summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* SDAP: pass params in sdap_get_and_parse_generic_sendPavel Reichl2015-10-221-2/+6
| | | | | | | | Previously some arguments passed to sdap_get_and_parse_generic_send() were ignored. This patch fixes that and passes 'attronly', 'serverctrls' and 'clientctrls' to sdap_get_generic_ext_send(). Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: change type of attrsonly in sdap_get_generic_ext_statePavel Reichl2015-10-221-9/+10
| | | | | | | | | | | | | | 'attrsonly' parameter is directly passed to ldap_search_ext() and is describe as: The attrsonly parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. Boolean type should be fine for the 'attrsonly' parameter especially since the actual parameter was already set to false in function calls. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: allow_paging in sdap_get_generic_ext_send()Pavel Reichl2015-10-221-18/+25
| | | | | | | Make allow_paging parameter a part of the flag parameter in sdap_get_generic_ext_send(). Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: optional warning - sizelimit exceeded in POSIX checkPavel Reichl2015-10-221-9/+22
| | | | | | | | | | Add new parameter 'flags' to sdap_get_generic_ext_send_ext() which can be set to suppress warning about 'sizelimit exceeded'. Resolves: https://fedorahosted.org/sssd/ticket/2804 Reviewed-by: Sumit Bose <sbose@redhat.com>
* sss_override: Remove unused parameter tool_ctxPavel Reichl2015-10-211-6/+4
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* PAM: remove unused parameter cdbPavel Reichl2015-10-201-6/+3
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SSSDConfigTest: Test real config without config_file_versionLukas Slebodnik2015-10-192-0/+107
| | | | | | | | | src/config/testconfigs/sssd-valid.conf explicitly contains config_file_version. Recently we changed the default value to 2 and therefore it needn't be listed in configuration file. This patch test real sssd.conf without config_file_version. Reviewed-by: Michal Židek <mzidek@redhat.com>
* SSSDConfigTest: Try load saved configLukas Slebodnik2015-10-191-1/+11
| | | | | | | | | | Python module SSSDConfig should be able to save configuration file and later load the same configuration file without problem. Unit test for: https://fedorahosted.org/sssd/ticket/2837 Reviewed-by: Michal Židek <mzidek@redhat.com>
* SSSDConfig: Do not raise exception if config_file_version is missingMichal Židek2015-10-192-9/+4
| | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2837 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: Restrictive permissions in check_and_openPetr Cech2015-10-141-1/+1
| | | | | | | | | | | Check and open tests try to write into and read from created files. There is no reason to have executable permission, so this patch replaces SSS_DFL_X_UMASK with DFL_UMASK permissions. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: More restrictive permissions in debug_testsPetr Cech2015-10-141-2/+2
| | | | | | | | | | | Debug tests try to write into and read from crreated files. There is no reason to have executable permission, so this patch replaces SSS_DFl_X_UMASK with SSS_DFL_UMASK permissions. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL-TESTS: More restrictive permissionsPetr Cech2015-10-141-1/+1
| | | | | | | | | | | This test suite tries to write into and to read from temp. files. There is no reason to have executable permission. So this patch replaces SSS_DFL_X_UMASK with SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTILS: More restrictive permissions in domain_infoPetr Cech2015-10-141-2/+2
| | | | | | | | | | | | There are two occurances of creating temp. file under SSS_DFL_X_UMASK permissions which enable possibility to grant executable permission. After writting to those temp. files, they are renamed and they get 0644 permissions. So SSS_DFL_UMASK is good enough fot this case. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* P11_CHILD_NSS: More restrictive permissionsPetr Cech2015-10-141-1/+5
| | | | | | | | | | | p11_child_nss runs as root and we must be carefull about security. This patch adds more restrictive permissions on it. There is no reason for 0077, so we use 0177 umask. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: SCKT_RSP_UMASK constant in responder codePetr Cech2015-10-143-2/+6
| | | | | | | | | | This patch adds new SCKT_RSP_UMASK constant which stands for 0111. And it replaces all occurances in responder code. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK)Petr Cech2015-10-147-8/+11
| | | | | | | | | | | There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: DFL_RSP_UMASK constant in responder codePetr Cech2015-10-143-3/+5
| | | | | | | | | | There is DFL_RSP_UMASK constant for very secure umask in responder code. This patch replaces occurances of value 0177 with this constant. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK)Petr Cech2015-10-144-5/+7
| | | | | | | | | | | | There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sudo: send original name and id with local views if possiblePavel Březina2015-10-141-5/+13
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sudo: search with view even if user is foundPavel Březina2015-10-141-1/+4
| | | | | | | | | If an overriden name is provided and the user is already cache we fail to refresh it since we won't search with VIEW flag. This patch fix it. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: send original name and id with local views if possiblePavel Březina2015-10-141-3/+128
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: remove unused param. in sdap_fallback_local_userPavel Reichl2015-10-124-8/+4
| | | | | | Remove unused sdap_options parameter. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* autofs: remove unused params in del_autofs_entriesPavel Reichl2015-10-121-4/+1
| | | | | | Remove unused sdap_options and map parameters. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2015-10-123-5/+3
| | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Do not use non-existent pre-incrementNikolai Kondrashov2015-10-111-2/+4
| | | | | | | | | | Do not try to use the pre-increment operator which doesn't exist in Python (and is in fact two "identity" operators - opposites of "negation" operators). Use addition and assignment instead. This fixes infinite loops on failed slapd starting and stopping. Reviewed-by: Michal Židek <mzidek@redhat.com>
* LDAP: Inform about small range sizeStephen Gallagher2015-10-091-0/+7
| | | | | | | | | | When a returned RID has a higher value than the ldap_idmap_range_size, it means that the administrator did not plan appropriately for the size of their network. We need to alert the admin at a severe notification level that their configuration will fail on entries with a high RID and point them at the explanation in the manual. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Fix RFC2307bis group member creationNikolai Kondrashov2015-10-091-14/+7
| | | | | | | Fix creation of mixed user/group "member" attribute for RFC2307bis group entries in ldap_ent.py. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Reduce sssd.conf duplication in test_ldap.pyNikolai Kondrashov2015-10-091-95/+45
| | | | | | | Use a function to generate basic sssd.conf in test_ldap.py to reduce code duplication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Split LDAP test fixtures for flexibilityNikolai Kondrashov2015-10-091-30/+83
| | | | | | | Split ldap_test.py fixtures into several functions to allow for partial fixtures and direct use within tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Add support for specifying all user attrsNikolai Kondrashov2015-10-091-12/+39
| | | | | | | Support passing all user attributes to ldap_ent.py's user-creation functions, in integration tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Get base DN from LDAP connection objectNikolai Kondrashov2015-10-092-5/+5
| | | | | | | | Don't use the global LDAP_BASE_DN in integration tests and fixtures, but instead take it from the LDAP connection object (ldap_conn) passed to them explicitly. This makes the tests and fixtures a bit more modular. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Fix compilation warningJakub Hrozek2015-10-091-8/+8
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: steal msgs string to objsPavel Březina2015-10-081-0/+9
| | | | | | | | | | Since msgs is attached to tmp_ctx then all the strings are freed with tmp_ctx. Now steal the strings to objs. Resolves: https://fedorahosted.org/sssd/ticket/2826 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: explicitly set ret = EOKPavel Březina2015-10-081-0/+2
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: fix comment describing formatPavel Březina2015-10-081-1/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* intg: fix typosPavel Březina2015-10-081-8/+8
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* HBAC: remove misleading comment about deny rulesPavel Reichl2015-10-081-4/+0
| | | | | | | | | HBAC deny rules are no longer supported. This comment should have been removed as part of 'Remove HBAC DENY rules from SSSD' https://fedorahosted.org/sssd/ticket/912 Reviewed-by: Michal Židek <mzidek@redhat.com>
* intg: fix assert messages in test_memory_cachePavel Reichl2015-10-081-10/+10
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* nss: fix UPN lookups for sub-domain usersSumit Bose2015-10-082-3/+11
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix upn cache_req for sub-domain usersSumit Bose2015-10-081-2/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix ldb_search usageSumit Bose2015-10-081-8/+1
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: remove raw_name and do not touch orig_namePavel Březina2015-10-081-23/+29
| | | | | | | Parsed name or UPN is now stored in input->name instead of touching orig_name and storing the original name in raw_name. Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req tests: reduce code duplicationPavel Březina2015-10-081-1230/+394
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: add support for UPNPavel Březina2015-10-089-42/+674
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: provide extra flag for oob requestPavel Březina2015-10-081-5/+6
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* man: Note filter_groups are not affecting nestingNikolai Kondrashov2015-10-071-0/+8
| | | | | | | Note that the "filter_groups" option doesn't affect nested member inheritance, on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man: Mention groups in filter_groups descriptionNikolai Kondrashov2015-10-071-5/+5
| | | | | | | | Mention groups (not only users) in the combined "filter_users"/"filter_groups" option description on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Consolidate connection list construction on ad_common.cJakub Hrozek2015-10-074-17/+71
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Provide common connection list construction functionsJakub Hrozek2015-10-075-34/+80
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2810 Provides a new AD common function ad_ldap_conn_list() that creates a list of AD connection to use along with properties to avoid mistakes when manually constructing these lists. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Make whitespace_test pass without whitespaceNikolai Kondrashov2015-10-071-1/+6
| | | | | | | | | | Make whitespace_test pass if no trailing whitespace was detected at all. Add two comments explaining how searching and failure handling works. Fixes: https://fedorahosted.org/sssd/ticket/2816 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-15 10:41:44 +0000