summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* CI: Update reason blocking move to DNFNikolai Kondrashov2015-10-011-1/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Run integration tests on debian testingLukas Slebodnik2015-09-301-1/+8
| | | | Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* CI: Add missing dependency for debianLukas Slebodnik2015-09-301-0/+1
| | | | | | | | | | All test failed due to missing /usr/bin/libtool e.g. /home/build/sssd/build/test-driver: line 107: libtool: command not found FAIL test-io (exit status: 127) Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* CI: Don't depend on user input with apt-getLukas Slebodnik2015-09-302-1/+7
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2433 Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* confdb: warn if memcache_timeout > than entry_cachePavel Reichl2015-09-301-0/+25
| | | | | | | | | | Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: add debug messages for netlogon get infoPavel Reichl2015-09-301-1/+4
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* CI: Fix configure script arguments for CentOSLukas Slebodnik2015-09-301-2/+4
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2807 Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* Bump the version for the 1.13.2 developmentJakub Hrozek2015-09-301-1/+1
|
* Updating translations for the 1.13.1 releaseJakub Hrozek2015-09-3038-14451/+20577
|
* AD: inicialize root_domain_attrs fieldPavel Reichl2015-09-301-1/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2805 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_pam_srv: Run cert test only with NSSLukas Slebodnik2015-09-301-0/+3
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* sysdb-tests: Use valid base64 encoded certificate for searchLukas Slebodnik2015-09-301-1/+1
| | | | | | | sh$ printf "ABC" | base64 -d base64: invalid input Reviewed-by: Michal Židek <mzidek@redhat.com>
* BUILD: Link test_data_provider_be with -ldlLukas Slebodnik2015-09-301-0/+1
| | | | | | | | | | | | | | | | | | The module data_provider_be.o uses uncfion dlsym and thus need to be linked with -ldl. /usr/bin/ld: src/providers/test_data_provider_be-data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5' /usr/lib64/libdl.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:10461: recipe for target 'test_data_provider_be' failed It was not a problem when sssd was compiled with NSS because it contains -ldl among its flags. NSS_LIBS='-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' However the compilation failed when sssd was compiled with libcrypto Reviewed-by: Michal Židek <mzidek@redhat.com>
* IFP: Suppress warning from static analyzerLukas Slebodnik2015-09-263-6/+6
| | | | | | | It seems that clang expected that errno can change to 0 in case of error. It might be a bug in static analyzer. But the workaround does not change the logic and the errno is read just once.
* CONFIGURE: Remove bashismLukas Slebodnik2015-09-263-3/+3
| | | | | | | | | | | | | | There were errors in configure script when /bin/sh was not bash ./configure: 15889: test: xfedora: unexpected operator ./configure: 19981: test: xyes: unexpected operator ./configure: 23103: test: x1: unexpected operator The equality operator "==" works in bash but it's not a standard. The man page test(1) also does not mention it. There is only short version "=" STRING1 = STRING2 the strings are equal
* BUILD: Remove unused variable SSSD_UTIL_OBJLukas Slebodnik2015-09-241-2/+0
| | | | | | | It was removed as part of commit fe2091327ff44f80d6681c261494e4432404e9ba Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Do not build libsss_ad_common.la as libraryLukas Slebodnik2015-09-242-19/+15
| | | | | | | | | | | | libsss_ad_common.la was a dynamic library and was linked just with unit tests. It was a workaroud because module libsss_ad.so cannot be linked with tests without portability issues. But it was addted to pkglib_LTLIBRARIES and therefore it was installed with other libraries. This patch changed it and libsss_ad_test.la (old name libsss_ad_common.la) will be compiled only for unit tests (check_LTLIBRARIES) and will not be installed with command "make install". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Remove unused variable CHECK_OBJLukas Slebodnik2015-09-241-2/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Simplify build of test_data_provider_beLukas Slebodnik2015-09-241-8/+3
| | | | | | | It's an alternative solution for https://fedorahosted.org/sssd/ticket/2799 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Retry fetching keytab if IPA user lookup failsJakub Hrozek2015-09-232-14/+185
| | | | | | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Instead of calling ipa_get_ad_acct_send directly, call a new request ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and either tries to request a new keytab every time the lookup fails but the domain is online. be_mark_dom_offline() is called when the retry fails with the new code. The retry tries to re-setup the trusted domain. With two-way setups, the request is a no-op. With one-way trust setups, the request re-fetches new keytab unconditionally. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Also reset the server common data in addition to SRVJakub Hrozek2015-09-232-50/+142
| | | | | | | | | | | In a server that is expanded from a SRV query was reset, only it's 'meta-server' status was set to neutral, but the server->common structure still retained its not_working status. This patch also resets the status of the common structure so that both the SRV query and resolving the server are retried next time. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Add an API to reset all servers in a single serviceJakub Hrozek2015-09-234-10/+42
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Change ipa_server_trust_add_send request to be reusable from ID codeJakub Hrozek2015-09-232-58/+75
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Expose a request ipa_server_trusted_dom_setup_send that sets up a trusted domain. The setup might include actions like retrieving a keytab for one-way trusts. Creating the AD ID context for the trused domain is now done in the caller of this new request. Reviewed-by: Sumit Bose <sbose@redhat.com>
* tests: Set p11_child_timeout to 30 in testsMichal Židek2015-09-231-4/+31
| | | | | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Add way to set pam specific options in pam_test_setup adn use it to set the p11_child_timeout value to 30. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: Make p11_child timeout configurableMichal Židek2015-09-236-26/+53
| | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Fix memory leak in sssdpac_verify()Thomas Oulevey2015-09-231-0/+3
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2803 Reviewed-by: Sumit Bose <sbose@redhat.com>
* DYNDNS: Return right error code in case of failureLukas Slebodnik2015-09-231-0/+1
| | | | | | | | The variable will be zero if getifaddrs succeeds and therefore wrong error code will be returned in case of insufficient memory (talloc_zero failed) Reviewed-by: Pavel Reichl <preichl@redhat.com>
* DDNS: execute nsupdate for single update of PTR recPavel Reichl2015-09-224-72/+219
| | | | | | | | | | | nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA PROVIDER: Resolve nested netgroup membershipPetr Cech2015-09-221-10/+19
| | | | | | | | | | | | Informations about usergroup membership are stored in memberOf attribute. And informations about hostgroup membership are stored in originalMemberOf. This patch add appropriate memberOf attributes for searching in. Ticket: https://fedorahosted.org/sssd/ticket/2275 Reviewed-by: Sumit Bose <sbose@redhat.com>
* LDAP: Filter out multiple entries when searching overlapping domainsJakub Hrozek2015-09-226-20/+306
| | | | | | | | | | In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Move sdap_create_search_base from ldap to sdap codeJakub Hrozek2015-09-224-70/+68
| | | | | | | | The function shouldn't be placed in the LDAP tree, but in the SDAP tree to make it usable from tests without linking to libraries that are normally linked from LDAP provider (such as confdb) Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Move named_domain from test_utils to common test codeJakub Hrozek2015-09-224-34/+26
| | | | | | This handy function should be reused by other parts of the code. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: imposing sizelimit=1 for single-entry searches breaks overlapping domainsJakub Hrozek2015-09-222-13/+0
| | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2723 In case there are overlapping sdap domains, a search for a single user might match and return multiple entries. For instance, with AD domains represented by search bases: DC=win,DC=trust,DC=test DC=child,DC=win,DC=trust,DC=test A search for user from win.trust.test would be based at: DC=win,DC=trust,DC=test but would match both search bases and return both users. Instead of performing complex filtering, just save both users. The responder would select the entry that matches the user's search. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: link dp tests with LDB directly to fix builds on DebianJakub Hrozek2015-09-221-0/+2
| | | | | | https://fedorahosted.org/sssd/ticket/2799 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sss_override: remove -d from manpagePavel Březina2015-09-211-1/+1
| | | | | | Short version of --debug is not acepted. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: Do not allow the AD lookup code to set backend as offline in server modeJakub Hrozek2015-09-211-1/+7
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2637 In server mode, we should not allow the AD lookups to set the backend offline. Rather just let them report an error and deal with the error separately. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: Set ignore_mark_offline=false when resolving AD root domainJakub Hrozek2015-09-211-23/+33
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2637 Avoid going offline in cases where SSSD is connected to a child domain but the root domain is not accessible. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: Do not mark the whole back end as offline if subdomain lookup failsJakub Hrozek2015-09-211-14/+67
| | | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2637 Rather mark the domain as inactive. It will be marked as active later, in the meantime the main domain can continue to work online and subdomain requests will be answered from cache. The lookup request itself just returns a special error code and lets the caller handle the error code as appropriate (normally by disabling the subdomain temporarily). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* KRB5: Offline operation with disabled domainJakub Hrozek2015-09-211-1/+11
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2637 If a subdomain is in the disabled state, switch krb5_child operation into offline mode. Similarly, instead of marking the whole back end as offline, mark just the domain as offline -- depending on the domain type, this would mark the whole back end or just inactivate subdomain. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: Only ignore errors from SDAP lookups if there's another connection to ↵Jakub Hrozek2015-09-211-0/+1
| | | | | | | | | | | | | | | | | fallback to Required for: https://fedorahosted.org/sssd/ticket/2637 The AD lookup code honors the ignore_mark_offline flag in the sense that if it's set, the sdap return code is not reported to the upper layer, but EOK is returned as request status and the sdap return code is returned separately. This patch modifies the behaviour further to only apply if there is another connection to fall back to. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Do not set is_offline if ignore_mark_offline is setJakub Hrozek2015-09-211-1/+1
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2637 The caller of the sdap_id_op requests can set the ignore_mark_offline flag to avoid the sdap_id_op from marking the whole back end as offline. However, there was a small bug - the is_offline internal sdap_id_op flag was still being set. As a consequence, the error code from the connection was ignored and EAGAIN was always returned. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* DP: Provide a way to mark subdomain as disabled and auto-enable it later ↵Jakub Hrozek2015-09-214-9/+395
| | | | | | | | | | | | | | | | with offline_timeout https://fedorahosted.org/sssd/ticket/2637 Adds a new Data Provider function be_mark_dom_offline() that is a replacement for be_mark_offline(). When called, the function would either set the whole back end offline, just like be_mark_offline or just set the subdomain status to inactive. When a subdomain is inactive, there is a singleton timed task that would re-set the subdomin after offline_timeout seconds. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Convert domain->disabled into tri-state with domain statesJakub Hrozek2015-09-2112-14/+60
| | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ldap_id_cleanup: Fix coding style issuesLukas Slebodnik2015-09-181-9/+9
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Sanitize group dn before using in filterLukas Slebodnik2015-09-182-2/+17
| | | | | | | | | | Each string should be sanitized(rfc4515) before using ldbsearch. A group dn was not sanitized in the function cleanup_groups. Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Partially revert "LDAP: sanitize group name when used in filter"Lukas Slebodnik2015-09-182-84/+5
| | | | | | | This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. + temporary disable unit test Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Revert "LDAP: end on ENOMEM"Lukas Slebodnik2015-09-181-1/+0
| | | | | | | This reverts commit f31a57321fc0a2390bb0d6030053c49787e5e587. It blocked reverting commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ad_common: Use unique directory for keytabsLukas Slebodnik2015-09-181-2/+15
| | | | | | | | | This patch also improved cleanup. The functions test_ad_create_2way_trust_options created keytab which was used by other following tests test_ldap_conn_list, test_conn_list. The keytab was not removed at the end of al tests. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* test_copy_keytab: Create keytabs in unique directoryLukas Slebodnik2015-09-181-2/+9
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* test_ipa_subdomains_server: Use unique dorectory for keytabsLukas Slebodnik2015-09-182-4/+5
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2694 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
generated by cgit (git 2.34.1) at 2024-11-15 22:13:18 +0000