utils: add is_email_from_domain() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

test_utils: Fixing assignment discards 'const' qualifier Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

tests: add tests for sss_get_domain_mappings_content() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

test_utils: Clean files after sss_write_krb5_conf_snippet The test directory was not removed (tp_test_utils-test_utils) because it contain the snippet for krb5_libdefaults. Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>

UTIL: Remove unused functions The conversion to sysdb made several functions obsolete. Remove them. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: expand_homedir_template manages usernames internally expand_homedir_template() can be considered an outward-facing interface, therefore the function and its input structure will accept the internal name format and parse it internally into a username and domain component. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add a utility function sss_output_name Adds a convenience function that will help reduce the amount of code duplication in the responders. All responders need to parse the username from the internal format, lower-case the name, if the domain is case-insensitive and then replace spaces if the responder is configured to do so. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add a utility function to create a list of qualified names Adds a convenience wrapper around sss_create_fqname that qualifies a list of names into the format used internally in sssd. Reviewed-by: Sumit Bose <sbose@redhat.com>

TESTS: Add a test for sss_create_internal_fqname Reviewed-by: Sumit Bose <sbose@redhat.com>

TESTS: Add a test for sss_parse_internal_fqname Reviewed-by: Sumit Bose <sbose@redhat.com>

IPA/AD: globally set krb5 canonicalization flag If Kerberos principal canonicalization is configured in SSSD, currently it is the default for the IPA provider, a configuration snippet is generated for the system-wide libkrb5 configuration so that all kerberized applications will use canonicalization by default. Resolves https://fedorahosted.org/sssd/ticket/3041 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

p11: add OCSP default responder options Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

util: make concatenate_string_array() reusable Reviewed-by: Pavel Březina <pbrezina@redhat.com>

TESTS: global_talloc_context push/pop remove Push/pop global_talloc_context into check_leaks is redudant. It is done in leak_check_setup() and leak_check_teardown() functions in src/tests/check_leaks. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

tests: Add get_next_domain_flags test Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

util: Update get_next_domain's interface Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

tests: Move named_domain from test_utils to common test code This handy function should be reused by other parts of the code. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

UTIL: Convert domain->disabled into tri-state with domain states Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

tests: Use unique name for TEST_PATH We had a cases in patch where two tests were using the same TEST_PATH and therefore they were stepping each other to the same files which caused failures. These failures are not easy to reproduce. This patch uses macro BASE_FILE_STEM for unique name. It should prevent copy&paste problem resulting to intermittent failures. @see also https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Provide a common interface to safely create temporary files Reviewed-by: Pavel Březina <pbrezina@redhat.com>

utils: add get_last_x_chars() Reviewed-by: Pavel Březina <pbrezina@redhat.com>

TESTS: Add test for get_next_domain Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

IPA: do not add domain name unconditionally Depending on the server-side configuration the extdom plugin can return short or fully qualified names for IPA objects. The client must handle the names according to its own configuration and not add the domain part of the fully-qualified name unconditionally. Resolves https://fedorahosted.org/sssd/ticket/2647 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sdap: properly handle binary objectGuid attribute Although in the initial processing SSSD treats the binary value right at some point it mainly assumes that it is a string. Depending on the value this might end up with the correct binary value stored in the cache but in most cases there will be only a broken entry in the cache. This patch converts the binary value into a string representation which is described in [MS-DTYP] and stores the result in the cache. Resolves https://fedorahosted.org/sssd/ticket/2588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

tests: convert all unit tests to cmocka 1.0 or later All tests now use the cmocka-1.0-compatible API. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

IPA: properly handle mixed-case trusted domains In the SSSD cache domain names are handled case-sensitive. As a result fully-qualified names in RDN contain the domain part in the original spelling. When IPA client lookup up group-memberships on the IPA server via the extdom plugin the names returned are all lower case. To make sure new DNs are generated correctly the domain part must adjusted. Related to https://fedorahosted.org/sssd/ticket/2159 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

tests: remove code duplication in single domain cleanup Reviewed-by: Michal Židek <mzidek@redhat.com>

AD/IPA: add krb5_confd_path configuration option With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Add add_strings_lists() utility function Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Add functions for replacing whitespaces. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>

test_utils: Use common header file for libsss_util tests. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>

UTIL: rename find_subdomain_by_name The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: rename find_subdomain_by_sid The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_sid/find_domain_by_sid/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

TOOLS: Always debug to stderr https://fedorahosted.org/sssd/ticket/2348 Programs that are supposed to only be executed on the foreground should log to stderr automatically. Reviewed-by: Michal Židek <mzidek@redhat.com>

TESTS: sss_ssh - textual public key format Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

TEST: Add test for expand homedir

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

NSS: Don't use printf(3) on user provided strings. This also fixes several corner cases and crashers. It's not prudent to pass user input to (even admin) input as a format string to printf, and various distros now check for this. This can cause accessing memory incorrectly, and various also various libc abort()'s. In addition various assumptions were made about full_name_format that aren't necessarily the case if the user uses a more complex format. Use safe-printf.c implementation for formatting full_name_format. Adapt the NSS resolver so it doesn't barf on formatted strings that are shorter than expected given a full_name_format. Tests added and updated appropriately.

Use lower-case name for case-insensitive searches The patch makes sure that a completely lower-cased version of a fully qualified name is used for case insensitive searches. Currently there are code paths where the domain name was used as configured and was not lower-cased. To make sure this patch does not break with old entries in the cache or case sensitive domains a third template was added to the related filters templates which is either filled with a completely lower-cased version or with the old version. The other two template values are unchanged.

TESTS: Remove test dir after successful tests test_utils removed files from test_dir before test execution, but files wasn't clean up after successful test execution.

Add utility to handle Well-Known SIDs

sss_names_init: allow empty domain name If no domain name is specified the global name pattern and regular expression will be returned.

Enhance/add unit tests for find_subdomain_by_sid/name

tests: Use right format string for type size_t This patch fixes few format string warnings in the file test_utils.c src/tests/cmocka/test_utils.c:54:56: warning: format specifies type 'unsigned int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]

find_subdomain_by_sid: skip domains with missing domain_id