sssd.git/src/tests, branch memberof_default_view

tests: add test_sss_idmap_calculate_range()

2016-07-13T13:45:07+00:00

sysdb-tests: Fix cast from pointer to integer

2016-07-12T14:35:19+00:00

src/tests/sysdb-tests.c: In function 'test_sysdb_memberof_close_loop':
src/tests/sysdb-tests.c:2740:5: warning: passing argument
  1 of '_ck_assert_msg' makes integer from pointer without a cast
  [enabled by default]
     fail_unless(data->attrlist[0], "talloc_array failed.");
     ^
In file included from src/tests/sysdb-tests.c:23:0:
/usr/include/check.h:237:16: note: expected 'int' but argument
 is of type 'const char *'
   void CK_EXPORT _ck_assert_msg (int result, const char *file,
                  ^
Reviewed-by: Pavel Březina

nss-srv-tests: Fix prototype of wrapped ncache functions

2016-07-12T12:23:27+00:00

The argument ttl was recently removed from negative cache functions
(sss_ncache_check_user, sss_ncache_check_uid, sss_ncache_check_sid,
sss_ncache_check_cert) but it was not removed from wrapped versions
in nss-srv-tests. It caused a crash on machine with big endian
and when configure wih --coverage.

Reviewed-by: Pavel Březina

sudo: solve problems with fully qualified names

2016-07-07T08:30:26+00:00

sudo expects the same name in sudo rule as login name. Therefore
if fully qualified name is used or even enforced by setting
use_fully_qualified_names to true or by forcing default domain
with default_domain_suffix sssd is able to correctly return the
rules but sudo can't match the user with contect of sudoUser
attribute since it is not qualified.

This patch changes the rules on the fly to avoid using names at all.
We do this in two steps:
1. We fetch all rules that match current user name, id or groups and
   replace sudoUser attribute with sudoUser: #uid.
2. We fetch complementry rules that contain netgroups since it is
   expected we don't have infromation about existing netgroups in
   cache, sudo still needs to evaluate it for us if needed.

This patch also remove test for sysdb_get_sudo_filter since it wasn't
sufficient anyway and I did not rewrite it since I don't thing it
is a good thing to have filter tests that depends on exact filter
order.

Resolves:
https://fedorahosted.org/sssd/ticket/2919

Reviewed-by: Jakub Hrozek

TESTS: Convert the tests to use qualified names for ldb lookups

2016-07-07T08:29:46+00:00

The timestamp cache tests look into ldb to check the timestamps. This
patch converts the lookups to qualified names to make sure the lookups
actually match.

Reviewed-by: Sumit Bose

UTIL: Remove unused functions

2016-07-07T08:29:42+00:00

The conversion to sysdb made several functions obsolete. Remove them.

Reviewed-by: Sumit Bose

RESPONDERS: Return the sysdb name from cache_req

2016-07-07T08:29:17+00:00

name.name is the input name. Since cache_req is an internal interface,
we need to return the sysdb name instead.

Reviewed-by: Sumit Bose

KRB5: Use shortname when expanding the user template in Kerberos ccache

2016-07-07T08:28:31+00:00

Creating the username part of the ccache file is an output operation, it
makes sense to use sss_output_name() there which parses the name out of
the internal qualified name.

Reviewed-by: Sumit Bose

PAM: Use qualified names internally in the PAM responder

2016-07-07T08:26:20+00:00

The name is converted from whatever we receive on input to the internal
format before processing the data further.

Reviewed-by: Sumit Bose

TESTS: Start fixing the PAM responder tests for fully qualified names in sysdb

2016-07-07T08:26:14+00:00

Reviewed-by: Jakub Hrozek