summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am13
-rw-r--r--src/man/sssd.conf.5.xml68
-rw-r--r--src/responder/nss/nsssrv_cmd.c6
-rw-r--r--src/tests/cmocka/test_fqnames.c287
-rw-r--r--src/tests/cmocka/test_nss_srv.c141
-rw-r--r--src/util/usertools.c77
-rw-r--r--src/util/util.h9
7 files changed, 576 insertions, 25 deletions
diff --git a/Makefile.am b/Makefile.am
index 250f9b67..767e9b96 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -150,7 +150,8 @@ if HAVE_CMOCKA
test-find-uid \
test-io \
sss_nss_idmap-tests \
- dyndns-tests
+ dyndns-tests \
+ fqnames-tests
endif
check_PROGRAMS = \
@@ -1299,6 +1300,16 @@ dyndns_tests_LDADD = \
$(CMOCKA_LIBS) \
libsss_test_common.la \
libsss_util.la
+
+fqnames_tests_SOURCES = \
+ $(TEST_MOCK_OBJ) \
+ src/tests/cmocka/test_fqnames.c
+fqnames_tests_CFLAGS = \
+ $(AM_CFLAGS)
+fqnames_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ libsss_util.la
+
endif
noinst_PROGRAMS = pam_test_client
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index b902964f..3bb1ca76 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -143,12 +143,41 @@
<term>full_name_format (string)</term>
<listitem>
<para>
- The default <citerefentry>
+ A <citerefentry>
<refentrytitle>printf</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry>-compatible format that describes how to
- translate a (name, domain) tuple into a fully qualified
- name.
+ compose a fully qualified name from user name
+ and domain name components.
+ </para>
+ <para>
+ The following expansions are supported:
+ <variablelist>
+ <varlistentry>
+ <term>%1$s</term>
+ <listitem><para>user name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%2$s</term>
+ <listitem>
+ <para>
+ domain name as specified in the
+ SSSD config file.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%3$s</term>
+ <listitem>
+ <para>
+ domain flat name. Mostly usable
+ for Active Directory domains, both
+ directly configured or disovered
+ via IPA trusts.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</para>
<para>
Each domain can have an individual format string configured.
@@ -1533,8 +1562,37 @@ override_homedir = /home/%u
<refentrytitle>printf</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry>-compatible format that describes how to
- translate a (name, domain) tuple for this domain into a fully
- qualified name.
+ compose a fully qualified name from user name
+ and domain name components.
+ </para>
+ <para>
+ The following expansions are supported:
+ <variablelist>
+ <varlistentry>
+ <term>%1$s</term>
+ <listitem><para>user name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%2$s</term>
+ <listitem>
+ <para>
+ domain name as specified in the
+ SSSD config file.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%3$s</term>
+ <listitem>
+ <para>
+ domain flat name. Mostly usable
+ for Active Directory domains, both
+ directly configured or disovered
+ via IPA trusts.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</para>
<para>
Default: <quote>%1$s@%2$s</quote>.
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 268cfc83..39076e2b 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -307,7 +307,7 @@ static int fill_pwent(struct sss_packet *packet,
int ncret;
TALLOC_CTX *tmp_ctx = NULL;
- if (add_domain) dom_len = strlen(domain);
+ if (add_domain) dom_len = sss_fqdom_len(dom->names, dom);
to_sized_string(&pwfield, nctx->pwfield);
@@ -2161,7 +2161,7 @@ static int fill_members(struct sss_packet *packet,
if (add_domain) {
delim = 1;
- dom_len = strlen(domain);
+ dom_len = sss_fqdom_len(dom->names, dom);
} else {
delim = 0;
dom_len = 0;
@@ -2292,7 +2292,7 @@ static int fill_grent(struct sss_packet *packet,
if (add_domain) {
delim = 1;
- dom_len = strlen(domain);
+ dom_len = sss_fqdom_len(dom->names, dom);
} else {
delim = 0;
dom_len = 0;
diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c
new file mode 100644
index 00000000..e0735083
--- /dev/null
+++ b/src/tests/cmocka/test_fqnames.c
@@ -0,0 +1,287 @@
+/*
+ Authors:
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ SSSD tests: Fully Qualified Names Tests
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <popt.h>
+
+#include "tests/cmocka/common_mock.h"
+
+#define NAME "name"
+#define DOMNAME "domname"
+#define FLATNAME "flatname"
+
+struct fqdn_test_ctx {
+ struct sss_domain_info *dom;
+
+ struct sss_names_ctx *nctx;
+};
+
+void fqdn_test_setup(void **state)
+{
+ struct fqdn_test_ctx *test_ctx;
+
+ assert_true(leak_check_setup());
+
+ test_ctx = talloc_zero(global_talloc_context, struct fqdn_test_ctx);
+ assert_non_null(test_ctx);
+
+ test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info);
+ assert_non_null(test_ctx->dom);
+ test_ctx->dom->name = discard_const(DOMNAME);
+ test_ctx->dom->flat_name = discard_const(FLATNAME);
+
+ check_leaks_push(test_ctx);
+ *state = test_ctx;
+}
+
+void fqdn_test_teardown(void **state)
+{
+ struct fqdn_test_ctx *test_ctx = talloc_get_type(*state,
+ struct fqdn_test_ctx);
+
+ if (test_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n"));
+ return;
+ }
+
+ assert_true(check_leaks_pop(test_ctx) == true);
+ talloc_free(test_ctx);
+ assert_true(leak_check_teardown());
+}
+
+void test_default(void **state)
+{
+ struct fqdn_test_ctx *test_ctx = talloc_get_type(*state,
+ struct fqdn_test_ctx);
+ errno_t ret;
+
+ char *fqdn;
+ const int fqdn_size = 255;
+ char fqdn_s[fqdn_size];
+ size_t domsize;
+
+ if (test_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n"));
+ return;
+ }
+
+ ret = sss_names_init_from_args(test_ctx,
+ "(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
+ "%1$s@%2$s", &test_ctx->nctx);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_DOMAIN);
+
+ fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_non_null(fqdn);
+ assert_string_equal(fqdn, NAME"@"DOMNAME);
+ talloc_free(fqdn);
+
+ ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME));
+ assert_string_equal(fqdn_s, NAME"@"DOMNAME);
+
+ domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom);
+ assert_int_equal(domsize, sizeof(DOMNAME)-1);
+
+ talloc_free(test_ctx->nctx);
+}
+
+void test_all(void **state)
+{
+ struct fqdn_test_ctx *test_ctx = talloc_get_type(*state,
+ struct fqdn_test_ctx);
+ errno_t ret;
+
+ char *fqdn;
+ const int fqdn_size = 255;
+ char fqdn_s[fqdn_size];
+ size_t domsize;
+
+ if (test_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n"));
+ return;
+ }
+
+ ret = sss_names_init_from_args(test_ctx,
+ "(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
+ "%1$s@%2$s@%3$s", &test_ctx->nctx);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(test_ctx->nctx->fq_flags,
+ FQ_FMT_NAME | FQ_FMT_DOMAIN | FQ_FMT_FLAT_NAME);
+
+ fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_non_null(fqdn);
+ assert_string_equal(fqdn, NAME"@"DOMNAME"@"FLATNAME);
+ talloc_free(fqdn);
+
+ ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME"@"FLATNAME));
+ assert_string_equal(fqdn_s, NAME"@"DOMNAME"@"FLATNAME);
+
+ domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom);
+ assert_int_equal(domsize, sizeof(DOMNAME)-1 + sizeof(FLATNAME)-1);
+
+ talloc_free(test_ctx->nctx);
+}
+
+void test_flat(void **state)
+{
+ struct fqdn_test_ctx *test_ctx = talloc_get_type(*state,
+ struct fqdn_test_ctx);
+ errno_t ret;
+
+ char *fqdn;
+ const int fqdn_size = 255;
+ char fqdn_s[fqdn_size];
+ size_t domsize;
+
+ if (test_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n"));
+ return;
+ }
+
+ ret = sss_names_init_from_args(test_ctx,
+ "(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
+ "%1$s@%3$s", &test_ctx->nctx);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_FLAT_NAME);
+
+ fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_non_null(fqdn);
+ assert_string_equal(fqdn, NAME"@"FLATNAME);
+ talloc_free(fqdn);
+
+ ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_int_equal(ret + 1, sizeof(NAME"@"FLATNAME));
+ assert_string_equal(fqdn_s, NAME"@"FLATNAME);
+
+ domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom);
+ assert_int_equal(domsize, sizeof(FLATNAME)-1);
+
+ talloc_free(test_ctx->nctx);
+}
+
+void test_flat_fallback(void **state)
+{
+ struct fqdn_test_ctx *test_ctx = talloc_get_type(*state,
+ struct fqdn_test_ctx);
+ errno_t ret;
+
+ char *fqdn;
+ const int fqdn_size = 255;
+ char fqdn_s[fqdn_size];
+ size_t domsize;
+
+ if (test_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n"));
+ return;
+ }
+
+ ret = sss_names_init_from_args(test_ctx,
+ "(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
+ "%1$s@%3$s", &test_ctx->nctx);
+ assert_int_equal(ret, EOK);
+ assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_FLAT_NAME);
+
+ test_ctx->dom->flat_name = NULL;
+
+ /* If flat name is requested but does not exist, the code falls back to domain
+ * name
+ */
+ fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_non_null(fqdn);
+ assert_string_equal(fqdn, NAME"@"DOMNAME);
+ talloc_free(fqdn);
+
+ ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME);
+ assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME));
+ assert_string_equal(fqdn_s, NAME"@"DOMNAME);
+
+ domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom);
+ assert_int_equal(domsize, sizeof(DOMNAME)-1);
+
+ talloc_free(test_ctx->nctx);
+}
+
+void test_init_nouser(void **state)
+{
+ struct fqdn_test_ctx *test_ctx = talloc_get_type(*state,
+ struct fqdn_test_ctx);
+ errno_t ret;
+
+ if (test_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n"));
+ return;
+ }
+
+ ret = sss_names_init_from_args(test_ctx,
+ "(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
+ "%2$s@%3$s", &test_ctx->nctx);
+ /* Initialization with no user name must fail */
+ assert_int_not_equal(ret, EOK);
+}
+
+int main(int argc, const char *argv[])
+{
+ poptContext pc;
+ int opt;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ SSSD_DEBUG_OPTS
+ POPT_TABLEEND
+ };
+
+ const UnitTest tests[] = {
+ unit_test_setup_teardown(test_default,
+ fqdn_test_setup, fqdn_test_teardown),
+ unit_test_setup_teardown(test_all,
+ fqdn_test_setup, fqdn_test_teardown),
+ unit_test_setup_teardown(test_flat,
+ fqdn_test_setup, fqdn_test_teardown),
+ unit_test_setup_teardown(test_flat_fallback,
+ fqdn_test_setup, fqdn_test_teardown),
+ unit_test_setup_teardown(test_init_nouser,
+ fqdn_test_setup, fqdn_test_teardown),
+ };
+
+ /* Set debug level to invalid value so we can deside if -d 0 was used. */
+ debug_level = SSSDBG_INVALID;
+
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch(opt) {
+ default:
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
+ poptBadOption(pc, 0), poptStrerror(opt));
+ poptPrintUsage(pc, stderr, 0);
+ return 1;
+ }
+ }
+ poptFreeContext(pc);
+
+ DEBUG_INIT(debug_level);
+
+ /* Even though normally the tests should clean up after themselves
+ * they might not after a failed run. Remove the old db to be sure */
+ tests_set_cwd();
+
+ return run_tests(tests);
+}
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 092e6803..e8cc9aae 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -411,14 +411,109 @@ void test_nss_getpwnam_update(void **state)
assert_string_equal(shell, "/bin/ksh");
}
+/* Check that a FQDN is returned if the domain is FQDN-only and a
+ * FQDN is requested
+ */
+static int test_nss_getpwnam_check_fqdn(uint8_t *body, size_t blen)
+{
+ struct passwd pwd;
+ errno_t ret;
+
+ nss_test_ctx->cctx->rctx->domains[0].fqnames = false;
+
+ ret = parse_user_packet(body, blen, &pwd);
+ assert_int_equal(ret, EOK);
+
+ assert_int_equal(pwd.pw_uid, 124);
+ assert_int_equal(pwd.pw_gid, 457);
+ assert_string_equal(pwd.pw_name, "testuser_fqdn@"TEST_DOM_NAME);
+ assert_string_equal(pwd.pw_shell, "/bin/sh");
+ return EOK;
+}
+
+void test_nss_getpwnam_fqdn(void **state)
+{
+ errno_t ret;
+
+ /* Prime the cache with a valid user */
+ ret = sysdb_add_user(nss_test_ctx->tctx->sysdb,
+ nss_test_ctx->tctx->dom,
+ "testuser_fqdn", 124, 457, "test user",
+ "/home/testuser", "/bin/sh", NULL,
+ NULL, 300, 0);
+ assert_int_equal(ret, EOK);
+
+ mock_input_user("testuser_fqdn@"TEST_DOM_NAME);
+ will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM);
+ mock_fill_user();
+
+ /* Query for that user, call a callback when command finishes */
+ set_cmd_cb(test_nss_getpwnam_check_fqdn);
+ nss_test_ctx->cctx->rctx->domains[0].fqnames = true;
+ ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM,
+ nss_test_ctx->nss_cmds);
+ assert_int_equal(ret, EOK);
+
+ /* Wait until the test finishes with EOK */
+ ret = test_ev_loop(nss_test_ctx->tctx);
+ assert_int_equal(ret, EOK);
+}
+
+/*
+ * Check that FQDN processing is able to handle arbitrarily sized
+ * delimeter
+ */
+static int test_nss_getpwnam_check_resize_fqdn(uint8_t *body, size_t blen)
+{
+ struct passwd pwd;
+ errno_t ret;
+
+ nss_test_ctx->cctx->rctx->domains[0].fqnames = false;
+
+ ret = parse_user_packet(body, blen, &pwd);
+ assert_int_equal(ret, EOK);
+
+ assert_int_equal(pwd.pw_uid, 125);
+ assert_int_equal(pwd.pw_gid, 458);
+ assert_string_equal(pwd.pw_name, "testuser_fqdn_resize@@@@@"TEST_DOM_NAME);
+ assert_string_equal(pwd.pw_shell, "/bin/sh");
+ return EOK;
+}
+
+void test_nss_getpwnam_fqdn_resize(void **state)
+{
+ errno_t ret;
+
+ /* Prime the cache with a valid user */
+ ret = sysdb_add_user(nss_test_ctx->tctx->sysdb,
+ nss_test_ctx->tctx->dom,
+ "testuser_fqdn_resize", 125, 458, "test user",
+ "/home/testuser", "/bin/sh", NULL,
+ NULL, 300, 0);
+ assert_int_equal(ret, EOK);
+
+ mock_input_user("testuser_fqdn_resize@"TEST_DOM_NAME);
+ will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM);
+ mock_fill_user();
+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
+
+ /* Query for that user, call a callback when command finishes */
+ set_cmd_cb(test_nss_getpwnam_check_resize_fqdn);
+ nss_test_ctx->cctx->rctx->domains[0].fqnames = true;
+ ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM,
+ nss_test_ctx->nss_cmds);
+ assert_int_equal(ret, EOK);
+
+ /* Wait until the test finishes with EOK */
+ ret = test_ev_loop(nss_test_ctx->tctx);
+ assert_int_equal(ret, EOK);
+}
+
/* Testsuite setup and teardown */
-void nss_test_setup(void **state)
+void test_nss_setup(struct sss_test_conf_param params[],
+ void **state)
{
errno_t ret;
- struct sss_test_conf_param params[] = {
- { "enumerate", "false" },
- { NULL, NULL }, /* Sentinel */
- };
nss_test_ctx = talloc_zero(NULL, struct nss_test_ctx);
assert_non_null(nss_test_ctx);
@@ -451,6 +546,38 @@ void nss_test_setup(void **state)
assert_non_null(nss_test_ctx->cctx);
}
+void nss_test_setup(void **state)
+{
+ struct sss_test_conf_param params[] = {
+ { "enumerate", "false" },
+ { NULL, NULL }, /* Sentinel */
+ };
+
+ test_nss_setup(params, state);
+}
+
+void nss_fqdn_test_setup(void **state)
+{
+ struct sss_test_conf_param params[] = {
+ { "enumerate", "false" },
+ { "full_name_format", "%1$s@%2$s" },
+ { NULL, NULL }, /* Sentinel */
+ };
+
+ test_nss_setup(params, state);
+}
+
+void nss_fqdn_resize_test_setup(void **state)
+{
+ struct sss_test_conf_param params[] = {
+ { "enumerate", "false" },
+ { "full_name_format", "%1$s@@@@@%2$s" },
+ { NULL, NULL }, /* Sentinel */
+ };
+
+ test_nss_setup(params, state);
+}
+
void nss_test_teardown(void **state)
{
talloc_free(nss_test_ctx);
@@ -479,6 +606,10 @@ int main(int argc, const char *argv[])
nss_test_setup, nss_test_teardown),
unit_test_setup_teardown(test_nss_getpwnam_update,
nss_test_setup, nss_test_teardown),
+ unit_test_setup_teardown(test_nss_getpwnam_fqdn,
+ nss_fqdn_test_setup, nss_test_teardown),
+ unit_test_setup_teardown(test_nss_getpwnam_fqdn_resize,
+ nss_fqdn_resize_test_setup, nss_test_teardown),
};
/* Set debug level to invalid value so we can deside if -d 0 was used. */
diff --git a/src/util/usertools.c b/src/util/usertools.c
index 835b9e34..cc8f583b 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -140,12 +140,14 @@ static errno_t sss_fqnames_init(struct sss_names_ctx *nctx, const char *fq_fmt)
struct pattern_desc {
const char *pattern;
const char *desc;
+ int flag;
};
struct pattern_desc fqname_patterns[] = {
- { "%1$s", "user name" },
- { "%2$s", "domain name" },
- { NULL, NULL }
+ { "%1$s", "user name", FQ_FMT_NAME },
+ { "%2$s", "domain name", FQ_FMT_DOMAIN },
+ { "%3$s", "domain flat name", FQ_FMT_FLAT_NAME },
+ { NULL, NULL, 0 }
};
nctx->fq_fmt = talloc_strdup(nctx, fq_fmt);
@@ -163,12 +165,24 @@ static errno_t sss_fqnames_init(struct sss_names_ctx *nctx, const char *fq_fmt)
("Username pattern not found in [%s]\n", nctx->fq_fmt));
return ENOENT;
}
+ nctx->fq_flags = FQ_FMT_NAME;
+
+ for (int i = 1; fqname_patterns[i].pattern; i++) {
+ char *s;
+ s = strstr(fq_fmt, fqname_patterns[i].pattern);
+ if (s == NULL) {
+ /* Append the format specifier */
+ nctx->fq_fmt = talloc_strdup_append(nctx->fq_fmt,
+ fqname_patterns[i].pattern);
+ if (nctx->fq_fmt == NULL) {
+ return ENOMEM;
+ }
+ continue;
+ }
- if (strstr(fq_fmt, fqname_patterns[1].pattern) == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("The pattern for %s was not found, fully-qualified names "
- "might not work as expected\n", fqname_patterns[1].desc));
- /* Ignore this error */
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ ("Found the pattern for %s\n", fqname_patterns[i].desc));
+ nctx->fq_flags |= fqname_patterns[i].flag;
}
return EOK;
@@ -551,17 +565,46 @@ sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char * const *orig,
static inline const char *
safe_fq_str(struct sss_names_ctx *nctx, uint8_t part, const char *str)
{
-
return nctx->fq_flags & part ? str : "";
}
+static inline const char *
+safe_flat_name(struct sss_names_ctx *nctx, struct sss_domain_info *domain)
+{
+ const char *s;
+
+ s = safe_fq_str(nctx, FQ_FMT_FLAT_NAME, domain->flat_name);
+ if (s == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Flat name requested but domain has no"
+ "flat name set, falling back to domain name\n"));
+ s = domain->name;
+ }
+
+ return s;
+}
+
+static inline size_t
+fq_part_len(struct sss_names_ctx *nctx, struct sss_domain_info *dom,
+ uint8_t part, const char *str)
+{
+ const char *s = str;
+
+ if (part == FQ_FMT_FLAT_NAME) {
+ s = safe_flat_name(nctx, dom);
+ }
+ return nctx->fq_flags & part ? strlen(s) : 0;
+}
+
char *
sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx,
struct sss_domain_info *domain, const char *name)
{
if (domain == NULL || nctx == NULL) return NULL;
- return talloc_asprintf(mem_ctx, nctx->fq_fmt, name, domain->name);
+ return talloc_asprintf(mem_ctx, nctx->fq_fmt,
+ safe_fq_str(nctx, FQ_FMT_NAME, name),
+ safe_fq_str(nctx, FQ_FMT_DOMAIN, domain->name),
+ safe_flat_name(nctx, domain));
}
int
@@ -570,5 +613,17 @@ sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx,
{
if (domain == NULL || nctx == NULL) return -EINVAL;
- return snprintf(str, size, nctx->fq_fmt, name, domain->name);
+ return snprintf(str, size, nctx->fq_fmt,
+ safe_fq_str(nctx, FQ_FMT_NAME, name),
+ safe_fq_str(nctx, FQ_FMT_DOMAIN, domain->name),
+ safe_flat_name(nctx, domain));
+}
+
+size_t
+sss_fqdom_len(struct sss_names_ctx *nctx,
+ struct sss_domain_info *domain)
+{
+ size_t len = fq_part_len(nctx, domain, FQ_FMT_DOMAIN, domain->name);
+ len += fq_part_len(nctx, domain, FQ_FMT_FLAT_NAME, domain->flat_name);
+ return len;
}
diff --git a/src/util/util.h b/src/util/util.h
index 2f65fa20..87a4061e 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -335,9 +335,14 @@ char *get_username_from_uid(TALLOC_CTX *mem_ctx, uid_t uid);
char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name);
+#define FQ_FMT_NAME 0x01
+#define FQ_FMT_DOMAIN 0x02
+#define FQ_FMT_FLAT_NAME 0x04
+
struct sss_names_ctx {
char *re_pattern;
char *fq_fmt;
+ uint8_t fq_flags;
pcre *re;
};
@@ -381,6 +386,10 @@ int
sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx,
struct sss_domain_info *domain, const char *name);
+size_t
+sss_fqdom_len(struct sss_names_ctx *nctx,
+ struct sss_domain_info *domain);
+
/* from backup-file.c */
int backup_file(const char *src, int dbglvl);