summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* WIP: pam_wrapper testspwrapJakub Hrozek2015-10-168-3/+394
|
* SQ me to the previous commitJakub Hrozek2015-10-163-68/+73
|
* PAM: refac. pam_reply: extract func. produce_packetPavel Reichl2015-10-161-51/+69
|
* SQ: Add me to previous commitJakub Hrozek2015-10-164-74/+125
|
* PAM: refac. pam_reply: extract add_warning_about_expirationPavel Reichl2015-10-161-32/+50
| | | | | | | | | | | Extracting add_warning_about_expiration() reduces length of pam_reply() and simplifies it by removing 2 local variables. Also move add_warning_about_expiration to more logical place (previously it was called after packet creation but before its setting). Resolves: https://fedorahosted.org/sssd/ticket/2615
* PAM: Move PAM packet parsing functionality to a separate moduleJakub Hrozek2015-10-164-341/+397
| | | | For easier mocking of this interface.
* TESTS: Restrictive permissions in check_and_openPetr Cech2015-10-141-1/+1
| | | | | | | | | | | Check and open tests try to write into and read from created files. There is no reason to have executable permission, so this patch replaces SSS_DFL_X_UMASK with DFL_UMASK permissions. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: More restrictive permissions in debug_testsPetr Cech2015-10-141-2/+2
| | | | | | | | | | | Debug tests try to write into and read from crreated files. There is no reason to have executable permission, so this patch replaces SSS_DFl_X_UMASK with SSS_DFL_UMASK permissions. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL-TESTS: More restrictive permissionsPetr Cech2015-10-141-1/+1
| | | | | | | | | | | This test suite tries to write into and to read from temp. files. There is no reason to have executable permission. So this patch replaces SSS_DFL_X_UMASK with SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTILS: More restrictive permissions in domain_infoPetr Cech2015-10-141-2/+2
| | | | | | | | | | | | There are two occurances of creating temp. file under SSS_DFL_X_UMASK permissions which enable possibility to grant executable permission. After writting to those temp. files, they are renamed and they get 0644 permissions. So SSS_DFL_UMASK is good enough fot this case. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* P11_CHILD_NSS: More restrictive permissionsPetr Cech2015-10-141-1/+5
| | | | | | | | | | | p11_child_nss runs as root and we must be carefull about security. This patch adds more restrictive permissions on it. There is no reason for 0077, so we use 0177 umask. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: SCKT_RSP_UMASK constant in responder codePetr Cech2015-10-143-2/+6
| | | | | | | | | | This patch adds new SCKT_RSP_UMASK constant which stands for 0111. And it replaces all occurances in responder code. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK)Petr Cech2015-10-147-8/+11
| | | | | | | | | | | There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: DFL_RSP_UMASK constant in responder codePetr Cech2015-10-143-3/+5
| | | | | | | | | | There is DFL_RSP_UMASK constant for very secure umask in responder code. This patch replaces occurances of value 0177 with this constant. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK)Petr Cech2015-10-144-5/+7
| | | | | | | | | | | | There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sudo: send original name and id with local views if possiblePavel Březina2015-10-141-5/+13
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sudo: search with view even if user is foundPavel Březina2015-10-141-1/+4
| | | | | | | | | If an overriden name is provided and the user is already cache we fail to refresh it since we won't search with VIEW flag. This patch fix it. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: send original name and id with local views if possiblePavel Březina2015-10-141-3/+128
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: remove unused param. in sdap_fallback_local_userPavel Reichl2015-10-124-8/+4
| | | | | | Remove unused sdap_options parameter. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* autofs: remove unused params in del_autofs_entriesPavel Reichl2015-10-121-4/+1
| | | | | | Remove unused sdap_options and map parameters. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2015-10-123-5/+3
| | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Avoid symlinks with python modulesLukas Slebodnik2015-10-122-16/+8
| | | | | | | | | | | | | We need to use different names for python{2,3} modules if we want to build them in the same time with automake (prefix _py2 and _py3). But resulting name need to correspond with name of module because it is used in C import function. We used symbolic links for that purpose but it breaks debian python tools which rename the real modules making symbolic links to point nowhere Resolves: https://fedorahosted.org/sssd/ticket/2814 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* intg: Do not use non-existent pre-incrementNikolai Kondrashov2015-10-111-2/+4
| | | | | | | | | | Do not try to use the pre-increment operator which doesn't exist in Python (and is in fact two "identity" operators - opposites of "negation" operators). Use addition and assignment instead. This fixes infinite loops on failed slapd starting and stopping. Reviewed-by: Michal Židek <mzidek@redhat.com>
* LDAP: Inform about small range sizeStephen Gallagher2015-10-091-0/+7
| | | | | | | | | | When a returned RID has a higher value than the ldap_idmap_range_size, it means that the administrator did not plan appropriately for the size of their network. We need to alert the admin at a severe notification level that their configuration will fail on entries with a high RID and point them at the explanation in the manual. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Fix RFC2307bis group member creationNikolai Kondrashov2015-10-091-14/+7
| | | | | | | Fix creation of mixed user/group "member" attribute for RFC2307bis group entries in ldap_ent.py. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Reduce sssd.conf duplication in test_ldap.pyNikolai Kondrashov2015-10-091-95/+45
| | | | | | | Use a function to generate basic sssd.conf in test_ldap.py to reduce code duplication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Split LDAP test fixtures for flexibilityNikolai Kondrashov2015-10-091-30/+83
| | | | | | | Split ldap_test.py fixtures into several functions to allow for partial fixtures and direct use within tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Add support for specifying all user attrsNikolai Kondrashov2015-10-091-12/+39
| | | | | | | Support passing all user attributes to ldap_ent.py's user-creation functions, in integration tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Get base DN from LDAP connection objectNikolai Kondrashov2015-10-092-5/+5
| | | | | | | | Don't use the global LDAP_BASE_DN in integration tests and fixtures, but instead take it from the LDAP connection object (ldap_conn) passed to them explicitly. This makes the tests and fixtures a bit more modular. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Fix compilation warningJakub Hrozek2015-10-091-8/+8
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: steal msgs string to objsPavel Březina2015-10-081-0/+9
| | | | | | | | | | Since msgs is attached to tmp_ctx then all the strings are freed with tmp_ctx. Now steal the strings to objs. Resolves: https://fedorahosted.org/sssd/ticket/2826 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: explicitly set ret = EOKPavel Březina2015-10-081-0/+2
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: fix comment describing formatPavel Březina2015-10-081-1/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* intg: fix typosPavel Březina2015-10-081-8/+8
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* HBAC: remove misleading comment about deny rulesPavel Reichl2015-10-081-4/+0
| | | | | | | | | HBAC deny rules are no longer supported. This comment should have been removed as part of 'Remove HBAC DENY rules from SSSD' https://fedorahosted.org/sssd/ticket/912 Reviewed-by: Michal Židek <mzidek@redhat.com>
* intg: fix assert messages in test_memory_cachePavel Reichl2015-10-081-10/+10
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* nss: fix UPN lookups for sub-domain usersSumit Bose2015-10-082-3/+11
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix upn cache_req for sub-domain usersSumit Bose2015-10-081-2/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix ldb_search usageSumit Bose2015-10-081-8/+1
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: remove raw_name and do not touch orig_namePavel Březina2015-10-081-23/+29
| | | | | | | Parsed name or UPN is now stored in input->name instead of touching orig_name and storing the original name in raw_name. Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req tests: reduce code duplicationPavel Březina2015-10-081-1230/+394
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: add support for UPNPavel Březina2015-10-089-42/+674
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: provide extra flag for oob requestPavel Březina2015-10-081-5/+6
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* BUILD: Remove unused variable TEST_MOCK_OBJLukas Slebodnik2015-10-081-2/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Link crypto_tests with existing libraryLukas Slebodnik2015-10-081-5/+4
| | | | | | | It's not necessary to bundle libsss_crypto to crypto_tests. We can link it directly. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Link just libsss_crypto with crypto librariesLukas Slebodnik2015-10-081-3/+5
| | | | | | | | It should prevent such failures as in commit 73ec8fdfddb2d4bf99977f758eec80e1b1ee8542 BUILD: Link test_data_provider_be with -ldl Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man: Note filter_groups are not affecting nestingNikolai Kondrashov2015-10-071-0/+8
| | | | | | | Note that the "filter_groups" option doesn't affect nested member inheritance, on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man: Mention groups in filter_groups descriptionNikolai Kondrashov2015-10-071-5/+5
| | | | | | | | Mention groups (not only users) in the combined "filter_users"/"filter_groups" option description on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Consolidate connection list construction on ad_common.cJakub Hrozek2015-10-074-17/+71
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Provide common connection list construction functionsJakub Hrozek2015-10-075-34/+80
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2810 Provides a new AD common function ad_ldap_conn_list() that creates a list of AD connection to use along with properties to avoid mistakes when manually constructing these lists. Reviewed-by: Sumit Bose <sbose@redhat.com>
generated by cgit (git 2.34.1) at 2024-04-25 07:18:50 +0000