| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2348
When SSSD is running in interactive mode, we should print DEBUG messages
directly to stderr, not journal.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sdap-tests uses functions from openldap, but it was not linked with libldap or
liblber.
sh-4.2$ nm --undefined-only .libs/sdap-tests | grep -E "ldap|ber"
U ber_free
U ldap_control_create
U ldap_err2string
U ldap_get_option
U ldap_init_fd
U ldap_install_tls
U ldap_is_ldaps_url
U ldap_unbind_ext
sdap-tests cannot be linked on platfrms with disabled link_all_deplibs.
CCLD sdap-tests
/usr/bin/ld: src/providers/ldap/sdap_tests-sdap.o: undefined reference to symbol 'ber_free'
/usr/bin/ld: note: 'ber_free' is defined in DSO /lib64/liblber-2.4.so.2 so try adding it to the linker command line
/lib64/liblber-2.4.so.2: could not read symbols: Invalid operation
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [sdap-tests] Error 1
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function sss_base64_decode does not return NUL terminated string
and it causes valgrind warning in test "Invalid read of size 1"
==30954== Invalid read of size 1
==30954== at 0x4A09FB8: strcmp (mc_replace_strmem.c:730)
==30954== by 0x4C2AAFA: _assert_string_equal (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x407DBA: test_parse_with_map (test_sdap.c:285)
==30954== by 0x4C2C817: _run_test (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x4C2CCF8: _run_tests (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x408A6F: main (test_sdap.c:583)
==30954== Address 0x6a8db34 is 0 bytes after a block of size 100 alloc'd
==30954== at 0x4A0645D: malloc (vg_replace_malloc.c:291)
==30954== by 0x35C8204980: _talloc_memdup (talloc.c:613)
==30954== by 0x5080A4B: sss_base64_decode (nss_base64.c:86)
==30954== by 0x407DA0: test_parse_with_map (test_sdap.c:282)
==30954== by 0x4C2C817: _run_test (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x4C2CCF8: _run_tests (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x408A6F: main (test_sdap.c:583)
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version symbol files will help package systems to catch backward compatible
changes (newly added functions) into library.
The difference between libraries libsss_nss_idmap_test.so and
libsss_nss_idmap.so is that the 1st library will not be installed and has more
exported functions, which are necessary for mocking with cmocka for test
sss_nss_idmap-test.
Resolves:
https://fedorahosted.org/sssd/ticket/2194
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
If we want the debug level to switch back to the value from
configuration file we need to touch sssd.conf so it is reloaded.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
The system bus has the ability to start services on demant. This patch
adds the sysbus service activation file that, currently, only calls the
sss_signal tool to signal the monitor.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
A minimal tool whose only purpose is to signal the monitor with
SIGUSR2. The tool will be executed by the system bus in order to provide
system activation, so it's packaged in libexec.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
When the monitor receives SIGUSR2, it also signals the IFP responder to
attempt to reconnect to the system bus using the sysbusReconnect SBUS
method. No action is taken by other responders.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Introduces a new method implemented only by the IFP responder. When this
method is received, the responder attempts to reconnect to the system
bus, if not connected already.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
| |
We need to treat the failure to connect to the system bus as non-fatal.
In this commit, we introduce a special error code and only print a DEBUG
message when this error code is returned from the startup function.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
The DEBUG messages in the IFP responder predated Nikolai's mass-patches
and were not converted correctly.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
We fprintf the introspection data on demand rather than printing an XML
file. The directory specification can be removed.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
This function was not used since 2009. Unused and untested function
would just rot, better to remove it completely.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
No caller directly accessed this parameter. Moreover, it seemed useless
since the same data is available as SYSDB_ORIGINAL_DN in the attributes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
While I was changing the sdap_parse_entry function, I also realized that
some of the DEBUG messages were converted to the #defines, but their
level was still not accurate. This patch fixes the DEBUG levels and
indentation around them.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The same LDAP attribute might be used several times for the same user or
group attribute. For instance, some servers have a global "ID" number
that should be used for both UID and GID. However, our
sdap_parse_entry() function only copied the LDAP attribute to the first
matching sysdb attribute.
This patch adds a second nested loop that checks if any of the other
LDAP attributes are eligible.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
| |
Covers the sdap_parse_entry function with unit tests so that we know
that modifying the function in a later patch will not result in a
regression.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
| |
the opts.h files were consuming some #defines from ldap_common.h (such
as SSS_LDAP_SRV_NAME) without including ldap_common.h. That's bad
practice and break programs that wish to just include the opts.h header.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While parsing string with multiple whitespaces, it may happen variable i is
zero and we want to test end of argument "tmp[i-1] != '\0'". Side effect of
this bug is duplicite string output array.
Input string: "foo b"
Expected output: { "foo", "a", NULL }
Output: { "foo", "foo", "a", NULL }
This patch uses inverted logic. Instead of testing whether to read next char or
skip multiple whitespaces, we will test whether we have new argument which
should be stored in output array.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The nested group test was checking returned elements in a particular
order. That's not reliable because the returned values are fetched from
a hash iterator that doesn't guarantee the same order on different
systems.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Adds unit test for basic group retrieval functionality as well as for
testing duplicate members in the LDAP group entry.
These unit tests exercise code added in patch
a47cb2e08e4004179d2a6b5f9a9340200270fbd0
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
For the purpose of unit tests, it's better to create a user object with
a UID and a name.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
contexts
While it's beneficial for the real implementation of
sdap_get_generic_recv() to move memory around, the mocked implementation
can just pass around pointer.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
After fixing the confdb initialization I realized the group DN couldn't
be parsed. This patch fixes that.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
The nested group test only worked by accident. Its confdb settings were
not applied because a wrong confdb path was used.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Creation of the path to the domain's confdb entry was duplicated in the
tests. Rather than adding yet another duplication, I added the path as
another field of the sss_test_ctx structure.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
fixes: https://fedorahosted.org/sssd/ticket/1359
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
These warnings were all false positives.
fixes: https://fedorahosted.org/sssd/ticket/1359
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This macro will be used to suppress alignment
warnings when casting pointers.
fixes: https://fedorahosted.org/sssd/ticket/1359
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sysdb_attrs_get_el() cannot return ENOENT. Even if the requested member
doesn't exist, an empty element is created instead. This patch changes
the code to use sysdb_attrs_get_el_ext() which returns ENOENT.
The code only ever worked because we forgot to check the return value of
sdap_nested_group_split_members(). When the empty attribute reached
sdap_nested_group_split_members(), the function returned ENOMEM and
count == 0. The caller used to only check the value of count, not the
retval.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Don't fail if num_missing is 0.
Resolves:
https://fedorahosted.org/sssd/ticket/2369
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
Don't call tevent_req_done after tevent_req_error (for the same request).
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
Don't call tevent_req_done after tevent_req_error (for the same request).
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Don't access result if return value is not EOK.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Replace call of ldb_search by sss_ldb_search to make sure that ENOENT is
returned if no results were found.
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure that if no results were found ENOENT is returned rather than just
empty list of results.
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2341
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add substitution of a special variable "AUX_TESTS_ENVIRONMENT" to the
"TESTS_ENVIRONMENT" value, allowing its augmentation from the make
command line. This enables wrapping test commands with older versions of
Automake, where LOG_COMPILER support is missing.
This enables executing "make check" target with Valgrind on RHEL6, like
this:
make check AUX_TESTS_ENVIRONMENT="libtool --mode=execute valgrind"
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|