summaryrefslogtreecommitdiff
path: root/src/tests/simple_access-tests.c
AgeCommit message (Collapse)AuthorFilesLines
2013-09-26sysdb: sysdb_update_members can take either name or dnPavel Březina1-2/+2
We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
2013-09-17simple access test: initialize be_ctx for all testsPavel Březina1-15/+16
Recent simple access provider patches started using be_ctx during access check. This caused segfault in unit tests, since be_ctx wasn't initialized. Resolves: https://fedorahosted.org/sssd/ticket/2034
2013-09-17simple access tests: fix typosPavel Březina1-5/+5
2013-08-07add simple access provider init testPavel Březina1-0/+98
2013-05-30Remove empty directories after tests run.Lukas Slebodnik1-12/+2
Empty directory tests_path is removed in function test_dom_suite_cleanup. Function test_dom_suite_cleanup is reused in other tests.
2013-04-15Fix simple access group control in case-insensitive domainsJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1713 In the simple access provider, we need to only canonicalize user names when comparing with values in the ACL, not when searching the cache. The sysdb searches might do a base search with a DN constructed with the username which fails if the username is lower case.
2013-03-19Resolve GIDs in the simple access providerJakub Hrozek1-101/+260
Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX
2013-03-19Add unit tests for simple access test by groupsJakub Hrozek1-31/+253
I realized that the current unit tests for the simple access provider only tested the user directives. To have a baseline and be able to detect new bugs in the upcoming patch, I implemented unit tests for the group lists, too.
2012-10-29Include talloc log in our debug facilityMichal Zidek1-1/+1
https://fedorahosted.org/sssd/ticket/1495
2012-07-27tests: allow changing cwd in all testsPavel Březina1-0/+3
2011-12-16Use the case sensitivity flag in the simple access providerJakub Hrozek1-0/+30
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina1-1/+4
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - conversionPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2010-12-13Add group support to the simple access providerStephen Gallagher1-2/+2
This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440
2010-10-13Use POPT_TABLEEND to close option tableSumit Bose1-1/+1
2010-03-08Add simple access providerSumit Bose1-0/+173