[PATCHES] Small changes in tests
by Lukas Slebodnik
ehlo,
Few comments to some patches.
0001-TEST-Remove-unused-argument-sysdb_path.patch
Name of sysdb file is automatically generated from domain name and db_path
in function sysdb_domain_init.
0002-TEST-Use-right-domain-name-in-negcache-test.patch
Directory tests_ncache was not removed after negcache test,
because sysdb cache had different name and was not removed in the function
test_dom_suite_cleanup.
[sssd] [test_dom_suite_cleanup] (0x0020):
Could not delete the test dir (39) (Directory not empty)
0004-hbac-test-Use-defined-macros-instead-of-strings.patch
Macro HBAC_TEST_SRCHOSTGROUP2 was defined but it was not used anywhere.
LS
10 years, 1 month
[PATCH] AD: Continue if sssd failes to check extra members
by Lukas Slebodnik
ehlo,
Warning reported by scan-build
for (mi = 0; group_only[mi]; mi++) {
^~~~~~~~~~
warning: Array access (from variable 'group_only') results in a null pointer
dereference
It can happend if function ad_group_extra_members fails (ret != EOK)
Patch is attched.
LS
10 years, 1 month
[PATCH] AD: Only connect to GC for subdomain users
by Jakub Hrozek
Hi,
[PATCH 1/3] AD: Only connect to GC for subdomain users
https://fedorahosted.org/sssd/ticket/2251
By connecting to GC for users from both trusted domains and parent
domain, we lose the ability to download the shell and homedir if these
are used with ID mapping.
This patch changes the user lookups only. Changing the logic for all
lookups would break cross-domain group memberships, for example.
[PATCH 2/3] MAN: Clarify the GC support a bit
It should be noted that disabling GC does *not* disable lookups from
trusted domains. Disabling GC might be a a good way for admins who wish
to use POSIX attributes in trusted domains and the man page should hint
this option.
[PATCH 3/3] AD: Use the right memory context
The caller would typically use the same combination of context as this
bug implies, but we should use the passed-in context anyway.
10 years, 1 month
[PATCH] Fix copying default dp_option values
by Jakub Hrozek
Hi,
The attached two patches are related to:
https://fedorahosted.org/sssd/ticket/2257
The first patch is included pretty much for completeness, as I noted
during development of the unit test, the blob type didn't handle any
default value.
The second patch directly addresses #2257. The previous code didn't
handle copying options well if the option was set to zero, because the
code followed logic like:
if (oldval) {
newval = oldval;
else {
newval = defval;
}
The patch implements Sumit's idea to provide a separate function for
copying default values and amend the generic copy function to only
create a copy using the current values.
10 years, 1 month
[PATCH] IPA: Use GC for AD initgroup requests
by Sumit Bose
Hi,
the current AD provider code expects a connection to the Global Catalog
to resolve cross-domain group memberships correctly. The patch enables
this for trusted domains in the IPA provider.
bye,
Sumit
10 years, 1 month
[PATCH] Fix krb5 changepw when FAST-only preauth methods are used (like OTP)
by Nathaniel McCallum
Before this patch, a different set of options was used when calling
krb5_get_init_creds_password() for the changepw principal. Because
this set of options did not contain the same FAST settings as the
options for normal requests, all authentication would fail when the
password of a FAST-only account would expire.
The two sets approach was cargo-cult from kinit where multiple
requests could be issued using the same options set. However, in the
case of krb5_child, only one request (or occasionally a well-defined
second request) will be issued. Two option sets are therefore not
required.
To fix this problem we removed the second option set used for changepw
requests. All requests now use a single option set which is modified,
if needed, for well-defined subsequent requests.
10 years, 1 month
[PATCH] TESTS: Link libsss_test_common with tevent
by Lukas Slebodnik
ehlo,
Static library libsss_test_common calls tevent functions directly (in module
common_tev.c), but it was not linked with tevent library.
Compilation will fail if sssd is linked with "-Wl,--as-needed"
CCLD test_utils
/usr/bin/ld: ./.libs/libsss_test_common.a(common_tev.o): undefined reference to symbol 'tevent_context_init@(a)TEVENT_0.9.9'
/usr/bin/ld: note: 'tevent_context_init@(a)TEVENT_0.9.9' is defined in DSO /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libtevent.so so try adding it to the linker command line
/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/libtevent.so: could not read symbols: Invalid operation
clang: error: linker command failed with exit code 1 (use -v to see invocation)
nm ./libsss_test_common.a | grep tevent
U tevent_context_init
U _tevent_loop_once
U _tevent_req_create
U _tevent_req_done
U _tevent_req_error
U tevent_req_is_error
U tevent_req_post
Simple patch is attached.
LS
10 years, 1 month
[PATCH] PAM: Test return value of strdup
by Lukas Slebodnik
ehlo,
Warnings reported by Coverity (12463,12464)
Dereferencing a pointer that might be null pi->pam_authtok when calling strlen.
Dereferencing a pointer that might be null action when calling strncmp.
Patch is attached.
LS
10 years, 1 month