Age | Commit message (Collapse) | Author | Files | Lines |
|
The providers are now responsible for determining how long a cached
entry is considered valid. The default is the same as before (600s)
|
|
Create and populate user directories on useradd, delete them on userdel
Fixes: #212
|
|
|
|
|
|
* The resolv test case can now test for TXT and SRV resolving by
specifying -t host and -s host respectively. The -n flag must still be
passed in to enable network tests.
* Added test for the little complicated resolv_copy_hostent() function.
* Leak checking using the new tests common functions.
* Fix indentation for test_internet, since the whole function was
modified to be able to handle SRV and TXT replies.
* Initialize the debug variable in main().
Also removed one unused variable in krb5_utils-tests.c
|
|
The leak_check_setup() and leak_check_teardown() functions can be added
to a test case with tcase_add_checked_fixture(). They will make sure
that all tests are checked for memory leaks. However, since talloc is
hierarchical and automatically frees the children, this will not catch
all cases, but might still be helpful.
The check_leaks(ctx, bytes) function takes a talloc context as an
argument and the number of bytes it should be using up (children
included). The total byte size used up by the context is determined by
the talloc_total_size() function. If the size doesn't agree,
check_leaks() will print out a talloc report on the context and makes
the current test fail.
The check_leaks_push() and check_leaks_pop() both take a talloc context
as an argument. Every time push is called, the context is "pushed" onto
an internal stack and it's current size is noted. When the context is
later "poped", the pop function will make sure that the size is the same
as when it was pushed. It will also check that it's not called
out-of-order or if the stack isn't empty.
|
|
- add a hint to the man page about permissions on sssd.conf
- add a test if a symbolic link can be opened
|
|
Use this new utility call to ensure that the config file is safe
to read from.
|
|
|
|
Implement a set of python bindings for the sysdb with feature set
similar to what is available in the tools. The primary
consumers would be applications like system-config-users.
Resolves: Ticket #102
|
|
The configuration options krb5ccache_dir and krb5ccname_template
are added to the Kerberos provider to create the user's credential
caches the same way as pam_krb5 does. Due to the design of the sssd
and the supported ccache types of MIT Kerberos only files are
allowed.
|
|
The code was still dependent on it for the ldap driver.
Changed the driver code to depend on the schema type.
Fix defaults for user and groups trees.
ATM if you use the rfc2307bis schema you have to put users and groups
in 2 separate trees (what people does by default anyway.
If this limitation will turn to be too hard, we will change this later.
|
|
|
|
Because the confdb always operates synchronously, it maintains its
own private event context internally. The event context argument
passed to it is never used, so we'll remove it to avoid confusion.
|
|
The special persistent local database retains the original name.
All other backends now have their own cache-NAME.ldb file.
|
|
|
|
|
|
|
|
Also add tests
|
|
Add some basic unit tests of the async resolver module.
One of the tests resolves a name on the Internet, therefore it is
off by default and is turned on with the -n switch.
|
|
|
|
|
|
This is part of a set of patches to rewrite sysdb to a hopefully better
API, that will also let use use tevent_req async style calls to manipulate
our cache.
|
|
This sysdb_req has always really been a transaction handle and not
a request.
This is part of a set of patches to rewrite transaction support in sysdb to a
hopefully better API, that will also let use use tevent_req async style to
manipulate our cache.
|
|
|
|
|
|
|
|
|
|
|
|
Per discussion with the desktop team, using the org.freedesktop
interface name will simplify adoption, as potential users won't
feel like they're pulling in a FreeIPA dependency.
|
|
Also shorten names oh other user attributes.
|
|
Also unify SYSDB_PW_NAME and SYSDB_GR_NAME in SYSDB_NAME and make it "name"
|
|
Calulates next id automatically if uid/gid are not specified.
Fixes to sysdb_get_next_available_id.
Add tests to create users and groups through the new functions.
|
|
SetUserAttributes is now available for use in the Infopipe.
I also reorganized a few of the internal InfoPipe objects to
reduce code duplication.
One very simple test is included in this checkin to validate that
the parser is working.
|
|
This patch adds support for requesting user data in the sysdb via
the InfoPipe. It currently has support for reading defined entries
of integral, floating-point or string types.
Tasks remaining:
1) Implement call to the provider when cache is out of date
2) Support byte arrays for userpic and similar
I modified sysdb_search_ctx in sysdb_search.c to accept an array of
attributes to pass into the LDB search.
I also made one additional related fix: the btreemap now sorts in the
correct order. Previously I had accidentally transposed the two
values for sorting, so the map would always have been in exact
reverse order.
|
|
Only legacy functions are fully tested now.
TODO: add new tests for non-legacy backend operations.
|
|
dependencies based on the latest samba code.
Convert all references to the old events library to use the
renamed tevent library.
|
|
CheckPermissions will currently return unrestricted access to the
root user, and no access to any other user. Once we decide on an
ACL mechanism, this will be easy to change.
I have also added very basic tests for the Introspect and
CheckPermissions methods.
|
|
listening for requests to org.freeipa.sssd.infopipe
I made the sbus_add_connection function public so that I could
use it for system bus connections.
Adding initial framework for the InfoPipe
Updating sysdb tests for the refactored sysdb methods.
|
|
throw away databases
Check version and init main db if empty
|
|
use the same namespace (sysdb_posix_)
- no need to explicitly start a transaction if only one
operation is performed using a synchronous interface
- split _add_remove_ functions into separate functions,
don't let ldap madness creep into out interfaces
|
|
Fixed a few small bugs in sysdb_[store|remove]_account_posix. The
string "uid=" needed to be replaced with SYSDB_PW_NAME, and the
search scope in sysdb_remove_account_posix_by_uid needed to be
LDB_SCOPE_ONELEVEL, not LDB_SCOPE_BASE.
Added associated unit tests. Modified the unit test structure so
that it is called as a single suite, rather than a User and Group
suite, since there is too much overlap.
|
|
for adding/removing user accounts and POSIX groups to the groups.
Also modified the add/remove member functions to be a single
interface taking a flag for add or removal, since the code only
differs by one LDB flag.
Added associated unit tests.
|
|
to now use sysdb_add_member_to_posix_group along with sysdb_add_member_to_posix_group.
Added new unit tests to sysdb-tests.c for groups of groups.
|
|
|
|
|