| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Since they have much in common, I am moving them under UserOps
static class. This allows for better flexibility and readability.
|
| |
|
|
|
|
|
|
|
|
| |
This is an attempt to include profile (un)registration within the
(un)register-PROVIDER make target. This commit extends the cim_registration
macro by an extra argument of the profile file or list of profile files.
To preserve API of the CMake modules this extra argument is an variable arg
in fact and does not need to be specified. Pass a list variable to specify
multiple profile files.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the Simple Identity Management Profile (DSP1034)
document the LMI_Account.UserPassword property should not contain
the password itself, no matter how encrypted it is. It should either
contain an array of zero elements when password has been set or
NULL when password is missing or not configured.
Another change this commit brings is a more precise behaviour
of LMI_Account.ModifyInstance() method. When the UserPassword
property is array of zero elements, no change regarding password
is made. This case was previously treated as a request for password
removal. The DSP1034 profile doesn't specify such scenario, let's
treat it the same way as the GetInstance() operation.
|
| |
|
|
|
|
| |
Return proper error when required properties are not set.
https://fedorahosted.org/openlmi/ticket/270
|
| |
|
|
|
|
| |
Really dislike these messages:
cp: cannot remove ‘/etc/passwd’: Permission denied
|
| |
|
|
| |
Counter is not present in python <= 2.6, so replace it with defaultdict.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When writing new test, I find myself constantly computing the
size from desired strength and prefix length, whereas I mostly
don't care about the final size at all (plus, one can usually
see that from surrounding code).
Providing strength simplifies use and the function code.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Make naming consistent. Gather common functionality into one library and
try to use it across all providers.
Introduce libtool-style versioning for libraries.
|
| |
|
|
|
|
| |
Each test creates an instance it LMI_Account, then intentionally
cripples one of system files related to users/groups, and performs
a simple sanity test that checks if instance properties are readable.
|
| |
|
|
| |
Fix nonsense if statement in indication_common.c.
|
| |
|
|
|
|
|
|
| |
Based on bug 1061153, these tests attempt to create, modify or delete
users from a number of threads.
Clean up is done by reverting backup of /etc/passwd, /etc/groups,
/etc/shadow and /etc/gshadow.
|
| |
|
|
|
|
|
|
|
| |
This patch solves:
* Avoid race conditions with shadow-utils.
* Avoid race condition with libuser: uid/gid "sharing" amoung users/groups.
* Fix deadlock in lock.c code.
This patch introduces giant lock which is held for all write operations.
|
| | |
|
| |
|
|
| |
Updated copyright years to include new year 2014.
|
| |
|
|
| |
This patch removes trailing spaces from source files.
|
| |
|
|
|
|
|
|
|
| |
Glibc provides convenient lock functions to protect passwd and shadow files.
This commit makes use of them for any write operation.
Read access is still unprotected for the time being for performance reasons.
https://fedorahosted.org/openlmi/ticket/205
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tests expect that exceptions won't be thrown out of LMIShell's
functions. Others prefers them and enable them globally. This causes
problems when running under nosetests all provider tests at once.
Tests that modified enablement of exception throws globally caused
others to fail.
This patch makes sure that each TestCase has defined use of exceptions.
Default state is to have them disabled. If a TestCase prefers having
them enabled, just one variable needs to be overriden in its body:
class AccountBase(lmibase.LmiTestCase):
USE_EXCEPTIONS = True
|
| | |
|
| |
|
|
| |
Unused variable, unused assignment.
|
| |
|
|
|
|
|
|
|
| |
Found by clang analysis:
Error: PW.BRANCH_PAST_INITIALIZATION:
openlmi-providers-0.4.1_75_gf47c906/src/account/LMI_AccountProvider.c:324: branch_past_initialization: transfer of control bypasses initialization of:
openlmi-providers-0.4.1_75_gf47c906/src/account/LMI_AccountProvider.c:324: caretline: ^
openlmi-providers-0.4.1_75_gf47c906/src/account/LMI_AccountProvider.c:324: name_at_decl_position: variable "groups" (declared at line 328)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In certain cases password may be stored in /etc/passwd directly and we
need to tell libuser where to pull the password from. This patch
automatically falls back to /etc/passwd if there's no password found
in /etc/shadow. In case password retrieval fails in both cases, the
UserPassword and UserPasswordEncoding LMI_Account properties are left
unset.
Based on a patch by Klaus Kämpf <kkaempf@suse.de>
https://bugzilla.redhat.com/show_bug.cgi?id=1031334
|
| |
|
|
|
| |
...to prevent race of the watcher thread still using data that has been
freed just a moment ago.
|
| |
|
|
| |
GValue memory management is tricky...
|
| |
|
|
|
|
|
|
|
|
|
| |
The filter checker code was kinda duplicate across providers and no special
plans have been made for it. This change makes passing a filter checker callback
during indication manager creation no longer mandatory and default filter
checker will be used when NULL. However, the list of acceptable classes need
to be registered before first use.
This change also brings greater flexibility of the filter query which may now
consist of multiple limit conditions.
|
| |
|
|
| |
Don't create very long strings (although it's a nice stress to CIMOM).
|
| |
|
|
|
|
|
|
|
|
| |
It was impossible to remove user when its home directory was unable
to delete, e.g. either pointing to a bad location or inaccessible as
in not being mounted, etc. Even the "force" argument didn't help.
For this reason, any failure on homedir deletion is now ignored and
a warning is noted in the log. The particular error return code is
unused now but kept in the MOF file for compatibility, adding a note.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes the way the inotify watching is done. Instead of
watching files directly, we watch the directory they reside in and just
filter out changes in files we don't want to watch. This brings a benefit
of reliable notification through file deletions and other inode number
changing changes. It's also less racy as we had to recreate watches on
IN_IGNORED events with possibility of missing some events. File deletions
or atomic replaces were always problematic.
There are some lingering issues however. The most severe is a problem of
shadow files and libuser calls. At the time the event is processed further
in the gather() method, shadow files may not been updated yet. This causes
libuser to miss some information required for proper CIM object instance
construction, potentially propagating half-baked data to the user. This
could be solved by implementing a settle timeout, possibly compressing
more fast-coming events into one. For the moment a simple artificial
sleep has been put before returning from the watcher in good hope shadow
files are updated properly.
Then there's a current problem of throwing out the rest of the read buffer,
losing notifications of other files if watched. This is by current design
of the watcher callback and could be fixed by implementing proper event
queue.
|
| |
|
|
|
|
|
| |
CMake doesn't like spaces around version requirements in pkg-config checks.
Unfortunately also maintains configure cache and doesn't pick the changes in
CMakeLists.txt up automatically so my typo went unspotted during testing.
Damn.
|
| |
|
|
|
| |
The commit aac4d3a0d1dc brought new symbols in the code without bumping
libuser version req.
|
| | |
|
| |
|
|
|
| |
Potential double free or freeing of uninitialized memory. Fixes some
asserts thrown from libuser.
|
| |
|
|
|
|
|
|
|
|
| |
This is an attempt to get rid of most probable race conditions by creating
inotify watches outside the watcher thread and making them persistent for
the whole time the indication subscription is active. There's a certain
amount of time when watching if off due to gather part of the indication
manager. Leaving a watch fd open with active watches allows us to queue
events that we process next time the watcher is called (once gather part
is finished).
|
| |
|
|
|
| |
Base test classes have been renamed, this patch makes small provider
tests working again.
|
| |
|
|
| |
Whitespaces hunting.
|
| | |
|
| |
|
|
|
|
| |
1) Account: Use new atomic libuser api.
2) Account: Added author and license to lock.c and lock.h.
3) Account: Added group locking to LMI_AccountProvider.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
PG_ComputerSystem has different method how to get hostname than our
providers. In order to create the associations to this class we need to
enumerate it. The downside is that all providers must supply CMPIContext
to the lmi_init function.
New function lmi_get_computer_system returns CMPIObjectPath to the
configured CIM_ComputerSystem subclass instance. This object should be
used in all references with ComputerSystem.
Function lmi_get_system_name has been altered to return same value as
ComputerSystem "Name" property.
|
| |
|
|
| |
Done for: Account, Journald and LogicalFile
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
- Everything is in openlmi-providers/doc/admin directory.
- 'make doc' automatically builds documentation of all
enabled providers.
- Documentation shares one 'conf.py' for sphinx.
- All documentation uses the same directory structure.
There is only one CMakefile.txt to generate all the docs.
|
| | |
|
| |
|
|
|
|
|
| |
And get rid of sblim-cmpi-base dependency.
It would be nice if our tests have an option to select Linux_ComputerSystem
or PG_ComputerSystem in the future...
|
