summaryrefslogtreecommitdiff
path: root/src/tests
AgeCommit message (Collapse)AuthorFilesLines
2013-01-08Remove dead netgroup functionsSimo Sorce1-264/+0
2013-01-08Refactor gid handling in the PAC responderSumit Bose1-21/+36
Instead of using a single array of gid-domain_pointer pairs, Simo suggested to use a gid array for each domain an store it with a pointer to the domain.
2013-01-08Add tests for get_gids_from_pac()Sumit Bose1-0/+256
2013-01-08Add find_domain_by_id()Sumit Bose1-0/+49
Currently domains can only be searched by name in the global domain list. To make it easier to find the domain for a given SID find_domain_by_id() which returns a pointer to the domain or subdomain entry in the global domain list if a matching id was found.
2013-01-08Use struct pac_grp instead of gid_t for groups from PACSumit Bose1-8/+11
To be able to handle groupmemberships from other domains more data than just the gid must be kept for groups given in the PAC.
2013-01-06Remove unused headerSimo Sorce1-1/+0
2013-01-02failover: Protect against empty host namesMichal Zidek1-0/+91
Added new parameter to split_on_separator that allows to skip empty values. The whole function was rewritten. Unit test case was added to check the new implementation. https://fedorahosted.org/sssd/ticket/1484
2012-12-05MEMBEROF: Keep inherited ghost users around on modify operationJakub Hrozek1-0/+248
https://fedorahosted.org/sssd/ticket/1652 It is possible to simply reset the list of ghost users to a different one during a modify operation. It is also actually how we update entries that are expired in the SSSD cache. In this case, we must be careful and retain the ghost users that are not native to the group we are processing but are rather inherited from child groups. The intention of the replace operation after all is to set the list of direct members of that group, not direct and indirect.
2012-12-05MEMBEROF: Implement the modify operation for ghost usersJakub Hrozek1-0/+480
Similar to the add and delete operation, we also need to propagate the changes of the ghost user attribute to the parent groups so that if a nested group updates memberships, its parents also get the membership updated.
2012-12-05MEMBEROF: Implement delete operation for ghost usersJakub Hrozek1-1/+106
https://fedorahosted.org/sssd/ticket/1668 The memberof plugin did only expand the ghost users attribute to parents when adding a nested group, but didn't implement the reverse operation. This bug resulted in users being reported as group members even after the direct parent went away as the expanded ghost attributes were never removed from the parent entry. When a ghost entry is removed from a group, all its parent groups are expired from the cache by setting the expire timestamp to 1. Doing so would force the SSSD to re-read the group next time it is requested in order to make sure its members are really up-to-date.
2012-11-26TESTS: Test ghosts users in the RFC2307 schemaJakub Hrozek1-0/+248
2012-11-26MEMBEROF: Do not add the ghost attribute to selfJakub Hrozek1-2/+86
When a nested group with ghost users is added, its ghost attribute should propagate within the nested group structure much like the memberuid attribute. Unlike the memberuid attribute, the ghost attribute is only semi-managed by the memberof plugin and added manually to the original entry. This bug caused LDB errors saying that attribute or value already exists when a group with a ghost user was added to the hierarchy as groups were updated with an attribute they already had.
2012-11-20LDAP: Only convert direct parents' ghost attribute to memberJakub Hrozek1-6/+7
https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.
2012-11-19Fix compare_principal_realm() checkSumit Bose1-0/+6
In case of a short UPN compare_principal_realm() erroneously returns an error.
2012-11-14Add string_in_list() and add_string_to_list() with testsSumit Bose1-0/+83
string_in_list() and add_string_to_list() are two utilities for NULL terminated strings arrays. add_string_to_list() adds a new string to an existing list or creates a new one with the strings as only item if there is not list. string_in_list() checks if a given string is in the list. It can be used case sensitive or in-sensitive.
2012-11-13TESTS: Fix a couple of debug-level settersJakub Hrozek3-3/+3
2012-11-10Add diff_gid_lists() with testSumit Bose1-2/+107
This patch adds a new call which compares a list of current GIDs with a list of new GIDs and return a list of GIDs which are currently missing and must be added and another list of GIDs which are not used anymore and must be deleted. The method is the same as used by diff_string_lists().
2012-10-29Include talloc log in our debug facilityMichal Zidek14-14/+14
https://fedorahosted.org/sssd/ticket/1495
2012-10-26Use find_or_guess_upn() where neededSumit Bose2-2/+3
2012-10-26krb5_auth: check if principal belongs to a different realmSumit Bose1-0/+45
Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
2012-10-05SSH: Refactor sysdb and related codeJan Cholasta1-36/+11
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek1-8/+7
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-09-24AUTOFS: Use both key and value in entry RDNJakub Hrozek1-1/+1
This patch switches from using just key in the RDN to using both key and value. That is neccessary to allow multiple direct mounts in a single map.
2012-09-24AUTOFS: Add entry objects below map objectsJakub Hrozek1-31/+17
https://fedorahosted.org/sssd/ticket/1506 Changes how the new autofs entry objects are handled. Instead of creating the entry on the cn=autofs,cn=custom level, the entry is created below the map it belongs to.
2012-09-24AUTOFS: Add sysdb testsJakub Hrozek1-0/+249
2012-09-10SYSDB: NULL-terminate the output of sysdb_get_{ranges,subdomains}Jakub Hrozek1-2/+2
2012-09-05SYSDB: Abort unit test if sysdb_getpwnam failsJakub Hrozek1-0/+3
2012-08-15Add python bindings for murmurhash3Sumit Bose1-0/+100
2012-08-15Duplicate detection in fail over did not work.Michal Zidek1-5/+5
https://fedorahosted.org/sssd/ticket/1472
2012-08-01Change refreshing of subdomainsSimo Sorce1-16/+20
This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
2012-08-01Add realm paramter to subdomain listSimo Sorce1-3/+3
This will be used later for setting domain_realm mappings in krb5.conf
2012-08-01tests: Remove useless constsSimo Sorce1-27/+15
Declaring a bunch of structures as const and then wrapping all uses in discard_const_p() is a bit silly. Remove all these useless decorations.
2012-08-01Change subdomain_infoSimo Sorce1-16/+22
Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
2012-08-01Added unit test for sysdb_ssh.cMichal Zidek1-0/+447
2012-08-01Primary server support: basic support in failover codeJan Zeleny1-6/+7
Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
2012-07-27tests: allow changing cwd in all testsPavel Březina3-0/+9
2012-07-18Fixed: Uninitialized value in krb5_child-test if ccname was specified.Michal Zidek1-1/+1
https://fedorahosted.org/sssd/ticket/1411
2012-07-18Fixed: Unchecked return value from dp_opt_set_int.Michal Zidek1-1/+5
2012-07-10Cast uid_t to unsigned long long in DEBUG messagesJakub Hrozek2-5/+6
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-0/+178
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-09Add missing return value checkStephen Gallagher1-1/+1
Coverity #12782
2012-07-09Avoid NULL-dereference in error-handlingStephen Gallagher1-1/+3
Coverity #12783
2012-07-09Fix uninitialized value returnStephen Gallagher1-1/+1
Coverity #12786
2012-07-09Fix incorrect return value in testsStephen Gallagher1-0/+2
Coverity #12798
2012-07-09heimdal: fix compile error in krb5-child-testRambaldi1-0/+4
2012-07-06AD: Add AD identity providerStephen Gallagher1-0/+109
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-06-29TESTS: Print messages when LDAP options do not matchStephen Gallagher1-2/+10
2012-06-26libcrypto fully implementedGeorge McCollister1-6/+40
Implemented working versions of the following functions for libcrypto: sss_base64_encode sss_base64_decode sss_hmac_sha1 sss_password_encrypt sss_password_decrypt test_encrypt_decrypt now expects EOK from libcrypto. test_hmac_sha1 now expects EOK from libcrypto. Added test_base64_encode to test base64 encoding implementation. Added test_base64_decode to test base64 decoding implementation. Signed-off-by: George McCollister <George.McCollister@gmail.com>
2012-06-21PAC responder: test suiteJan Zeleny1-0/+106
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher2-0/+7
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.