| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2358
Signed-off-by: Jan Cholasta <jcholast@redhat.com>
Reviewed-by: Jan Cholasta <jcholast@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch amends previous patch 5153e8b9793dea1e212ca08af0f77ea1d023cbb7.
Macro SSS_LDB_SEARCH is used instead of using fuction sss_ldb_search as
a wrapper around ldb_search which could lead to premature expansion of
variadic parameters.
Part of solution for:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
This patch adds everything what is needed to build the MIT Kerberos
localauth plugin if the used version of MIT Kerberos supports it. It
does not implement the plugin.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds some additional checks if the option for replacing
spaces in user and group names is used.
When replacing space with the replacement character it is checked if the
name already contains the replacement character. If it does the
unmodified name is returned because in this case a revers operation
would not be possible.
For the reverse operation is it checked if the input contains both a
space and the replacement character. If this is true the unmodified name
is returned as well, because we have to assume that it is the original
name because otherwise it wouldn't contain both characters.
Additionally a shortcut if the replacement characters is a space and
tests for the new checks are added. The man page is updated accordingly.
Related to https://fedorahosted.org/sssd/ticket/1854 and
https://fedorahosted.org/sssd/ticket/2397 .
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Function check_allowed_uids was not called at all.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
| |
It is almost the same as for strtouint32
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2405
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Memory leaks will not be detected if talloc context is NULL.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Real functions use own allocation strategy. We use talloc in wrapped functions.
But wrapped functions should not use global_talloc_context,
leak_check_teardown will report false positive memory leaks.
leak_check_teardown()
./src/tests/cmocka/test_dyndns.c:378: error: Failure!
[ FAILED ] dyndns_test_ok_dyndns_test_teardown
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
global_talloc_context should not be NULL in tests. It should be initialised
with function leak_check_setup otherwise memory leak will not be detected.
check_leaks_pop should not be directly called for global_talloc_context.
It is a purpose of function leak_check_teardown
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
man inet_ntop says:
The caller specifies the number of bytes available in this buffer
in the argument size.
AF_INET
src points to a struct in_addr (in network byte order) which is
converted to an IPv4 network address in the dotted-decimal
format, "ddd.ddd.ddd.ddd". The buffer dst must be at least
INET_ADDRSTRLEN bytes long.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and groups
identified by their SID to POSIX users and groups identified by their
POSIX UIDs and GIDs respectively.
The API is not fully implemented because SSSD does not support some AD
features like WINS or NTLM. Additionally this implementation has its
focus on the file-server use case and hence does not implement some
features which might be needed for a domain controller use case.
Some API calls are generic and independent of the backend like e.g.
converting binary SIDs and GUIDs into a string representation and back
or memory allocation and deallocation. These parts are taken from the
original Samba sources together with copyright and authors. Files
with'_sssd' as part of the name contain the SSSD related calls.
Resolves: https://fedorahosted.org/sssd/ticket/1588
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2397
In order to make the override_space option usable by other responders,
we need to move the override_space option to the generic responder
structure.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2397
- make sss_replace_whitespaces only replace space (' ') not any
whitespace
- make sss_replace_whitespaces only replace a single char, not the whole
string
- rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to
CONFDB_NSS_OVERRIDE_DEFAULT_SPACE
- rename the override_default_whitespace option to override_space
- rename sss_replace_whitespaces() to sss_replace_space()
- rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space()
- rename nctx->override_default_wsp_str to nctx->override_space
- make the return value of sss_replace_space non-const to avoid freeing
the result without compilation warnings
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The function was named "find_subdomain" yet it could find both main
domain and subdomain.
sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"`
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The function was named "find_subdomain" yet it could find both main
domain and subdomain.
sed 's/find_subdomain_by_sid/find_domain_by_sid/' -i `find . -name "*.[ch]"`
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two cases that may happen when a user calls Get or GetAll:
1) the attribute is missing
2) the attribute is empty
sss_sifp has two error code to distinguish between those two cases:
1) SSS_SIFP_ATTR_MISSING
2) SSS_SIFP_ATTR_NULL
Usually the caller is not interested on situations when the attribute
is empty and it can be considered as error. Having it as a separate
error code instead of setting the output value to NULL is necesarry
since attribute does not have to be a pointer.
This patch however sets pointer type attributes to NULL since it may
simplify the code path when the caller is actually interested in
this information (e. g. empty server list on domain objects).
It is not possible to send a NULL string over a D-Bus nor it is
possible to have hash table NULL with current code so these two
scenarios are not tested. However, it is handled in sss_sifp_attr
code for completeness.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2357
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2348
Programs that are supposed to only be executed on the foreground should
log to stderr automatically.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function sss_base64_decode does not return NUL terminated string
and it causes valgrind warning in test "Invalid read of size 1"
==30954== Invalid read of size 1
==30954== at 0x4A09FB8: strcmp (mc_replace_strmem.c:730)
==30954== by 0x4C2AAFA: _assert_string_equal (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x407DBA: test_parse_with_map (test_sdap.c:285)
==30954== by 0x4C2C817: _run_test (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x4C2CCF8: _run_tests (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x408A6F: main (test_sdap.c:583)
==30954== Address 0x6a8db34 is 0 bytes after a block of size 100 alloc'd
==30954== at 0x4A0645D: malloc (vg_replace_malloc.c:291)
==30954== by 0x35C8204980: _talloc_memdup (talloc.c:613)
==30954== by 0x5080A4B: sss_base64_decode (nss_base64.c:86)
==30954== by 0x407DA0: test_parse_with_map (test_sdap.c:282)
==30954== by 0x4C2C817: _run_test (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x4C2CCF8: _run_tests (in /usr/lib64/libcmocka.so.0.2.1)
==30954== by 0x408A6F: main (test_sdap.c:583)
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
|
|
|
| |
No caller directly accessed this parameter. Moreover, it seemed useless
since the same data is available as SYSDB_ORIGINAL_DN in the attributes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The same LDAP attribute might be used several times for the same user or
group attribute. For instance, some servers have a global "ID" number
that should be used for both UID and GID. However, our
sdap_parse_entry() function only copied the LDAP attribute to the first
matching sysdb attribute.
This patch adds a second nested loop that checks if any of the other
LDAP attributes are eligible.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Covers the sdap_parse_entry function with unit tests so that we know
that modifying the function in a later patch will not result in a
regression.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While parsing string with multiple whitespaces, it may happen variable i is
zero and we want to test end of argument "tmp[i-1] != '\0'". Side effect of
this bug is duplicite string output array.
Input string: "foo b"
Expected output: { "foo", "a", NULL }
Output: { "foo", "foo", "a", NULL }
This patch uses inverted logic. Instead of testing whether to read next char or
skip multiple whitespaces, we will test whether we have new argument which
should be stored in output array.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The nested group test was checking returned elements in a particular
order. That's not reliable because the returned values are fetched from
a hash iterator that doesn't guarantee the same order on different
systems.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds unit test for basic group retrieval functionality as well as for
testing duplicate members in the LDAP group entry.
These unit tests exercise code added in patch
a47cb2e08e4004179d2a6b5f9a9340200270fbd0
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
For the purpose of unit tests, it's better to create a user object with
a UID and a name.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
contexts
While it's beneficial for the real implementation of
sdap_get_generic_recv() to move memory around, the mocked implementation
can just pass around pointer.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
After fixing the confdb initialization I realized the group DN couldn't
be parsed. This patch fixes that.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
The nested group test only worked by accident. Its confdb settings were
not applied because a wrong confdb path was used.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creation of the path to the domain's confdb entry was duplicated in the
tests. Rather than adding yet another duplication, I added the path as
another field of the sss_test_ctx structure.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The memory context was not freed and therefore a destructor that
closes connection to D-Bus and performs cleanup task was not executed.
Resolves:
https://fedorahosted.org/sssd/ticket/2347
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2356
The python scripts are not tested with python3 and /usr/bin/python can be
symbolic link to python3 on some distributions.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Variable with type 'const char *' can be used as output argument in function
sss_parse_name, but there will be warning.
warning: passing 'const char **' to parameter of type 'char **'
discards qualifiers in nested pointer types
[-Wincompatible-pointer-types-discards-qualifiers]
|
| |
|
|
|
|
|
| |
We used "char c = fgetc()" where we should have used "int c = fgetc()"
This bug caused errors on big-endian architectures.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
