summaryrefslogtreecommitdiffstats
path: root/src/tests/cmocka
Commit message (Collapse)AuthorAgeFilesLines
* NSS: Don't ignore backslash in usernames with ldap providerrhel-7.2Lukas Slebodnik2015-09-011-2/+2
| | | | | | | | | | The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Always re-fetch the keytab from the IPA serverJakub Hrozek2015-08-171-9/+157
| | | | | | | | | | Even if a keytab for one-way trust exists, re-fetch the keytab again and try to use it. Fall back to the previous one if it exists. This is in order to allow the admin to re-establish the trust keytabs with a simple sssd restart. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Provide a common interface to safely create temporary filesJakub Hrozek2015-08-171-0/+175
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-08-041-0/+62
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: add certificate support to PAM (pre-)auth requestsSumit Bose2015-08-043-2/+507
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* authok: add support for Smart Card related authtokensSumit Bose2015-08-041-0/+75
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* utils: add NSS version of cert utilsSumit Bose2015-08-041-0/+4
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: fix compiler warningsPavel Reichl2015-07-281-2/+0
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SYSDB: prepare for LOCAL viewPavel Březina2015-07-271-0/+66
| | | | | | | | | | | | Objects doesn't have to have overrideDN specified when using LOCAL view. Since the view is not stored on the server we do not want to contact LDAP therefore we special case LOCAL view saying that it is OK that this attribute is missing. Preparation for: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* VIEWS TEST: add null-checkPavel Březina2015-07-271-0/+6
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: support for dualstackPavel Reichl2015-07-241-0/+178
| | | | | | | | | | | | When dyndns_iface option was not used, address of connection to LDAP was used. This patch proposes following change: * Interface containing address of connection is found. * All A and AAAA addresses of this interface are collected. * Collected addresses are sent during DDNS update. * Function sss_iface_addr_add() is removed. Resolves: https://fedorahosted.org/sssd/ticket/2558
* TESTS: dyndns tests support AAAA addressesPavel Reichl2015-07-241-13/+38
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2558
* DYNDNS: sss_iface_addr_list_get return ENOENTPavel Reichl2015-07-241-0/+20
| | | | | | | If none of eligible interfaces matches ifname then ENOENT is returned. Resolves: https://fedorahosted.org/sssd/ticket/2549
* nss_check_name_of_well_known_sid() improve name splittingSumit Bose2015-07-171-39/+53
| | | | | | | | | | | | | | | Currently in the default configuration nss_check_name_of_well_known_sid() can only split fully-qualified names in the user@domain.name style. DOM\user style names will cause an error and terminate the whole request. With this patch both styles can be handled by default, additionally if the name could not be split nss_check_name_of_well_known_sid() returns ENOENT which can be handled more gracefully by the caller. Resolves https://fedorahosted.org/sssd/ticket/2717 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* cache_req: Extend cache_req with wildcard lookupsJakub Hrozek2015-07-161-1/+413
| | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2553 Adds two new functions to the cache_req API: - cache_req_user_by_filter_send - cache_req_group_by_filter_send These functions can be used to retrieve users or groups that match a specified filter. Also renames a variable to avoid constant confusion -- the variable is only used for debug output. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SYSDB: Add functions to look up multiple entries including name and custom ↵Jakub Hrozek2015-07-161-0/+494
| | | | | | | | | | | | | | | | | | | filter Related: https://fedorahosted.org/sssd/ticket/2553 Adds new sysdb function: - sysdb_enumpwent_filter - sysdb_enumpwent_filter_with_views - sysdb_enumgrent_filter - sysdb_enumgrent_filter_with_views These are similar to enumeration functions, but optionally allow to specify a filter to be applied on user/group names. Also an additional custom filter can be applied. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* tests: Move N_ELEMENTS definition to tests/common.hJakub Hrozek2015-07-162-6/+0
| | | | | | Avoids code duplication Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test common: sss_dp_get_account_recv() fix assignmentSumit Bose2015-07-161-1/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Minor code improvementsPavel Reichl2015-07-061-1/+0
| | | | | | | | pam_helpers.h had to be included after util.h. Removed exara empty line. Fixed code alignment Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* KRB5: Add and use krb5_auth_queue_send to queue requests by defaultJakub Hrozek2015-07-061-0/+365
| | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2701 Previously, only the krb5 provides used to queue requests, which resulted in concurrent authentication requests stepping on one another. This patch queues requests by default. Reviewed-by: Sumit Bose <sbose@redhat.com>
* tests: Reduce duplication with new function test_ev_doneJakub Hrozek2015-07-063-15/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* test_ipa_subdomains_server: Fix build with --coverageLukas Slebodnik2015-07-021-0/+6
| | | | | | | | | | | It seems that gcc did some optimization and used execve instead of execle when the code was instrumented for coverage analysis. So the exec* function was not wrapped and it tried to call real binary ipa-getkeytab Reviewed-by: Michal Židek <mzidek@redhat.com>
* test_ipa_subdom_server: Add missing assertLukas Slebodnik2015-06-221-0/+1
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* utils: add get_last_x_chars()Sumit Bose2015-06-193-0/+30
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ncache: add calls for certificate based searchesSumit Bose2015-06-191-0/+42
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-191-0/+361
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ipa_subdomains_server: Run clean-up after successLukas Slebodnik2015-06-161-0/+7
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* IPA: Utility function for setting up one-way trust contextJakub Hrozek2015-06-141-5/+24
| | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Add ad_create_1way_trust_optionsJakub Hrozek2015-06-141-0/+74
| | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 For one-way trusts we can assume that AD domain is the same as the Kerberis realm. On the other hand, SASL realm and keytab path are specified, unlike two-way trusts that use the system keytab. Includes a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA/AD: Set up AD domain in ad_create_2way_trust_optionsJakub Hrozek2015-06-141-0/+7
| | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Removed code duplication. Amends unit test to make sure we don't regress. Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Split off ad_create_default_optionsJakub Hrozek2015-06-141-0/+17
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Make the function reusable and add a simple unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Rename ad_create_default_options to ad_create_2way_trust_optionsJakub Hrozek2015-06-141-22/+129
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Better reflects what's going on in the function. Also adds a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Fetch keytab for 1way trustsJakub Hrozek2015-06-141-5/+167
| | | | | | | | | Uses the ipa-getkeytab call to retrieve keytabs for one-way trust relationships. https://fedorahosted.org/sssd/ticket/2636 Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add unit test for the subdomain_server.c moduleJakub Hrozek2015-06-141-0/+621
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Move krb5_try_kdcip to nested group testJakub Hrozek2015-06-143-15/+8
| | | | | | Avoids duplicate errors during linking. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a common function to set up sdap_id_ctxJakub Hrozek2015-06-143-7/+26
| | | | | | Reduces code duplication between tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a common mock_be_ctx functionJakub Hrozek2015-06-145-9/+79
| | | | | | Reduces code duplication between tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Split off keytab creation into a common moduleJakub Hrozek2015-06-143-36/+159
| | | | | | This change will make the keytab creating reusable by other tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Split two functions to new module ipa_subdomains_utils.cJakub Hrozek2015-06-141-0/+227
| | | | | | | | | These functions will be later reused by the subdomains_server.c module. Splitting them into a separate subdomains_utils.c module will make sure there are no cyclic dependencies and the functions are testable in isolation. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Add a forest root attribute to sss_domain_infoJakub Hrozek2015-06-141-7/+357
| | | | | | | | Instead of complex forest root search methods, establish forest root during subdomain list update. The subdomain code can then just use the forest_root pointer. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Add realm to sysdb_master_domain_add_infoJakub Hrozek2015-06-141-0/+35
| | | | | | | | | | Adding realm to both master domain and subdomain will make it easier to set and select forest roots. Even master domains can be forest members, it's preferable to avoid special-casing as much as possible. Includes a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a test for sysdb_subdomains.cJakub Hrozek2015-06-141-0/+184
| | | | | | | The sysdb_subdomains.c module should have its own sysdb test, not share the generic sysdb one. Reviewed-by: Sumit Bose <sbose@redhat.com>
* UTIL/SYSDB: Move new_subdomain() to sysdb_subdomains.c and make it privateJakub Hrozek2015-06-141-0/+1
| | | | | | | | | | | In order to make updating the subdomain list a two-step process. Therefore we need to make sure that update_subdomains() is the only interface towards the SSSD that changes the subdomain list. Move the new_subdomain() function to sysdb_subdomains.c and only make it available through a private header so it's usable by unit tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SYSDB: Store trust direction for subdomainsJakub Hrozek2015-06-142-3/+3
| | | | | | | | | | | | We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com>
* subdomains: Inherit cleanup period and tokengroup settings from parent domainJakub Hrozek2015-06-051-0/+160
| | | | | | | | | | | Allows the administrator to extend the functionality of ldap_purge_cache_timeout, ldap_user_principal and ldap_use_tokengroups to the subdomains. This is a less intrusive way of achieving: https://fedorahosted.org/sssd/ticket/2627 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: Add sdap_copy_map_entryJakub Hrozek2015-06-051-0/+83
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* DP: Add a function to inherit DP options, if setJakub Hrozek2015-06-051-8/+119
| | | | | | | | | | | Related to: https://fedorahosted.org/sssd/ticket/2644 Adds a utility function that checks if a DP option is present in the subdomain_inherit list. If it is, then the option is set from source to destination dp_option array. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: Do not print verbose DEBUG messages from providers that don't set UUIDJakub Hrozek2015-06-041-1/+9
| | | | | | https://fedorahosted.org/sssd/ticket/2666 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: Add test for get_next_domainJakub Hrozek2015-06-021-0/+138
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IFP: add org.freedesktop.sssd.infopipe.Users.UserPavel Březina2015-05-221-7/+7
| | | | | | | | | | | | Example calls: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001 org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name method return sender=:1.159 -> dest=:1.165 reply_serial=2 variant string "user-1" Resolves: https://fedorahosted.org/sssd/ticket/2150 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-28 15:33:59 +0000