sssd.git/src/tests, branch memberof sssd with jhrozek's patches sss_nss_idmap-tests: Use different prepared buffers for big endian 2015-05-04T11:55:02+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-05-04T05:34:19+00:00 582f6b1d15d216a39a66b70f0b3ecdf5b0f47673 We get error EBADMSG instead of EOK due to endianess issue [==========] Running 2 test(s). [ RUN ] test_getsidbyname 0x4a != 0 src/tests/cmocka/sss_nss_idmap-tests.c:108: error: Failure! [ FAILED ] test_getsidbyname [ RUN ] test_getorigbyname 0x4a != 0 src/tests/cmocka/sss_nss_idmap-tests.c:127: error: Failure! [ FAILED ] test_getorigbyname Reviewed-by: Sumit Bose <sbose@redhat.com> 
We get error EBADMSG instead of EOK due to endianess issue

[==========] Running 2 test(s).
[ RUN      ] test_getsidbyname
0x4a != 0
src/tests/cmocka/sss_nss_idmap-tests.c:108: error: Failure!

[  FAILED  ] test_getsidbyname
[ RUN      ] test_getorigbyname
0x4a != 0
src/tests/cmocka/sss_nss_idmap-tests.c:127: error: Failure!

[  FAILED  ] test_getorigbyname

Reviewed-by: Sumit Bose <sbose@redhat.com>
IPA: allow initgroups by SID for AD users 2015-04-29T09:33:22+00:00 Sumit Bose sbose@redhat.com 2015-04-22T14:57:37+00:00 f70a1adbfc30b9acc302027439fb8157e0c6ea2a If a user from a trusted AD domain is search with the help of an override name the SID from the override anchor is used to search the user in AD. Currently the initgroups request only allows searches by name. With this patch a SID can be used as well. Resolves https://fedorahosted.org/sssd/ticket/2632 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
If a user from a trusted AD domain is search with the help of an
override name the SID from the override anchor is used to search the
user in AD. Currently the initgroups request only allows searches by
name.  With this patch a SID can be used as well.

Resolves https://fedorahosted.org/sssd/ticket/2632

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
tests: Add NSS responder tests for bysid requests 2015-04-24T14:47:00+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-30T16:54:34+00:00 bbd6f73bbad478a450ecfa2933a63de6dc269778 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
AD: Always get domain-specific ID connection 2015-04-15T15:30:27+00:00 Stephen Gallagher sgallagh@redhat.com 2015-04-15T01:50:36+00:00 e2bd4f8a41b72aea0712ad21ad02ccebb707f536 ad_get_dom_ldap_conn() assumed that ad_ctx->ldap_ctx always points at the LDAP connection for the primary domain, however it turns out that this is not always the case. It's currently unclear why, but this connection can sometimes be pointing at a subdomain. Since the value of subdom_id_ctx->ldap_ctx always points to the correct domain (including the primary domain case), there's no benefit to trying to shortcut to the ad_ctx->ldap_ctx when performing this lookup. This patch also makes a minor tweak to the tests so that the primary domain passes the sdap_domain_get() check for validity (since it needs to have a private member assigned). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
ad_get_dom_ldap_conn() assumed that ad_ctx->ldap_ctx always points at
the LDAP connection for the primary domain, however it turns out that
this is not always the case. It's currently unclear why, but this
connection can sometimes be pointing at a subdomain. Since the value of
subdom_id_ctx->ldap_ctx always points to the correct domain (including
the primary domain case), there's no benefit to trying to shortcut to
the ad_ctx->ldap_ctx when performing this lookup.

This patch also makes a minor tweak to the tests so that the primary
domain passes the sdap_domain_get() check for validity (since it needs
to have a private member assigned).

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sysdb-tests: test return value before output arguments 2015-04-14T11:28:50+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-06T19:50:21+00:00 4ea6bc6dea87ac8cb37eb271ea86350e89695670 Output arguments needn't be initialized if function failed. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Output arguments needn't be initialized if function failed.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sysdb-tests: Add missing assertions 2015-04-14T11:28:45+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-06T19:45:39+00:00 4a73eb4c8136f8e5fd47aa63e5b7c10afc10046e The return valuee of functions test_remove_group_member sysdb_attrs_add_time_t were ignored and therefore this part of code was not tested. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The return valuee of functions test_remove_group_member
sysdb_attrs_add_time_t were ignored and therefore this part of code
was not tested.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
simple_access-tests: Simplify assertion 2015-04-14T11:25:22+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-06T19:10:15+00:00 cf0be339522a5ddf8073c11c6da61784cf038bc4 The second argument of function check_access_list should not be an empty list. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The second argument of function check_access_list should not be an empty list.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
responders: reset ncache after domains are discovered during startup 2015-04-09T06:35:23+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:31:19+00:00 0528fdec17d0031996e919fcd852459e86592c35 After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
ncache: Add sss_ncache_reset_repopulate_permanent 2015-04-09T06:35:20+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:30:27+00:00 0d19785f9ffd9c66df5b30d208ec7b0216a9555b This new function resets the negative cache and then re-adds the permanent entries. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
This new function resets the negative cache and then re-adds the
permanent entries.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
ncache: Silence critical error from filter_users when default_domain_suffix is set 2015-04-09T06:35:16+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-27T11:30:53+00:00 1aa492ce890f362564bfac21f3cfb0a3e38608bd When default_domain_suffix is used and filter_users is set (at least root is always, by default), SSSD tried to add the negcache entry to the default domain. But since the default domain is not known after start up, adding the entries fail with a verbose error message. This patch handles EAGAIN returned from the parsing function while setting negcache entries gracefully and also makes the debug message in parsing function more precise. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
When default_domain_suffix is used and filter_users is set (at least
root is always, by default), SSSD tried to add the negcache entry to the
default domain. But since the default domain is not known after start
up, adding the entries fail with a verbose error message.

This patch handles EAGAIN returned from the parsing function while
setting negcache entries gracefully and also makes the debug message in
parsing function more precise.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>