[PATCH] nested groups unit test
by Pavel Březina
Hi,
this is the first unit test for nested groups. It covers only the most
basic situation when we are trying to resolve one group with no members.
Even though it is only one test, the patch set is quite big. This is
because it creates the possibility to mock providers related modules.
Most of the patches are just a preparation for unit testing providers.
Patches 1-5
Moves the code around to reduce number of dependencies. (E.g. you do not
want to load fail over when you are testing nested groups.)
Patch 6
Mocks basic SDAP interface.
Patch 7
Mocks sysdb objects - currently user and rfc2307bis group. You can
decide what set of attributes the object should posses. For example,
creating a user requires only basedn and name parameter, to construct
originalDN and name attributes. The rest is provided by (attrname,
value) pairs via variadic function.
E.g.:
mock_sysdb_user(mem_ctx, basedn, name, SYSDB_UIDNUM, uid, ...)
get_attr_type() translates the sysdb attribute name to proper data type.
This should be extended as needed.
Patch 8
Adds provider tests related common object files and cflags in makefile
Patch 9
New macro sss_will_return_always(fn, value). This can be used to mock
function data in such way that any call of mock() will return the value.
It was just pushed also to cmocka upstream as will_return_always().
Patch 10-11
Unit test.
Patch 12
Removes a noisy debug message.
I would like to get this reviewed before I continue with more test
cases, so the framework is tuned enough.
Off topic:
I also created new macro called fail_msg, which will make the test fail
printing a message. I didn't use this macro in the end, but it made its
way to cmocka upstream.
9 years, 9 months
[PATCHES] Fix warnings
by Lukas Slebodnik
ehlo,
I tested some patches with old distro and I spotted warnings.
-- uninitialized variable (gcc 4.4.7)
-- macro AM_PROG_AR not found in library (automake 1.11.1)
I checked them and all warnings should be harmless, but anyway we don't like
warnings.
Two patches are attached.
LS
10 years, 2 months
[PATCHES] Enable printf format string checking
by Lukas Slebodnik
ehlo,
It would be great to have enabled printf format string checking in RHEL7.
Therefore I decided to send pateches for ticket
https://fedorahosted.org/sssd/ticket/1945
Patch 0001 -- Even if this patch is first, it should be applied in upstream as
last.
Patch 0002 - 0006 -- trivial
Patch 0007 -- ssize_t is not defined in ANSI c99, IIRC it is defined in posix
as a signed type, therefore format should be used "zd"
Patch 0008 -- size_t is defined in ANSI c99 as unzigned type -> "zu"
Patch 0009 -- wrapper for inttypes.h and for future format macros.
Patch 0012 -- formating types defined in stdint.h uint_32_t ...
-- there are used macros defined in inttypes.h
Patches 0010 - 0015 fix formating for special variables (key_serial_t, rlim_t...)
and for some types I created macros in sss_format.h
Patch 0010 -- key_serial_t is typedef of int32_t, but it could be defined
differently in another (platforms/ implemantations of kerberos)
Patch 0011 -- it seems that rlim_t us the same as uint64_t, but it was defined
using conditional build an not a typedef of std types.
Patch 0013 -- time_t is defined as "long int" sizeof_i386(time_t) != sizeof_x86_64(time_t)
Patch 0014 -- ber_int and ber_tag are typedef for int and unsigned long
Patch 0015 -- gid_t and uid_t are typedef as unsigned
(I checked linux 32 bit, linu 64_bit and freebsd 64 bit)
Patch 0016 -- trivial
LS
10 years, 3 months
[PATCH] Use conditional build for retrieving ccache.
by Lukas Slebodnik
ehlo,
Sumit wrote me yesterday, that some krb5 functions in
get_ccache_name_by_principal needn't be available in older version of libkrb5.
We noticed that this function is very similar to another function
get_ccache_for_princ and there was used conditional build.
Refactoring patch is attached.
LS
10 years, 3 months
[PATCH] print password complexity hint when change password failed
by Pavel Březina
Now the output looks like:
$ su test-user
Password:
Password expired. Change your password now.
Current Password:
New password:
Retype new password:
Password change failed. Please make sure the password meets the
complexity constraints.
su: incorrect password
10 years, 4 months
[PATCH 1/2] Set default DNS resolution timeout to 15 seconds.
by Michal Židek
https://fedorahosted.org/sssd/ticket/1966 (SSSD failover doesn't work if
the first DNS server in resolv.conf is unavailable).
The problem here is, that if first nameserver in resolv.conf is down,
the resolution is too slow and SSSD will not wait for the result of
ares_search and go offline. In my case the resolution was sometimes more
than a minute, because all search domains in resolv.conf were searched
inside ares_search() call using the first (not working) nameserver in
the first place and then with the working nameserver (and before that,
SSSD tried to figure out the domain name from my incorrectly set
hostname, which added more unnecessary DNS lookups).
To avoid this problem, the option dns_discovery_domain must be set
properly, so that only the correct domain is searched, but even that is
not enough, because the default timeout for dns resolver operation in
sssd is too low. This patch rises the default value to 15 seconds
(instead of 5 seconds).
Another option might be to lower the amount of time ares waits for a
nameserver to respond (currently it is 5 seconds, that is why 5 second
for the entire dns resolution is not sufficient), but I do not want to
do this.
These patches also change man pages, so probably master only (string
freeze)? Even if this is a really small change.
I was also thinking, would it make sense to write a warning to the logs
if the dns_discovery_domain option is not set? It seem to be important
to set it properly for cases like this one.
Thanks
Michal
10 years, 4 months
