| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Merges: https://pagure.io/SSSD/sssd/pull-request/3374
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
| |
|
|
|
|
|
| |
We require newer libcurl version than is available on rhel6. We don't
ship secrets responder in rhel6 so we just disable its build.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
env variable UID is not defined in all shells (eg. dash)
We also need to move invocation of "id -u" before nss_wraper
is enabled otherwise we would get root instead of real user.
=================================== FAILURES ===================================
________________________ test_kcm_mem_init_list_destroy ________________________
Traceback (most recent call last):
File "/home/build/sssd/src/tests/intg/test_kcm.py", line 198, in test_kcm_mem_init_list_destroy
kcm_init_list_destroy(testenv)
File "/home/build/sssd/src/tests/intg/test_kcm.py", line 183, in kcm_init_list_destroy
exp_ccname = testenv.ccname()
File "/home/build/sssd/src/tests/intg/test_kcm.py", line 45, in ccname
my_uid = self.my_uid()
File "/home/build/sssd/src/tests/intg/test_kcm.py", line 41, in my_uid
return int(s_myuid)
ValueError: invalid literal for int() with base 10: ''
And we already use different approach in top level Makefile.am
3488) $(INTGCHECK_CONFIGURE_FLAGS) \
3489) CFLAGS="$$CFLAGS $(AM_CFLAGS) -DKCM_PEER_UID=$$(id -u)"; \
3490) $(MAKE) $(AM_MAKEFLAGS) ; \
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Adds a new KCM responder ccache back end that forwards all requests to
sssd-secrets.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
The curl integration must allow us to create containers, therefore we
also add support of the POST HTTP request type.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
In order to test the curl integration code, this patch adds a
command-line tool and tests that it's possible to drive a conversation
with the secrets responder using the tool.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a group/users are invalidated from sss_cache, the group/user
information in domain and timestamps cache are inconsistent with
regard to dataExpireTimestamp attribute.
This patch fixes the problem by explicitly invalidating the domain
cache's entry when the timestamp cache entry is invalidated
by sss_cache call. There is one new function:
* sysdb_invalidate_cache_entry()
provided for this purpose and used only in sss_cache utility.
Resolves:
https://fedorahosted.org/sssd/ticket/3164
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there is a problem to execute sssd_secrets then exception
is raised. Test will not continue in parent process because it is
waiting for socket for a second. The child process will continue
in execution of tests because parent process will kill child
in teardown after test execution.
This patch makes starting of secret service more robust
and immediately fail child process when there was a problem to start
sssd_secrets. It also adds few assertions for ensuring that setup passed
as it should.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This functionality is only enabled in case SSSD is configured with with
--enable-files-domain. If not, the behaviour is as it used to -- SSSD
returns an error, instructing the admin to create a configuration file.
If the option is enabled, a very minimal confdb that only enables the
NSS responder is created. The confdb later adds the implicit files
domain.
Resolves:
https://pagure.io/SSSD/sssd/issue/2229
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
| |
Adds tests that exercise the implicit files domain.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is done to make sure that enabling the files domain doesn't break
existing functionality as well as making it possible to even that the
implicit domain, since all integration tests use the same configuration.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
There were two bugs in the files provider reallocation logic:
1) the reallocated array was not NULL-terminated properly
2) talloc_get_size was used in place of talloc_array_length
This bug could have resulted in a crash when the passwd or groups file
contained more than FILES_REALLOC_CHUNK entries.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
NamedTemporaryFile use the default mode 'w+b'
and we tried to write strings. It is not a problem on python2
but failed on pyhton3
Python module ctypes directly uses C functions from libraries.
C functions usually expect/returns "char *" when string is expected.
But python3 uses unicode for string. Decoding returned bytes
("char *") to unicode strings simplify tests in python3.
Otherwise we would need to convert bytes to string in each assertion.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implements integration tests for the files provider. In order to change
entries in the nss-wrapped passwd and group files, this commit also
implements a helper module that creates a new passwd and group file and
moves it in place of the nss-wrapped files. We move the files instead of
modifying them in-place in order to trigger similar inotify
notifications as shadow-utils would.
The unit test uses sleep on several places. This is suboptimal, but
during testing especially on slow machines, it became apparent that
sometimes the inotify message arrives later than the test would check
for the changed entries. Therefore, the check would query the NSS
responder even before the sss-files domain was invalidated.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Implements a python module that allows to load the nss_sss module and
call functions that act like getgr*
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Implements a python module that allows to load the nss_sss module and
simulate calling getpw* functions from tests.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Every module that reads the sssd_nss module directly copied around the
same definition of NSS constants. This commit moves them into a single
file to avoid code duplication.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The fixtures will be useful for tests that set up and restore a user and
group database. While it would be possible to import them already, the
functions were previously used in a test and importing from a test seems
a bit like a hack.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation of get_passwd_list/get_group_list
says that they return group/user database entry list.
However, ther return class 'map' with python3 due to
changes in high level function "map".
Traceback (most recent call last):
File "/dev/shm/sssd/src/tests/intg/ent_test.py",
line 141, in test_assert_passwd_list
ent.assert_passwd_list(ent.contains())
File "/dev/shm/sssd/src/tests/intg/ent.py",
line 243, in assert_passwd_list
assert not d, d
AssertionError: not a list, <class 'map'>
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
We know that all our tested utilities (sssctl, sss_cache, sss_override)
returns strings and not binary data. We can safely encode output to
string (unicode) in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Python module ctypes directly uses C functions from libraries.
C functions usually returns "char *" when string is expected.
But python3 uses unicode for string. Encoding returned bytes
("char *") to unicode strings simplify tests in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Python module ctypes directly uses C functions
and C functions expect "char *" as a string and not pointer
to wide characters "wchar *".
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Python3 version of ldap module require string for name of attribute
but bytes for value of attribute. It was not a problem in python2
due to unicode changes in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The python module subprocess expect bytes as an input.
Traceback (most recent call last):
File "src/tests/intg/test_ldap.py", line 51, in ds_inst
ds_inst.setup()
File "src/tests/intg/ds_openldap.py", line 201, in setup
self._setup_config()
File "src/tests/intg/ds_openldap.py", line 169, in _setup_config
slapadd.communicate(config)
File "/usr/lib64/python3.6/subprocess.py", line 821, in communicate
self._stdin_write(input)
File "/usr/lib64/python3.6/subprocess.py", line 776, in _stdin_write
self.stdin.write(input)
TypeError: a bytes-like object is required, not 'str'
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python3 expects bytes as an input for hash function.
We need to convert string to bytes before hashing
Traceback (most recent call last):
File "src/tests/intg/test_ldap.py", line 51, in ds_inst
ds_inst.setup()
File "src/tests/intg/ds_openldap.py", line 200, in setup
self._setup_config()
File "src/tests/intg/ds_openldap.py", line 76, in _setup_config
admin_pw_hash = hash_password(self.admin_pw)
File "src/tests/intg/ds_openldap.py", line 41, in hash_password
hash = hashlib.sha1(password)
TypeError: Unicode-objects must be encoded before hashing
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, Python items() built a real list of tuples and returned that.
That could potentially take a lot of extra memory. Python iteritems()
returned an iterator-generator. The original remains for backwards
compatibility.
One of Python 3’s changes is that items() now return iterators,
and a list is never fully built. The iteritems() method is also gone,
since items() in Python 3 works like viewitems() in Python2.
But we do not have a lot of values in dictionary; so it does not worth
to optimize returned list from "items()" on Python2
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 2 range() returns a list, and xrange() returns an object that
will only generate the items in the range when needed, saving memory.
In Python 3, the range() function is gone, and xrange() has been renamed
range().
We do not strictly require list or iterator in code therefore we can use
range which is in poth version. And we do not use big ranges there
so the memory overhead with list on python2 is not big.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
The three modules urllib, urllib2 and urlparse has been reorganized
into three new modules, urllib.request, urllib.parse and urllib.error.
And urllib.quote was moved into urllib.parse.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"print" is a function in python3. We can remove it because it is not
important.
Portable solution would be:
from __future__ import print_function
print (basedn)
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3267
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add basic tests for sssctl user/group-show commands. This includes
regression test for ticket #3235.
Resolves:
https://fedorahosted.org/sssd/ticket/3235
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3169
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise we will have an 507 error in case any secret is added by any
of the tests that may be implemented in the future.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2940
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The debug message was introduced when I was testing 65a38b8c9, but ended
up not removed before submitting the patch.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3169
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3168
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Implements a simple HTTP client and uses it to talk to the sssd-secrets
responder. Only the local provider is tested at the moment.
Resolves:
https://fedorahosted.org/sssd/ticket/3054
Reviewed-by: Petr Čech <pcech@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Regression test for ticket #3184
Resolves:
https://fedorahosted.org/sssd/ticket/3184
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3179
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
| |
Adds FQDN variants of some already existing tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Regression tests for ticket #3178.
Resolves:
https://fedorahosted.org/sssd/ticket/3178
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds regression CI test for ticket #3173 and #3175.
Resolves:
https://fedorahosted.org/sssd/ticket/3173
https://fedorahosted.org/sssd/ticket/3175
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch adds tests on reproducer of t2841.
Resolves:
https://fedorahosted.org/sssd/ticket/2841
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2841
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Čech <pcech@redhat.com>
|
