| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
sh$ printf "ABC" | base64 -d
base64: invalid input
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In a server that is expanded from a SRV query was reset, only it's
'meta-server' status was set to neutral, but the server->common
structure still retained its not_working status.
This patch also resets the status of the common structure so that both
the SRV query and resolving the server are retried next time.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2773
Add way to set pam specific options in
pam_test_setup adn use it to set the
p11_child_timeout value to 30.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
nsupdate fails definitely if any of update request fails when GSSAPI is used.
As tmp solution nsupdate is executed for each update.
Resolves:
https://fedorahosted.org/sssd/ticket/2783
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
In case domain overlap, we might download multiple objects. To avoid
saving them all, we attempt to filter out the objects from foreign
domains.
We can only do this optimization for non-wildcard lookups.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
This handy function should be reused by other parts of the code.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with offline_timeout
https://fedorahosted.org/sssd/ticket/2637
Adds a new Data Provider function be_mark_dom_offline() that is a
replacement for be_mark_offline(). When called, the function would
either set the whole back end offline, just like be_mark_offline or just
set the subdomain status to inactive.
When a subdomain is inactive, there is a singleton timed task that would
re-set the subdomin after offline_timeout seconds.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required for:
https://fedorahosted.org/sssd/ticket/2637
This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.
Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This patch also improved cleanup. The functions
test_ad_create_2way_trust_options created keytab which was used by other
following tests test_ldap_conn_list, test_conn_list. The keytab was not
removed at the end of al tests.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2694
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The function test_dom_suite_setup is a simple function which creates
a directory which should be used for creating files. This function
needn't be linked with libsss_util.so as other functions in common_dom.c
This is a reason why it's better to move it to the file common.c
so linker can optimize out other unnecessary module objects from static
library libsss_test_common.a and test needn't be linked libsss_util.so.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had a cases in patch where two tests were using the same TEST_PATH
and therefore they were stepping each other to the same files
which caused failures. These failures are not easy to reproduce.
This patch uses macro BASE_FILE_STEM for unique name. It should prevent
copy&paste problem resulting to intermittent failures.
@see also
https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function be_nsupdate_send fork a child for execution of the utility
nsupdate.
The child process builds nsupdate args in the function
be_nsupdate_args and then execute the utility.
Meanwhile the parent process register handlers for child and timeout
for canceling the long lasting child.
nsupdate_child_send -> child_handler_setup
You can see in following log file that the wrapped version of execv
function might be very fast and therefore parent can register handlers
after finishing child. This is a reason why there is a child timeout.
(10:18:48:556001 2015) [sssd] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG
(10:18:48:556126 2015) [sssd] [__wrap_execv] (0x0200): nsupdate success test case
(10:18:48:556200 2015) [sssd] [__wrap_execv] (0x1000): Child exiting with status 0
(10:18:48:557218 2015) [sssd] [child_handler_setup] (0x2000): Setting up signal handler up for pid [3957]
(10:18:48:560987 2015) [sssd] [child_handler_setup] (0x2000): Signal handler set up for pid [3957]
(10:18:50:608520 2015) [sssd] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(10:18:50:681525 2015) [sssd] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158233]: Dynamic DNS update timed out
(10:18:50:687031 2015) [sssd] [dyndns_test_ok] (0x1000): Child request returned [1432158233]: Unknown error 1432158233
The patch simulate a work in wrapped function with small delay.
It should be enough time for the parent process to registering a child.
Based on patch from Jurica Stanojkovic <jurica.stanojkovic@rt-rk.com>
Thank you.
Resolves:
https://fedorahosted.org/sssd/ticket/2283
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, only one tab had configured all environment variables
and current working directory was set to source directory.
It's better to open shell in "chroot" directory for troubleshooting purposes.
This patch also open pre-defined tabs with useful
directories with sssd cache, sssd log files, "chroot" directory
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2676
Regression test for the above ticket.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2676
Added function to expire entry in sysdb using
its DN.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Default to config file version 2 if the version
is not specified explicitly.
Ticket:
https://fedorahosted.org/sssd/ticket/2688
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The regression was caused by changing default domain regex
for ldap provider in ticket #2717
Resolves:
https://fedorahosted.org/sssd/ticket/2772
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you call cache_req_[user|group]_by_filter_send() it than later calls
updated_[users|groups]_by_filter(), which adds filter that is called
"recent". This filter causes that only [users|groups] added after the
request started are returned.
This patch removes tests which use
cache_req_[user|group]_by_filter_send(), because the logic of those
tests is corrupted. The tests create [users|groups] and after it, they
call cache_req_[user|group]_by_filter_send(). So it is obvious that it
is not in the right manner.
Possible fix is rewrite the tests to create the entries in the callback.
Works around:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Test was named same as the folder containing its data.
Resolves:
https://fedorahosted.org/sssd/ticket/2768
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The one second timeout interval was sometimes
too short when the tests where running under
Valgrind in the CI and the entries expired
too soon.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
cleanup_groups() uses DN of group in filter for ldbsearch. But the name
might contain characters with special meaning for filtering
like - "*()\/"
Resolves:
https://fedorahosted.org/sssd/ticket/2744
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2495
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Even if a keytab for one-way trust exists, re-fetch the keytab again and
try to use it. Fall back to the previous one if it exists.
This is in order to allow the admin to re-establish the trust keytabs
with a simple sssd restart.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
W:438,17: Unused variable 'gids' (unused-variable)
W:438,10: Unused variable 'errno' (unused-variable)
E:618,31: Undefined variable 'user' (undefined-variable)
W:443,17: Unused variable 'gids' (unused-variable)
W:443,10: Unused variable 'errno' (unused-variable)
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
The 'as' syntax works from Python 2 on, and Python 3
dropped the "comma" syntax.
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Enum member SDAP_CACHE_PURGE_TIMEOUT has counter-intuitive name as it's used
to access 'ldap_purge_cache_timeout' option.
SDAP_CACHE_PURGE_TIMEOUT is more fitting name.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/2711
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Objects doesn't have to have overrideDN specified when using LOCAL view.
Since the view is not stored on the server we do not want to contact
LDAP therefore we special case LOCAL view saying that it is OK that
this attribute is missing.
Preparation for:
https://fedorahosted.org/sssd/ticket/2584
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|