| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2257
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/2024
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
There is a test for sss_authtok_set where '\0' is used as argument data.
'\0' is evaluated as zero and zero is treated as a null pointer.
And there is another test for NULL pointer few lines before.
Patch changes 3rd argument '\0' into properly cast zero length sting ""
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also fixes several corner cases and crashers.
It's not prudent to pass user input to (even admin) input as a
format string to printf, and various distros now check for this.
This can cause accessing memory incorrectly, and various also
various libc abort()'s.
In addition various assumptions were made about full_name_format
that aren't necessarily the case if the user uses a more complex
format.
Use safe-printf.c implementation for formatting full_name_format.
Adapt the NSS resolver so it doesn't barf on formatted strings that
are shorter than expected given a full_name_format.
Tests added and updated appropriately.
|
| |
|
|
|
|
|
|
|
|
| |
When building with -Werror 'make check' fails with many
errors like:
../src/tests/cmocka/test_authtok.c: In function ‘test_sss_authtok_password’:
../src/tests/cmocka/test_authtok.c:98:48: error: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Werror=cast-qual]
Make sss_authtok_set() @data argument const, and fix its documentation
|
| | |
|
| |
|
|
|
| |
Since we have the LDAP port of a trusted AD GC always available now, we
can always perform a fallback.
|
| |
|
|
|
|
|
|
|
|
| |
SSSD now defaults to using GC by default. For some environments, for
instance those that don't or can't replicate the POSIX attributes to
Global Catalog, this might not be desirable.
This patch introduces a new option ad_enable_gc, that is enabled by
default. Setting this option to false makes the SSSD contact only the
LDAP port of AD DCs.
|
| |
|
|
|
|
|
|
|
|
| |
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
The same applies for the LDAP connection to the trusted AD DC.
Includes a unit test.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The patch makes sure that a completely lower-cased version of a fully
qualified name is used for case insensitive searches. Currently there
are code paths where the domain name was used as configured and was not
lower-cased.
To make sure this patch does not break with old entries in the cache or
case sensitive domains a third template was added to the related filters
templates which is either filled with a completely lower-cased version or
with the old version. The other two template values are unchanged.
|
| |
|
|
|
|
|
| |
Unit test testing detection of the right domain when processing group with members from several domains
Resolves:
https://fedorahosted.org/sssd/ticket/2132
|
| |
|
|
|
| |
test_utils removed files from test_dir before test execution, but
files wasn't clean up after successful test execution.
|
| | |
|
| |
|
|
|
|
| |
Besides checking the content of output packets it might also be useful
to check the status. This is e.g. important if no results are expected
and the status should be set to ENOENT and not to any other error code.
|
| | |
|
| |
|
|
|
| |
If no domain name is specified the global name pattern and regular
expression will be returned.
|
| | |
|
| | |
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
| | |
|
| |
|
|
| |
Changing style of including header files from outside of sssd tree - from "header.h" to <header.h>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a workaround until
https://fedorahosted.org/sssd/ticket/2129 is fixed properly.
Consider a group entry such as:
cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom
Currently in order to print all group members as FQDN (which is the default
for AD provider), the code needs to iterate over the ghost attributes and
parse them into (name,domain) and optionally re-add the domain.
The proper fix would be to store always just the FQDN in the hardcoded
form of user@domain
|
| | |
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
|
| |
|
|
|
|
|
|
| |
This patch fixes few format string warnings in the file test_utils.c
src/tests/cmocka/test_utils.c:54:56:
warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1992
dyndns test will crash with this patch
|
| |
|
|
|
| |
This patch implements some unit tests for the recent enhancements to
libsss_idmap.
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1648
Adds another expansion in the printf format that allows the user to use
the domain flat name in the format.
|
| |
|
|
|
|
|
|
|
| |
--removed duplicated test-io
--reusing library libsss_test_common in other tests
--cmocka test sss_nss_idmap-tests was moved to cmocka dir
--moved leak_check.c to libsss_test_common
--moved common_tev.c,common_dom.c to libsss_test_common
(leak_check.c,common_tev.c,common_dom.c) are test framework independent
|
| |
|
|
|
|
|
| |
The dyndns init function was starting the timer even if the updates were
set to False. This patch splits the init of dynamic updates and the
timer into two functions so that the back end can start the updates
separately from reading the options.
|
| |
|
|
| |
The tests_set_cwd() function was called twice in the dyndns unit test.
|
| |
|
|
|
|
| |
This options is mostly provided for future expansion. Currently it is
undocumented and both IPA and AD dynamic DNS updates default to
GSS-TSIG. Allowed values are GSS-TSIG and none.
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1831
Adds a new option that can be used to force nsupdate to only use TCP to
communicate with the DNS server.
|
| |
|
|
|
|
|
| |
This new options adds the possibility of updating the DNS entries
periodically regardless if they have changed or not. This feature
will be useful mainly in AD environments where the Windows clients
periodically update their DNS records.
|
| |
|
|
|
|
| |
This patch introduces new options for dynamic DNS updates that are not
specific to any back end. The current ipa dyndns options are still
usable, just with a deprecation warning.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Provides two new layers instead of the previous IPA specific layer:
1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its
purpose it to make it possible for any back end to use dynamic DNS
updates.
2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some
LDAP-specific features like autodetecting the address from the LDAP
connection.
Also converts the dyndns code to new specific error codes.
|
| |
|
|
|
| |
tests_set_cwd is used and relativepath calculation method is changed and is made general based on
basedir.
|
| | |
|
| | |
|
