| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
We know that all our tested utilities (sssctl, sss_cache, sss_override)
returns strings and not binary data. We can safely encode output to
string (unicode) in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Python module ctypes directly uses C functions from libraries.
C functions usually returns "char *" when string is expected.
But python3 uses unicode for string. Encoding returned bytes
("char *") to unicode strings simplify tests in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Python module ctypes directly uses C functions
and C functions expect "char *" as a string and not pointer
to wide characters "wchar *".
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Python3 version of ldap module require string for name of attribute
but bytes for value of attribute. It was not a problem in python2
due to unicode changes in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The python module subprocess expect bytes as an input.
Traceback (most recent call last):
File "src/tests/intg/test_ldap.py", line 51, in ds_inst
ds_inst.setup()
File "src/tests/intg/ds_openldap.py", line 201, in setup
self._setup_config()
File "src/tests/intg/ds_openldap.py", line 169, in _setup_config
slapadd.communicate(config)
File "/usr/lib64/python3.6/subprocess.py", line 821, in communicate
self._stdin_write(input)
File "/usr/lib64/python3.6/subprocess.py", line 776, in _stdin_write
self.stdin.write(input)
TypeError: a bytes-like object is required, not 'str'
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python3 expects bytes as an input for hash function.
We need to convert string to bytes before hashing
Traceback (most recent call last):
File "src/tests/intg/test_ldap.py", line 51, in ds_inst
ds_inst.setup()
File "src/tests/intg/ds_openldap.py", line 200, in setup
self._setup_config()
File "src/tests/intg/ds_openldap.py", line 76, in _setup_config
admin_pw_hash = hash_password(self.admin_pw)
File "src/tests/intg/ds_openldap.py", line 41, in hash_password
hash = hashlib.sha1(password)
TypeError: Unicode-objects must be encoded before hashing
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, Python items() built a real list of tuples and returned that.
That could potentially take a lot of extra memory. Python iteritems()
returned an iterator-generator. The original remains for backwards
compatibility.
One of Python 3’s changes is that items() now return iterators,
and a list is never fully built. The iteritems() method is also gone,
since items() in Python 3 works like viewitems() in Python2.
But we do not have a lot of values in dictionary; so it does not worth
to optimize returned list from "items()" on Python2
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 2 range() returns a list, and xrange() returns an object that
will only generate the items in the range when needed, saving memory.
In Python 3, the range() function is gone, and xrange() has been renamed
range().
We do not strictly require list or iterator in code therefore we can use
range which is in poth version. And we do not use big ranges there
so the memory overhead with list on python2 is not big.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
The three modules urllib, urllib2 and urlparse has been reorganized
into three new modules, urllib.request, urllib.parse and urllib.error.
And urllib.quote was moved into urllib.parse.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"print" is a function in python3. We can remove it because it is not
important.
Portable solution would be:
from __future__ import print_function
print (basedn)
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
GetUserAttr used to segfault without this patch.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Structure member attr_type was set to BE_ATTR_CORE on all places
and there was a single place src/providers/ldap/ldap_id.c where
we checked to other values. It is not used anymore; it's better to
remove it.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Neither BE_ATTR_MEM nor BE_ATTR_ALL are set anywhere in sssd.code.
sh$ git grep -E "BE_ATTR_ALL|BE_ATTR_MEM"
src/providers/data_provider.h:#define BE_ATTR_MEM 2
src/providers/data_provider.h:#define BE_ATTR_ALL 3
src/providers/data_provider/dp_target_id.c: case BE_ATTR_MEM:
src/providers/data_provider/dp_target_id.c: case BE_ATTR_ALL:
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Use tools specific reference to debug level explanation in sssctl
man page.
Resolves:
https://fedorahosted.org/sssd/ticket/3085
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
a System Error
It's often not clear to admins where to look further if the krb5_child
fails with a generic error. This patch just adds a DEBUG message
advising the admin to look into the krb5_child.log for more information.
Related:
https://fedorahosted.org/sssd/ticket/2955
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3267
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3080
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
seconds
Changes for dyndns_refresh_interval < 60 sec
man sss-ad changed for dyndns_refresh_interval < 60 sec
Resolves:
https://fedorahosted.org/sssd/ticket/2201
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a workaround for buggy python-requests 2.12.4.
It cannot handle uppercase letters in file path.
The manual page MKTEMP(1) says that the parameter --dry-run is unsafe.
It is not critical for our use-case in CI but we should revert the patch
after fixed version of puython-request will be released
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Autotools does not generate defines in conditional way (ifndef .. define)
and therefore it might happen that "defines" in config.h migt redefine
some macros in different way and generate a warning.
e.g.
In file included from /home/build/sssd/src/util/util.h:24:0,
from /home/build/sssd/src/python/pyhbac.c:24:
./config.h:322:0: error: "HAVE_LONG_LONG" redefined [-Werror]
#define HAVE_LONG_LONG 1
In file included from /usr/include/python3.6m/Python.h:50:0,
from /home/build/sssd/src/python/pyhbac.c:21:
/usr/include/python3.6m/pyport.h:42:0: note: this is the location of the previous definition
#define HAVE_LONG_LONG
We need to include config.h before Python.h to avoid redefinition of
HAVE_LONG_LONG which is definded conditionally in Python.h
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
hash_values() expects a pointer to unsigned long int as second
argument. Using size_t instead causes a 'from incompatible pointer type'
compiler error on e.g. 32bit platforms because size_t is 32bits here
while unsigned long int is 64bits.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were few type of changes that were require for tests to work:
1) When calling "get by name" commands, a name is parsed with
sss_parse_inp. Returned value is now mocked.
2) When calling "get by upn" commands, a name is parsed with
sss_parse_inp and negative cache is not hit in the first run
since cache_req knows it may be upn since it is not equal
to any known domain. Returned value of sss_parse_inp is now
mocked to return ERR_DOMAIN_NOT_FOUND and negative cache hits
are checked to be 0.
3) Lookups by certificate or sid do not require name parsing so
those have separate mock functions.
4) Sometime the test fail since different number of mocked functions
is called due to changes in the code. Where possible, will_return_always()
is used, otherwise number of mocked values was fixed.
5) In SID by name lookups, we set nss_test_ctx->tctx->done to false on
the beggining of for cycle, since the code now contains tevent calls
and withough it only a first request proceed into tevent_loop in
test_ev_loop() because the first finished request sets it to true.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Given the size of the current nss responder it was quite impossible
to simply switch into using the cache_req interface, especially
because most of the code was duplication of cache lookups.
This patch completely rewrites the responder from scratch. The amount
of code was reduced to less than a half lines of code with no code duplication,
better documentation and better maintainability and readability.
All functionality should be intact.
*Code organization*
All protocol (parsing input message and send a reply) is placed
in nss_protocol.c. Functions that deals with creating a reply
packet are placed into their specific nss_protocol_$object.c files.
All supported commands are placed into nss_cmd.c. Functions that
deals with cache req are in nss_get_object.c and nss_enum.c.
*Code flow for non-enumeration*
An nss_getby_$input-type is called for each non-enumeration command.
This function parses the input message, creates a cache_req_data
structure and issues nss_get_object that calls cache_req. When
this request is done nss_getby_done make sure a reply is sent to
the client.
*Comments on enumeration*
I made some effort to make sure enumeration shares the same code
for users, groups, services and netgroups. Netgroups now uses
nss negative cache instead of implementing its own.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
We often work with <string, pointer> type of hash table throughout sssd.
This module creates and maintains such hash table and makes sure
that hash entry is destroyed when original value is freed.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We make sure in responder dp code that we do not contact
data provider if the provider is a local one. We just
return success.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Those checks were redundant, since they are already part of cache_req.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally sss_cmd_send_empty() called also sss_cmd_done() to send
an empty reply packet to the cliant where as sss_cmd_send_error()
did not invoke this call and required the caller to call it manually.
For this reason, a possible error in users_find_by_cert_done() was not
send to the caller.
This patch unifies the usage of those two functions in a way that both
of them only creates the reply packet but do not send it. Another
sss_cmd_done() call is required to send the reply.
Because sss_cmd_done() is now always called, unit tests needed to be
changed to always mock a value for __wrap_sss_cmd_done.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We will only remember entry in the negative cache if the data provider
requests succeeded because only then we can be sure that the entry
does not exist.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch allows plugins that do not require name qualification
on multi-domain search to perform lookup also in subdomains.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original debugging was unnecessarily large. I removed request name
from all debug messages (keeping the request number). The name is now
print only when a new request is created. I also added an explicit message
to see what object are we currently looking up.
For example:
[cache_req_set_plugin] (0x2000): CR #4: Setting "Group by ID" plugin
[cache_req_send] (0x0400): CR #4: New request 'Group by ID'
[cache_req_select_domains] (0x0400): CR #4: Performing a multi-domain search
[cache_req_set_domain] (0x0400): CR #4: Using domain [LDAP.PB]
[cache_req_search_send] (0x0400): CR #4: Looking up GID:20001@LDAP.PB
[cache_req_search_ncache] (0x0400): CR #4: Checking negative cache for [GID:20001@LDAP.PB]
[cache_req_search_ncache] (0x0400): CR #4: [GID:20001@LDAP.PB] is not present in negative cache
[cache_req_search_cache] (0x0400): CR #4: Looking up [GID:20001@LDAP.PB] in cache
[cache_req_search_send] (0x0400): CR #4: Returning [GID:20001@LDAP.PB] from cache
[cache_req_create_and_add_result] (0x0400): CR #4: Found 1 entries in domain LDAP.PB
[cache_req_done] (0x0400): CR #4: Finished: Success
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This request returns either user or group object.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This request returns either user or group object.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Sometimes we want to get extra attributes when looking up user.
For example in object by name search.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some plug-ins allow to specify what attributes should be returned,
but we always need to make sure that operational attributes such
as expiration time is returned so we can calculate the expiration
status.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we are looking name by sid or sid by name we want to be also
able to translate well known sid/name into its pair equivalent.
This adds the ability to mock cache_req_result if a well known object
is found.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
For enumeration purpose, we want to limit the number of returned results
This is a preparation for changes in NSS responder.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
