| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2291
The dbus tests that mock an sbus server were failing when make distcheck
was ran by a user logged in through the SSSD.
The reason was that the libtool wrapper around the test library alters
the LD_LIBRARY_PATH and as a consequence, the standard getpwuid_r() calls
the dbus server performs would load the in-tree NSS library and not the
system one. The-in tree library would then attempt to talk to an in-tree
NSS socket, fail, which would fail the getpwuid_r call with an error such as:
"""
Could not get password database information for UID of current process:
User "???" unknown or no memory to allocate password entry
"""
This patch adds a new configure-time option called --enable-dbus-tests
that is enabled by default and disabled during distcheck. When the
option is disabled, the tests that require a mocked dbus server are not
compiled at all.
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use AM_DISTCHECK_CONFIGURE_FLAGS in Makefile.am instead of
DISTCHECK_CONFIGURE_FLAGS to allow using the latter at build time,
upon making distcheck target.
In particular, the above would allow specifying --with-test-dir option
to help archive test data in CI runs, like this:
make distcheck DISTCHECK_CONFIGURE_FLAGS=--with-test-dir=/dev/shm/ci-test-dir
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the basis of SBUS getters and setters. A new module,
sssd_dbus_properties.c would contain handlers for the property methods
like Get, Set and GetAll.
Type-safe property access works in a similar fashion like type-safe
method calls - the invoker calls the getter which returns the primitive
type, which is in turn marshalled into variant by the invoker.
This patch does not contain the complete functionality, see later
patches that continue implementing the getters and setters.
Reviewed-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Samba 4 libraries are necessary for building {ad, ipa} provider,
but samba4 needn't be available on older distributions.
This patch add possibility to build SSSD without {ad, ipa} provider
and thus without Samba 4 libraries.
The script configure have new argument --with-samba with default value yes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new method on the bus with the following synopsis:
<method name="GetUserGroups">
<arg name="user" type="s" direction="in" />
<arg name="values" type="as" direction="out"/>
</method>
Its purpose is to return names of groups the user is a member of as a
list of strings.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
since the IFP responder is currently the only planned consumer.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a number of utility functions, most importanly ifp_req_create().
The ifp_req is a structure that will be passed along with the ifp
request and would provide easy access to both the sbus_request data and
per-responder data, like the ifp_ctx.
Also includes a utility function to split a path prefix from a full path
and add a ldb_element into a dictionary. These will be reused later.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an async request sbus_get_sender_id_{send,recv} that allows
retrieval of UID based on "sender" as returned by
dbus_message_get_sender().
The UID is an int64_t to be able to use "-1" to as a fallback value for
uknown or error cases.
The unit test is added as a standalone one, not part of the sbus_tests
because the request, and by extension the unit test relies on being
connected to the system bus, which is very unlikely to work in a build
system.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test ipa_ldap_opt has undefined symbols from libldap and liblber,
but it was not directly linked with openldap libraries.
sh-4.2$ nm --undefined-only .libs/ipa_ldap_opt-tests | grep -E "ldap|ber"
U ber_free
U ldap_err2string
It causes linker failure on systems with disabled link_all_deplibs (debian)
/usr/bin/ld: src/providers/ldap/ipa_ldap_opt_tests-sdap.o: undefined reference
to symbol 'ber_free'
/usr/bin/ld: note: 'ber_free' is defined in DSO /lib64/liblber-2.4.so.2 so try
adding it to the linker command line
/lib64/liblber-2.4.so.2: could not read symbols: Invalid operation
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
The sdap_copy_opts function copied all the arguments except for the
sentinel.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The responders were copying code to parse input and on encountering an
uknown domain, send the discover subdomain request. This patch adds a
reusable request that can always be called in responders and in case the
name can be parsed, just shortcut.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
Splitting the module would allow responders that test the Data Provider
requests to use the mock_rctx/mock_cctx functions without duplicate
definitions.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
List test extensions with TEST_EXTENSIONS [1] in Makefile.am to allow
applying separate LOG_COMPILER for binary and Python tests.
This is needed to avoid running Python tests under Valgrind as that
produces too many interpreter-specific errors which are hard to suppress
reliably [2].
Thus a run like this would run only binary tests under Valgrind:
make check PY_LOG_COMPILER=env LOG_COMPILER=valgrind
Or more briefly:
make check LOG_COMPILER=valgrind
[1] http://www.gnu.org/software/automake/manual/automake.html#index-TEST_005fEXTENSIONS
[2] http://svn.python.org/projects/python/trunk/Misc/README.valgrind
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
This adds a big test case for invoking a handler with all supported
basic arguments, and constructing a reply with the same. Lots of
tedious code, but worth it to make sure things work well.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't add --with-syslog=journald to extra_distcheck_flags if configured
with systemd (--with-initscript=systemd). Add it if configured with
journald (--with-syslog=journald) instead. This fixes distcheck target
when configured with systemd, but without journald.
Don't install journal.conf helping with enabling journald logging,
unless configured with journald (--with-syslog=journald), as it would be
useless and misleading.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Files sss_ldap.c, user_info_msg.c were built in libsss_{ad,ipa,ldap}.so.
In these two files, there are functions sss_ldap_get_diagnostic_msg,
pack_user_info_chpass_error which are needed in libsss_ldap_common.so
sss_ldap_get_diagnostic_msg is used in src/providers/ldap/sdap_async.c,
src/providers/ldap/sdap_async_connection.c
pack_user_info_chpass_error is used in src/providers/ldap/ldap_auth.c
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functions from module sss_krb5.c were duplicated in many libraries.
e.g. symol check_fast was in libsss_ad.so, libsss_ipa.so,
libsss_krb5.so, libsss_ldap.so
This patch also remove duplicate files between libsss_ldap.so and
libsss_krb5_common.so. libsss_ldap.so has already depended on libkrb5.
Now, it will depend on libsss_krb5_common.so
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Functions from module find_uid.c were duplicated in many libraries.
e.g. symol check_if_uid_is_active was in libsss_ad.so, libsss_ipa.so,
libsss_krb5.so, libsss_ldap.so
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Library libsss_ldap.so does not directly use functions from library
libsss_idmap.so. It only call function sdap_idmap_init (from file sdap_idmap.c)
which is in library libsss_ldap_common.so
sh-4.2$ nm -D --undefined-only /usr/lib64/sssd/libsss_ldap.so | grep idmap
U sdap_idmap_init
On the other hand, libsss_ldap_common.so uses functions from libsss_idmap
but it was not linked to libsss_idmap.so.
sh-4.2$ objdump -p /usr/lib64/sssd/libsss_ldap_common.so | grep idmap
sh-4.2$ echo $?
1
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The symbol add_key (from libkeyutils) is used by
function add_user_to_delayed_online_authentication
(from file src/providers/krb5/krb5_delayed_online_authentication.c)
which is part of libsss_krb5_common.so
Fixes following error:
[sssd[be[default]]] [load_backend_module]
(0x0010): Unable to load ad module with path
(/usr/lib64/sssd/libsss_ad.so), error:
/usr/lib64/sssd/libsss_krb5_common.so: undefined symbol: add_key
-lkeyutils was passed to the libraries libsss_{krb5,ipa,ad}.so,
but when compiling with -Wl,--as-needed this flag will be ignored,
since it is not used directly. So it was unavailable to
libsss_krb5_common.so which actually needs it.
This patch removes $(KEYUTILS_LIBS) from those libraries and adds it to
libsss_krb5_common.so
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2234
This patch generates the introspection data from the sbus interface meta
structure. The generated XML conforms to
http://dbus.freedesktop.org/doc/dbus-specification.html#introspection-format
The XML description of the interface also always includes the
org.freedesktop.DBus.Introspectable interface, which this patch also allows
in the policy settings.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sssd.service was assigned to the dist_systemdunit_DATA variable.
Automake will install this file into the systemd unit directory after building
it if necessary. Automake will also include this generated file in the tarball.
As a result, when building sssd from the tarball, the paths needn't be
recreated.
The files in DATA primaries are added as dependencies to the all target
via the internal all-am target. If sssd.service doesn’t exist, make will look
for a rule to build it. Since there is such a rule, make will simply execute
that rule when I build the all target.
Resolves:
https://fedorahosted.org/sssd/ticket/2314
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Installation-Directory-Variables.html
Most of these variables have values that rely on prefix or exec_prefix. It is
deliberate that the directory output variables keep them unexpanded: typically
‘@sbindir@’ is replaced by ‘${exec_prefix}/sbin’, not ‘/usr/local/sbin’.
This behavior is mandated by the GNU Coding Standards.
Installation directory variables (sbindir, pkgdatadir ...) should be used
only in makefiles. Similarly, we should not rely on AC_CONFIG_FILES to replace
sbindir and friends in shell scripts and other files; instead, let make
manage their replacement.
Resolves:
https://fedorahosted.org/sssd/ticket/2293
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
There is no need for client socket in IFP responder,
since it uses D-Bus for communication with clients.
Resolves:
https://fedorahosted.org/sssd/ticket/2290
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
Adds the possibility for the InfoPipe responder to connect to the system bus.
At the moment, only a dummy method "Ping" is provided. The method only
accepts a single string parameter that has to be 'ping'.
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet.
|
| |
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This starts a DBus server with some handlers, and runs some method
calls against it.
Note that we don't use the codegen in the sbus_tests, as we sorta
want to test this non-codegen related functionality on its own before
we run the sbus_codegen_tests.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct sbus_request represents a request from a dbus client
being handled by a dbus server implementation. The struct
contains the message, connection and method (and in the
future teh property) which is being requested.
In the future it will contain caller information as well.
sbus_request is a talloc memory context, and is a good place to
attach any allocations and memory specific to the request.
Each handler accepts an sbus_request. If a handler returns
EOK, it is assumed that the handler will finish the request.
Any of the sbus_request_*finish() methods can be used to
complete the request and send back a reply.
sbus_request_return_and_finish() uses the same argument
varargs syntax as dbus_message_append_args(), which isn't
a great syntax. Document it a bit, but don't try to redesign:
The marshalling work (will follow this patch set) will remove
the need to use varargs for most DBus implementation code.
This patch migrates the monitor and data provider dbus code
to use sbus_request, but does not try to rework the talloc
context's to use it.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
dp_opt_tests cannot be linked properly if link_all_deplibs is disabled (debian)
/usr/bin/ld: src/tests/cmocka/dp_opt_tests-test_dp_opts.o:
undefined reference to symbol 'poptFreeContext@@LIBPOPT_0'
/usr/bin/ld: note: 'poptFreeContext@@LIBPOPT_0' is defined in DSO
/lib64/libpopt.so.0 so try adding it to the linker command line
/lib64/libpopt.so.0: could not read symbols: Invalid operation
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of appending the search patch in the source directory should be
prepended. Otherwise the test might find files installed in the default
paths of the system first.
As a result the compiled python files in the build directory must be
remove in the clean target to make 'make distcheck' pass.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the config API read any file in the schema plugin dir,
typically /usr/share/sssd/sssd.api.d. If there are any unexpected files,
like e.g. editor copies or backups, the python code might break because
it cannot parse the files.
With this patch only files matching the pattern '^sssd-.*\.conf$' are
read from this directory.
Additionally this patch contains a file which will break the config API
self test if it is not filtered out correctly.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the sudo target to the AD provider. The main reason is
to cover different default settings in the LDAP and AD provider. E.g.
the default for ldap_id_mapping is True in the AD provider and False
in the LDAP provider. If ldap_id_mapping was not set explicitly in the
config file both components worked with different setting.
Fixes https://fedorahosted.org/sssd/ticket/2256
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2257
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|