| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2694
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The function test_dom_suite_setup is a simple function which creates
a directory which should be used for creating files. This function
needn't be linked with libsss_util.so as other functions in common_dom.c
This is a reason why it's better to move it to the file common.c
so linker can optimize out other unnecessary module objects from static
library libsss_test_common.a and test needn't be linked libsss_util.so.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had a cases in patch where two tests were using the same TEST_PATH
and therefore they were stepping each other to the same files
which caused failures. These failures are not easy to reproduce.
This patch uses macro BASE_FILE_STEM for unique name. It should prevent
copy&paste problem resulting to intermittent failures.
@see also
https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already require GNU make extenstions to build
manual pages.
src/man/Makefile.am:46: warning: wildcard $(srcdir: non-POSIX variable name
src/man/Makefile.am:46: (probably a GNU make extension)
src/man/Makefile.am:125: warning: wildcard $(srcdir: non-POSIX variable name
src/man/Makefile.am:125: (probably a GNU make extension)
src/man/Makefile.am:128: warning: addprefix $(srcdir: non-POSIX variable name
src/man/Makefile.am:128: (probably a GNU make extension)
src/man/Makefile.am:128: warning: shell grep '\[type:docbook\]' $(PO4A_CONFIG: non-POSIX variable name
src/man/Makefile.am:128: (probably a GNU make extension)
src/man/Makefile.am:129: warning: filter-out $(CFG_PAGES: non-POSIX variable name
src/man/Makefile.am:129: (probably a GNU make extension)
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
LOCAL view does not allow the case when both ghost member and
user override is created so it is safe to allow ghost members
for this view.
Resolves:
https://fedorahosted.org/sssd/ticket/2790
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2790
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
With some setups, krb5.conf can be really minimal. In those cases, we
should ignore PROF_NO_RELATION and PROF_NO_SECTION and just return
"false" as in "no proxy" without a loud debug message.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2782
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add be_req2str() for translation BE_REQ to string.
So we will have
|| Got request for [0x1001][FAST BE_REQ_USER][1][name=celestian]
instead of
|| Got request for [0x1001][1][name=celestian]
Function be_req2str() is used in data provider and in responder too.
So this patch create new header file data_provider_req.h which
delivers function be_req2str() and definitions of BE_REQ_*.
Resolves:
https://fedorahosted.org/sssd/ticket/2708
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function be_nsupdate_send fork a child for execution of the utility
nsupdate.
The child process builds nsupdate args in the function
be_nsupdate_args and then execute the utility.
Meanwhile the parent process register handlers for child and timeout
for canceling the long lasting child.
nsupdate_child_send -> child_handler_setup
You can see in following log file that the wrapped version of execv
function might be very fast and therefore parent can register handlers
after finishing child. This is a reason why there is a child timeout.
(10:18:48:556001 2015) [sssd] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG
(10:18:48:556126 2015) [sssd] [__wrap_execv] (0x0200): nsupdate success test case
(10:18:48:556200 2015) [sssd] [__wrap_execv] (0x1000): Child exiting with status 0
(10:18:48:557218 2015) [sssd] [child_handler_setup] (0x2000): Setting up signal handler up for pid [3957]
(10:18:48:560987 2015) [sssd] [child_handler_setup] (0x2000): Signal handler set up for pid [3957]
(10:18:50:608520 2015) [sssd] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(10:18:50:681525 2015) [sssd] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158233]: Dynamic DNS update timed out
(10:18:50:687031 2015) [sssd] [dyndns_test_ok] (0x1000): Child request returned [1432158233]: Unknown error 1432158233
The patch simulate a work in wrapped function with small delay.
It should be enough time for the parent process to registering a child.
Based on patch from Jurica Stanojkovic <jurica.stanojkovic@rt-rk.com>
Thank you.
Resolves:
https://fedorahosted.org/sssd/ticket/2283
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The samAccountName for AD hosts is the hosts NetBIOS name with a
trailing $. Since there is a size limit on NetBIOS names long DNS names
must be truncated to find a matching entry in the AD LDAP tree.
The NetBIOS name is already needed during kinit/SASL bind where the
SDAP_SASL_AUTHID config option is used. Since the GPO lookup code is
only reached after the SASL bind was successful we can safely assume
that the name is correct and use it for the GPO lookup.
Resolves https://fedorahosted.org/sssd/ticket/2692
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, only one tab had configured all environment variables
and current working directory was set to source directory.
It's better to open shell in "chroot" directory for troubleshooting purposes.
This patch also open pre-defined tabs with useful
directories with sssd cache, sssd log files, "chroot" directory
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2777
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Link test with existing libraries instead of building all
necessary source file on more time.
It's not portable to link with libsss_simple.so because it is a dynamic module
and not dynamic library.
*** Warning: Linking the executable simple_access-tests against the loadable module
*** libsss_simple.so is not portable!
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Some tests were built with files require for backend $(sssd_be_SOURCES).
This automake variable contains 15 files
which were build every time for each test.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Module which can be loaded by dlopen but cannot be linked with
other binaries.
*** Warning: Linking the executable test_xyzp against the loadable module
*** libdlopen_test_providers.so is not portable!
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2676
Regression test for the above ticket.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2676
When user is removed from cache during cleanup task, mark all
his memberof targets as expired to refresh member/ghost
attributes on next request.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2676
Added function to expire entry in sysdb using
its DN.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
| |
Some targets were missing AM_CFLAGS so
it was not possible to compile C99 features
in their source code.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Default to config file version 2 if the version
is not specified explicitly.
Ticket:
https://fedorahosted.org/sssd/ticket/2688
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
The GPO child didn't remove temporary file on failure and didn't close
the fd on failure (the latter was not much of a problem for a
short-lived child process).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Create new callback that handles logging messages in cyrus sasl library.
Resolves:
https://fedorahosted.org/sssd/ticket/2561
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Last patch for ticket 2708 broke make distcheck. This is fix.
Resolves:
https://fedorahosted.org/sssd/ticket/2708
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The regression was caused by changing default domain regex
for ldap provider in ticket #2717
Resolves:
https://fedorahosted.org/sssd/ticket/2772
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1697
It is safer to isolate the checked (unknown/untrusted)
value on the left hand side in the conditions
to avoid overflows/underflows.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improvement of debug messages.
Instead of:"(0x0400): Running command [17]..."
We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..."
(It's not used in sss_client. There are only hex numbers of commands.)
Resolves:
https://fedorahosted.org/sssd/ticket/2708
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you call cache_req_[user|group]_by_filter_send() it than later calls
updated_[users|groups]_by_filter(), which adds filter that is called
"recent". This filter causes that only [users|groups] added after the
request started are returned.
This patch removes tests which use
cache_req_[user|group]_by_filter_send(), because the logic of those
tests is corrupted. The tests create [users|groups] and after it, they
call cache_req_[user|group]_by_filter_send(). So it is obvious that it
is not in the right manner.
Possible fix is rewrite the tests to create the entries in the callback.
Works around:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Test was named same as the folder containing its data.
Resolves:
https://fedorahosted.org/sssd/ticket/2768
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The one second timeout interval was sometimes
too short when the tests where running under
Valgrind in the CI and the entries expired
too soon.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2758
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It can happed if there are two domains and user is not found
in the first one.
==29279== Invalid read of size 1
==29279== at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29279== by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2)
==29279== by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191)
==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114)
==29279== Address 0xbbad240 is 96 bytes inside a block of size 106 free'd
==29279== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29279== by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2)
==29279== by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190)
==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114)
Resolves:
https://fedorahosted.org/sssd/ticket/2749
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2737
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Preparation for:
https://fedorahosted.org/sssd/ticket/2737
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
To simplify import/export users and groups.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2757
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2762
Use specific errmsg when ldap returns
LDAP_CONSTRAINT_VIOLATION code if that specific
message is available.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|