On Wed, Mar 04, 2015 at 12:02:03PM +0100, Pavel Reichl wrote:
> Patches needed to be rebased.
here are the fixups I mentioned in the other mail
>From a2fa74d8cf2b3da2c2e113fb1ff7e4b60d0ce6c2 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Wed, 4 Mar 2015 16:16:22 +0100
Subject: [PATCH] Fixup of the second patch
---
Makefile.am | 12 ++++++++----
src/man/sssd-ldap.5.xml | 9 +++++----
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index
c3e9e7809bf90eb3627a020e2a61816431e5747c..95f7ed61b9716bb50f8533b3994c6d9a1ee03de0
100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2460,17 +2460,21 @@ libsss_ldap_common_la_SOURCES = \
src/providers/ldap/sdap.c \
src/util/user_info_msg.c \
src/util/sss_ldap.c \
- src/util/util.c
+ src/util/util.c \
+ $(NULL)
libsss_ldap_common_la_CFLAGS = \
- $(KRB5_CFLAGS)
+ $(KRB5_CFLAGS) \
+ $(NULL)
libsss_ldap_common_la_LIBADD = \
$(OPENLDAP_LIBS) \
$(KRB5_LIBS) \
libsss_krb5_common.la \
libsss_idmap.la \
- libsss_util.la
+ libsss_util.la \
+ $(NULL)
libsss_ldap_common_la_LDFLAGS = \
- -avoid-version
+ -avoid-version \
+ $(NULL)
if BUILD_SUDO
libsss_ldap_common_la_SOURCES += \
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index
789ae5c0ec3cddf4ad0a6d11514bd8d24b51b46e..613b63f69c73161095b32db9bc16f66fe90ecff3
100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1958,10 +1958,11 @@ ldap_access_filter = (employeeType=admin)
<emphasis>ppolicy</emphasis>: use account locking.
If set, this option denies access in case that ldap
attribute 'pwdAccountLockedTime' is present and has
- value of '000001010000Z' or any time event in the
past.
- 'pwdAccountLockedTime' attribute must end with 'Z'
- as only zulu time is currently suported.
- Please see the option ldap_pwdlockout_dn.
+ value of '000001010000Z' or represents any time in
the past.
+ The value of 'pwdAccountLockedTime' attribute
+ must end with 'Z' as only UTC time zone is
+ currently suported. Please see the option
+ ldap_pwdlockout_dn.
Please note that 'access_provider = ldap' must
be set for this feature to work.
--
2.1.0
>From 38cd3400ad96500bae0314e21edde0c0803d3cfa Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Wed, 4 Mar 2015 15:17:13 +0100
Subject: [PATCH] Fixups to the first patch
---
Makefile.am | 9 ++++++---
src/providers/ldap/sdap_access.c | 2 +-
src/tests/util-tests.c | 31 +++++++++++++++++++------------
src/util/util.c | 2 +-
src/util/util_errors.c | 2 +-
src/util/util_errors.h | 2 +-
6 files changed, 29 insertions(+), 19 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index
031665791adc41e8cc782a74116e3f6ee179687c..c3e9e7809bf90eb3627a020e2a61816431e5747c
100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1556,15 +1556,18 @@ simple_access_tests_LDADD = \
util_tests_SOURCES = \
src/tests/util-tests.c \
- src/util/util.c
+ src/util/util.c \
+ $(NULL)
util_tests_CFLAGS = \
$(AM_CFLAGS) \
- $(CHECK_CFLAGS)
+ $(CHECK_CFLAGS) \
+ $(NULL)
util_tests_LDADD = \
$(SSSD_LIBS) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
- libsss_test_common.la
+ libsss_test_common.la \
+ $(NULL)
safe_format_tests_SOURCES = \
src/tests/safe-format-tests.c
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index
9dd01a2ba74383977c1bf921a22e8a6dcd82569b..d1d1047a85c406a8b238813d5b1cbcf12ff6b08c
100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -2345,7 +2345,7 @@ static void sdap_access_ppolicy_step_done(struct
tevent_req *subreq)
pwdAccountLockedDurationTime,
&locked);
if (ret != EOK) {
- if (ret == ERR_INVALID_LOCK_TIME) {
+ if (ret == ERR_TIMESPEC_NOT_SUPPORTED) {
DEBUG(SSSDBG_MINOR_FAILURE,
"timezone specifier in ppolicy is not supported\n");
} else {
diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c
index
e252a60c7473a0e88c6e6a60a0ef57754e22be7a..b829b5b486a1033b507feebb3db382523de61128
100644
--- a/src/tests/util-tests.c
+++ b/src/tests/util-tests.c
@@ -1026,11 +1026,25 @@ static void convert_time_tz(const char* tz)
{
errno_t ret;
time_t unix_time;
+ const char *orig_tz = NULL;
- ret = setenv("TZ", tz, 1);
- fail_if(ret == -1);
+ orig_tz = getenv("TZ");
+ if (orig_tz == NULL) {
+ orig_tz = "";
+ }
- ret = sss_utc_to_time_t("20140801115742Z", "%Y%m%d%H%M%SZ", &unix_time);
+ if (tz) {
+ ret = setenv("TZ", tz, 1);
+ fail_if(ret == -1);
+ }
+
+ ret = sss_utc_to_time_t("20140801115742Z", "%Y%m%d%H%M%S%Z", &unix_time);
+
+ /* restore */
+ if (orig_tz != NULL) {
+ ret = setenv("TZ", orig_tz, 1);
+ fail_if(ret == -1);
+ }
fail_unless(ret == EOK && difftime(1406894262, unix_time) == 0);
}
@@ -1039,27 +1053,20 @@ START_TEST(test_convert_time)
const char *format = "%Y%m%d%H%M%SZ";
time_t unix_time;
errno_t ret;
- const char *orig_tz;
ret = sss_utc_to_time_t("20150127133540P", format, &unix_time);
- fail_unless(ret == ERR_INVALID_LOCK_TIME);
+ fail_unless(ret == ERR_TIMESPEC_NOT_SUPPORTED);
ret = sss_utc_to_time_t("0Z", format, &unix_time);
fail_unless(ret == EINVAL);
ret = sss_utc_to_time_t("000001010000Z", format, &unix_time);
fail_unless(ret == EINVAL);
/* test that results are still same no matter what timezone is set */
- orig_tz = getenv("TZ");
- convert_time_tz(orig_tz ? orig_tz : "");
+ convert_time_tz(NULL);
convert_time_tz("GST-1");
convert_time_tz("GST-2");
-
- if (orig_tz != NULL) {
- ret = setenv("TZ", orig_tz, 1);
- fail_if(ret == -1);
- }
}
END_TEST
diff --git a/src/util/util.c b/src/util/util.c
index
20cb473ae3f4e619a856118a3c02623d0ab0f6e1..cfd26a58b31048996e9669163b821282b219b2de
100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -925,7 +925,7 @@ errno_t sss_utc_to_time_t(const char *str, const char
*format, time_t *_unix_tim
if (str[len-1] != 'Z') {
DEBUG(SSSDBG_TRACE_INTERNAL,
"%s does not seem to be in UTZ time zone.\n", str);
- return ERR_INVALID_LOCK_TIME;
+ return ERR_TIMESPEC_NOT_SUPPORTED;
}
memset(&tm, 0, sizeof(tm));
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index
91f8c14e06701793d37d7586cf1099863edf4011..bfae5cd189902ed82ba8b7db29e85a309e4bd19c
100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -65,7 +65,7 @@ struct err_string error_to_str[] = {
{ "LDAP search returned a referral" }, /* ERR_REFERRAL */
{ "Error setting SELinux user context" }, /* ERR_SELINUX_CONTEXT */
{ "Username format not allowed by re_expression" }, /* ERR_REGEX_NOMATCH */
- { "Invalid time of lockout" }, /* ERR_INVALID_LOCK_TIME */
+ { "Time specification not supported" }, /* ERR_TIMESPEC_NOT_SUPPORTED */
};
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index
56f4f8db04c105dce3e23a2b64d2869b99aa0513..069d4b78aa5ed6c756affdacab99c7141b7849e4
100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -90,7 +90,7 @@ enum sssd_errors {
ERR_REFERRAL,
ERR_SELINUX_CONTEXT,
ERR_REGEX_NOMATCH,
- ERR_INVALID_LOCK_TIME,
+ ERR_TIMESPEC_NOT_SUPPORTED,
ERR_LAST /* ALWAYS LAST */
};
--
2.1.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
