summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* TESTS: Make whitespace_test pass without whitespaceNikolai Kondrashov2015-10-071-1/+6
| | | | | | | | | | Make whitespace_test pass if no trailing whitespace was detected at all. Add two comments explaining how searching and failure handling works. Fixes: https://fedorahosted.org/sssd/ticket/2816 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* DYNDNS: improve nsupdate_msg_add_fwd()Pavel Reichl2015-10-052-20/+316
| | | | | | | | | | | | | | | | | | | | | Update nsupdate_msg_add_fwd() to group commands by address family processed IP address belongs to. It's better to group removing old A addresses and adding new A addresses in a single transaction. Same goes for AAAA addresses. Separate transaction for A and AAAA addresses updates are important because server might block updates for one of these families and thus the update even for the non-blocked address family would unnecessarily fail. For more details please see: https://fedorahosted.org/sssd/wiki/DesignDocs/DDNSMessagesUpdate Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: use realm and server commands only as fallbackPavel Reichl2015-10-055-40/+35
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* CONTRIB: pre-push hook could work with python3Lukas Slebodnik2015-10-041-2/+2
| | | | | | p.communicate() return bytes on python3 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_override: amend man page - overrides do not stackPavel Reichl2015-10-041-2/+6
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* CI: Exclude whitespace_test from Valgrind checksNikolai Kondrashov2015-10-021-1/+4
| | | | | | | Exclude whitespace_test from Valgrind checks in contrib/ci/run to prevent it from failing the tests due to Bash bugs. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* contrib: Add a pre-push hook to warn about commits without Reviewed-ByJakub Hrozek2015-10-021-0/+73
|
* PROXY: fix minor memory leakPavel Reichl2015-10-021-2/+2
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: fix minor memory leakPavel Reichl2015-10-022-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: fix minor memory leakPavel Reichl2015-10-021-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: fix minor memory leakPavel Reichl2015-10-021-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Relax POSIX checkPavel Reichl2015-10-021-4/+6
| | | | | | | | | | | Relax the check on UID or GID just to check if at least one of them is present but do not require them to be positive numbers. Add requirement on objectclass attributes to be user or group to make check more reliable. Resolves: https://fedorahosted.org/sssd/ticket/2800
* MAN: proxy and krb5 are valid access control modulesJakub Hrozek2015-10-021-0/+10
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* MAN: Clarify pam_trusted_users option descriptionJakub Hrozek2015-10-021-5/+9
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* Add Catalan translation to LINGUASRobert Antoni Buj Gelonch2015-10-022-0/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss tools: improve option handlingPavel Březina2015-10-022-20/+30
| | | | | | | | | | | | The crash describe by ticket #2802 is caused by providing NULL options in popt and yet trying to iterate over them. Instead of simply testing for NULL this patch creates a new option table table merges several option tables together, thus improving and simplifying usage string. Resolves: https://fedorahosted.org/sssd/ticket/2802 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: only allow missing user name for certificate authenticationSumit Bose2015-10-022-3/+47
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2811 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sbus codegen tests: free ctxPavel Březina2015-10-021-0/+2
| | | | | | | | | | Memory context was not freed therefore we got stuck in tevent loop that mocks D-Bus. Resolves: https://fedorahosted.org/sssd/ticket/2759 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* HBAC: Better libhbac debuggingPetr Cech2015-10-015-3/+244
| | | | | | | | | | | | | Added support for logging via external log function. Log provides information about rules evaluating (HBAC_DBG_INFO level) and additionally can describe rules (HBAC_DBG_TRACE level). Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* TESTS: Fixing of uninitialized pointer.Petr Cech2015-10-011-1/+1
| | | | | | | | | | | | | | | There was a bug with uninitialized pointer during solving ticket 2703. More details: rules[0]->services->names[1] is initialized on line 361, but initializing of rules[0]->srchosts->names[1] was missing. Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* Updating the version to track 1.14 developmentJakub Hrozek2015-10-011-1/+1
|
* CI: Update reason blocking move to DNFNikolai Kondrashov2015-10-011-1/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Run integration tests on debian testingLukas Slebodnik2015-09-301-1/+8
| | | | Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* CI: Add missing dependency for debianLukas Slebodnik2015-09-301-0/+1
| | | | | | | | | | All test failed due to missing /usr/bin/libtool e.g. /home/build/sssd/build/test-driver: line 107: libtool: command not found FAIL test-io (exit status: 127) Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* CI: Don't depend on user input with apt-getLukas Slebodnik2015-09-302-1/+7
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2433 Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* confdb: warn if memcache_timeout > than entry_cachePavel Reichl2015-09-301-0/+25
| | | | | | | | | | Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: add debug messages for netlogon get infoPavel Reichl2015-09-301-1/+4
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* CI: Fix configure script arguments for CentOSLukas Slebodnik2015-09-301-2/+4
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2807 Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* Bump the version for the 1.13.2 developmentJakub Hrozek2015-09-301-1/+1
|
* Updating translations for the 1.13.1 releaseJakub Hrozek2015-09-3038-14451/+20577
|
* AD: inicialize root_domain_attrs fieldPavel Reichl2015-09-301-1/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2805 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_pam_srv: Run cert test only with NSSLukas Slebodnik2015-09-301-0/+3
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* sysdb-tests: Use valid base64 encoded certificate for searchLukas Slebodnik2015-09-301-1/+1
| | | | | | | sh$ printf "ABC" | base64 -d base64: invalid input Reviewed-by: Michal Židek <mzidek@redhat.com>
* BUILD: Link test_data_provider_be with -ldlLukas Slebodnik2015-09-301-0/+1
| | | | | | | | | | | | | | | | | | The module data_provider_be.o uses uncfion dlsym and thus need to be linked with -ldl. /usr/bin/ld: src/providers/test_data_provider_be-data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5' /usr/lib64/libdl.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:10461: recipe for target 'test_data_provider_be' failed It was not a problem when sssd was compiled with NSS because it contains -ldl among its flags. NSS_LIBS='-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' However the compilation failed when sssd was compiled with libcrypto Reviewed-by: Michal Židek <mzidek@redhat.com>
* IFP: Suppress warning from static analyzerLukas Slebodnik2015-09-263-6/+6
| | | | | | | It seems that clang expected that errno can change to 0 in case of error. It might be a bug in static analyzer. But the workaround does not change the logic and the errno is read just once.
* CONFIGURE: Remove bashismLukas Slebodnik2015-09-263-3/+3
| | | | | | | | | | | | | | There were errors in configure script when /bin/sh was not bash ./configure: 15889: test: xfedora: unexpected operator ./configure: 19981: test: xyes: unexpected operator ./configure: 23103: test: x1: unexpected operator The equality operator "==" works in bash but it's not a standard. The man page test(1) also does not mention it. There is only short version "=" STRING1 = STRING2 the strings are equal
* BUILD: Remove unused variable SSSD_UTIL_OBJLukas Slebodnik2015-09-241-2/+0
| | | | | | | It was removed as part of commit fe2091327ff44f80d6681c261494e4432404e9ba Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Do not build libsss_ad_common.la as libraryLukas Slebodnik2015-09-242-19/+15
| | | | | | | | | | | | libsss_ad_common.la was a dynamic library and was linked just with unit tests. It was a workaroud because module libsss_ad.so cannot be linked with tests without portability issues. But it was addted to pkglib_LTLIBRARIES and therefore it was installed with other libraries. This patch changed it and libsss_ad_test.la (old name libsss_ad_common.la) will be compiled only for unit tests (check_LTLIBRARIES) and will not be installed with command "make install". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Remove unused variable CHECK_OBJLukas Slebodnik2015-09-241-2/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Simplify build of test_data_provider_beLukas Slebodnik2015-09-241-8/+3
| | | | | | | It's an alternative solution for https://fedorahosted.org/sssd/ticket/2799 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Retry fetching keytab if IPA user lookup failsJakub Hrozek2015-09-232-14/+185
| | | | | | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Instead of calling ipa_get_ad_acct_send directly, call a new request ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and either tries to request a new keytab every time the lookup fails but the domain is online. be_mark_dom_offline() is called when the retry fails with the new code. The retry tries to re-setup the trusted domain. With two-way setups, the request is a no-op. With one-way trust setups, the request re-fetches new keytab unconditionally. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Also reset the server common data in addition to SRVJakub Hrozek2015-09-232-50/+142
| | | | | | | | | | | In a server that is expanded from a SRV query was reset, only it's 'meta-server' status was set to neutral, but the server->common structure still retained its not_working status. This patch also resets the status of the common structure so that both the SRV query and resolving the server are retried next time. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Add an API to reset all servers in a single serviceJakub Hrozek2015-09-234-10/+42
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Change ipa_server_trust_add_send request to be reusable from ID codeJakub Hrozek2015-09-232-58/+75
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Expose a request ipa_server_trusted_dom_setup_send that sets up a trusted domain. The setup might include actions like retrieving a keytab for one-way trusts. Creating the AD ID context for the trused domain is now done in the caller of this new request. Reviewed-by: Sumit Bose <sbose@redhat.com>
* tests: Set p11_child_timeout to 30 in testsMichal Židek2015-09-231-4/+31
| | | | | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Add way to set pam specific options in pam_test_setup adn use it to set the p11_child_timeout value to 30. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: Make p11_child timeout configurableMichal Židek2015-09-236-26/+53
| | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Fix memory leak in sssdpac_verify()Thomas Oulevey2015-09-231-0/+3
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2803 Reviewed-by: Sumit Bose <sbose@redhat.com>
* DYNDNS: Return right error code in case of failureLukas Slebodnik2015-09-231-0/+1
| | | | | | | | The variable will be zero if getifaddrs succeeds and therefore wrong error code will be returned in case of insufficient memory (talloc_zero failed) Reviewed-by: Pavel Reichl <preichl@redhat.com>
* DDNS: execute nsupdate for single update of PTR recPavel Reichl2015-09-224-72/+219
| | | | | | | | | | | nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA PROVIDER: Resolve nested netgroup membershipPetr Cech2015-09-221-10/+19
| | | | | | | | | | | | Informations about usergroup membership are stored in memberOf attribute. And informations about hostgroup membership are stored in originalMemberOf. This patch add appropriate memberOf attributes for searching in. Ticket: https://fedorahosted.org/sssd/ticket/2275 Reviewed-by: Sumit Bose <sbose@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-04 00:08:46 +0000