Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Also include talloc.h, tevent.h and ldb.h as system headers in util.h.
|
|
* The resolv test case can now test for TXT and SRV resolving by
specifying -t host and -s host respectively. The -n flag must still be
passed in to enable network tests.
* Added test for the little complicated resolv_copy_hostent() function.
* Leak checking using the new tests common functions.
* Fix indentation for test_internet, since the whole function was
modified to be able to handle SRV and TXT replies.
* Initialize the debug variable in main().
Also removed one unused variable in krb5_utils-tests.c
|
|
The leak_check_setup() and leak_check_teardown() functions can be added
to a test case with tcase_add_checked_fixture(). They will make sure
that all tests are checked for memory leaks. However, since talloc is
hierarchical and automatically frees the children, this will not catch
all cases, but might still be helpful.
The check_leaks(ctx, bytes) function takes a talloc context as an
argument and the number of bytes it should be using up (children
included). The total byte size used up by the context is determined by
the talloc_total_size() function. If the size doesn't agree,
check_leaks() will print out a talloc report on the context and makes
the current test fail.
The check_leaks_push() and check_leaks_pop() both take a talloc context
as an argument. Every time push is called, the context is "pushed" onto
an internal stack and it's current size is noted. When the context is
later "poped", the pop function will make sure that the size is the same
as when it was pushed. It will also check that it's not called
out-of-order or if the stack isn't empty.
|
|
C-ares either returned a malloc-ed memory or it automatically freed the
memory after out callback has returned. This patch will make sure that
anything that the resolv_* function return is allocated by talloc and
can be safely freed by talloc_free().
This will break the resolv tests to the point they will not be
compilable. This will be addressed in a later patch with other
improvements to the tests.
|
|
|
|
|
|
|
|
Go offline in case of hard errors too. It makes no sense to keep trying too
often when you have bad credentials for example.
Also delay starting the enumeration thread so that we finish initializations
first (bind to ldap is still a blocking operation and this may interfere with
clients/monitor registrations).
|
|
|
|
First step generate ldap options from ipa options.
Add sssd-ipa man page too.
|
|
|
|
|
|
With this missing, RPM builds were broken.
|
|
The LOCAL provider does not have a mechanism to load alternate
auth, access or chpass backends, nor does it make sense to do so.
This will throw a configuration error if these values are
specified (unless they are explicitly also set to 'local')
|
|
|
|
Put all init functions in their own file so that the other files can be
reused in other providers w/o having them in the way.
|
|
Put all init functions in their own file so that the other files can be reused in
other providers w/o having them in the way.
|
|
There was a double-free here. I removed the free()s within
setup_db, because upon returning to sss_init_tools(), if
ret != EOK, the context is freed as well.
|
|
These functions were used when reconnecting to the DP after losing
the connection. Since there is no DP any longer, there's no reason
to have these functions.
|
|
There were unused functions still being compiled. This will
suppress them until we turn live configuration updates back on.
|
|
On older versions of the python headers, some arguments used
'char *' instead of 'const char *', which means that assigning a
constant string such as "adduser" threw a warning about discarding
qualifiers.
This patch cleans up most of these warnings in this file. There
remain several warnings in the sss_local_methods initialization
that I do not know how to fix.
|
|
|
|
|
|
If auth_provider or access_provider is ont set explicitly id_provider is
used if it can handle auth or access control requests respectively. If
not auth defaults to 'none' and the access_provider is set to 'permit'.
The option 'deny' is added for the access_provider to explicitly deny
access.
|
|
- if chpass_provider is not given in the configuration file but an
auth_provider and the auth_provider can also handle change password
requests it is used as chpass_provider.
|
|
|
|
The way we were processing errors from the provider caused offline
authentication to stop working. Previously the problem was masked
by a bug in the data provider that always returned "Success" for any
operation no matter what the actual return code was. when DP got
removed the bug became evident.
|
|
|
|
|
|
If a backend target is not configured the return code is changed
from PAM_SYSTEM_ERR to PAM_MODULE_UNKNOWN and an error message is
sent back to the client.
|
|
The sdap_id_connect_* request tries to bind to an LDAP server with
the default credentials. Only the opts component of the sdap_id_ctx
context is used. A new request sdap_cli_connect_* is created which
expects only the opts pointer as parameter and not the whole context.
This makes it reusable by other providers.
|
|
|
|
|
|
Add getpwnam, getgrnam sync versions
Fix ticket #164: Groupnames in non-local domains
Fix ticket #100: Error Message Modifying a user that doesn't Exist
Fix ticket #214: incorrect error message when MPG already exists
Fix ticket #188: Deleting and modifying users in non-local domain
Fix ticket #120: Adding a user to a full domain gives unhelpful error message
|
|
|
|
|
|
|
|
|
|
|
|
Also adds unit tests for the SSSDConfig API
|
|
|
|
- the patch to handle short read introduced a new variable len to
store the amount of data read. Instead of using this variable
unpack_buffer was called with the old variable ret. Thanks to
mnagy@redhat.com for finding this.
- this patch also fixes a potential error when the message size is
equal to the buffer size.
|
|
- when the kerberos provider was used as a chpass_provider but
not as auth_provider the backend died
|
|
In sssd only local is a native mpg domain, and it is forced.
All other providers will have to unroll mpg users into a user/group pair of
entries in the db. This allows the provider to automatically establish if
the remote server provides mpg users w/o possibily conflicting manual
configurations on the client trying to force an mpg behavior where none
is provided.
|
|
Instead of waiting an arbitrary timeout, start all providers first, and wait for
all of them to reply to the monitor before starting other services.
Add a timeout handler so that services are started even if one of the providers
fails to actually register back to the monitor.
Also fixes services destructors
delist_service was overriding the natural svc destructor.
remove the offending code and make the svc_destructor always try
to remove a service from the service list, if the service is not
listed it will just be a noop.
|
|
Turn the backend process into data provider servers
Make Frontends (pam, nss) directly attach to the backends
|
|
Network timeouts are used in quick operations like bind.
Search timeout is used for operations that can "legally" require more time.
Change defaults to 6 and 60 seconds respectively.
|
|
- password policy request controls are send during bind and change
password extended operation
- the response control is evaluated to see if the password is expired
or will expire, soon
|