| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and groups
identified by their SID to POSIX users and groups identified by their
POSIX UIDs and GIDs respectively.
The API is not fully implemented because SSSD does not support some AD
features like WINS or NTLM. Additionally this implementation has its
focus on the file-server use case and hence does not implement some
features which might be needed for a domain controller use case.
Some API calls are generic and independent of the backend like e.g.
converting binary SIDs and GUIDs into a string representation and back
or memory allocation and deallocation. These parts are taken from the
original Samba sources together with copyright and authors. Files
with'_sssd' as part of the name contain the SSSD related calls.
Resolves: https://fedorahosted.org/sssd/ticket/1588
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sdap-tests uses functions from openldap, but it was not linked with libldap or
liblber.
sh-4.2$ nm --undefined-only .libs/sdap-tests | grep -E "ldap|ber"
U ber_free
U ldap_control_create
U ldap_err2string
U ldap_get_option
U ldap_init_fd
U ldap_install_tls
U ldap_is_ldaps_url
U ldap_unbind_ext
sdap-tests cannot be linked on platfrms with disabled link_all_deplibs.
CCLD sdap-tests
/usr/bin/ld: src/providers/ldap/sdap_tests-sdap.o: undefined reference to symbol 'ber_free'
/usr/bin/ld: note: 'ber_free' is defined in DSO /lib64/liblber-2.4.so.2 so try adding it to the linker command line
/lib64/liblber-2.4.so.2: could not read symbols: Invalid operation
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [sdap-tests] Error 1
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version symbol files will help package systems to catch backward compatible
changes (newly added functions) into library.
The difference between libraries libsss_nss_idmap_test.so and
libsss_nss_idmap.so is that the 1st library will not be installed and has more
exported functions, which are necessary for mocking with cmocka for test
sss_nss_idmap-test.
Resolves:
https://fedorahosted.org/sssd/ticket/2194
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
The system bus has the ability to start services on demant. This patch
adds the sysbus service activation file that, currently, only calls the
sss_signal tool to signal the monitor.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
A minimal tool whose only purpose is to signal the monitor with
SIGUSR2. The tool will be executed by the system bus in order to provide
system activation, so it's packaged in libexec.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
We fprintf the introspection data on demand rather than printing an XML
file. The directory specification can be removed.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
Covers the sdap_parse_entry function with unit tests so that we know
that modifying the function in a later patch will not result in a
regression.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add substitution of a special variable "AUX_TESTS_ENVIRONMENT" to the
"TESTS_ENVIRONMENT" value, allowing its augmentation from the make
command line. This enables wrapping test commands with older versions of
Automake, where LOG_COMPILER support is missing.
This enables executing "make check" target with Valgrind on RHEL6, like
this:
make check AUX_TESTS_ENVIRONMENT="libtool --mode=execute valgrind"
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "/sssd.service.d" to systemdconfdir at configure stage, instead of
the make stage. This way, if systemd is not used, systemdconfdir
variable stays empty. That in turn, works around the attempt by older
versions of Automake to create the installation directory even though no
files are installed there [1].
This fixes installation and distcheck target on RHEL6, where an
"/sssd.service.d" directory creation would otherwise be attempted.
[1] http://debbugs.gnu.org/cgi/bugreport.cgi?bug=11030
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Switch back to using DISTCHECK_CONFIGURE_FLAGS instead of the
AM_-version in Makefile.am, as the latter is not supported by Automake
version in RHEL6.
Instead, use a special variable AUX_DISTCHECK_CONFIGURE_FLAGS to
augment distcheck target configure flags from the command line.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Functions pam_vsyslog and pam_modutil_getlogin are not available in openpam.
This patch conditionally define macros for these function if they are not
available. Compatible macros use standard functions vsyslog, getlogin
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
libsss_simple does not call any pam function.
sh-4.2$ nm --dynamic --undefined-only .libs/libsss_simple.so | grep pam
sh-4.2$ echo $?
1
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tests ad_common_tests, test_search_bases, ad_access_filter_tests could not be
linked on ubuntu and dlopen test faild as well.
Running suite(s): dlopen
0%: Checks: 1, Failures: 1, Errors: 0
src/tests/dlopen-tests.c:143:F:dlopen:test_dlopen_base:0:
Error opening libsss_ldap.so: [dlopen() failed: sssd-1.11.90/.libs/libsss_ldap_common.so:
undefined symbol: ber_pvt_opt_on]
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2291
The dbus tests that mock an sbus server were failing when make distcheck
was ran by a user logged in through the SSSD.
The reason was that the libtool wrapper around the test library alters
the LD_LIBRARY_PATH and as a consequence, the standard getpwuid_r() calls
the dbus server performs would load the in-tree NSS library and not the
system one. The-in tree library would then attempt to talk to an in-tree
NSS socket, fail, which would fail the getpwuid_r call with an error such as:
"""
Could not get password database information for UID of current process:
User "???" unknown or no memory to allocate password entry
"""
This patch adds a new configure-time option called --enable-dbus-tests
that is enabled by default and disabled during distcheck. When the
option is disabled, the tests that require a mocked dbus server are not
compiled at all.
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use AM_DISTCHECK_CONFIGURE_FLAGS in Makefile.am instead of
DISTCHECK_CONFIGURE_FLAGS to allow using the latter at build time,
upon making distcheck target.
In particular, the above would allow specifying --with-test-dir option
to help archive test data in CI runs, like this:
make distcheck DISTCHECK_CONFIGURE_FLAGS=--with-test-dir=/dev/shm/ci-test-dir
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the basis of SBUS getters and setters. A new module,
sssd_dbus_properties.c would contain handlers for the property methods
like Get, Set and GetAll.
Type-safe property access works in a similar fashion like type-safe
method calls - the invoker calls the getter which returns the primitive
type, which is in turn marshalled into variant by the invoker.
This patch does not contain the complete functionality, see later
patches that continue implementing the getters and setters.
Reviewed-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Samba 4 libraries are necessary for building {ad, ipa} provider,
but samba4 needn't be available on older distributions.
This patch add possibility to build SSSD without {ad, ipa} provider
and thus without Samba 4 libraries.
The script configure have new argument --with-samba with default value yes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new method on the bus with the following synopsis:
<method name="GetUserGroups">
<arg name="user" type="s" direction="in" />
<arg name="values" type="as" direction="out"/>
</method>
Its purpose is to return names of groups the user is a member of as a
list of strings.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
since the IFP responder is currently the only planned consumer.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a number of utility functions, most importanly ifp_req_create().
The ifp_req is a structure that will be passed along with the ifp
request and would provide easy access to both the sbus_request data and
per-responder data, like the ifp_ctx.
Also includes a utility function to split a path prefix from a full path
and add a ldb_element into a dictionary. These will be reused later.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an async request sbus_get_sender_id_{send,recv} that allows
retrieval of UID based on "sender" as returned by
dbus_message_get_sender().
The UID is an int64_t to be able to use "-1" to as a fallback value for
uknown or error cases.
The unit test is added as a standalone one, not part of the sbus_tests
because the request, and by extension the unit test relies on being
connected to the system bus, which is very unlikely to work in a build
system.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test ipa_ldap_opt has undefined symbols from libldap and liblber,
but it was not directly linked with openldap libraries.
sh-4.2$ nm --undefined-only .libs/ipa_ldap_opt-tests | grep -E "ldap|ber"
U ber_free
U ldap_err2string
It causes linker failure on systems with disabled link_all_deplibs (debian)
/usr/bin/ld: src/providers/ldap/ipa_ldap_opt_tests-sdap.o: undefined reference
to symbol 'ber_free'
/usr/bin/ld: note: 'ber_free' is defined in DSO /lib64/liblber-2.4.so.2 so try
adding it to the linker command line
/lib64/liblber-2.4.so.2: could not read symbols: Invalid operation
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
The sdap_copy_opts function copied all the arguments except for the
sentinel.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The responders were copying code to parse input and on encountering an
uknown domain, send the discover subdomain request. This patch adds a
reusable request that can always be called in responders and in case the
name can be parsed, just shortcut.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
Splitting the module would allow responders that test the Data Provider
requests to use the mock_rctx/mock_cctx functions without duplicate
definitions.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
List test extensions with TEST_EXTENSIONS [1] in Makefile.am to allow
applying separate LOG_COMPILER for binary and Python tests.
This is needed to avoid running Python tests under Valgrind as that
produces too many interpreter-specific errors which are hard to suppress
reliably [2].
Thus a run like this would run only binary tests under Valgrind:
make check PY_LOG_COMPILER=env LOG_COMPILER=valgrind
Or more briefly:
make check LOG_COMPILER=valgrind
[1] http://www.gnu.org/software/automake/manual/automake.html#index-TEST_005fEXTENSIONS
[2] http://svn.python.org/projects/python/trunk/Misc/README.valgrind
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
This adds a big test case for invoking a handler with all supported
basic arguments, and constructing a reply with the same. Lots of
tedious code, but worth it to make sure things work well.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't add --with-syslog=journald to extra_distcheck_flags if configured
with systemd (--with-initscript=systemd). Add it if configured with
journald (--with-syslog=journald) instead. This fixes distcheck target
when configured with systemd, but without journald.
Don't install journal.conf helping with enabling journald logging,
unless configured with journald (--with-syslog=journald), as it would be
useless and misleading.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|