| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Better reflects what's going on in the function. Also adds a unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Uses the ipa-getkeytab call to retrieve keytabs for one-way trust
relationships.
https://fedorahosted.org/sssd/ticket/2636
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
Reduces code duplication between tests.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
This change will make the keytab creating reusable by other tests.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
These functions will be later reused by the subdomains_server.c module.
Splitting them into a separate subdomains_utils.c module will make sure
there are no cyclic dependencies and the functions are testable in
isolation.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
There is already quite a few functions that are server-mode specific and
there will be even more with one-way trusts. Split the server-mode
specific functions into a separate module.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
The sysdb_subdomains.c module should have its own sysdb test, not share
the generic sysdb one.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to design page[1], proxy_child should run
with root privileges in non-root mode however proxy_child
did not have setuid bit.
After setting setuid bit proxy_child will be executed with extra privileges.
The effective user ID will be 0 but effective group ID will be still
the same as egid of sssd_be. Therefore gid of private pipe for
proxy_child should be the same. Otherwise proxy_child will fail
due to wrong permissions of unix pipe (sbus_client_init -> check_file)
[1] https://fedorahosted.org/sssd/wiki/DesignDocs/NotRootSSSD
Resolves:
https://fedorahosted.org/sssd/ticket/2655
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "intgcheck" make target. Update CI to use it.
The "intgcheck" target configures and builds sssd in a sub-directory,
installs it into a prefix in another sub-directory, and then makes the
"intgcheck-installed" target from within src/tests/intg in that separate
build.
The "intgcheck-installed" target in src/tests/intg runs py.test for all
tests it can find in that directory, under fakeroot and
nss_wrapper/uid_wrapper environments emulating running under root.
It also adds the value of INTGCHECK_PYTEST_ARGS environment/make
variable to the py.test command line. You can use it to pass additional
py.test options, such as specifying a subset of tests to run. See
"py.test --help" output.
There are only two test suites in src/tests/intg at the moment:
ent_test.py and ldap_test.py.
The ent_test.py runs tests on ent.py - a module of assertion functions
for checking entries in NSS database (passwd and group), for use in
actual tests. The ent_test.py suite can be used as ent.py usage
reference.
The ldap_test.py suite sets up and starts a slapd instance, adds a few
user and group entries, configures and starts sssd and verifies that
those users and groups are retrieved correctly using various NSS
functions. The tests are very basic at the moment.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test SSSDConfigTest is executed twice with make check
if python2 and python3 are available.
Tests are executed in parallel with new automake
and therefore it caused sometimes failures e.g.
ERROR: testModifyExistingConfig (__main__.SSSDConfigTestValid)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/sssd/src/config/SSSDConfigTest.py", line 215, in testModifyExistingConfig
mode = os.stat(of)[ST_MODE]
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/testModifyExistingConfig.conf'
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Example calls:
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001 org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name
method return sender=:1.159 -> dest=:1.165 reply_serial=2
variant string "user-1"
Resolves:
https://fedorahosted.org/sssd/ticket/2150
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Example calls:
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByName string:user-1
method return sender=:1.159 -> dest=:1.160 reply_serial=2
object path "/org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001"
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByID uint32:10001
method return sender=:1.159 -> dest=:1.163 reply_serial=2
object path "/org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/1000
Resolves:
https://fedorahosted.org/sssd/ticket/2150
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Errors provided directly by D-Bus are not sufficient
to fulfill all our needs.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2624
Add a function to query the libsemanage database for a user context and
only update the database if the context differes from the one set on the
server.
Adds talloc dependency to libsss_semanage.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
| |
Patch remove code duplication.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
make distcheck failed due to missing header file.
../src/tests/cmocka/test_ldap_auth.c:33:45:
fatal error: tests/cmocka/test_expire_common.h: No such file or directory
#include "tests/cmocka/test_expire_common.h"
^
compilation terminated.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although in the initial processing SSSD treats the binary value right at
some point it mainly assumes that it is a string. Depending on the value
this might end up with the correct binary value stored in the cache but
in most cases there will be only a broken entry in the cache.
This patch converts the binary value into a string representation which
is described in [MS-DTYP] and stores the result in the cache.
Resolves https://fedorahosted.org/sssd/ticket/2588
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2534
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
New utility function *sss_utc_to_time_t* to convert GeneralizedTime to
unix time.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Move part of pwexpire policy code to a separate function.
Relates to:
https://fedorahosted.org/sssd/ticket/2167
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1884
Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make uninstall did not remove symbolic links and make distcheck
did not detect it. As a result of this bug another make install failed.
cd /usr/lib64/python2.7/site-packages && \
ln -s _py2sss.so pysss.so ; \
ln -s _py2hbac.so pyhbac.so ; \
ln -s _py2sss_murmur.so pysss_murmur.so ; \
ln -s _py2sss_nss_idmap.so pysss_nss_idmap.so
ln: failed to create symbolic link ‘pysss.so’: File exists
ln: failed to create symbolic link ‘pyhbac.so’: File exists
ln: failed to create symbolic link ‘pysss_murmur.so’: File exists
ln: failed to create symbolic link ‘pysss_nss_idmap.so’: File exists
Makefile:19361: recipe for target 'install-exec-hook' failed
make[4]: *** [install-exec-hook] Error 1
This patch also use argument "-f" with command ln
which remove existing destination files before creating symbolic link
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
| |
On several places, let's add a pam_strerror() call so that it's easier
to debug user problems.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
This patch add simple bash wrappers for python tests.
They are executed either with python2 or python3.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2574
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
| |
Number of IFP interfaces will grown up rapidly in the future. It is
not convenient to keep it inside ifpsrv.c.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properties are single value of a small number of predefined D-Bus
types. There is no need to generate them with codegen. Actually,
the source generator for property getters is already quite mess
with branching for array, strings and object paths. Adding any
more complex type in the future (such as dictionary) would require
even more branching or creating a separate path for it.
Hard coding the getters will simplify creating new ones for more
complex types. This patch also reduces lots of code duplication
and creates a simple function for GetAll.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
SSSD contained several backwards-compatible definitions of SRV and TXT
APIs as well as structures that carry TTL data. These were intended for
RHEL-5 and older releases. Since we don't support those upstream, it's
better to remove the code -- it has drifted apart from upstream anyway.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/1884
Adds an internal resolver function that reads the TTL for SRV records as
specified by RFC-2181. Several internal c-ares definitions are used
until c-ares contains a function that exposes all this information via a
parsing function.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
These functions are quite general thus they may be part
of sbus interface.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is done to better distinguish between connection code and interface
stuff. It will help with orientation and thus simplify next changes.
Preparation for:
https://fedorahosted.org/sssd/ticket/2339
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
The module wasn't tested properly, which made it harder to patch it
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many areas of responders performs an expiration check and refresh
of cached objects during single or multiple domain search. This code
is duplicated on many areas of the code with small or none
modifications.
This interface aims to reduce code duplication between responders,
by providing one universal API for requesting cached objects.
This API will take care of cache lookup, expiration check, cache
refresh, out of band cache request, negative cache in both single
and multi domain searches.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A library should not be installed before it's internal dependencies
otherwise there is an error in make distcheck.
libtool: install: error: relink `libsss_crypt.la' with the above command before
installing it
It would be sufficient just to change order of libraries in
automake variable pkglib_LTLIBRARIES, but it's better to have
internal libraries on the one place.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compilation of test_child_common failed with linker flag --as-needned
due to cyclic dependencies between libsss_child.so and libsss_util.so
CCLD test_child_common
./.libs/libsss_child.so: undefined reference to `sss_hash_create'
./.libs/libsss_child.so: undefined reference to `hash_lookup'
./.libs/libsss_child.so: undefined reference to `BlockSignals'
./.libs/libsss_child.so: undefined reference to `hash_delete'
./.libs/libsss_child.so: undefined reference to `hash_enter'
./.libs/libsss_child.so: undefined reference to `hash_error_string'
./.libs/libsss_child.so: undefined reference to `sss_atomic_io_s'
./.libs/libsss_child.so: undefined reference to `sss_strerror'
collect2: error: ld returned 1 exit status
This patch is temporary workaround.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
