sssd.git/src/tests/cmocka, branch sudo Unnamed repository; edit this file 'description' to name the repository. IDMAP: add a unit test 2017-09-20T18:52:21+00:00 Sumit Bose sbose@redhat.com 2017-09-19T14:04:08+00:00 11a030ac6e064c50759b5397e1f4d0289f87f64a A unit test for the recent changes from 0526dde7f3d4089617c0f4a6a85f83e9d266c9f1 is added. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
A unit test for the recent changes from
0526dde7f3d4089617c0f4a6a85f83e9d266c9f1 is added.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
IPA: fix handling of certmap_ctx 2017-09-14T14:57:09+00:00 Sumit Bose sbose@redhat.com 2017-09-06T14:42:20+00:00 f2e70ec742cd7aab82b74d7e4b424ba3258da7aa This patch fixes a use-after-free in the AD provider part and initializes the certmap_ctx with data from the cache at startup. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch fixes a use-after-free in the AD provider part and
initializes the certmap_ctx with data from the cache at startup.

Related to https://pagure.io/SSSD/sssd/issue/3508

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
certmap: make sure eku_oid_list is always allocated 2017-09-14T14:57:04+00:00 Sumit Bose sbose@redhat.com 2017-09-06T10:20:25+00:00 f5a8cd60c6f377af1954b58f007d16cf3f6dc846 If there are only OIDs in a <EKU> part of a matching rule a NULL pointer dereference might occur. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
If there are only OIDs in a <EKU> part of a matching rule a NULL pointer
dereference might occur.

Related to https://pagure.io/SSSD/sssd/issue/3508

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SUDO: Use initgr_with_views when looking up a sudo user 2017-09-08T15:02:49+00:00 Jakub Hrozek jhrozek@redhat.com 2017-08-22T20:32:19+00:00 dee665060ba71ff61ad223e755ae61441118fbba The sudo responder code didn't take views into account when looking for rules, which resulted in sudo rules being ignored if the user's name was overriden. Please see the ticket for a detailed info on how to reproduce the bug. Resolves: https://pagure.io/SSSD/sssd/issue/3488 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
The sudo responder code didn't take views into account when looking for
rules, which resulted in sudo rules being ignored if the user's name was
overriden.

Please see the ticket for a detailed info on how to reproduce the bug.

Resolves:
https://pagure.io/SSSD/sssd/issue/3488

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
TESTS: Use NULL for pointer, not 0 2017-09-08T15:02:45+00:00 Jakub Hrozek jhrozek@redhat.com 2017-09-07T09:01:21+00:00 280f69cf2ef63b47e2c7d4b745de36970a79a518 Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
certmap: add OpenSSL implementation 2017-09-05T13:04:00+00:00 Sumit Bose sbose@redhat.com 2017-02-14T21:47:08+00:00 a20fb9cbd5f42a6ca895aea1b84347fdfea34b89 The OpenSSL 1.1 API is used but there is a short macro block which should added the needed compatibility if and older OpenSSL version is used. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
The OpenSSL 1.1 API is used but there is a short macro block which
should added the needed compatibility if and older OpenSSL version is
used.

Related to https://pagure.io/SSSD/sssd/issue/3050

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
tests: add unit tests for krb5 localauth plugin 2017-08-28T19:50:42+00:00 Sumit Bose sbose@redhat.com 2017-08-23T15:11:03+00:00 b4e45531b3e98efce868d8a01ebd2dbe54348217 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
TEST_NEGCACHE: Ensure root's uid and gid are always added to ncache 2017-08-28T18:55:29+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-16T08:51:47+00:00 b4b3d0642120ca05f63959fe2f317a6b93031929 In order to do so two new functions have been introduced and test_sss_ncache_prepopulate() has been modified in order to ensure that root's uid and gid are always added to the negative cache. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
In order to do so two new functions have been introduced and
test_sss_ncache_prepopulate() has been modified in order to ensure that
root's uid and gid are always added to the negative cache.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
TEST_NEGCACHE: Test that "root" is always added to ncache 2017-08-28T18:54:55+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-16T08:45:19+00:00 e54764d62bfcc48770d9b2578132979aa58636e5 Simply modify test_sss_ncache_prepopulate() in order to ensure that "root" user and group are always added to the negative cache, no matter whether they're set as part of the filter_users or filter_groups options. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Simply modify test_sss_ncache_prepopulate() in order to ensure that
"root" user and group are always added to the negative cache, no matter
whether they're set as part of the filter_users or filter_groups
options.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
UTIL: Set udp_preference_limit=0 in krb5 snippet 2017-08-14T13:26:29+00:00 Petr Čech pcech@redhat.com 2017-03-28T12:35:22+00:00 6bd6571dfe97fb9c6ce9040c3fcfb4965f95eda1 We add udp_preference_limit = 0 to krb5 snippet if ad provider is used. This option enable TCP connection before UDP, when sending a message to the KDC. Resolves: https://pagure.io/SSSD/sssd/issue/3254 Signed-off-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
We add udp_preference_limit = 0 to krb5 snippet if ad provider is
used. This option enable TCP connection before UDP, when sending
a message to the KDC.

Resolves:
https://pagure.io/SSSD/sssd/issue/3254

Signed-off-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>