sssd.git/src/tests/cmocka, branch memberof_default_view

tests: add test_sss_idmap_calculate_range()

2016-07-13T13:45:07+00:00

nss-srv-tests: Fix prototype of wrapped ncache functions

2016-07-12T12:23:27+00:00

The argument ttl was recently removed from negative cache functions
(sss_ncache_check_user, sss_ncache_check_uid, sss_ncache_check_sid,
sss_ncache_check_cert) but it was not removed from wrapped versions
in nss-srv-tests. It caused a crash on machine with big endian
and when configure wih --coverage.

Reviewed-by: Pavel Březina

sudo: solve problems with fully qualified names

2016-07-07T08:30:26+00:00

sudo expects the same name in sudo rule as login name. Therefore
if fully qualified name is used or even enforced by setting
use_fully_qualified_names to true or by forcing default domain
with default_domain_suffix sssd is able to correctly return the
rules but sudo can't match the user with contect of sudoUser
attribute since it is not qualified.

This patch changes the rules on the fly to avoid using names at all.
We do this in two steps:
1. We fetch all rules that match current user name, id or groups and
   replace sudoUser attribute with sudoUser: #uid.
2. We fetch complementry rules that contain netgroups since it is
   expected we don't have infromation about existing netgroups in
   cache, sudo still needs to evaluate it for us if needed.

This patch also remove test for sysdb_get_sudo_filter since it wasn't
sufficient anyway and I did not rewrite it since I don't thing it
is a good thing to have filter tests that depends on exact filter
order.

Resolves:
https://fedorahosted.org/sssd/ticket/2919

Reviewed-by: Jakub Hrozek

UTIL: Remove unused functions

2016-07-07T08:29:42+00:00

The conversion to sysdb made several functions obsolete. Remove them.

Reviewed-by: Sumit Bose

RESPONDERS: Return the sysdb name from cache_req

2016-07-07T08:29:17+00:00

name.name is the input name. Since cache_req is an internal interface,
we need to return the sysdb name instead.

Reviewed-by: Sumit Bose

PAM: Use qualified names internally in the PAM responder

2016-07-07T08:26:20+00:00

The name is converted from whatever we receive on input to the internal
format before processing the data further.

Reviewed-by: Sumit Bose

TESTS: Start fixing the PAM responder tests for fully qualified names in sysdb

2016-07-07T08:26:14+00:00

Reviewed-by: Jakub Hrozek

TESTS; orig_name does not need to be expanded to sysdb format

2016-07-07T08:26:08+00:00

Reviewed-by: Jakub Hrozek

NSS: Fix NSS responder to cope with fully-qualified usernames

2016-07-07T08:26:01+00:00

Adds a utility function sized_output_name() which wraps the output_name()
function and returns the sized_struct structure. This function is used
when formatting the output name for the client, but also when
saving/deleting the memory cache entries.

Its sister function sized_member_name() is very similar, but infers the
domain name from memberuid or ghost attribute.

Because all names internally are used in the same format, the logic to
append domain or format the usename for output in the fill_XXX() family
of functions is much simpler. In general, adding a domain suffix no
longer relies in the domain being a subdomain, but only the dom->fqnames

The parse_member() function was removed because it is no longer
required.

The nss test was amended to store names in the internal fqdn format on
input and checks for either shortnames or qualified names with the right
format created using sss_tc_fqname() on output.

Reviewed-by: Sumit Bose

NCACHE: Store FQDNs internaly, check for shortnames in files

2016-07-07T08:25:57+00:00

When storing users and groups by their name in the negative cache, store
them fully qualfied so that the responder only has to track the name in
the internal format once the input is converted.

Reviewed-by: Sumit Bose