fa2fc8a2908619031292eaf375eb1a510b8b2eba |
|
21-Jun-2017 |
Fabiano Fidêncio <fidencio@redhat.com> |
DOMAIN: Add sss_domain_info_{get,set}_output_fqnames()
Let's avoid setting a domain's property directly from cr_domain code.
In order to do so, let's introduce a setter, which may help us in the
future whenever we decide to make sss_domain_info an opaque structure.
For completeness, a getter has also been introduced and used in the
usertools code.
Related:
https://pagure.io/SSSD/sssd/issue/3403
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
86526891366c4bc3e1ee861143b736d2670a6ba8 |
|
21-Jun-2017 |
Fabiano Fidêncio <fidencio@redhat.com> |
RESPONDER: Use fqnames as output when needed
As some regressions have been caused by not handling properly naming
conflicts when using shortnames, last explicitly use fully qualified
names as output in the following situations:
- domain resolution order is set;
- a trusted domain has been using `use_fully_qualified_name = false`
In both cases we want to ensure that even handling shortnames as input,
the output will always be fully qualified.
As part of this patch, our tests ended up being modified to reflect the
changes done. In other words, the tests related to shortnames now return
expect as return a fully qualified name for trusted domains.
Resolves:
https://pagure.io/SSSD/sssd/issue/3403
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
a012a71f21bf1a4687e58085f19c18cc5b2bbadd |
|
10-May-2017 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
NSS: Move output name formatting to utils
Move NSS nss_get_name_from_msg and the core of sized_output_name to the
utils to make them available to provider and other responders.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
7b293a5095ef3e63cd2e3f2ff01b7484bf6dcd38 |
|
19-Dec-2016 |
Pavel Březina <pbrezina@redhat.com> |
sss_output_name: do not require fq name
Now, we return the original name, assuming it is a shortname,
instead of returning an error.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
b9941359b3181c42f415530d5ccad0f4664d85fa |
|
21-Sep-2016 |
Lukas Slebodnik <lslebodn@redhat.com> |
Remove double semicolon at the end of line
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
393306307bd908fcec8858f665226ac56238a21b |
|
07-Jul-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Remove unused functions
The conversion to sysdb made several functions obsolete. Remove them.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
87c6d9ea92d83460457353cfea6c5bde8744994a |
|
07-Jul-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Add a utility function sss_output_name
Adds a convenience function that will help reduce the amount of code
duplication in the responders. All responders need to parse the username
from the internal format, lower-case the name, if the domain is
case-insensitive and then replace spaces if the responder is configured
to do so.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
8858d820445cffb67ef8cf790b3a8d37b008d654 |
|
07-Jul-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Add a utility function to create a list of qualified names
Adds a convenience wrapper around sss_create_fqname that qualifies a
list of names into the format used internally in sssd.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
501d031cecb7ca7d705f5e69da3476e1fa3b1d4c |
|
07-Jul-2016 |
Michal Zidek <mzidek@redhat.com> |
UTIL: Add function to create internal fqname
Add function to create internal fqname in format
shortname@domname where domain portion is lowercased.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
4714118890e51b365fbce543d0a042b4b59b2b25 |
|
07-Jul-2016 |
Michal Zidek <mzidek@redhat.com> |
UTIL: Add function to parse internal fqname format
Add lightweight function to parse internal fqname format
(shortname@domain). This function does not require the
sss_names to be initialized.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
877b92e80bde510d5cd9f03dbf01e2bcf73ab072 |
|
23-Oct-2015 |
Michal Židek <mzidek@redhat.com> |
util: Update get_next_domain's interface
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.
Ticket:
https://fedorahosted.org/sssd/ticket/2673
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
90b8e2e47ecc0dd555cae401a0c9b082d12ab989 |
|
01-Sep-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
NSS: Don't ignore backslash in usernames with ldap provider
The regression was caused by changing default domain regex
for ldap provider in ticket #2717
Resolves:
https://fedorahosted.org/sssd/ticket/2772
Reviewed-by: Sumit Bose <sbose@redhat.com> |
4f1897ad419790834573643e88ac03e6c5c1c4be |
|
16-Jul-2015 |
Sumit Bose <sbose@redhat.com> |
nss_check_name_of_well_known_sid() improve name splitting
Currently in the default configuration
nss_check_name_of_well_known_sid() can only split fully-qualified names
in the user@domain.name style. DOM\user style names will cause an error
and terminate the whole request.
With this patch both styles can be handled by default, additionally if
the name could not be split nss_check_name_of_well_known_sid() returns
ENOENT which can be handled more gracefully by the caller.
Resolves https://fedorahosted.org/sssd/ticket/2717
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
1aa492ce890f362564bfac21f3cfb0a3e38608bd |
|
09-Apr-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
ncache: Silence critical error from filter_users when default_domain_suffix is set
When default_domain_suffix is used and filter_users is set (at least
root is always, by default), SSSD tried to add the negcache entry to the
default domain. But since the default domain is not known after start
up, adding the entries fail with a verbose error message.
This patch handles EAGAIN returned from the parsing function while
setting negcache entries gracefully and also makes the debug message in
parsing function more precise.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595 |
|
17-Mar-2015 |
Lukas Slebodnik <lslebodn@redhat.com> |
Add missing new lines to debug messages
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
e894a127a9979dea667408b0cced59fedc3bcd0a |
|
25-Nov-2014 |
Michal Zidek <mzidek@redhat.com> |
util: sss_get_domain_name regex mismatch not fatal
Assume name is not FQDN if sss_parse_name fails to
match domain with regular expression.
Fixes:
https://fedorahosted.org/sssd/ticket/2487
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
8394eddba54b5d3e3fda868145e3751247bdbdb2 |
|
25-Nov-2014 |
Michal Zidek <mzidek@redhat.com> |
util: Special-case PCRE_ERROR_NOMATCH in sss_parse_name
Add new SSSD specific error code for the case when
pcre_exec returns PCRE_ERROR_NOMATCH.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
5eda23c28c582b43b2a0a165b1750f3875c0fa84 |
|
22-Oct-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: Add a function to convert id_t from a number or a name
We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.
Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
09a36be00ddcf1d7bd5b8a368143d5b2e2f4fb68 |
|
14-Oct-2014 |
Pavel Březina <pbrezina@redhat.com> |
sss_get_domain_name: check for fq name first
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
16cd3d5599d7bfe6ef4918142b9233ae2354f200 |
|
06-Aug-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
UTIL: remove get_username_from_uid
The function was unused since 2009 and moreover it was synchronous.
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
db18dda869bc6c52a41797b2066cf121cf10f49c |
|
22-Jul-2014 |
Pavel Reichl <preichl@redhat.com> |
UTIL: rename find_subdomain_by_name
The function was named "find_subdomain" yet it could find both main
domain and subdomain.
sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"`
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
be7eabee6b7eb8def2441bf5de4c6d4950c155bf |
|
02-Jun-2014 |
Lukas Slebodnik <lslebodn@redhat.com> |
UTIL: Add function sss_parse_name_const
Variable with type 'const char *' can be used as output argument in function
sss_parse_name, but there will be warning.
warning: passing 'const char **' to parameter of type 'char **'
discards qualifiers in nested pointer types
[-Wincompatible-pointer-types-discards-qualifiers] |
02bb3d36c01d61fd7f4246b968f966dfe4b75e4c |
|
17-Apr-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
Minor fixes for sss_parse_name_for_domains
- use brackets after an if
- use the right variable name (candidate_domain instead of
candidate_name).
- fix a typo in a debug message
- only print a debug message about using a default domain when using a
default domain
- add a comment explaning when is a codepath executed
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
83bf46f4066e3d5e838a32357c201de9bd6ecdfd |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
a3c8390d19593b1e5277d95bfb4ab206d4785150 |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Make DEBUG macro invocations variadic
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
7e7a8b9e67808d69663d2178eecec3769191f5e7 |
|
28-Jan-2014 |
Pavel Reichl <preichl@redhat.com> |
utils: handling NULL params in sss_parse_name |
c86904baad32fbf9e66bf1cdc667aa5e683b48ba |
|
12-Jan-2014 |
Stef Walter <stefw@redhat.com> |
NSS: Don't use printf(3) on user provided strings.
This also fixes several corner cases and crashers.
It's not prudent to pass user input to (even admin) input as a
format string to printf, and various distros now check for this.
This can cause accessing memory incorrectly, and various also
various libc abort()'s.
In addition various assumptions were made about full_name_format
that aren't necessarily the case if the user uses a more complex
format.
Use safe-printf.c implementation for formatting full_name_format.
Adapt the NSS resolver so it doesn't barf on formatted strings that
are shorter than expected given a full_name_format.
Tests added and updated appropriately. |
e16963fb913d6a5fc1c54154270ded129ac33962 |
|
15-Nov-2013 |
Sumit Bose <sbose@redhat.com> |
Add sss_tc_fqname2()
sss_tc_fqname2() is similar to sss_tc_fqname() but expects domain and
flat domain name as string arguments instead of a domain struct. |
45ba1e10beddf082c061e0a2950340596817861a |
|
15-Nov-2013 |
Sumit Bose <sbose@redhat.com> |
sss_names_init: allow empty domain name
If no domain name is specified the global name pattern and regular
expression will be returned. |
5cd4414fce1e0eb4133dfc6fc828bf25c8a959f9 |
|
24-Sep-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
Include header file in implementation module.
Declarations of public functions was in header files,
but header files was not included in implementation file. |
08e3f641a8b8d6b5d7eb0b523599702eda960da2 |
|
22-Jul-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
Fix warnings: uninitialized variable |
52ae806bd17c3c00d70bd1aed437f10f5ae51a1c |
|
19-Jul-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
IPA: warn if full_name_format is customized in server mode
https://fedorahosted.org/sssd/ticket/2009
If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.
The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.
However, the extdom plugin returns the user name without the domain
component.
With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic. |
02d1cb8935d5c9b57cd05dfdbfe6ed38e0d61c28 |
|
07-Jun-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
New utility function sss_get_domain_name
Instead of copying a block of code that checks whether domain is a subdomain
and uses only name of FQDN as appropriate, wrap the logic into a function. |
777374243e15c53e7b0a7345e190c1018920be18 |
|
30-May-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Allow flat name in the FQname format
https://fedorahosted.org/sssd/ticket/1648
Adds another expansion in the printf format that allows the user to use
the domain flat name in the format. |
48cb64a1d6cf2ceff9e698c4626689cb53f7499c |
|
30-May-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Check the validity of FQname format prior to using it
Adds a sanity check of the fqname pattern. Fails if the username pattern
is not specified at all and warns if the domain pattern is not
specified. |
1987bff88e01c74d647dd2db4f541ac311537e1a |
|
30-May-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Add utility functions for formatting fully-qualified names
Instead of using printf-like functions directly, provide two wrappers
that would encapsulate formatting the fully-qualified names. No
functional change is present in this patch. |
f54b271376b23cb968eafb9ffd5100c6dadad2a7 |
|
07-May-2013 |
Jan Cholasta <jcholast@redhat.com> |
UTIL: Add function sss_names_init_from_args
This function allows initializing sss_names_ctx using a regular expression and
fully qualified format string specified in its arguments. |
274fe6a4f8bcb23e31929430110c0b52e9ce233a |
|
03-Apr-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
Check for correct variable name
https://fedorahosted.org/sssd/ticket/1864 |
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17 |
|
10-Feb-2013 |
Simo Sorce <simo@redhat.com> |
Change the way domains are linked.
- Use a double-linked list for domains and subdomains.
- Never remove a subdomain, simply mark it as disabled if it becomes
unused.
- Rework the way subdomains are refreshed.
Now sysdb_update_subdomains() actually updates the current subdomains
and marks as disabled the ones not found in the sysdb or add new ones
found. It never removes them.
Removal of missing domains from sysdb is deferred to the providers,
which will perform it at refresh time, for the ipa provider that is
done by ipa_subdomains_write_mappings() now.
sysdb_update_subdomains() is then used to update the memory hierarchy
of the subdomains.
- Removes sysdb_get_subdomains()
- Removes copy_subdomain()
- Add sysdb_subdomain_delete() |
0232747f04b650796db56fd7b487aee8a96fab03 |
|
10-Feb-2013 |
Simo Sorce <simo@redhat.com> |
Add function get_next_domain()
Use this function instead of explicitly calling domain->next
This function allows to get the next primary domain or to descend into the
subdomains and replaces also get_next_dom_or_subdom() |
7026b70797180b8fbe6c66638fcbe0e9f66027c1 |
|
22-Nov-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Handle compiling FQDN regular expression with old pcre gracefully
https://fedorahosted.org/sssd/ticket/1661 |
bfc3b766d8774186307dc43c187a014b4803e98c |
|
26-Oct-2012 |
Sumit Bose <sbose@redhat.com> |
sss_parse_name_for_domains: always return the canonical domain name
Domains may have a flat or short name to save some keystrokes when
typing fully qualified user names. Internally sssd will always use the
canonical name to allow consistent processing. |
aac3ca699a09090072ae4d68bdda8dec990ae393 |
|
01-Oct-2012 |
Sumit Bose <sbose@redhat.com> |
Use flat name for master domain as well |
1542b85f13d72329685bdd97aa879c36d11f81be |
|
01-Oct-2012 |
Sumit Bose <sbose@redhat.com> |
Add new option default_domain_suffix |
3dbd8884d37bfc1db4be973737c44135a5fa3910 |
|
20-Sep-2012 |
Sumit Bose <sbose@redhat.com> |
Add provider specific default regular expressions
Fixes https://fedorahosted.org/sssd/ticket/1524 |
28943451c1b0f01845266b0f13cc3772c2b1d66f |
|
04-Sep-2012 |
Sumit Bose <sbose@redhat.com> |
Check flat names when searching for sub-domains as well |
e4c29d1f8e3b2c2b268105f169e5156a0a36aebf |
|
23-Aug-2012 |
Ondrej Kos <okos@redhat.com> |
Consolidation of functions that make realm upper-case |
065771c9859df9c4137daa5187be3aa5633b3cd5 |
|
21-Jun-2012 |
Jan Zeleny <jzeleny@redhat.com> |
Fix re_expression matching with subdomains
This patch fixes an issue which resulted in a need to initialize
responder with data from local domain, otherwise it would not correctly
detect requests for subdomains. Similar situation can occur if new
subdomain is added at runtime.
The solution is to ask for a list of subdomains in case there is a
candidate domain identified in the process of matching re_expressions
with given name. |
4b0b0bc3f9c4966b9f1a7433803a37c36fcaf285 |
|
21-Jun-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
UTILS: Fix segfault due to sss_parse_name_for_domains
The recent fixes for per-domain parsing can cause a segfault in
the netgroup processing if the domain isn't set to NULL when it's
parsed as "any domain".
https://fedorahosted.org/sssd/ticket/1383 |
94a104f808e76c19b33a3a63f3b637b1475d8c17 |
|
13-Jun-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
sss_names_init: Report correct error code if allocation failed |
3c60433641ce2e86b9b04778c8f8652ef0d097e4 |
|
13-Jun-2012 |
Stef Walter <stefw@gnome.org> |
Make re_expression and full_name_format per domain options
* Allows different user/domain qualified names for different
domains. For example Domain\User or user@domain.
* The global re_expression and full_name_format options remain
as defaults for the domains.
* Subdomains get the re_expression and full_name_format of
their parent domain.
https://bugzilla.redhat.com/show_bug.cgi?id=811663 |
62def404cb14e02d2903c68fb730c5281ad902fe |
|
29-Mar-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Add sss_get_cased_name_list utility function |
c7d387aaaa3d3470dec55a5ca0612873e6354ba8 |
|
21-Dec-2011 |
Jakub Hrozek <jhrozek@redhat.com> |
sss_get_cased_name utility function |
1c48b5a62f73234ed26bb20f0ab345ab61cda0ab |
|
18-Feb-2010 |
Stephen Gallagher <sgallagh@redhat.com> |
Rename server/ directory to src/
Also update BUILD.txt |