summaryrefslogtreecommitdiff
path: root/src/tests
AgeCommit message (Collapse)AuthorFilesLines
2012-12-05MEMBEROF: Keep inherited ghost users around on modify operationJakub Hrozek1-0/+248
https://fedorahosted.org/sssd/ticket/1652 It is possible to simply reset the list of ghost users to a different one during a modify operation. It is also actually how we update entries that are expired in the SSSD cache. In this case, we must be careful and retain the ghost users that are not native to the group we are processing but are rather inherited from child groups. The intention of the replace operation after all is to set the list of direct members of that group, not direct and indirect.
2012-12-05MEMBEROF: Implement the modify operation for ghost usersJakub Hrozek1-0/+480
Similar to the add and delete operation, we also need to propagate the changes of the ghost user attribute to the parent groups so that if a nested group updates memberships, its parents also get the membership updated.
2012-12-05MEMBEROF: Implement delete operation for ghost usersJakub Hrozek1-1/+106
https://fedorahosted.org/sssd/ticket/1668 The memberof plugin did only expand the ghost users attribute to parents when adding a nested group, but didn't implement the reverse operation. This bug resulted in users being reported as group members even after the direct parent went away as the expanded ghost attributes were never removed from the parent entry. When a ghost entry is removed from a group, all its parent groups are expired from the cache by setting the expire timestamp to 1. Doing so would force the SSSD to re-read the group next time it is requested in order to make sure its members are really up-to-date.
2012-11-26TESTS: Test ghosts users in the RFC2307 schemaJakub Hrozek1-0/+248
2012-11-26MEMBEROF: Do not add the ghost attribute to selfJakub Hrozek1-2/+86
When a nested group with ghost users is added, its ghost attribute should propagate within the nested group structure much like the memberuid attribute. Unlike the memberuid attribute, the ghost attribute is only semi-managed by the memberof plugin and added manually to the original entry. This bug caused LDB errors saying that attribute or value already exists when a group with a ghost user was added to the hierarchy as groups were updated with an attribute they already had.
2012-11-20LDAP: Only convert direct parents' ghost attribute to memberJakub Hrozek1-6/+7
https://fedorahosted.org/sssd/ticket/1612 This patch changes the handling of ghost attributes when saving the actual user entry. Instead of always linking all groups that contained the ghost attribute with the new user entry, the original member attributes are now saved in the group object and the user entry is only linked with its direct parents. As the member attribute is compared against the originalDN of the user, if either the originalDN or the originalMember attributes are missing, the user object is linked with all the groups as a fallback. The original member attributes are only saved if the LDAP schema supports nesting.
2012-11-19Fix compare_principal_realm() checkSumit Bose1-0/+6
In case of a short UPN compare_principal_realm() erroneously returns an error.
2012-11-14Add string_in_list() and add_string_to_list() with testsSumit Bose1-0/+83
string_in_list() and add_string_to_list() are two utilities for NULL terminated strings arrays. add_string_to_list() adds a new string to an existing list or creates a new one with the strings as only item if there is not list. string_in_list() checks if a given string is in the list. It can be used case sensitive or in-sensitive.
2012-11-13TESTS: Fix a couple of debug-level settersJakub Hrozek3-3/+3
2012-11-10Add diff_gid_lists() with testSumit Bose1-2/+107
This patch adds a new call which compares a list of current GIDs with a list of new GIDs and return a list of GIDs which are currently missing and must be added and another list of GIDs which are not used anymore and must be deleted. The method is the same as used by diff_string_lists().
2012-10-29Include talloc log in our debug facilityMichal Zidek14-14/+14
https://fedorahosted.org/sssd/ticket/1495
2012-10-26Use find_or_guess_upn() where neededSumit Bose2-2/+3
2012-10-26krb5_auth: check if principal belongs to a different realmSumit Bose1-0/+45
Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
2012-10-05SSH: Refactor sysdb and related codeJan Cholasta1-36/+11
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek1-8/+7
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-09-24AUTOFS: Use both key and value in entry RDNJakub Hrozek1-1/+1
This patch switches from using just key in the RDN to using both key and value. That is neccessary to allow multiple direct mounts in a single map.
2012-09-24AUTOFS: Add entry objects below map objectsJakub Hrozek1-31/+17
https://fedorahosted.org/sssd/ticket/1506 Changes how the new autofs entry objects are handled. Instead of creating the entry on the cn=autofs,cn=custom level, the entry is created below the map it belongs to.
2012-09-24AUTOFS: Add sysdb testsJakub Hrozek1-0/+249
2012-09-10SYSDB: NULL-terminate the output of sysdb_get_{ranges,subdomains}Jakub Hrozek1-2/+2
2012-09-05SYSDB: Abort unit test if sysdb_getpwnam failsJakub Hrozek1-0/+3
2012-08-15Add python bindings for murmurhash3Sumit Bose1-0/+100
2012-08-15Duplicate detection in fail over did not work.Michal Zidek1-5/+5
https://fedorahosted.org/sssd/ticket/1472
2012-08-01Change refreshing of subdomainsSimo Sorce1-16/+20
This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
2012-08-01Add realm paramter to subdomain listSimo Sorce1-3/+3
This will be used later for setting domain_realm mappings in krb5.conf
2012-08-01tests: Remove useless constsSimo Sorce1-27/+15
Declaring a bunch of structures as const and then wrapping all uses in discard_const_p() is a bit silly. Remove all these useless decorations.
2012-08-01Change subdomain_infoSimo Sorce1-16/+22
Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
2012-08-01Added unit test for sysdb_ssh.cMichal Zidek1-0/+447
2012-08-01Primary server support: basic support in failover codeJan Zeleny1-6/+7
Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
2012-07-27tests: allow changing cwd in all testsPavel Březina3-0/+9
2012-07-18Fixed: Uninitialized value in krb5_child-test if ccname was specified.Michal Zidek1-1/+1
https://fedorahosted.org/sssd/ticket/1411
2012-07-18Fixed: Unchecked return value from dp_opt_set_int.Michal Zidek1-1/+5
2012-07-10Cast uid_t to unsigned long long in DEBUG messagesJakub Hrozek2-5/+6
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-0/+178
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-09Add missing return value checkStephen Gallagher1-1/+1
Coverity #12782
2012-07-09Avoid NULL-dereference in error-handlingStephen Gallagher1-1/+3
Coverity #12783
2012-07-09Fix uninitialized value returnStephen Gallagher1-1/+1
Coverity #12786
2012-07-09Fix incorrect return value in testsStephen Gallagher1-0/+2
Coverity #12798
2012-07-09heimdal: fix compile error in krb5-child-testRambaldi1-0/+4
2012-07-06AD: Add AD identity providerStephen Gallagher1-0/+109
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-06-29TESTS: Print messages when LDAP options do not matchStephen Gallagher1-2/+10
2012-06-26libcrypto fully implementedGeorge McCollister1-6/+40
Implemented working versions of the following functions for libcrypto: sss_base64_encode sss_base64_decode sss_hmac_sha1 sss_password_encrypt sss_password_decrypt test_encrypt_decrypt now expects EOK from libcrypto. test_hmac_sha1 now expects EOK from libcrypto. Added test_base64_encode to test base64 encoding implementation. Added test_base64_decode to test base64 decoding implementation. Signed-off-by: George McCollister <George.McCollister@gmail.com>
2012-06-21PAC responder: test suiteJan Zeleny1-0/+106
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher2-0/+7
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
2012-06-14Use Kerberos context in KRB5_DEBUGJakub Hrozek1-10/+4
Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
2012-06-14Add support for storing credential caches in the DIR: back endJakub Hrozek2-17/+95
https://fedorahosted.org/sssd/ticket/974
2012-06-14Add a credential cache back end structureJakub Hrozek2-50/+32
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-06-14Add a krb5_child test toolJakub Hrozek1-0/+551
https://fedorahosted.org/sssd/ticket/1127
2012-06-08sss_idmap: fix typo which prevents sub auth larger then 2^31Sumit Bose1-0/+37
A test to cover this is added as well.
2012-06-08sss_idmap: add support for samba struct dom_sidSumit Bose1-2/+100
The samba ndr libraries use struct dom_sid to handle SIDs. Since there is no public samba library which offers conversion from other representations, e.g. as string, this is added to libsss_idmap. To avoid compile-time or run-time dependency to any samba library or header file the definition of the struct is copied here.
2012-06-04Fixed setting of debug level in test suiteJan Zeleny2-4/+2