| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
Make whitespace_test pass if no trailing whitespace was detected at all.
Add two comments explaining how searching and failure handling works.
Fixes:
https://fedorahosted.org/sssd/ticket/2816
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update nsupdate_msg_add_fwd() to group commands by address family
processed IP address belongs to.
It's better to group removing old A addresses and adding new A
addresses in a single transaction. Same goes for AAAA addresses.
Separate transaction for A and AAAA addresses updates are important
because server might block updates for one of these families and thus
the update even for the non-blocked address family would unnecessarily
fail.
For more details please see:
https://fedorahosted.org/sssd/wiki/DesignDocs/DDNSMessagesUpdate
Resolves:
https://fedorahosted.org/sssd/ticket/2495
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2495
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
p.communicate() return bytes on python3
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
Exclude whitespace_test from Valgrind checks in contrib/ci/run to
prevent it from failing the tests due to Bash bugs.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Relax the check on UID or GID just to check if at least one of them is
present but do not require them to be positive numbers.
Add requirement on objectclass attributes to be user or group to make
check more reliable.
Resolves:
https://fedorahosted.org/sssd/ticket/2800
|
|
|
|
| |
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crash describe by ticket #2802 is caused by providing NULL options
in popt and yet trying to iterate over them. Instead of simply testing
for NULL this patch creates a new option table table merges several
option tables together, thus improving and simplifying usage string.
Resolves:
https://fedorahosted.org/sssd/ticket/2802
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2811
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Memory context was not freed therefore we got stuck in tevent loop
that mocks D-Bus.
Resolves:
https://fedorahosted.org/sssd/ticket/2759
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for logging via external log function.
Log provides information about rules evaluating (HBAC_DBG_INFO level)
and additionally can describe rules (HBAC_DBG_TRACE level).
Resolves:
https://fedorahosted.org/sssd/ticket/2703
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a bug with uninitialized pointer during solving ticket 2703.
More details:
rules[0]->services->names[1] is initialized on line 361, but
initializing of rules[0]->srchosts->names[1] was missing.
Resolves:
https://fedorahosted.org/sssd/ticket/2703
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
All test failed due to missing /usr/bin/libtool
e.g.
/home/build/sssd/build/test-driver: line 107: libtool: command not found
FAIL test-io (exit status: 127)
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2433
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Only group and user records are cached in memory cache so only timeouts
for those are checked.
Resolves:
https://fedorahosted.org/sssd/ticket/2176
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2807
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2805
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
sh$ printf "ABC" | base64 -d
base64: invalid input
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The module data_provider_be.o uses uncfion dlsym and
thus need to be linked with -ldl.
/usr/bin/ld: src/providers/test_data_provider_be-data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5'
/usr/lib64/libdl.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
Makefile:10461: recipe for target 'test_data_provider_be' failed
It was not a problem when sssd was compiled with NSS because it contains -ldl
among its flags.
NSS_LIBS='-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl '
However the compilation failed when sssd was compiled with libcrypto
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
It seems that clang expected that errno can change to 0
in case of error. It might be a bug in static analyzer.
But the workaround does not change the logic and
the errno is read just once.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were errors in configure script when /bin/sh was not bash
./configure: 15889: test: xfedora: unexpected operator
./configure: 19981: test: xyes: unexpected operator
./configure: 23103: test: x1: unexpected operator
The equality operator "==" works in bash but it's not a standard.
The man page test(1) also does not mention it.
There is only short version "="
STRING1 = STRING2
the strings are equal
|
|
|
|
|
|
|
| |
It was removed as part of commit
fe2091327ff44f80d6681c261494e4432404e9ba
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
libsss_ad_common.la was a dynamic library and was linked just with unit tests.
It was a workaroud because module libsss_ad.so cannot be linked with tests
without portability issues. But it was addted to pkglib_LTLIBRARIES
and therefore it was installed with other libraries.
This patch changed it and libsss_ad_test.la (old name libsss_ad_common.la)
will be compiled only for unit tests (check_LTLIBRARIES) and will not
be installed with command "make install".
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
It's an alternative solution for
https://fedorahosted.org/sssd/ticket/2799
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required for:
https://fedorahosted.org/sssd/ticket/2639
Instead of calling ipa_get_ad_acct_send directly, call a new request
ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
either tries to request a new keytab every time the lookup fails but the
domain is online.
be_mark_dom_offline() is called when the retry fails with the new code.
The retry tries to re-setup the trusted domain. With two-way setups, the
request is a no-op. With one-way trust setups, the request re-fetches
new keytab unconditionally.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In a server that is expanded from a SRV query was reset, only it's
'meta-server' status was set to neutral, but the server->common
structure still retained its not_working status.
This patch also resets the status of the common structure so that both
the SRV query and resolving the server are retried next time.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required for:
https://fedorahosted.org/sssd/ticket/2639
Previously, we had a function that allowed the caller to reset the
status of all services in the global fail over context. This patch adds
a new function that allows the caller to reset a single service instead.
The main user would be IPA subdomain provider that might need to reset
the status of an AD trusted domain on demand.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required for:
https://fedorahosted.org/sssd/ticket/2639
Expose a request ipa_server_trusted_dom_setup_send that sets up a
trusted domain. The setup might include actions like retrieving a keytab
for one-way trusts.
Creating the AD ID context for the trused domain is now done in the
caller of this new request.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2773
Add way to set pam specific options in
pam_test_setup adn use it to set the
p11_child_timeout value to 30.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2773
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2803
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
The variable will be zero if getifaddrs succeeds
and therefore wrong error code will be returned
in case of insufficient memory (talloc_zero failed)
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
nsupdate fails definitely if any of update request fails when GSSAPI is used.
As tmp solution nsupdate is executed for each update.
Resolves:
https://fedorahosted.org/sssd/ticket/2783
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Informations about usergroup membership are stored in memberOf
attribute. And informations about hostgroup membership are stored
in originalMemberOf.
This patch add appropriate memberOf attributes
for searching in.
Ticket: https://fedorahosted.org/sssd/ticket/2275
Reviewed-by: Sumit Bose <sbose@redhat.com>
|