| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current code doesn't handle the situation where lowercasing the
sudoUser attribute would yield the same value again.
For example:
sudoUser: TUSER
sudoUser tuser
would break.
This patch switches to using the utility function
sysdb_attrs_add_lower_case_string() which already checks for duplicates.
Resolves:
https://fedorahosted.org/sssd/ticket/3301
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
This will allow to use cache req even for object that do not use
account request such as hosts.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It is not always desirable to consider default_domain from configuration
but expect none instead. For example when we search host certificates.
This is currently not used in this patch since host lookups parse
name directly with sss_parse_name but it will be used in the next
patch.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch provides tests for core logic of
sdap_search_initgr_user_in_batch() function. This function replaces
old approach with sysdb_try_to_find_expected_dn() function.
Resolves:
https://fedorahosted.org/sssd/ticket/3230
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Function create_multidom_test_ctx() prepares test environment for
multidomains. This patch enables setting of different params for
each domain.
Resolves:
https://fedorahosted.org/sssd/ticket/3230
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().
This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.
Resolves:
https://fedorahosted.org/sssd/ticket/3230
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add test to ensure conflict entries return ENOENT
Resolves:
https://fedorahosted.org/sssd/ticket/3288
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This additions has a very specific reason: unregister a service when
it's shutdown.
So far, we never had to do this kind of operation because the services
were started during SSSD's startup when finished when SSSD finished.
Now, with the socket-activation in place the game will be a little bit
different as the services will have an idle timeout and will be able
shut themselves down. In order to do it properly the monitor will need
to "unregister" the service and there's no way to do that without adding
this destructor data to the sbus_connection structure and introducing a
new function to access it from the monitor (where we're going to
set the destructor function to the sbus_connection for the
socket-activated services).
So far it's not being used anywhere as every function taking it as
parameter is just receiving NULL, but it will be used in the follow up
commits, by the monitor.
Related:
https://fedorahosted.org/sssd/ticket/3245
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some caller might not be interested in some of the values wbcLookupSid()
returns and just pass NULL. Currently 'net ads user info' does this
because it is not interested in the domain. wbcLookupSid() should handle
this gracefully.
Resolves:
https://fedorahosted.org/sssd/ticket/3273
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation of get_passwd_list/get_group_list
says that they return group/user database entry list.
However, ther return class 'map' with python3 due to
changes in high level function "map".
Traceback (most recent call last):
File "/dev/shm/sssd/src/tests/intg/ent_test.py",
line 141, in test_assert_passwd_list
ent.assert_passwd_list(ent.contains())
File "/dev/shm/sssd/src/tests/intg/ent.py",
line 243, in assert_passwd_list
assert not d, d
AssertionError: not a list, <class 'map'>
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
We know that all our tested utilities (sssctl, sss_cache, sss_override)
returns strings and not binary data. We can safely encode output to
string (unicode) in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Python module ctypes directly uses C functions from libraries.
C functions usually returns "char *" when string is expected.
But python3 uses unicode for string. Encoding returned bytes
("char *") to unicode strings simplify tests in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Python module ctypes directly uses C functions
and C functions expect "char *" as a string and not pointer
to wide characters "wchar *".
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Python3 version of ldap module require string for name of attribute
but bytes for value of attribute. It was not a problem in python2
due to unicode changes in python3
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The python module subprocess expect bytes as an input.
Traceback (most recent call last):
File "src/tests/intg/test_ldap.py", line 51, in ds_inst
ds_inst.setup()
File "src/tests/intg/ds_openldap.py", line 201, in setup
self._setup_config()
File "src/tests/intg/ds_openldap.py", line 169, in _setup_config
slapadd.communicate(config)
File "/usr/lib64/python3.6/subprocess.py", line 821, in communicate
self._stdin_write(input)
File "/usr/lib64/python3.6/subprocess.py", line 776, in _stdin_write
self.stdin.write(input)
TypeError: a bytes-like object is required, not 'str'
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python3 expects bytes as an input for hash function.
We need to convert string to bytes before hashing
Traceback (most recent call last):
File "src/tests/intg/test_ldap.py", line 51, in ds_inst
ds_inst.setup()
File "src/tests/intg/ds_openldap.py", line 200, in setup
self._setup_config()
File "src/tests/intg/ds_openldap.py", line 76, in _setup_config
admin_pw_hash = hash_password(self.admin_pw)
File "src/tests/intg/ds_openldap.py", line 41, in hash_password
hash = hashlib.sha1(password)
TypeError: Unicode-objects must be encoded before hashing
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, Python items() built a real list of tuples and returned that.
That could potentially take a lot of extra memory. Python iteritems()
returned an iterator-generator. The original remains for backwards
compatibility.
One of Python 3’s changes is that items() now return iterators,
and a list is never fully built. The iteritems() method is also gone,
since items() in Python 3 works like viewitems() in Python2.
But we do not have a lot of values in dictionary; so it does not worth
to optimize returned list from "items()" on Python2
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 2 range() returns a list, and xrange() returns an object that
will only generate the items in the range when needed, saving memory.
In Python 3, the range() function is gone, and xrange() has been renamed
range().
We do not strictly require list or iterator in code therefore we can use
range which is in poth version. And we do not use big ranges there
so the memory overhead with list on python2 is not big.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
The three modules urllib, urllib2 and urlparse has been reorganized
into three new modules, urllib.request, urllib.parse and urllib.error.
And urllib.quote was moved into urllib.parse.
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"print" is a function in python3. We can remove it because it is not
important.
Portable solution would be:
from __future__ import print_function
print (basedn)
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3267
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were few type of changes that were require for tests to work:
1) When calling "get by name" commands, a name is parsed with
sss_parse_inp. Returned value is now mocked.
2) When calling "get by upn" commands, a name is parsed with
sss_parse_inp and negative cache is not hit in the first run
since cache_req knows it may be upn since it is not equal
to any known domain. Returned value of sss_parse_inp is now
mocked to return ERR_DOMAIN_NOT_FOUND and negative cache hits
are checked to be 0.
3) Lookups by certificate or sid do not require name parsing so
those have separate mock functions.
4) Sometime the test fail since different number of mocked functions
is called due to changes in the code. Where possible, will_return_always()
is used, otherwise number of mocked values was fixed.
5) In SID by name lookups, we set nss_test_ctx->tctx->done to false on
the beggining of for cycle, since the code now contains tevent calls
and withough it only a first request proceed into tevent_loop in
test_ev_loop() because the first finished request sets it to true.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally sss_cmd_send_empty() called also sss_cmd_done() to send
an empty reply packet to the cliant where as sss_cmd_send_error()
did not invoke this call and required the caller to call it manually.
For this reason, a possible error in users_find_by_cert_done() was not
send to the caller.
This patch unifies the usage of those two functions in a way that both
of them only creates the reply packet but do not send it. Another
sss_cmd_done() call is required to send the reply.
Because sss_cmd_done() is now always called, unit tests needed to be
changed to always mock a value for __wrap_sss_cmd_done.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This request returns either user or group object.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This request returns either user or group object.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In enumeration calls we want to get objects from all domains, not
only from the first matched domain. We move the cache search result
into a structure that contains combination of domain and ldb_result.
This is preparation for enumeration support inside cache_req.
Resolves:
https://fedorahosted.org/sssd/ticket/3151
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Global names context is used to parse AD well known SIDs and names
into its opposite. This patch moves definition of this parameter
from nss responder into common responder context so it can be
used also by other responders.
This change will be use to enable looking up well known SIDs and
names directly in cache_req.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add basic tests for sssctl user/group-show commands. This includes
regression test for ticket #3235.
Resolves:
https://fedorahosted.org/sssd/ticket/3235
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libsss_config has been used only by OpenLMI and the project has been
deprecated making, then, no sense to keep the support on SSSD.
Distros that, for some reason, are still packing and distributing
OpenLMI can stick to SSSD 1.14 branch.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3169
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise we will have an 507 error in case any secret is added by any
of the tests that may be implemented in the future.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We covered diference between case sensitive and case insensitive
domains. If domain is case insensitive we add lowercase form of
sudoUser to local sysdb cache.
Resolves:
https://fedorahosted.org/sssd/ticket/3203
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
