summaryrefslogtreecommitdiffstats
path: root/src/tests/cmocka
Commit message (Collapse)AuthorAgeFilesLines
* WIP: Test for sdap_async.ctestsJakub Hrozek2015-10-014-70/+305
|
* test_pam_srv: Run cert test only with NSSLukas Slebodnik2015-09-301-0/+3
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* FO: Also reset the server common data in addition to SRVJakub Hrozek2015-09-231-49/+139
| | | | | | | | | | | In a server that is expanded from a SRV query was reset, only it's 'meta-server' status was set to neutral, but the server->common structure still retained its not_working status. This patch also resets the status of the common structure so that both the SRV query and resolving the server are retried next time. Reviewed-by: Sumit Bose <sbose@redhat.com>
* tests: Set p11_child_timeout to 30 in testsMichal Židek2015-09-231-4/+31
| | | | | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Add way to set pam specific options in pam_test_setup adn use it to set the p11_child_timeout value to 30. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* DDNS: execute nsupdate for single update of PTR recPavel Reichl2015-09-221-0/+29
| | | | | | | | | | | nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Filter out multiple entries when searching overlapping domainsJakub Hrozek2015-09-221-0/+186
| | | | | | | | | | In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Move named_domain from test_utils to common test codeJakub Hrozek2015-09-222-34/+0
| | | | | | This handy function should be reused by other parts of the code. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* DP: Provide a way to mark subdomain as disabled and auto-enable it later ↵Jakub Hrozek2015-09-211-0/+275
| | | | | | | | | | | | | | | | with offline_timeout https://fedorahosted.org/sssd/ticket/2637 Adds a new Data Provider function be_mark_dom_offline() that is a replacement for be_mark_offline(). When called, the function would either set the whole back end offline, just like be_mark_offline or just set the subdomain status to inactive. When a subdomain is inactive, there is a singleton timed task that would re-set the subdomin after offline_timeout seconds. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Convert domain->disabled into tri-state with domain statesJakub Hrozek2015-09-212-4/+8
| | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ldap_id_cleanup: Fix coding style issuesLukas Slebodnik2015-09-181-9/+9
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ad_common: Use unique directory for keytabsLukas Slebodnik2015-09-181-2/+15
| | | | | | | | | This patch also improved cleanup. The functions test_ad_create_2way_trust_options created keytab which was used by other following tests test_ldap_conn_list, test_conn_list. The keytab was not removed at the end of al tests. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* test_copy_keytab: Create keytabs in unique directoryLukas Slebodnik2015-09-181-2/+9
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* test_ipa_subdomains_server: Use unique dorectory for keytabsLukas Slebodnik2015-09-181-3/+4
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2694 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* tests: Use unique name for TEST_PATHLukas Slebodnik2015-09-1814-14/+14
| | | | | | | | | | | | | | We had a cases in patch where two tests were using the same TEST_PATH and therefore they were stepping each other to the same files which caused failures. These failures are not easy to reproduce. This patch uses macro BASE_FILE_STEM for unique name. It should prevent copy&paste problem resulting to intermittent failures. @see also https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* dyndns-tests: Simulate job in wrapped execvLukas Slebodnik2015-09-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function be_nsupdate_send fork a child for execution of the utility nsupdate. The child process builds nsupdate args in the function be_nsupdate_args and then execute the utility. Meanwhile the parent process register handlers for child and timeout for canceling the long lasting child. nsupdate_child_send -> child_handler_setup You can see in following log file that the wrapped version of execv function might be very fast and therefore parent can register handlers after finishing child. This is a reason why there is a child timeout. (10:18:48:556001 2015) [sssd] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG (10:18:48:556126 2015) [sssd] [__wrap_execv] (0x0200): nsupdate success test case (10:18:48:556200 2015) [sssd] [__wrap_execv] (0x1000): Child exiting with status 0 (10:18:48:557218 2015) [sssd] [child_handler_setup] (0x2000): Setting up signal handler up for pid [3957] (10:18:48:560987 2015) [sssd] [child_handler_setup] (0x2000): Signal handler set up for pid [3957] (10:18:50:608520 2015) [sssd] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update (10:18:50:681525 2015) [sssd] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158233]: Dynamic DNS update timed out (10:18:50:687031 2015) [sssd] [dyndns_test_ok] (0x1000): Child request returned [1432158233]: Unknown error 1432158233 The patch simulate a work in wrapped function with small delay. It should be enough time for the parent process to registering a child. Based on patch from Jurica Stanojkovic <jurica.stanojkovic@rt-rk.com> Thank you. Resolves: https://fedorahosted.org/sssd/ticket/2283 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: Don't ignore backslash in usernames with ldap providerLukas Slebodnik2015-09-011-2/+2
| | | | | | | | | | The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Removing part of responder_cache_req-testsPetr Cech2015-08-311-211/+0
| | | | | | | | | | | | | | | | | | | | If you call cache_req_[user|group]_by_filter_send() it than later calls updated_[users|groups]_by_filter(), which adds filter that is called "recent". This filter causes that only [users|groups] added after the request started are returned. This patch removes tests which use cache_req_[user|group]_by_filter_send(), because the logic of those tests is corrupted. The tests create [users|groups] and after it, they call cache_req_[user|group]_by_filter_send(). So it is obvious that it is not in the right manner. Possible fix is rewrite the tests to create the entries in the callback. Works around: https://fedorahosted.org/sssd/ticket/2730 Reviewed-by: Michal Židek <mzidek@redhat.com>
* TESTS: fix fail in test_id_cleanup_exp_groupPavel Reichl2015-08-311-1/+1
| | | | | | | | | Test was named same as the folder containing its data. Resolves: https://fedorahosted.org/sssd/ticket/2768 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: ldap_id_cleanup timeoutsMichal Židek2015-08-311-4/+7
| | | | | | | | | The one second timeout interval was sometimes too short when the tests where running under Valgrind in the CI and the entries expired too soon. Reviewed-by: Petr Cech <pcech@redhat.com>
* LDAP: sanitize group name when used in filterPavel Reichl2015-08-171-0/+313
| | | | | | | | | | | cleanup_groups() uses DN of group in filter for ldbsearch. But the name might contain characters with special meaning for filtering like - "*()\/" Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* TESTS: UT for sss_iface_addr_list_as_str_list()Pavel Reichl2015-08-141-0/+42
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Always re-fetch the keytab from the IPA serverJakub Hrozek2015-08-141-9/+157
| | | | | | | | | | Even if a keytab for one-way trust exists, re-fetch the keytab again and try to use it. Fall back to the previous one if it exists. This is in order to allow the admin to re-establish the trust keytabs with a simple sssd restart. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Provide a common interface to safely create temporary filesJakub Hrozek2015-08-141-0/+175
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: rename SDAP_CACHE_PURGE_TIMEOUTPavel Reichl2015-07-311-7/+7
| | | | | | | | | Enum member SDAP_CACHE_PURGE_TIMEOUT has counter-intuitive name as it's used to access 'ldap_purge_cache_timeout' option. SDAP_CACHE_PURGE_TIMEOUT is more fitting name. Reviewed-by: Petr Cech <pcech@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-07-311-0/+62
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: add certificate support to PAM (pre-)auth requestsSumit Bose2015-07-313-2/+507
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* authok: add support for Smart Card related authtokensSumit Bose2015-07-311-0/+75
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* utils: add NSS version of cert utilsSumit Bose2015-07-311-0/+4
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: fix compiler warningsPavel Reichl2015-07-281-2/+0
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SYSDB: prepare for LOCAL viewPavel Březina2015-07-271-0/+66
| | | | | | | | | | | | Objects doesn't have to have overrideDN specified when using LOCAL view. Since the view is not stored on the server we do not want to contact LDAP therefore we special case LOCAL view saying that it is OK that this attribute is missing. Preparation for: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* VIEWS TEST: add null-checkPavel Březina2015-07-271-0/+6
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* negcache: allow domain name for UID and GIDSumit Bose2015-07-273-25/+27
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2731 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: support for dualstackPavel Reichl2015-07-241-0/+178
| | | | | | | | | | | | When dyndns_iface option was not used, address of connection to LDAP was used. This patch proposes following change: * Interface containing address of connection is found. * All A and AAAA addresses of this interface are collected. * Collected addresses are sent during DDNS update. * Function sss_iface_addr_add() is removed. Resolves: https://fedorahosted.org/sssd/ticket/2558
* TESTS: dyndns tests support AAAA addressesPavel Reichl2015-07-241-13/+38
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2558
* DYNDNS: sss_iface_addr_list_get return ENOENTPavel Reichl2015-07-241-0/+20
| | | | | | | If none of eligible interfaces matches ifname then ENOENT is returned. Resolves: https://fedorahosted.org/sssd/ticket/2549
* nss_check_name_of_well_known_sid() improve name splittingSumit Bose2015-07-161-39/+53
| | | | | | | | | | | | | | | Currently in the default configuration nss_check_name_of_well_known_sid() can only split fully-qualified names in the user@domain.name style. DOM\user style names will cause an error and terminate the whole request. With this patch both styles can be handled by default, additionally if the name could not be split nss_check_name_of_well_known_sid() returns ENOENT which can be handled more gracefully by the caller. Resolves https://fedorahosted.org/sssd/ticket/2717 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* cache_req: Extend cache_req with wildcard lookupsJakub Hrozek2015-07-151-1/+413
| | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2553 Adds two new functions to the cache_req API: - cache_req_user_by_filter_send - cache_req_group_by_filter_send These functions can be used to retrieve users or groups that match a specified filter. Also renames a variable to avoid constant confusion -- the variable is only used for debug output. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SYSDB: Add functions to look up multiple entries including name and custom ↵Jakub Hrozek2015-07-151-0/+494
| | | | | | | | | | | | | | | | | | | filter Related: https://fedorahosted.org/sssd/ticket/2553 Adds new sysdb function: - sysdb_enumpwent_filter - sysdb_enumpwent_filter_with_views - sysdb_enumgrent_filter - sysdb_enumgrent_filter_with_views These are similar to enumeration functions, but optionally allow to specify a filter to be applied on user/group names. Also an additional custom filter can be applied. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* tests: Move N_ELEMENTS definition to tests/common.hJakub Hrozek2015-07-152-6/+0
| | | | | | Avoids code duplication Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test common: sss_dp_get_account_recv() fix assignmentSumit Bose2015-07-141-1/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Minor code improvementsPavel Reichl2015-07-061-1/+0
| | | | | | | | pam_helpers.h had to be included after util.h. Removed exara empty line. Fixed code alignment Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* KRB5: Add and use krb5_auth_queue_send to queue requests by defaultJakub Hrozek2015-07-061-0/+365
| | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2701 Previously, only the krb5 provides used to queue requests, which resulted in concurrent authentication requests stepping on one another. This patch queues requests by default. Reviewed-by: Sumit Bose <sbose@redhat.com>
* tests: Reduce duplication with new function test_ev_doneJakub Hrozek2015-07-063-15/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* test_ipa_subdomains_server: Fix build with --coverageLukas Slebodnik2015-07-021-0/+6
| | | | | | | | | | | It seems that gcc did some optimization and used execve instead of execle when the code was instrumented for coverage analysis. So the exec* function was not wrapped and it tried to call real binary ipa-getkeytab Reviewed-by: Michal Židek <mzidek@redhat.com>
* test_ipa_subdom_server: Add missing assertLukas Slebodnik2015-06-221-0/+1
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* utils: add get_last_x_chars()Sumit Bose2015-06-193-0/+30
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ncache: add calls for certificate based searchesSumit Bose2015-06-191-0/+42
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-191-0/+361
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ipa_subdomains_server: Run clean-up after successLukas Slebodnik2015-06-161-0/+7
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* IPA: Utility function for setting up one-way trust contextJakub Hrozek2015-06-141-5/+24
| | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Reviewed-by: Sumit Bose <sbose@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-04 21:31:39 +0000