Tests that running two duplicate SRV resolution queries succeeds
-and returns a valid host name.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit a299f900981343904d7c9c5d148e30b8e0b2c460)
----
- src/tests/cmocka/test_fo_srv.c | 66 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 66 insertions(+)
-
-diff --git a/src/tests/cmocka/test_fo_srv.c b/src/tests/cmocka/test_fo_srv.c
-index a84ce4348d2e59aaab4fc9ac1bd4cfd853ff491d..197f8de5c2f0b5dffa7949a874ea0ca1330554b9 100644
---- a/src/tests/cmocka/test_fo_srv.c
-+++ b/src/tests/cmocka/test_fo_srv.c
-@@ -203,6 +203,8 @@ struct test_fo_ctx {
-     int ttl;
- 
-     struct fo_server *srv;
-+
-+    int num_done;
- };
- 
- int test_fo_srv_data_cmp(void *ud1, void *ud2)
-@@ -691,6 +693,67 @@ static void test_fo_hostlist(void **state)
-     assert_int_equal(ret, ERR_OK);
- }
- 
-+static void test_fo_srv_dup_done(struct tevent_req *req);
-+
-+/* Test that running two parallel SRV queries doesn't return an error.
-+ * This is a regression test for https://fedorahosted.org/sssd/ticket/3131
-+ */
-+void test_fo_srv_duplicates(void **state)
-+{
-+    errno_t ret;
-+    struct tevent_req *req;
-+    struct test_fo_ctx *test_ctx =
-+        talloc_get_type(*state, struct test_fo_ctx);
-+
-+    test_fo_srv_mock_dns(test_ctx, test_ctx->ttl);
-+    test_fo_srv_mock_dns(test_ctx, test_ctx->ttl);
-+
-+    ret = fo_add_srv_server(test_ctx->fo_svc, "_ldap", "sssd.com",
-+                            "sssd.local", "tcp", test_ctx);
-+    assert_int_equal(ret, ERR_OK);
-+
-+    ret = fo_add_server(test_ctx->fo_svc, "ldap1.sssd.com",
-+                        389, (void *) discard_const("ldap://ldap1.sssd.com"),
-+                        true);
-+    assert_int_equal(ret, ERR_OK);
-+
-+    req = fo_resolve_service_send(test_ctx, test_ctx->ctx->ev,
-+                                  test_ctx->resolv, test_ctx->fo_ctx,
-+                                  test_ctx->fo_svc);
-+    assert_non_null(req);
-+    tevent_req_set_callback(req, test_fo_srv_dup_done, test_ctx);
-+
-+    req = fo_resolve_service_send(test_ctx, test_ctx->ctx->ev,
-+                                  test_ctx->resolv, test_ctx->fo_ctx,
-+                                  test_ctx->fo_svc);
-+    assert_non_null(req);
-+    tevent_req_set_callback(req, test_fo_srv_dup_done, test_ctx);
-+
-+    ret = test_ev_loop(test_ctx->ctx);
-+    assert_int_equal(ret, ERR_OK);
-+}
-+
-+static void test_fo_srv_dup_done(struct tevent_req *req)
-+{
-+    struct test_fo_ctx *test_ctx = \
-+        tevent_req_callback_data(req, struct test_fo_ctx);
-+    errno_t ret;
-+    const char *name;
-+
-+    ret = fo_resolve_service_recv(req, test_ctx, &test_ctx->srv);
-+    talloc_zfree(req);
-+    assert_int_equal(ret, EOK);
-+
-+    name = fo_get_server_name(test_ctx->srv);
-+    assert_string_equal(name, "ldap1.sssd.com");
-+
-+    test_ctx->num_done++;
-+    if (test_ctx->num_done == 2) {
-+        test_ctx->ctx->error = ERR_OK;
-+        test_ctx->ctx->done = true;
-+    }
-+}
-+
- int main(int argc, const char *argv[])
- {
-     int rv;
-@@ -715,6 +778,9 @@ int main(int argc, const char *argv[])
-         cmocka_unit_test_setup_teardown(test_fo_srv_ttl_zero,
-                                         test_fo_srv_setup,
-                                         test_fo_srv_teardown),
-+        cmocka_unit_test_setup_teardown(test_fo_srv_duplicates,
-+                                        test_fo_srv_setup,
-+                                        test_fo_srv_teardown),
-     };
- 
-     /* Set debug level to invalid value so we can deside if -d 0 was used. */
--- 
-2.9.3
-
diff --git a/0076-IFP-expose-user-and-group-unique-IDs-through-DBus.patch b/0076-IFP-expose-user-and-group-unique-IDs-through-DBus.patch
deleted file mode 100644
index c474877..0000000
--- a/0076-IFP-expose-user-and-group-unique-IDs-through-DBus.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 407eca9a7167145158272e3d41316b6079b4eb74 Mon Sep 17 00:00:00 2001
-From: Thomas Equeter <firstname@lastname.com>
-Date: Fri, 26 Aug 2016 10:35:30 +0200
-Subject: [PATCH 76/79] IFP: expose user and group unique IDs through DBus
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This adds a uniqueID property on User and Group InfoPipe objects. It has a
-useful value on AD- and IPA-backed domains. For Active Directory, this is the
-GUID.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit e9a2e7afbd09c23dd8748246e09831ed7b17d7c5)
----
- src/db/sysdb.h                          |  2 ++
- src/responder/ifp/ifp_groups.c          | 19 +++++++++++++++++++
- src/responder/ifp/ifp_groups.h          |  4 ++++
- src/responder/ifp/ifp_iface.c           |  2 ++
- src/responder/ifp/ifp_iface.xml         |  2 ++
- src/responder/ifp/ifp_iface_generated.c | 18 ++++++++++++++++++
- src/responder/ifp/ifp_iface_generated.h |  4 ++++
- src/responder/ifp/ifp_users.c           |  7 +++++++
- src/responder/ifp/ifp_users.h           |  4 ++++
- 9 files changed, 62 insertions(+)
-
-diff --git a/src/db/sysdb.h b/src/db/sysdb.h
-index 8713efa6e8fcc6fb620340fe152989a5dae58434..7de3acdf343e0c013ab39a249268c93cbb2d0dbc 100644
---- a/src/db/sysdb.h
-+++ b/src/db/sysdb.h
-@@ -224,6 +224,7 @@
-                         SYSDB_OVERRIDE_DN, \
-                         SYSDB_OVERRIDE_OBJECT_DN, \
-                         SYSDB_DEFAULT_OVERRIDE_NAME, \
-+                        SYSDB_UUID, \
-                         NULL}
- 
- #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
-@@ -235,6 +236,7 @@
-                            SYSDB_OVERRIDE_DN, \
-                            SYSDB_OVERRIDE_OBJECT_DN, \
-                            SYSDB_DEFAULT_OVERRIDE_NAME, \
-+                           SYSDB_UUID, \
-                            NULL}
- 
- #define SYSDB_NETGR_ATTRS {SYSDB_NAME, SYSDB_NETGROUP_TRIPLE, \
-diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
-index babd8ec3f57b0469c8ca35f9f2464a0a32076967..29aebe45e710e53538c317a688077689ece4c979 100644
---- a/src/responder/ifp/ifp_groups.c
-+++ b/src/responder/ifp/ifp_groups.c
-@@ -751,6 +751,25 @@ void ifp_groups_group_get_gid_number(struct sbus_request *sbus_req,
-     return;
- }
- 
-+void ifp_groups_group_get_unique_id(struct sbus_request *sbus_req,
-+                                    void *data,
-+                                    const char **_out)
-+{
-+    struct ldb_message *msg;
-+    struct sss_domain_info *domain;
-+    errno_t ret;
-+
-+    ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg);
-+    if (ret != EOK) {
-+        *_out = 0;
-+        return;
-+    }
-+
-+    *_out = sss_view_ldb_msg_find_attr_as_string(domain, msg, SYSDB_UUID, 0);
-+
-+    return;
-+}
-+
- static errno_t
- ifp_groups_group_get_members(TALLOC_CTX *mem_ctx,
-                              struct sbus_request *sbus_req,
-diff --git a/src/responder/ifp/ifp_groups.h b/src/responder/ifp/ifp_groups.h
-index 4cfabb9d70df92cda02de02cd1dcf7cc5b071ba8..1e0377fae6101473f5fcc6f9f69f12c3adf33f79 100644
---- a/src/responder/ifp/ifp_groups.h
-+++ b/src/responder/ifp/ifp_groups.h
-@@ -64,6 +64,10 @@ void ifp_groups_group_get_gid_number(struct sbus_request *sbus_req,
-                                      void *data,
-                                      uint32_t *_out);
- 
-+void ifp_groups_group_get_unique_id(struct sbus_request *sbus_req,
-+                                    void *data,
-+                                    const char **_out);
-+
- void ifp_groups_group_get_users(struct sbus_request *sbus_req,
-                                 void *data,
-                                 const char ***_out,
-diff --git a/src/responder/ifp/ifp_iface.c b/src/responder/ifp/ifp_iface.c
-index e6ddc687ba9db878ee39fee5868d1f924d58482d..ff306adf3243994ee7f71850226dc1c5e0831f16 100644
---- a/src/responder/ifp/ifp_iface.c
-+++ b/src/responder/ifp/ifp_iface.c
-@@ -104,6 +104,7 @@ struct iface_ifp_users_user iface_ifp_users_user = {
-     .get_gecos = ifp_users_user_get_gecos,
-     .get_homeDirectory = ifp_users_user_get_home_directory,
-     .get_loginShell = ifp_users_user_get_login_shell,
-+    .get_uniqueID = ifp_users_user_get_unique_id,
-     .get_groups = ifp_users_user_get_groups,
-     .get_extraAttributes = ifp_users_user_get_extra_attributes
- };
-@@ -121,6 +122,7 @@ struct iface_ifp_groups_group iface_ifp_groups_group = {
-     .UpdateMemberList = ifp_groups_group_update_member_list,
-     .get_name = ifp_groups_group_get_name,
-     .get_gidNumber = ifp_groups_group_get_gid_number,
-+    .get_uniqueID = ifp_groups_group_get_unique_id,
-     .get_users = ifp_groups_group_get_users,
-     .get_groups = ifp_groups_group_get_groups
- };
-diff --git a/src/responder/ifp/ifp_iface.xml b/src/responder/ifp/ifp_iface.xml
-index 25b104ad70c0fd84b6c0fe9dbb0dc6e6439c1376..41e9f1d026fa434705ea50999ab3d9ad116f7f29 100644
---- a/src/responder/ifp/ifp_iface.xml
-+++ b/src/responder/ifp/ifp_iface.xml
-@@ -186,6 +186,7 @@
-         <property name="gecos" type="s" access="read" />
-         <property name="homeDirectory" type="s" access="read" />
-         <property name="loginShell" type="s" access="read" />
-+        <property name="uniqueID" type="s" access="read" />
-         <property name="groups" type="ao" access="read" />
-         <property name="extraAttributes" type="a{sas}" access="read" />
-     </interface>
-@@ -221,6 +222,7 @@
- 
-         <property name="name" type="s" access="read" />
-         <property name="gidNumber" type="u" access="read" />
-+        <property name="uniqueID" type="s" access="read" />
-         <property name="users" type="ao" access="read" />
-         <property name="groups" type="ao" access="read" />
-     </interface>
-diff --git a/src/responder/ifp/ifp_iface_generated.c b/src/responder/ifp/ifp_iface_generated.c
-index 6156ca2947434f301d206232f83cfc0647007707..ed018a044bd01c69554116946450aca7aacd5fd8 100644
---- a/src/responder/ifp/ifp_iface_generated.c
-+++ b/src/responder/ifp/ifp_iface_generated.c
-@@ -976,6 +976,15 @@ const struct sbus_property_meta iface_ifp_users_user__properties[] = {
-         NULL, /* no invoker */
-     },
-     {
-+        "uniqueID", /* name */
-+        "s", /* type */
-+        SBUS_PROPERTY_READABLE,
-+        offsetof(struct iface_ifp_users_user, get_uniqueID),
-+        sbus_invoke_get_s,
-+        0, /* not writable */
-+        NULL, /* no invoker */
-+    },
-+    {
-         "groups", /* name */
-         "ao", /* type */
-         SBUS_PROPERTY_READABLE,
-@@ -1165,6 +1174,15 @@ const struct sbus_property_meta iface_ifp_groups_group__properties[] = {
-         NULL, /* no invoker */
-     },
-     {
-+        "uniqueID", /* name */
-+        "s", /* type */
-+        SBUS_PROPERTY_READABLE,
-+        offsetof(struct iface_ifp_groups_group, get_uniqueID),
-+        sbus_invoke_get_s,
-+        0, /* not writable */
-+        NULL, /* no invoker */
-+    },
-+    {
-         "users", /* name */
-         "ao", /* type */
-         SBUS_PROPERTY_READABLE,
-diff --git a/src/responder/ifp/ifp_iface_generated.h b/src/responder/ifp/ifp_iface_generated.h
-index 141348249d2da5447fa04495564a8c6a55d67a1b..0c6fd151cd674cdbd4582cb95ef43c9fcc133d6f 100644
---- a/src/responder/ifp/ifp_iface_generated.h
-+++ b/src/responder/ifp/ifp_iface_generated.h
-@@ -88,6 +88,7 @@
- #define IFACE_IFP_USERS_USER_GECOS "gecos"
- #define IFACE_IFP_USERS_USER_HOMEDIRECTORY "homeDirectory"
- #define IFACE_IFP_USERS_USER_LOGINSHELL "loginShell"
-+#define IFACE_IFP_USERS_USER_UNIQUEID "uniqueID"
- #define IFACE_IFP_USERS_USER_GROUPS "groups"
- #define IFACE_IFP_USERS_USER_EXTRAATTRIBUTES "extraAttributes"
- 
-@@ -103,6 +104,7 @@
- #define IFACE_IFP_GROUPS_GROUP_UPDATEMEMBERLIST "UpdateMemberList"
- #define IFACE_IFP_GROUPS_GROUP_NAME "name"
- #define IFACE_IFP_GROUPS_GROUP_GIDNUMBER "gidNumber"
-+#define IFACE_IFP_GROUPS_GROUP_UNIQUEID "uniqueID"
- #define IFACE_IFP_GROUPS_GROUP_USERS "users"
- #define IFACE_IFP_GROUPS_GROUP_GROUPS "groups"
- 
-@@ -294,6 +296,7 @@ struct iface_ifp_users_user {
-     void (*get_gecos)(struct sbus_request *, void *data, const char **);
-     void (*get_homeDirectory)(struct sbus_request *, void *data, const char **);
-     void (*get_loginShell)(struct sbus_request *, void *data, const char **);
-+    void (*get_uniqueID)(struct sbus_request *, void *data, const char **);
-     void (*get_groups)(struct sbus_request *, void *data, const char ***, int *);
-     void (*get_extraAttributes)(struct sbus_request *, void *data, hash_table_t **);
- };
-@@ -328,6 +331,7 @@ struct iface_ifp_groups_group {
-     int (*UpdateMemberList)(struct sbus_request *req, void *data);
-     void (*get_name)(struct sbus_request *, void *data, const char **);
-     void (*get_gidNumber)(struct sbus_request *, void *data, uint32_t*);
-+    void (*get_uniqueID)(struct sbus_request *, void *data, const char **);
-     void (*get_users)(struct sbus_request *, void *data, const char ***, int *);
-     void (*get_groups)(struct sbus_request *, void *data, const char ***, int *);
- };
-diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
-index 5481413ef908785ecf276aad7154e4a7b511fd45..a2bafff5853683443f25f857124214a048132c4a 100644
---- a/src/responder/ifp/ifp_users.c
-+++ b/src/responder/ifp/ifp_users.c
-@@ -774,6 +774,13 @@ void ifp_users_user_get_login_shell(struct sbus_request *sbus_req,
-     ifp_users_get_as_string(sbus_req, data, SYSDB_SHELL, _out);
- }
- 
-+void ifp_users_user_get_unique_id(struct sbus_request *sbus_req,
-+                                  void *data,
-+                                  const char **_out)
-+{
-+    ifp_users_get_as_string(sbus_req, data, SYSDB_UUID, _out);
-+}
-+
- void ifp_users_user_get_groups(struct sbus_request *sbus_req,
-                                void *data,
-                                const char ***_out,
-diff --git a/src/responder/ifp/ifp_users.h b/src/responder/ifp/ifp_users.h
-index 99114fe9562f237204b3121ae3fe1f29dbc256a8..6a3a66951ff2c68cdc220364d28651d53b9d6a68 100644
---- a/src/responder/ifp/ifp_users.h
-+++ b/src/responder/ifp/ifp_users.h
-@@ -84,6 +84,10 @@ void ifp_users_user_get_login_shell(struct sbus_request *sbus_req,
-                                     void *data,
-                                     const char **_out);
- 
-+void ifp_users_user_get_unique_id(struct sbus_request *sbus_req,
-+                                  void *data,
-+                                  const char **_out);
-+
- void ifp_users_user_get_groups(struct sbus_request *sbus_req,
-                                void *data,
-                                const char ***_out,
--- 
-2.9.3
-
diff --git a/0077-SSSDConfig-Do-not-fail-with-nonexisting-domains-serv.patch b/0077-SSSDConfig-Do-not-fail-with-nonexisting-domains-serv.patch
deleted file mode 100644
index bbfc9b2..0000000
--- a/0077-SSSDConfig-Do-not-fail-with-nonexisting-domains-serv.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 3e8165ff6c5251809beb8f8e11ffd45f8bfd69ca Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Wed, 21 Sep 2016 13:56:43 +0200
-Subject: [PATCH 77/79] SSSDConfig: Do not fail with nonexisting
- domains/services
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-dict.keys() returns iterator in python3 and not list
-Chaging data in dictionary while using iterator
-fails with "RuntimeError: dictionary changed size during iteration"
-
-https://fedorahosted.org/sssd/ticket/3107
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
-(cherry picked from commit 1773fdad2730f3f910782781fa286f402ce36cca)
----
- Makefile.am                                        |  1 +
- src/config/SSSDConfig/__init__.py.in               |  4 +--
- src/config/SSSDConfigTest.py                       | 33 ++++++++++++++++++++++
- .../sssd-nonexisting-services-domains.conf         | 13 +++++++++
- 4 files changed, 49 insertions(+), 2 deletions(-)
- create mode 100644 src/config/testconfigs/sssd-nonexisting-services-domains.conf
-
-diff --git a/Makefile.am b/Makefile.am
-index 17c5f26ce9db1e183b30178f1a8714deca1dab03..4385268b21b2de2054d3958f98f28f5ea7cfa191 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,7 @@ dist_noinst_DATA = \
-     src/config/testconfigs/sssd-badversion.conf \
-     src/config/testconfigs/sssd-invalid.conf \
-     src/config/testconfigs/sssd-invalid-badbool.conf \
-+    src/config/testconfigs/sssd-nonexisting-services-domains.conf \
-     src/config/etc/sssd.api.d/crash_test_dummy \
-     contrib/ci/README.md \
-     contrib/ci/configure.sh \
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 0acb751e234ee0c3e6fee332a2ba22f9ac353221..e616ce3dcc7357280418e9abd0bcdeb370b861e6 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -1511,7 +1511,7 @@ class SSSDConfig(SSSDChangeConf):
-             # Remove any entries in this list that don't
-             # correspond to an active service, for integrity
-             configured_services = self.list_services()
--            for srv in service_dict.keys():
-+            for srv in list(service_dict):
-                 if srv not in configured_services:
-                     del service_dict[srv]
- 
-@@ -1794,7 +1794,7 @@ class SSSDConfig(SSSDChangeConf):
-             # Remove any entries in this list that don't
-             # correspond to an active domain, for integrity
-             configured_domains = self.list_domains()
--            for dom in domain_dict.keys():
-+            for dom in list(domain_dict):
-                 if dom not in configured_domains:
-                     del domain_dict[dom]
- 
-diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
-index 8a64a257ab978b81ae4b26918c683b25a30fe7c1..006a034477dd64e3c5a0b2dbd1554bdc1b2635b4 100755
---- a/src/config/SSSDConfigTest.py
-+++ b/src/config/SSSDConfigTest.py
-@@ -1683,6 +1683,39 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
-                             "Domain [%s] unexpectedly found" %
-                             domain)
- 
-+    def testListWithInvalidDomain(self):
-+        sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
-+                                           srcdir + "/etc/sssd.api.d")
-+
-+        # Negative Test - Not Initialized
-+        self.assertRaises(SSSDConfig.NotInitializedError,
-+                          sssdconfig.list_domains)
-+
-+        # Positive Test
-+        sssdconfig.import_config(
-+            srcdir + '/testconfigs/sssd-nonexisting-services-domains.conf'
-+        )
-+
-+        domains = sssdconfig.list_active_domains()
-+        self.assertTrue("active" in domains and len(domains) == 1,
-+                        "domain 'active' not found among active domains")
-+
-+        domains = sssdconfig.list_inactive_domains()
-+        self.assertTrue("inactive" in domains and len(domains) == 1,
-+                        "domain 'inactive' not found among inactive domains")
-+
-+        services = sssdconfig.list_active_services()
-+        self.assertTrue("nss" in services and len(services) == 1,
-+                        "service 'nss' not found among active services")
-+
-+        services = sssdconfig.list_inactive_services()
-+        self.assertTrue(len(services) == 2,
-+                        "unexpected count of inactive services")
-+        for service in ("sssd", "pam"):
-+            self.assertTrue(service in services,
-+                            "service '%s' not found among inactive services"
-+                            % service)
-+
-     def testGetDomain(self):
-         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
-                                            srcdir + "/etc/sssd.api.d")
-diff --git a/src/config/testconfigs/sssd-nonexisting-services-domains.conf b/src/config/testconfigs/sssd-nonexisting-services-domains.conf
-new file mode 100644
-index 0000000000000000000000000000000000000000..d1e248001e76c65fa667d55f469e15aa5696faed
---- /dev/null
-+++ b/src/config/testconfigs/sssd-nonexisting-services-domains.conf
-@@ -0,0 +1,13 @@
-+[domain/active]
-+
-+[domain/inactive]
-+
-+[sssd]
-+domains = nonexistent, active
-+services = nonexistent, nss
-+
-+[nss]
-+debug_level = 1
-+
-+[pam]
-+debug_level = 2
--- 
-2.9.3
-
diff --git a/0078-SPEC-Rename-python-packages-using-macro-python_provi.patch b/0078-SPEC-Rename-python-packages-using-macro-python_provi.patch
deleted file mode 100644
index c8f051d..0000000
--- a/0078-SPEC-Rename-python-packages-using-macro-python_provi.patch
+++ /dev/null
@@ -1,268 +0,0 @@
-From f87452ae46dd917d47b63673da42d371912aee8d Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Wed, 14 Sep 2016 14:31:29 +0200
-Subject: [PATCH 78/79] SPEC: Rename python packages using macro
- %python_provide
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fedora and epel contains macro %python_provide
-for simpler renaming of python packages. It will generate correct
-provides and obsoletes.
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
-(cherry picked from commit 705bc4480a68f69d287b1c89fe9463a0191987c8)
----
- contrib/sssd.spec.in | 90 ++++++++++++++++++++++++++++++++++++++++------------
- 1 file changed, 70 insertions(+), 20 deletions(-)
-
-diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
-index 1f79ca7cd0a56dc1ab9c951abe11dc216ef3ad03..a0937d54903002521f07fb012742eb11f2584c54 100644
---- a/contrib/sssd.spec.in
-+++ b/contrib/sssd.spec.in
-@@ -11,6 +11,46 @@
- %{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
- %endif
- 
-+%{!?python_provide: %global need_python_provide 1}
-+%if 0%{?need_python_provide}
-+%define python_provide() %{lua:
-+        function string.starts(String, Start)
-+                return string.sub(String, 1, string.len(Start)) == Start
-+        end
-+        package = rpm.expand("%{?1:%{1}}");
-+        vr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}")
-+        if (string.starts(package, "python2-")) then
-+                if (rpm.expand("%{?buildarch}") ~= "noarch") then
-+                        str = "Provides: python-" ..
-+                              string.sub(package, 9, string.len(package)) ..
-+                              "%{?_isa} = " .. vr;
-+                        print(rpm.expand(str));
-+                end
-+                print("\\nProvides: python-");
-+                print(string.sub(package, 9, string.len(package)));
-+                print(" = ");
-+                print(vr);
-+                --Obsoleting the previous default python package
-+                if (rpm.expand("%{?buildarch}") ~= "noarch") then
-+                        str = "\\nObsoletes: python-" ..
-+                              string.sub(package, 9, string.len(package)) ..
-+                              "%{?_isa} < " .. vr;
-+                        print(rpm.expand(str));
-+                end
-+                print("\\nObsoletes: python-");
-+                print(string.sub(package, 9, string.len(package)));
-+                print(" < ");
-+                print(vr);
-+        elseif (string.starts(package, "python3-")) then
-+                --No unversioned provides as python3 is not default
-+        else
-+                print("%python_provide: ERROR: ");
-+                print(package);
-+                print(" not recognized.");
-+        end
-+}
-+%endif
-+
- # Fedora and RHEL 6+
- # we don't want to provide private python extension libs
- %define __provides_exclude_from %{python2_sitearch}/.*\.so$
-@@ -95,7 +135,7 @@ Requires: sssd-proxy = %{version}-%{release}
- %if (0%{?with_python3} == 1)
- Requires: python3-sssdconfig = %{version}-%{release}
- %else
--Requires: python-sssdconfig = %{version}-%{release}
-+Requires: python2-sssdconfig = %{version}-%{release}
- %endif
- 
- %global servicename sssd
-@@ -253,8 +293,8 @@ Requires: sssd-common = %{version}-%{release}
- Requires: python3-sss = %{version}-%{release}
- Requires: python3-sssdconfig = %{version}-%{release}
- %else
--Requires: python-sss = %{version}-%{release}
--Requires: python-sssdconfig = %{version}-%{release}
-+Requires: python2-sss = %{version}-%{release}
-+Requires: python2-sssdconfig = %{version}-%{release}
- %endif
- 
- %description tools
-@@ -267,13 +307,14 @@ Also provides several other administrative tools:
-     * sss_obfuscate for generating an obfuscated LDAP password
-     * sssctl -- an sssd status and control utility
- 
--%package -n python-sssdconfig
-+%package -n python2-sssdconfig
- Summary: SSSD and IPA configuration file manipulation classes and functions
- Group: Applications/System
- License: GPLv3+
- BuildArch: noarch
-+%{python_provide python2-sssdconfig}
- 
--%description -n python-sssdconfig
-+%description -n python2-sssdconfig
- Provides python2 files for manipulation SSSD and IPA configuration files.
- 
- %if (0%{?with_python3} == 1)
-@@ -282,18 +323,20 @@ Summary: SSSD and IPA configuration file manipulation classes and functions
- Group: Applications/System
- License: GPLv3+
- BuildArch: noarch
-+%{python_provide python3-sssdconfig}
- 
- %description -n python3-sssdconfig
- Provides python3 files for manipulation SSSD and IPA configuration files.
- %endif
- 
--%package -n python-sss
-+%package -n python2-sss
- Summary: Python2 bindings for sssd
- Group: Development/Libraries
- License: LGPLv3+
- Requires: sssd-common = %{version}-%{release}
-+%{python_provide python2-sss}
- 
--%description -n python-sss
-+%description -n python2-sss
- Provides python2 module for manipulating users, groups, and nested groups in
- SSSD when using id_provider = local in /etc/sssd/sssd.conf.
- 
-@@ -307,6 +350,7 @@ Summary: Python3 bindings for sssd
- Group: Development/Libraries
- License: LGPLv3+
- Requires: sssd-common = %{version}-%{release}
-+%{python_provide python3-sss}
- 
- %description -n python3-sss
- Provides python3 module for manipulating users, groups, and nested groups in
-@@ -317,12 +361,13 @@ Also provides several other useful python3 bindings:
-     * class for obfuscation of passwords
- %endif
- 
--%package -n python-sss-murmur
-+%package -n python2-sss-murmur
- Summary: Python2 bindings for murmur hash function
- Group: Development/Libraries
- License: LGPLv3+
-+%{python_provide python2-sss-murmur}
- 
--%description -n python-sss-murmur
-+%description -n python2-sss-murmur
- Provides python2 module for calculating the murmur hash version 3
- 
- %if (0%{?with_python3} == 1)
-@@ -330,6 +375,7 @@ Provides python2 module for calculating the murmur hash version 3
- Summary: Python3 bindings for murmur hash function
- Group: Development/Libraries
- License: LGPLv3+
-+%{python_provide python3-sss-murmur}
- 
- %description -n python3-sss-murmur
- Provides python3 module for calculating the murmur hash version 3
-@@ -459,16 +505,17 @@ Requires: libipa_hbac = %{version}-%{release}
- %description -n libipa_hbac-devel
- Utility library to validate FreeIPA HBAC rules for authorization requests
- 
--%package -n python-libipa_hbac
-+%package -n python2-libipa_hbac
- Summary: Python2 bindings for the FreeIPA HBAC Evaluator library
- Group: Development/Libraries
- License: LGPLv3+
- Requires: libipa_hbac = %{version}-%{release}
- Provides: libipa_hbac-python = %{version}-%{release}
- Obsoletes: libipa_hbac-python < 1.12.90
-+%{python_provide python2-libipa_hbac}
- 
--%description -n python-libipa_hbac
--The python-libipa_hbac contains the bindings so that libipa_hbac can be
-+%description -n python2-libipa_hbac
-+The python2-libipa_hbac contains the bindings so that libipa_hbac can be
- used by Python applications.
- 
- %if (0%{?with_python3} == 1)
-@@ -477,6 +524,7 @@ Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
- Group: Development/Libraries
- License: LGPLv3+
- Requires: libipa_hbac = %{version}-%{release}
-+%{python_provide python3-libipa_hbac}
- 
- %description -n python3-libipa_hbac
- The python3-libipa_hbac contains the bindings so that libipa_hbac can be
-@@ -502,16 +550,17 @@ Requires: libsss_nss_idmap = %{version}-%{release}
- %description -n libsss_nss_idmap-devel
- Utility library for SID and certificate based lookups
- 
--%package -n python-libsss_nss_idmap
-+%package -n python2-libsss_nss_idmap
- Summary: Python2 bindings for libsss_nss_idmap
- Group: Development/Libraries
- License: LGPLv3+
- Requires: libsss_nss_idmap = %{version}-%{release}
- Provides: libsss_nss_idmap-python = %{version}-%{release}
- Obsoletes: libsss_nss_idmap-python < 1.12.90
-+%{python_provide python2-libsss_nss_idmap}
- 
--%description -n python-libsss_nss_idmap
--The python-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
-+%description -n python2-libsss_nss_idmap
-+The python2-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
- be used by Python applications.
- 
- %if (0%{?with_python3} == 1)
-@@ -520,6 +569,7 @@ Summary: Python3 bindings for libsss_nss_idmap
- Group: Development/Libraries
- License: LGPLv3+
- Requires: libsss_nss_idmap = %{version}-%{release}
-+%{python_provide python3-libsss_nss_idmap}
- 
- %description -n python3-libsss_nss_idmap
- The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
-@@ -963,7 +1013,7 @@ done
- %{_mandir}/man8/sss_seed.8*
- %{_mandir}/man8/sssctl.8*
- 
--%files -n python-sssdconfig -f python2_sssdconfig.lang
-+%files -n python2-sssdconfig -f python2_sssdconfig.lang
- %defattr(-,root,root,-)
- %dir %{python2_sitelib}/SSSDConfig
- %{python2_sitelib}/SSSDConfig/*.py*
-@@ -977,7 +1027,7 @@ done
- %{python3_sitelib}/SSSDConfig/__pycache__/*.py*
- %endif
- 
--%files -n python-sss
-+%files -n python2-sss
- %defattr(-,root,root,-)
- %{python2_sitearch}/pysss.so
- 
-@@ -987,7 +1037,7 @@ done
- %{python3_sitearch}/pysss.so
- %endif
- 
--%files -n python-sss-murmur
-+%files -n python2-sss-murmur
- %defattr(-,root,root,-)
- %{python2_sitearch}/pysss_murmur.so
- 
-@@ -1033,7 +1083,7 @@ done
- %{_libdir}/libsss_nss_idmap.so
- %{_libdir}/pkgconfig/sss_nss_idmap.pc
- 
--%files -n python-libsss_nss_idmap
-+%files -n python2-libsss_nss_idmap
- %defattr(-,root,root,-)
- %{python2_sitearch}/pysss_nss_idmap.so
- 
-@@ -1043,7 +1093,7 @@ done
- %{python3_sitearch}/pysss_nss_idmap.so
- %endif
- 
--%files -n python-libipa_hbac
-+%files -n python2-libipa_hbac
- %defattr(-,root,root,-)
- %{python2_sitearch}/pyhbac.so
- 
--- 
-2.9.3
-
diff --git a/0079-KRB5-Fixing-FQ-name-of-user-in-krb5_setup.patch b/0079-KRB5-Fixing-FQ-name-of-user-in-krb5_setup.patch
deleted file mode 100644
index ee77721..0000000
--- a/0079-KRB5-Fixing-FQ-name-of-user-in-krb5_setup.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-From 6f97e6da7389e541f74855c702f8dafa02bbee67 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
-Date: Wed, 14 Sep 2016 09:00:06 -0400
-Subject: [PATCH 79/79] KRB5: Fixing FQ name of user in krb5_setup()
-
-This patch fixes creation of FQ username if krb5_map_user option
-ise used.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3188
-
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit b34ffbf33729c557c3d1aebf4707ad0ffe4f1904)
----
- src/providers/krb5/krb5_auth.c        |  8 +++++++-
- src/providers/krb5/krb5_init_shared.c |  1 +
- src/providers/krb5/krb5_utils.c       | 26 +++++++++++++++++++++++++-
- src/providers/krb5/krb5_utils.h       |  4 +++-
- src/tests/krb5_utils-tests.c          | 33 ++++++++++++++++++++-------------
- 5 files changed, 56 insertions(+), 16 deletions(-)
-
-diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
-index f0f2280022a3ee951ccfa0040b616c48c3b25706..a5ecb24323d3d413bc08f100b90195d3619172d3 100644
---- a/src/providers/krb5/krb5_auth.c
-+++ b/src/providers/krb5/krb5_auth.c
-@@ -207,7 +207,13 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx,
-     if (ret == EOK) {
-         DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name);
-         kr->user = mapped_name;
--        kr->kuserok_user = mapped_name;
-+
-+        kr->kuserok_user = sss_output_name(kr, kr->user,
-+                                           dom->case_sensitive, 0);
-+        if (kr->kuserok_user == NULL) {
-+            ret = ENOMEM;
-+            goto done;
-+        }
-     } else if (ret == ENOENT) {
-         DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
-         kr->user = pd->user;
-diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
-index 767291c0b953ea3f227f64a7e21f191262424cf5..c8fd8593a8b6d304fe314254c940351fa5ee12f3 100644
---- a/src/providers/krb5/krb5_init_shared.c
-+++ b/src/providers/krb5/krb5_init_shared.c
-@@ -94,6 +94,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
-     ret = parse_krb5_map_user(krb5_auth_ctx,
-                               dp_opt_get_cstring(krb5_auth_ctx->opts,
-                                                  KRB5_MAP_USER),
-+                              bectx->domain->name,
-                               &krb5_auth_ctx->name_to_primary);
-     if (ret != EOK) {
-         DEBUG(SSSDBG_OP_FAILURE, "parse_krb5_map_user failed: %s:[%d]\n",
-diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
-index 0ac60daee533ea1264bc55d0d65054ed38b3a092..e968dfa5fe50c43c51e624507261ae2c8263b67d 100644
---- a/src/providers/krb5/krb5_utils.c
-+++ b/src/providers/krb5/krb5_utils.c
-@@ -521,7 +521,9 @@ done:
- }
- 
- errno_t
--parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
-+parse_krb5_map_user(TALLOC_CTX *mem_ctx,
-+                    const char *krb5_map_user,
-+                    const char *dom_name,
-                     struct map_id_name_to_krb_primary **_name_to_primary)
- {
-     int size;
-@@ -570,6 +572,28 @@ parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
-         }
-     }
- 
-+    /* conversion names to fully-qualified names */
-+    for (int i = 0; i < size; i++) {
-+        name_to_primary[i].id_name = sss_create_internal_fqname(
-+                                                     name_to_primary,
-+                                                     name_to_primary[i].id_name,
-+                                                     dom_name);
-+        if (name_to_primary[i].id_name == NULL) {
-+            DEBUG(SSSDBG_OP_FAILURE, "sss_create_internal_fqname failed\n");
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+
-+        name_to_primary[i].krb_primary = sss_create_internal_fqname(
-+                                                 name_to_primary,
-+                                                 name_to_primary[i].krb_primary,
-+                                                 dom_name);
-+        if (name_to_primary[i].krb_primary == NULL) {
-+            DEBUG(SSSDBG_OP_FAILURE, "sss_create_internal_fqname failed\n");
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+    }
-     ret = EOK;
- 
- done:
-diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
-index 75b93c30ef5be5d16f2ce73f44abef674c6e98ff..3051a99445054638d04fbee34415e9cf3d226588 100644
---- a/src/providers/krb5/krb5_utils.h
-+++ b/src/providers/krb5/krb5_utils.h
-@@ -51,7 +51,9 @@ errno_t get_domain_or_subdomain(struct be_ctx *be_ctx,
-                                 struct sss_domain_info **dom);
- 
- errno_t
--parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
-+parse_krb5_map_user(TALLOC_CTX *mem_ctx,
-+                    const char *krb5_map_user,
-+                    const char *dom_name,
-                     struct map_id_name_to_krb_primary **_name_to_primary);
- 
- #endif /* __KRB5_UTILS_H__ */
-diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
-index 515a1941509c13ca4ad8d9953687f9047da29426..36bd0324475e161e627006de0ddcbc775f8a749b 100644
---- a/src/tests/krb5_utils-tests.c
-+++ b/src/tests/krb5_utils-tests.c
-@@ -614,25 +614,25 @@ START_TEST(test_parse_krb5_map_user)
-     /* empty input */
-     {
-         check_leaks_push(mem_ctx);
--        ret = parse_krb5_map_user(mem_ctx, NULL, &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, NULL, DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EOK);
-         fail_unless(name_to_primary[0].id_name == NULL &&
-                     name_to_primary[0].krb_primary == NULL);
-         talloc_free(name_to_primary);
- 
--        ret = parse_krb5_map_user(mem_ctx, "", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, "", DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EOK);
-         fail_unless(name_to_primary[0].id_name == NULL &&
-                     name_to_primary[0].krb_primary == NULL);
-         talloc_free(name_to_primary);
- 
--        ret = parse_krb5_map_user(mem_ctx, ",", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, ",", DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EOK);
-         fail_unless(name_to_primary[0].id_name == NULL &&
-                     name_to_primary[0].krb_primary == NULL);
-         talloc_free(name_to_primary);
- 
--        ret = parse_krb5_map_user(mem_ctx, ",,", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, ",,", DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EOK);
-         fail_unless(name_to_primary[0].id_name == NULL &&
-                     name_to_primary[0].krb_primary == NULL);
-@@ -645,14 +645,16 @@ START_TEST(test_parse_krb5_map_user)
-         check_leaks_push(mem_ctx);
-         const char *p = "pája:preichl,joe:juser,jdoe:ßlack";
-         const char *p2 = " pája  : preichl , joe:\njuser,jdoe\t:   ßlack ";
--        const char *expected[] = {"pája", "preichl", "joe", "juser", "jdoe", "ßlack"};
--        ret = parse_krb5_map_user(mem_ctx, p, &name_to_primary);
-+        const char *expected[] = { "pája@testdomain", "preichl@" DOMAIN_NAME,
-+                                   "joe@testdomain", "juser@testdomain",
-+                                   "jdoe@testdomain", "ßlack@testdomain" };
-+        ret = parse_krb5_map_user(mem_ctx, p, DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EOK);
-         compare_map_id_name_to_krb_primary(name_to_primary, expected,
-                                          sizeof(expected)/sizeof(const char*)/2);
-         talloc_free(name_to_primary);
- 
--        ret = parse_krb5_map_user(mem_ctx, p2, &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, p2, DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EOK);
-         compare_map_id_name_to_krb_primary(name_to_primary,  expected,
-                                          sizeof(expected)/sizeof(const char*)/2);
-@@ -663,22 +665,27 @@ START_TEST(test_parse_krb5_map_user)
-     {
-         check_leaks_push(mem_ctx);
- 
--        ret = parse_krb5_map_user(mem_ctx, ":", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, ":", DOMAIN_NAME, &name_to_primary);
-         fail_unless(ret == EINVAL);
- 
--        ret = parse_krb5_map_user(mem_ctx, "joe:", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, "joe:", DOMAIN_NAME,
-+                                  &name_to_primary);
-         fail_unless(ret == EINVAL);
- 
--        ret = parse_krb5_map_user(mem_ctx, ":joe", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, ":joe", DOMAIN_NAME,
-+                                  &name_to_primary);
-         fail_unless(ret == EINVAL);
- 
--        ret = parse_krb5_map_user(mem_ctx, "joe:,", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, "joe:,", DOMAIN_NAME,
-+                                  &name_to_primary);
-         fail_unless(ret == EINVAL);
- 
--        ret = parse_krb5_map_user(mem_ctx, ",joe", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, ",joe", DOMAIN_NAME,
-+                                  &name_to_primary);
-         fail_unless(ret == EINVAL);
- 
--        ret = parse_krb5_map_user(mem_ctx, "joe:j:user", &name_to_primary);
-+        ret = parse_krb5_map_user(mem_ctx, "joe:j:user", DOMAIN_NAME,
-+                                  &name_to_primary);
-         fail_unless(ret == EINVAL);
- 
-         fail_unless(check_leaks_pop(mem_ctx));
--- 
-2.9.3
-
diff --git a/0080-libwbclient-sssd-update-interface-to-version-0.13.patch b/0080-libwbclient-sssd-update-interface-to-version-0.13.patch
deleted file mode 100644
index 5fe87f2..0000000
--- a/0080-libwbclient-sssd-update-interface-to-version-0.13.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From 08421a1e4416e0992e95c797536864e86ea6cccc Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 7 Oct 2016 17:47:59 +0200
-Subject: [PATCH 80/80] libwbclient-sssd: update interface to version 0.13
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds wbcCtxUnixIdsToSids() and wbcUnixIdsToSids() to SSSD's
-libwbclient and implements the latter.
-
-Resolves:
-https://fedorahosted.org/sssd/ticket/3181
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
-(cherry picked from commit f3347a0c72afc75b4d829e9981d1bac6b05a8306)
----
- src/conf_macros.m4                          |  4 ++--
- src/sss_client/libwbclient/wbc_ctx_sssd.c   |  7 +++++++
- src/sss_client/libwbclient/wbc_idmap_sssd.c | 26 ++++++++++++++++++++++++
- src/sss_client/libwbclient/wbclient.exports |  6 ++++++
- src/sss_client/libwbclient/wbclient_sssd.h  | 31 ++++++++++++++++++++++++++++-
- 5 files changed, 71 insertions(+), 3 deletions(-)
-
-diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
-index bc295c5e79d3c699b25cebf38e8c0f0112de010d..427b0e08d400d6e5628537b28bb93bc2fc6239a4 100644
---- a/src/conf_macros.m4
-+++ b/src/conf_macros.m4
-@@ -727,10 +727,10 @@ AC_DEFUN([WITH_LIBWBCLIENT],
-     if test x"$with_libwbclient" = xyes; then
-         AC_DEFINE(BUILD_LIBWBCLIENT, 1, [whether to build SSSD implementation of libwbclient])
- 
--        libwbclient_version="0.12"
-+        libwbclient_version="0.13"
-         AC_SUBST(libwbclient_version)
- 
--        libwbclient_version_info="12:0:12"
-+        libwbclient_version_info="13:0:13"
-         AC_SUBST(libwbclient_version_info)
-     fi
-     AM_CONDITIONAL([BUILD_LIBWBCLIENT], [test x"$with_libwbclient" = xyes])
-diff --git a/src/sss_client/libwbclient/wbc_ctx_sssd.c b/src/sss_client/libwbclient/wbc_ctx_sssd.c
-index 1f259ee00e48d68d8da3f6b0abc12175a70c1f20..0f5aff473e984fbc630fc0ca8aa1647de51cbde4 100644
---- a/src/sss_client/libwbclient/wbc_ctx_sssd.c
-+++ b/src/sss_client/libwbclient/wbc_ctx_sssd.c
-@@ -167,6 +167,13 @@ wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx,
-     WBC_SSSD_NOT_IMPLEMENTED;
- }
- 
-+wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
-+                           const struct wbcUnixId *ids, uint32_t num_ids,
-+                           struct wbcDomainSid *sids)
-+{
-+    WBC_SSSD_NOT_IMPLEMENTED;
-+}
-+
- wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid)
- {
-     WBC_SSSD_NOT_IMPLEMENTED;
-diff --git a/src/sss_client/libwbclient/wbc_idmap_sssd.c b/src/sss_client/libwbclient/wbc_idmap_sssd.c
-index 6b5f525f0433c948e4d570d177dc6cffd82eff40..c8da9754265a1ad3ef098c545a2b2d8d3c548d4d 100644
---- a/src/sss_client/libwbclient/wbc_idmap_sssd.c
-+++ b/src/sss_client/libwbclient/wbc_idmap_sssd.c
-@@ -202,3 +202,29 @@ wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
- 
-     return WBC_ERR_SUCCESS;
- }
-+
-+wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids,
-+                        struct wbcDomainSid *sids)
-+{
-+    size_t c;
-+    wbcErr wbc_status;
-+
-+    for (c = 0; c < num_ids; c++) {
-+        switch (ids[c].type) {
-+        case WBC_ID_TYPE_UID:
-+            wbc_status = wbcUidToSid(ids[c].id.uid, &sids[c]);
-+            break;
-+        case WBC_ID_TYPE_GID:
-+            wbc_status = wbcGidToSid(ids[c].id.gid, &sids[c]);
-+            break;
-+        default:
-+            wbc_status = WBC_ERR_INVALID_PARAM;
-+        }
-+
-+        if (!WBC_ERROR_IS_OK(wbc_status)) {
-+            sids[c] = (struct wbcDomainSid){ 0 };
-+        };
-+    }
-+
-+    return WBC_ERR_SUCCESS;
-+}
-diff --git a/src/sss_client/libwbclient/wbclient.exports b/src/sss_client/libwbclient/wbclient.exports
-index 574c1d1fe232fad0a4c104de086977515a05ab84..9d3c2040e7d393c0057d44864826cefc2e3f7a31 100644
---- a/src/sss_client/libwbclient/wbclient.exports
-+++ b/src/sss_client/libwbclient/wbclient.exports
-@@ -144,3 +144,9 @@ WBCLIENT_0.12 {
-         wbcCtxPingDc;
-         wbcCtxPingDc2;
- } WBCLIENT_0.11;
-+
-+WBCLIENT_0.13 {
-+    global:
-+        wbcUnixIdsToSids;
-+        wbcCtxUnixIdsToSids;
-+} WBCLIENT_0.12;
-diff --git a/src/sss_client/libwbclient/wbclient_sssd.h b/src/sss_client/libwbclient/wbclient_sssd.h
-index ec6d032814445bff0819b4de0df07ccf4008aefc..50ba7f84304df5f24a31cbbad857f22d1c70964d 100644
---- a/src/sss_client/libwbclient/wbclient_sssd.h
-+++ b/src/sss_client/libwbclient/wbclient_sssd.h
-@@ -73,9 +73,10 @@ const char *wbcErrorString(wbcErr error);
-  *  0.10: Added wbcPingDc2()
-  *  0.11: Extended wbcAuthenticateUserEx to provide PAC parsing
-  *  0.12: Added wbcCtxCreate and friends
-+ *  0.13: Added wbcCtxUnixIdsToSids and wbcUnixIdsToSids
-  **/
- #define WBCLIENT_MAJOR_VERSION 0
--#define WBCLIENT_MINOR_VERSION 12
-+#define WBCLIENT_MINOR_VERSION 13
- #define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
- struct wbcLibraryDetails {
-     uint16_t major_version;
-@@ -1031,6 +1032,34 @@ wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
-                         struct wbcUnixId *ids);
- 
- /**
-+ * @brief Convert a list of unix ids to sids
-+ *
-+ * @param ctx         wbclient Context
-+ * @param ids         Pointer to an array of UNIX IDs to convert
-+ * @param num_ids     Number of UNIX IDs
-+ * @param sids        Preallocated output array for translated SIDs
-+ *
-+ * @return #wbcErr
-+ *
-+ **/
-+wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
-+                           const struct wbcUnixId *ids, uint32_t num_ids,
-+                           struct wbcDomainSid *sids);
-+
-+/**
-+ * @brief Convert a list of unix ids to sids
-+ *
-+ * @param ids         Pointer to an array of UNIX IDs to convert
-+ * @param num_ids     Number of UNIX IDs
-+ * @param sids        Preallocated output array for translated SIDs
-+ *
-+ * @return #wbcErr
-+ *
-+ **/
-+wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids,
-+                        struct wbcDomainSid *sids);
-+
-+/**
-  * @brief Obtain a new uid from Winbind
-  *
-  * @param *ctx        wbclient Context
--- 
-2.9.3
-
diff --git a/sources b/sources
index b0f01ce..c38e032 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-cb79e3a391a537fd2be487d822bbf7c1  sssd-1.14.1.tar.gz
+8ddcc386b539c1adb6de85e6b290f572  sssd-1.14.2.tar.gz
diff --git a/sssd.spec b/sssd.spec
index 6a690e0..2fdd8d5 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -25,8 +25,8 @@
 %endif
 
 Name: sssd
-Version: 1.14.1
-Release: 4%{?dist}
+Version: 1.14.2
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -35,86 +35,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
-Patch0001: 0001-CONFIG-selinux_provider-is-a-valid-provider-type.patch
-Patch0002: 0002-CONFIG-session_provider-does-not-exist-anymore.patch
-Patch0003: 0003-PROXY-Use-the-fqname-when-converting-to-lowercase.patch
-Patch0004: 0004-sssd_netgroup.py-Resolve-nested-netgroups.patch
-Patch0005: 0005-LDAP-Fixing-of-removing-netgroup-from-cache.patch
-Patch0006: 0006-INTG-Adding-support-for-netgroups-to-ldap_ent.patch
-Patch0007: 0007-INTG-Tests-for-ldap-nested-netgroups.patch
-Patch0008: 0008-watchdog-cope-with-time-shift.patch
-Patch0009: 0009-BUILD-Allow-to-read-private-pipes-for-root.patch
-Patch0010: 0010-SYSDB-Rework-sysdb_cache_connect.patch
-Patch0011: 0011-SYSDB-Remove-the-timestamp-cache-for-a-newly-created.patch
-Patch0012: 0012-SECRETS-Return-ENOENT-when_deleting-a-non-existent-s.patch
-Patch0013: 0013-SPEC-Fix-typo-in-Summary.patch
-Patch0014: 0014-IPA-Parse-qualified-names-when-guessing-AD-user-prin.patch
-Patch0015: 0015-PROXY-Remove-lowercase-attribute-from-save_user.patch
-Patch0016: 0016-PROXY-Remove-cache_timeout-attribute-from-save_user.patch
-Patch0017: 0017-PROXY-Remove-cache_timeout-attribute-from-save_group.patch
-Patch0018: 0018-PROXY-Mention-that-save_user-s-parameters-are-alread.patch
-Patch0019: 0019-PROXY-Share-common-code-of-save_-group-user.patch
-Patch0020: 0020-SYSDB-Fix-uninitialized-scalar-variable.patch
-Patch0021: 0021-BUILD-Add-a-few-more-targets-for-intg-tests.patch
-Patch0022: 0022-BUILD-Clean-up-prerelease-targets.patch
-Patch0023: 0023-BUILD-Fix-typo-in-intgcheck-run-rule.patch
-Patch0024: 0024-BUILD-Remove-leftover-after-sysdb-refactoring.patch
-Patch0025: 0025-MONITOR-Remove-the-no-longer-used-diag_cmd-command.patch
-Patch0026: 0026-MONITOR-Remove-the-no-longer-used-kill_service-comma.patch
-Patch0027: 0027-WATCHDOG-define-and-use-_MAX_TICKS-as-3.patch
-Patch0028: 0028-PROXY-Use-right-name-in-ldap-filter.patch
-Patch0029: 0029-SECRETS-Make-internal-function-static.patch
-Patch0030: 0030-SECRETS-Make-reading-the-config-options-more-uniform.patch
-Patch0031: 0031-dyndns-fix-typo-and-unify-ipa-with-ad-debug-message-.patch
-Patch0032: 0032-netlink-Don-t-define-USE_GNU.patch
-Patch0033: 0033-MONITOR-Remove-leftovers-from-diag_cmd.patch
-Patch0034: 0034-MONITOR-Remove-leftovers-from-kill_service.patch
-Patch0035: 0035-SYSDB-Fix-error-handling-in-sysdb_get_user_members_r.patch
-Patch0036: 0036-DEBUG-Apend-line-feed-to-messages-from-libsemanage.patch
-Patch0037: 0037-MAN-Document-the-ldap_user_primary_group-option.patch
-Patch0038: 0038-sdap_initgr_nested_get_membership_diff-use-fully-qua.patch
-Patch0039: 0039-SYSDB-Removing-of-unused-parameter.patch
-Patch0040: 0040-SYSDB-Suppress-warning-from-clang-static-analyser.patch
-Patch0041: 0041-TOOLS-Fix-a-typo-in-groupadd.patch
-Patch0042: 0042-TOOLS-sss_groupshow-did-not-work.patch
-Patch0043: 0043-TESTS-sss_groupadd-groupshow-regressions.patch
-Patch0044: 0044-TOOLS-use-internal-fqdn-for-DN.patch
-Patch0045: 0045-TESTS-Test-for-sss_user-groupmod-a.patch
-Patch0046: 0046-TOOLS-sss_mc_refresh_nested_group-short-fqname-usage.patch
-Patch0047: 0047-TESTS-Add-FQDN-variants-for-some-tests.patch
-Patch0048: 0048-KRB5-Send-the-output-username-not-internal-fqname-to.patch
-Patch0049: 0049-MONITOR-Remove-disable-netlink-command-line-option.patch
-Patch0050: 0050-MONITOR-Add-disable_netlink-option.patch
-Patch0051: 0051-TOOLS-sss_override-without-name-override.patch
-Patch0052: 0052-TEST-Add-regression-test-for-ticket-3179.patch
-Patch0053: 0053-TOOLS-sss_groupshow-fails-to-show-MPG.patch
-Patch0054: 0054-TESTS-sss_groupshow-with-MPG.patch
-Patch0055: 0055-KRB5-Return-ERR_NETWORK_IO-on-clock-skew.patch
-Patch0056: 0056-SDAP-Fix-settig-paging-attribute-in-sdap_get_generic.patch
-Patch0057: 0057-PROXY-Adding-proxy_max_children-option.patch
-Patch0058: 0058-SECRETS-Search-by-the-right-type-when-checking-conta.patch
-Patch0059: 0059-LDAP-Return-partial-results-from-adminlimit-exceeded.patch
-Patch0060: 0060-MAN-sssd-sudo-manual-update-IPA-native-LDAP-tree-sup.patch
-Patch0061: 0061-p11-only-set-PKCS11_LOGIN_TOKEN_NAME-if-gdm-smartcar.patch
-Patch0062: 0062-p11-return-a-fully-qualified-name.patch
-Patch0063: 0063-pam_sss-check-PKCS11_LOGIN_TOKEN_NAME.patch
-Patch0064: 0064-SECRETS-Don-t-remove-a-container-when-it-has-childre.patch
-Patch0065: 0065-PAM-call-free-only-when-memory-is-expected-to-be-all.patch
-Patch0066: 0066-TESTS-Fixing-of-const-warnings-in-sbus-tests.patch
-Patch0067: 0067-MAKEFILE-Fixing-CFLAGS-in-some-tests.patch
-Patch0068: 0068-TESTS-Add-integration-tests-for-the-sssd-secrets.patch
-Patch0069: 0069-AUTOFS-Fix-offline-resolution-of-autofs-maps.patch
-Patch0070: 0070-NSS-Fix-offline-resolution-of-netgroups.patch
-Patch0071: 0071-TESTS-Test-offline-netgroups-resolution.patch
-Patch0072: 0072-Remove-double-semicolon-at-the-end-of-line.patch
-Patch0073: 0073-TESTS-Add-simple-test-for-double-semicolon.patch
-Patch0074: 0074-failover-proceed-normally-when-no-new-server-is-foun.patch
-Patch0075: 0075-tests-Add-a-regression-test-for-upstream-ticket-3131.patch
-Patch0076: 0076-IFP-expose-user-and-group-unique-IDs-through-DBus.patch
-Patch0077: 0077-SSSDConfig-Do-not-fail-with-nonexisting-domains-serv.patch
-Patch0078: 0078-SPEC-Rename-python-packages-using-macro-python_provi.patch
-Patch0079: 0079-KRB5-Fixing-FQ-name-of-user-in-krb5_setup.patch
-Patch0080: 0080-libwbclient-sssd-update-interface-to-version-0.13.patch
 
 ### Dependencies ###
 
@@ -484,7 +404,7 @@ Obsoletes: libipa_hbac-python < 1.13.0
 %{?python_provide:%python_provide python2-libipa_hbac}
 
 %description -n python2-libipa_hbac
-The python-libipa_hbac contains the bindings so that libipa_hbac can be
+The python2-libipa_hbac contains the bindings so that libipa_hbac can be
 used by Python applications.
 
 %package -n python3-libipa_hbac
@@ -661,10 +581,6 @@ autoreconf -ivf
 make %{?_smp_mflags} all docs
 
 %check
-# workaround for wrong permissing in test introduced in patch
-# remove after rebase to 1.14.2
-chmod a+x ./src/tests/double_semicolon_test
-
 export CK_TIMEOUT_MULTIPLIER=10
 make %{?_smp_mflags} check VERBOSE=yes
 unset CK_TIMEOUT_MULTIPLIER
@@ -853,6 +769,7 @@ done
 %{_mandir}/man5/sssd.conf.5*
 %{_mandir}/man5/sssd-simple.5*
 %{_mandir}/man5/sssd-sudo.5*
+%{_mandir}/man5/sssd-secrets.5*
 %{_mandir}/man5/sss_rpcidmapd.5*
 %{_mandir}/man8/sssd.8*
 %{_mandir}/man8/sss_cache.8*
@@ -1141,14 +1058,6 @@ fi
 %postun -n libsss_simpleifp -p /sbin/ldconfig
 
 %posttrans libwbclient
-# Alternatives was removed only if package was uninstalled
-# However in cease of package upgrade and soname bump the
-# the old alternative was not removed.
-# This is a workaround/fix for unused alternative
-%{_sbindir}/update-alternatives \
-    --remove libwbclient.so.0.11%{libwbc_alternatives_suffix} \
-             %{_libdir}/%{name}/modules/libwbclient.so.0.11.0
-
 %{_sbindir}/update-alternatives \
     --install %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \
               libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
@@ -1172,6 +1081,10 @@ fi
                                 %{_libdir}/%{name}/modules/libwbclient.so
 
 %changelog
+* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1
+- New upstream release 1.14.2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
+
 * Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4
 - libwbclient-sssd: update interface to version 0.13