| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
This patch adds tests on reproducer of t2841.
Resolves:
https://fedorahosted.org/sssd/ticket/2841
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2841
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Regresion test for ticket #3120
Resolves:
https://fedorahosted.org/sssd/ticket/3120
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Integration test for #3121
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Integration test for #3093
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
E302 expected 2 blank lines, found 1
E303 too many blank lines (2)
E501 line too long (84 > 79 characters)
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Side effect of this change was that some primary groups
could not be resolved and therefore get_user_groups
failed in override tests. We should do the same as "id user".
return decimal representation GID if it cannot be mapped to name.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We use finalizers in pytest for cleaning up of
openldap server. But sometimes destructor was called
in case of failure which causes many issues in tests.
Running teardown in destructor is not reliable due to pyhton nature.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is special logic around ad_enabled_domains option:
* option is disabled by default
* master domain is always added to enabled domains
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2789
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Reverse data provider interface is moved to a better location in
NSS responder. All responders now can have an sbus interface
defined per data provider connection. The unused old data provider
interface is removed.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Use the full simple access control handlers, just like SSSD does in the
tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The child process finished faster then it has handled by parent
and therefore it timed out. It's the similar solution as in
b3074dca3acebd91437ef13d3329d6d65d655215
[ RUN ] dyndns_test_error
(Fri Jul 29 16:12:00:621444 2016) [sssd] [nsupdate_child_timeout] (0x0020):
Timeout reached for dynamic DNS update
Could not run the test - check test fixtures
[ ERROR ] dyndns_test_error
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of modifyTimestamp needn't be a reliable way
for detecting of changes in user entry in LDAP.
The authorisation need to rely current data from LDAP
and therefore we will temporary disable optimisation with
modifyTimestamp and we will rather rely on deep comparison
of attributes. In he future, it might be changed and
responders might control the optimization level.
Resolves:
https://fedorahosted.org/sssd/ticket/3110
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sh-4.2# getent netgroup -s sss QAUsers
QAUsers ( ,qa1,example.com) ( ,qa2,example.com) ( ,qa3,example.com)
sh-4.2# getent netgroup -s sss QASystems
QASystems (qahost1.example.com,,) (qahost2.lab.eng.pnq.redhat.com,,)
sh-4.2# getent netgroup -s sss test
sh-4.2# echo $?
2
sh-4.2# python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sssd_netgroup
>>> sssd_netgroup.get_sssd_netgroups('QAUsers')
(1, 0, [(None, 'qa1', 'example.com'), (None, 'qa2', 'example.com'), (None, 'qa3', 'example.com')])
>>> sssd_netgroup.get_sssd_netgroups('QASystems')
(1, 0, [('qahost1.example.com', None, None), ('qahost2.lab.eng.pnq.redhat.com', None, None)])
>>> sssd_netgroup.get_sssd_netgroups('test')
(0, 0, [])
>>>
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The path to sssd nss module (libsss_nss.so) was
relative to prefix and expected subdirectory "lib".
32bit and 64bit platforms and different distributions
use different paths. This patch allows to use python module sssd_id
even with real module and not just integration tests.
It is just required to prepare "config.py" with right path.
e.g.
cd ~/sssd/src/tests/intg
[~/sssd/src/tests/intg]$ echo "NSS_MODULE_DIR = '/usr/lib64'" > config.py
[~/sssd/src/tests/intg]$ python
Python 2.7.12 (default, Jul 18 2016, 09:57:01)
[GCC 6.1.1 20160621 (Red Hat 6.1.1-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sssd_id
>>> sssd_id.get_user_gids('user')
(1, 0, [5977, 1070, 5845, 1076, 1074, 10327, 5975, 5766])
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
|
|
|
| |
Remove all entries in a directory but will
not remove the directory itself.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
current time
sysdb is already able to retrieve the current timestamp if the caller
doesn't specify it. However, for the timestamp cache this came too late
and the timestamp cache used zero as the 'now' time.
Resolves:
https://fedorahosted.org/sssd/ticket/3064
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Unfortunately principal aliases with an alternative realm are stored in
IPA as the string representation of an enterprise principal, i.e.
name\@alt.realm@IPA.REALM. To be able to lookup the alternative
principal in LDAP properly the UPN search filter is extended to search
for this type of name as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2948
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
sysdb_subdomain_store() and sysdb_update_subdomains() can now update
upn_suffixes as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
sysdb_master_domain_update() and sysdb_master_domain_add_info() are now
aware of the UPN suffix attribute.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
The test directory was not removed (tp_test_utils-test_utils)
because it contain the snippet for krb5_libdefaults.
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tests/sysdb-tests.c: In function 'test_sysdb_memberof_close_loop':
src/tests/sysdb-tests.c:2740:5: warning: passing argument
1 of '_ck_assert_msg' makes integer from pointer without a cast
[enabled by default]
fail_unless(data->attrlist[0], "talloc_array failed.");
^
In file included from src/tests/sysdb-tests.c:23:0:
/usr/include/check.h:237:16: note: expected 'int' but argument
is of type 'const char *'
void CK_EXPORT _ck_assert_msg (int result, const char *file,
^
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The argument ttl was recently removed from negative cache functions
(sss_ncache_check_user, sss_ncache_check_uid, sss_ncache_check_sid,
sss_ncache_check_cert) but it was not removed from wrapped versions
in nss-srv-tests. It caused a crash on machine with big endian
and when configure wih --coverage.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sudo expects the same name in sudo rule as login name. Therefore
if fully qualified name is used or even enforced by setting
use_fully_qualified_names to true or by forcing default domain
with default_domain_suffix sssd is able to correctly return the
rules but sudo can't match the user with contect of sudoUser
attribute since it is not qualified.
This patch changes the rules on the fly to avoid using names at all.
We do this in two steps:
1. We fetch all rules that match current user name, id or groups and
replace sudoUser attribute with sudoUser: #uid.
2. We fetch complementry rules that contain netgroups since it is
expected we don't have infromation about existing netgroups in
cache, sudo still needs to evaluate it for us if needed.
This patch also remove test for sysdb_get_sudo_filter since it wasn't
sufficient anyway and I did not rewrite it since I don't thing it
is a good thing to have filter tests that depends on exact filter
order.
Resolves:
https://fedorahosted.org/sssd/ticket/2919
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
The timestamp cache tests look into ldb to check the timestamps. This
patch converts the lookups to qualified names to make sure the lookups
actually match.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
The conversion to sysdb made several functions obsolete. Remove them.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
name.name is the input name. Since cache_req is an internal interface,
we need to return the sysdb name instead.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creating the username part of the ccache file is an output operation, it
makes sense to use sss_output_name() there which parses the name out of
the internal qualified name.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
The name is converted from whatever we receive on input to the internal
format before processing the data further.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a utility function sized_output_name() which wraps the output_name()
function and returns the sized_struct structure. This function is used
when formatting the output name for the client, but also when
saving/deleting the memory cache entries.
Its sister function sized_member_name() is very similar, but infers the
domain name from memberuid or ghost attribute.
Because all names internally are used in the same format, the logic to
append domain or format the usename for output in the fill_XXX() family
of functions is much simpler. In general, adding a domain suffix no
longer relies in the domain being a subdomain, but only the dom->fqnames
The parse_member() function was removed because it is no longer
required.
The nss test was amended to store names in the internal fqdn format on
input and checks for either shortnames or qualified names with the right
format created using sss_tc_fqname() on output.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
When storing users and groups by their name in the negative cache, store
them fully qualfied so that the responder only has to track the name in
the internal format once the input is converted.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
expand_homedir_template() can be considered an outward-facing interface,
therefore the function and its input structure will accept the internal
name format and parse it internally into a username and domain
component.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
When looking up users or groups by name, qualify the name into the
internal format before the lookup.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using a cmocka-based test allows us to initialize the domain using the
common helper functions which in turn allows us to set different
properties with confdb, same as sssd itself does.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
