summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* util: Update get_next_domain's interfaceMichal Židek2015-10-2330-136/+160
| | | | | | | | | | | | Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* FO: Use refcount to keep track of servers returned to callersJakub Hrozek2015-10-239-39/+115
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2829 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* tests: Reduce failover code duplicationJakub Hrozek2015-10-231-53/+35
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* FO: Don't free rc-allocated structureJakub Hrozek2015-10-231-1/+0
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* intg: Fix all PEP8 issuesNikolai Kondrashov2015-10-226-105/+121
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* SDAP: pass params in sdap_get_and_parse_generic_sendPavel Reichl2015-10-221-2/+6
| | | | | | | | Previously some arguments passed to sdap_get_and_parse_generic_send() were ignored. This patch fixes that and passes 'attronly', 'serverctrls' and 'clientctrls' to sdap_get_generic_ext_send(). Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: change type of attrsonly in sdap_get_generic_ext_statePavel Reichl2015-10-221-9/+10
| | | | | | | | | | | | | | 'attrsonly' parameter is directly passed to ldap_search_ext() and is describe as: The attrsonly parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. Boolean type should be fine for the 'attrsonly' parameter especially since the actual parameter was already set to false in function calls. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: allow_paging in sdap_get_generic_ext_send()Pavel Reichl2015-10-221-18/+25
| | | | | | | Make allow_paging parameter a part of the flag parameter in sdap_get_generic_ext_send(). Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: optional warning - sizelimit exceeded in POSIX checkPavel Reichl2015-10-221-9/+22
| | | | | | | | | | Add new parameter 'flags' to sdap_get_generic_ext_send_ext() which can be set to suppress warning about 'sizelimit exceeded'. Resolves: https://fedorahosted.org/sssd/ticket/2804 Reviewed-by: Sumit Bose <sbose@redhat.com>
* spec: Missing initgroups mmap fileMichal Židek2015-10-221-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: Remove unused parameter tool_ctxPavel Reichl2015-10-211-6/+4
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* CI: Handle dashes in valgrind-condenseNikolai Kondrashov2015-10-201-3/+3
| | | | | | | Make valgrind-condense work on program names which start with a dash character. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Do not skip tests not checked with ValgrindNikolai Kondrashov2015-10-201-31/+38
| | | | | | | | | | | Make contrib/ci/valgrind-condense execute programs not matching the supplied PATH_PATTERN without Valgrind, instead of simply exiting successfully. This makes the make-check-valgrind stage actually run the tests not checked with Valgrind, instead of skipping them. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* PAM: remove unused parameter cdbPavel Reichl2015-10-201-6/+3
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSSDConfigTest: Test real config without config_file_versionLukas Slebodnik2015-10-192-0/+107
| | | | | | | | | src/config/testconfigs/sssd-valid.conf explicitly contains config_file_version. Recently we changed the default value to 2 and therefore it needn't be listed in configuration file. This patch test real sssd.conf without config_file_version. Reviewed-by: Michal Židek <mzidek@redhat.com>
* SSSDConfigTest: Try load saved configLukas Slebodnik2015-10-191-1/+11
| | | | | | | | | | Python module SSSDConfig should be able to save configuration file and later load the same configuration file without problem. Unit test for: https://fedorahosted.org/sssd/ticket/2837 Reviewed-by: Michal Židek <mzidek@redhat.com>
* SSSDConfig: Do not raise exception if config_file_version is missingMichal Židek2015-10-192-9/+4
| | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2837 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: Restrictive permissions in check_and_openPetr Cech2015-10-141-1/+1
| | | | | | | | | | | Check and open tests try to write into and read from created files. There is no reason to have executable permission, so this patch replaces SSS_DFL_X_UMASK with DFL_UMASK permissions. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: More restrictive permissions in debug_testsPetr Cech2015-10-141-2/+2
| | | | | | | | | | | Debug tests try to write into and read from crreated files. There is no reason to have executable permission, so this patch replaces SSS_DFl_X_UMASK with SSS_DFL_UMASK permissions. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL-TESTS: More restrictive permissionsPetr Cech2015-10-141-1/+1
| | | | | | | | | | | This test suite tries to write into and to read from temp. files. There is no reason to have executable permission. So this patch replaces SSS_DFL_X_UMASK with SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTILS: More restrictive permissions in domain_infoPetr Cech2015-10-141-2/+2
| | | | | | | | | | | | There are two occurances of creating temp. file under SSS_DFL_X_UMASK permissions which enable possibility to grant executable permission. After writting to those temp. files, they are renamed and they get 0644 permissions. So SSS_DFL_UMASK is good enough fot this case. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* P11_CHILD_NSS: More restrictive permissionsPetr Cech2015-10-141-1/+5
| | | | | | | | | | | p11_child_nss runs as root and we must be carefull about security. This patch adds more restrictive permissions on it. There is no reason for 0077, so we use 0177 umask. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: SCKT_RSP_UMASK constant in responder codePetr Cech2015-10-143-2/+6
| | | | | | | | | | This patch adds new SCKT_RSP_UMASK constant which stands for 0111. And it replaces all occurances in responder code. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK)Petr Cech2015-10-147-8/+11
| | | | | | | | | | | There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: DFL_RSP_UMASK constant in responder codePetr Cech2015-10-143-3/+5
| | | | | | | | | | There is DFL_RSP_UMASK constant for very secure umask in responder code. This patch replaces occurances of value 0177 with this constant. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK)Petr Cech2015-10-144-5/+7
| | | | | | | | | | | | There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sudo: send original name and id with local views if possiblePavel Březina2015-10-141-5/+13
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sudo: search with view even if user is foundPavel Březina2015-10-141-1/+4
| | | | | | | | | If an overriden name is provided and the user is already cache we fail to refresh it since we won't search with VIEW flag. This patch fix it. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: send original name and id with local views if possiblePavel Březina2015-10-141-3/+128
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: remove unused param. in sdap_fallback_local_userPavel Reichl2015-10-124-8/+4
| | | | | | Remove unused sdap_options parameter. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* autofs: remove unused params in del_autofs_entriesPavel Reichl2015-10-121-4/+1
| | | | | | Remove unused sdap_options and map parameters. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2015-10-123-5/+3
| | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Avoid symlinks with python modulesLukas Slebodnik2015-10-122-16/+8
| | | | | | | | | | | | | We need to use different names for python{2,3} modules if we want to build them in the same time with automake (prefix _py2 and _py3). But resulting name need to correspond with name of module because it is used in C import function. We used symbolic links for that purpose but it breaks debian python tools which rename the real modules making symbolic links to point nowhere Resolves: https://fedorahosted.org/sssd/ticket/2814 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* intg: Do not use non-existent pre-incrementNikolai Kondrashov2015-10-111-2/+4
| | | | | | | | | | Do not try to use the pre-increment operator which doesn't exist in Python (and is in fact two "identity" operators - opposites of "negation" operators). Use addition and assignment instead. This fixes infinite loops on failed slapd starting and stopping. Reviewed-by: Michal Židek <mzidek@redhat.com>
* LDAP: Inform about small range sizeStephen Gallagher2015-10-091-0/+7
| | | | | | | | | | When a returned RID has a higher value than the ldap_idmap_range_size, it means that the administrator did not plan appropriately for the size of their network. We need to alert the admin at a severe notification level that their configuration will fail on entries with a high RID and point them at the explanation in the manual. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Fix RFC2307bis group member creationNikolai Kondrashov2015-10-091-14/+7
| | | | | | | Fix creation of mixed user/group "member" attribute for RFC2307bis group entries in ldap_ent.py. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Reduce sssd.conf duplication in test_ldap.pyNikolai Kondrashov2015-10-091-95/+45
| | | | | | | Use a function to generate basic sssd.conf in test_ldap.py to reduce code duplication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Split LDAP test fixtures for flexibilityNikolai Kondrashov2015-10-091-30/+83
| | | | | | | Split ldap_test.py fixtures into several functions to allow for partial fixtures and direct use within tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Add support for specifying all user attrsNikolai Kondrashov2015-10-091-12/+39
| | | | | | | Support passing all user attributes to ldap_ent.py's user-creation functions, in integration tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Get base DN from LDAP connection objectNikolai Kondrashov2015-10-092-5/+5
| | | | | | | | Don't use the global LDAP_BASE_DN in integration tests and fixtures, but instead take it from the LDAP connection object (ldap_conn) passed to them explicitly. This makes the tests and fixtures a bit more modular. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Fix compilation warningJakub Hrozek2015-10-091-8/+8
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: steal msgs string to objsPavel Březina2015-10-081-0/+9
| | | | | | | | | | Since msgs is attached to tmp_ctx then all the strings are freed with tmp_ctx. Now steal the strings to objs. Resolves: https://fedorahosted.org/sssd/ticket/2826 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: explicitly set ret = EOKPavel Březina2015-10-081-0/+2
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: fix comment describing formatPavel Březina2015-10-081-1/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* intg: fix typosPavel Březina2015-10-081-8/+8
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* HBAC: remove misleading comment about deny rulesPavel Reichl2015-10-081-4/+0
| | | | | | | | | HBAC deny rules are no longer supported. This comment should have been removed as part of 'Remove HBAC DENY rules from SSSD' https://fedorahosted.org/sssd/ticket/912 Reviewed-by: Michal Židek <mzidek@redhat.com>
* intg: fix assert messages in test_memory_cachePavel Reichl2015-10-081-10/+10
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* nss: fix UPN lookups for sub-domain usersSumit Bose2015-10-082-3/+11
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix upn cache_req for sub-domain usersSumit Bose2015-10-081-2/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix ldb_search usageSumit Bose2015-10-081-8/+1
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-01 13:46:17 +0000