| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We used to defined a compat method for assertItemsEqual that existed on
Python 2.7, but not on old Python 2.x. As an effect, we used our compat
code even if assertCountEqual was available from standard library.
The recent Python 3.x versions renamed assertItemsEqual to
assertCountEqual. Therefore we should use the modern version which is in
the standard library over a compat version provided by ourselves.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a fo_resolve_service callback would modify the server->common member
in any way, for example by dereferencing the server and lowering the
refcount to 0, which would free the common structure, then the next
iteration of fo_resolve_service_done would access memory that was
already gone.
Please see
https://tevent.samba.org/group__tevent__request.html#ga09373077d0b39e321a196a86bfebf280
for more details.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the user name of a AD user is overridden with the name itself in an
IPA override object SSSD adds this name twice to the alias list causing
an ldb error when trying to write the user object to the cache. As a
result the user is not available.
This patch makes sure that there are no duplicated alias names.
Resolves https://fedorahosted.org/sssd/ticket/2874
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There were warnings on 32 bit architecture related to 64bit integer constants.
/home/build/sssd/src/tests/sbus_codegen_tests.c:257:
warning: integer constant is too large for ‘long’ type
/home/build/sssd/src/tests/sbus_codegen_tests.c:259:
warning: integer constant is too large for ‘long’ type
INT${N}_C(value) are defined in the standard c99
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
In python 2.6, the module subprocess does not have the function
check_output.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The local override tests were added after we alredy removed
the sss_cache call from teardowns in other tests. See
commit: 782d39e3916d16b8dbba6ae97aca1db2f3c35d76
Revert "intg: Invalidate memory cache before removing files"
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Introduce a new integration test for local view overrides.
Regression tests for: #2790, #2757 and #2802.
Resolves:
https://fedorahosted.org/sssd/ticket/2732
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a bunch of LDAP tests.
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fallback_homedir option.
* The effect of override_shell option.
* The effect of shell_fallback option.
* The effect of default_shell option.
* The effect of vetoed_shells option.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
| |
libdbus abort()s when a string argument is not valid UTF-8. Since the
arguments sometimes come from untrusted sources, it's better to check
the string validity explicitly.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test groups_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated after
filter was created (or another given time).
groups_by_filter_valid() --> group_by_recent_filter_valid()
grous_by_recent_filter_valid()
The first of new tests, group_by_recent_filter_valid(), counts with two
groups. One is stored before filter request creation and the second
group is stored after filter request creation. So filter returns only
one group.
The second of new tests, groups_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two
groups are stored after filter request creation. So filter returns two
groups.
This patch adds groups_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We need little more in backroung of responder_cache_req tests. There
will be tests which will use three test groups. This patch add support
for it.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test groups_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated after
filter was created (or another given time).
groups_by_filter_valid() --> group_by_recent_filter_valid()
grous_by_recent_filter_valid()
The first of new tests, group_by_recent_filter_valid(), counts with two
groups. One is stored before filter request creation and the second
group is stored after filter request creation. So filter returns only
one group.
The second of new tests, groups_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two
groups are stored after filter request creation. So filter returns two
groups.
This patch adds group_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test users_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated
after filter was created (or another given time).
users_by_filter_valid() --> user_by_recent_filter_valid()
users_by_recent_filter_valid()
The first of new tests, user_by_recent_filter_valid(), counts with
two users. One is stored before filter request creation and the second
user is stored after filter request creation. So filter returns only one
user.
The second of new tests, users_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two
users are stored after filter request creation. So filter returns two
users.
This patch adds users_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds function are_values_in_array() to common test code. And
there is tc_are_values_in_array macro defined which is usefull for
talloc allocated values and arrays.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We need little more in background of responder_cache_req tests. There
will be tests which will use three test users. This patch add support
for it.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch only defines constant TEST_USER_PREFIX. So code will be more
redeable.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test users_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated after
filter was created (or another given time).
users_by_filter_valid() --> user_by_recent_filter_valid()
users_by_recent_filter_valid()
The first of new tests, user_by_recent_filter_valid(), counts with two
users. One is stored before filter request creation and the second user
is stored after filter request creation. So filter returns only one
user.
The second of new tests, users_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two users
are stored after filter request creation. So filter returns two users.
This patch adds user_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Extend PAM responder unit test to check 'online' cached authentication.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Split pam_test_setup() so domain and pam parameters can be easily set
distinctly for each test.
Resolves:
https://fedorahosted.org/sssd/ticket/2697
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It is not necessary to invalidate memory cache before removing
them. The sssd_client can handle it without any problem.
This reverts commit eabc1732ef91548616a699b7e9f8d30e5e7b8dd3.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Long living clients should be able to reinitialize
memory cache which was removed but it not initialized.
This patch also remove workaround in test_local_domain.py
Test for:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
| |
If leak_check_setup is not called then global_talloc_context
was not initialized and check_leaks_pop(global_talloc_context) will fail.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_valid':
src/tests/cmocka/test_sss_sifp.c:153: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
src/tests/cmocka/test_sss_sifp.c: In function 'test_sss_sifp_strdup_null':
src/tests/cmocka/test_sss_sifp.c:163: warning: declaration of 'dup' shadows a global declaration
/usr/include/unistd.h:528: warning: shadowed declaration is here
src/tests/cmocka/test_sdap.c: In function '__wrap_ldap_next_attribute':
src/tests/cmocka/test_sdap.c:203: warning: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: warning: shadowed declaration is here
src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_user':
src/tests/cmocka/test_responder_cache_req.c:163: warning: declaration of 'time' shadows a global declaration
/usr/include/time.h:186: warning: shadowed declaration is here
src/tests/cmocka/test_responder_cache_req.c: In function 'prepare_group':
src/tests/cmocka/test_responder_cache_req.c:244: warning: declaration of 'time' shadows a global declaration
/usr/include/time.h:186: warning: shadowed declaration is here
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It would be better to not use 'ssh' or 'sshd' here at all but something like
'pam_test_service' to indicate that it is a generic name.
Because a default value should not lead to a code path which handles a
special case. The general PAM responder test should not run through the
'sshd' case in pam_reply() only if the service is set explicitly to
'sshd' this features should be tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While handling well-known SIDs a debug statement tries to access memory that is
already freed. This can be seen with the following output from valgrind.
==17600== Invalid read of size 4
==17600== at 0x805ACC6: nss_cmd_getbysid (nsssrv_cmd.c:5458)
==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600== by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600== by 0x80671F5: client_recv (responder_common.c:283)
==17600== by 0x806741C: client_fd_handler (responder_common.c:335)
==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600== by 0x45EF3BF: _tevent_loop_once (tevent.c:530)
==17600== by 0x45EF5AB: tevent_common_loop_wait (tevent.c:634)
==17600== by 0x45F326E: std_event_loop_wait (tevent_standard.c:140)
==17600== by 0x45EF647: _tevent_loop_wait (tevent.c:653)
==17600== Address 0x4b248a0 is 72 bytes inside a block of size 88 free'd
==17600== at 0x402C26D: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==17600== by 0x45FEC9E: _talloc_free_internal (talloc.c:1057)
==17600== by 0x45FEC9E: _talloc_free (talloc.c:1581)
==17600== by 0x8066085: sss_cmd_done (responder_cmd.c:93)
==17600== by 0x805A9B0: nss_check_well_known_sid (nsssrv_cmd.c:5382)
==17600== by 0x805AC86: nss_cmd_getbysid (nsssrv_cmd.c:5455)
==17600== by 0x805AF41: nss_cmd_getnamebysid (nsssrv_cmd.c:5509)
==17600== by 0x80662F4: sss_cmd_execute (responder_cmd.c:161)
==17600== by 0x8067015: client_cmd_execute (responder_common.c:249)
==17600== by 0x80671F5: client_recv (responder_common.c:283)
==17600== by 0x806741C: client_fd_handler (responder_common.c:335)
==17600== by 0x45F5112: epoll_event_loop (tevent_epoll.c:728)
==17600== by 0x45F5112: epoll_event_loop_once (tevent_epoll.c:926)
==17600== by 0x45F32EE: std_event_loop_once (tevent_standard.c:114)
==17600==
The patch contains a change to the unit tests which frees the memory in
the wrapper for sss_cmd_done() too. This allows to detect this kind of
issue in the unit tests as well.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2785
Test local domain tool with wrong LC_ALL
environment variable value.
NOTE: The memory cache files are not deleted
properly in the test teardown to work around the
problem described in ticket
https://fedorahosted.org/sssd/ticket/2726
Once the ticket above is solved, the teardown
will be updated to remove the memory cache
files.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
There is a warning with gcc 4.8
src/tests/sbus_codegen_tests.c:1131:18: warning: 'exp_values' may be used
uninitialized in this function [-Wmaybe-uninitialized]
const char **exp_values;
^
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
The similarcahnge was done in main makefile by change
69b46c32357ccf1aab9c0bd6d1afa33a8724ad77
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
LIBCAPNG_{CFLAGS,LIBS} are not defined anywhere in sssd.
It could be introduced as copy&paste error from different project.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
responder_common_tests does not use any function which requires to link
with UNICODE linraries or with libsss_crypt
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2829
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Check and open tests try to write into and read from created files.
There is no reason to have executable permission, so this patch
replaces SSS_DFL_X_UMASK with DFL_UMASK permissions.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Debug tests try to write into and read from crreated files. There is no
reason to have executable permission, so this patch replaces
SSS_DFl_X_UMASK with SSS_DFL_UMASK permissions.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This test suite tries to write into and to read from temp. files.
There is no reason to have executable permission. So this patch
replaces SSS_DFL_X_UMASK with SSS_DFL_UMASK.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
There are many calls of umask function with 077 argument. This patch
add new constant SSS_DFL_X_UMASK which stands fot 077. So all
occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Do not try to use the pre-increment operator which doesn't exist in
Python (and is in fact two "identity" operators - opposites of
"negation" operators). Use addition and assignment instead.
This fixes infinite loops on failed slapd starting and stopping.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Fix creation of mixed user/group "member" attribute for RFC2307bis
group entries in ldap_ent.py.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
