NSS: Replace spaces with specified string in names.

This patch add possibility to replace whitespace in user and group names with
a specified string. With string "-", sssd will return the same result as
winbind enabled option "winbind normalize names"

Resolves:
https://fedorahosted.org/sssd/ticket/1854

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 21bc143c2855638242e9dfe01ea66198b5883b8a)

7 files changed, 87 insertions, 1 deletions

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0f70671c6..28ca7b3d8 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -98,6 +98,7 @@
 #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
 #define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
 #define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
+#define CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE "override_default_whitespace"
 
 /* PAM */
 #define CONFDB_PAM_CONF_ENTRY "config/pam"
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index bc657d365..bbd18356c 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -72,6 +72,7 @@ option_strings = {
     'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'),
     'default_shell': _('Shell to use if the provider does not list one'),
     'memcache_timeout': _('How long will be in-memory cache records valid'),
+    'override_default_whitespace': _('All white spaces in group or user names will be replaced with this string'),
 
     # [pam]
     'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'),
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 85253aad5..13130b567 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -44,6 +44,7 @@ shell_fallback = str, None, false
 default_shell = str, None, false
 get_domains_timeout = int, None, false
 memcache_timeout = int, None, false
+override_default_whitespace = str, None, false
 
 [pam]
 # Authentication service
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 4a3b2cbda..47465f568 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -607,6 +607,23 @@ fallback_homedir = /home/%u
                         </para>
                     </listitem>
                 </varlistentry>
+                <varlistentry>
+                    <term>override_default_whitespace (string)</term>
+                    <listitem>
+                        <para>
+                            This parameter will replace white spaces (space bar)
+                            with the given string for user and group names.
+                            e.g. (_). User name &quot;john doe&quot; will
+                            be &quot;john_doe&quot; This feature was added to
+                            help compatibility with shell scripts that have
+                            difficulty handling white spaces, due to the
+                            default field separator in the shell.
+                        </para>
+                        <para>
+                            Default: not set (whitespaces will not be replaced)
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </refsect2>
         <refsect2 id='PAM'>
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index dba412a64..313815e5d 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -298,6 +298,11 @@ static int nss_get_config(struct nss_ctx *nctx,
                             &nctx->homedir_substr);
     if (ret != EOK) goto done;
 
+    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+                            CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE, NULL,
+                            &nctx->override_default_wsp_str);
+    if (ret != EOK) goto done;
+
     ret = 0;
 done:
     return ret;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 0f0a75a8f..e8db17f35 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -67,6 +67,7 @@ struct nss_ctx {
     char **etc_shells;
     char *shell_fallback;
     char *default_shell;
+    char *override_default_wsp_str;
 
     struct sss_mc_ctx *pwd_mc_ctx;
     struct sss_mc_ctx *grp_mc_ctx;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 26f61a64b..79e3aa904 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -377,6 +377,15 @@ static int fill_pwent(struct sss_packet *packet,
                   "sss_get_cased_name failed, skipping\n");
             continue;
         }
+
+        tmpstr = sss_replace_whitespaces(tmp_ctx, tmpstr,
+                                         nctx->override_default_wsp_str);
+        if (tmpstr == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_replace_whitespaces failed, skipping\n");
+            continue;
+        }
+
         to_sized_string(&name, tmpstr);
 
         tmpstr = ldb_msg_find_attr_as_string(msg, SYSDB_GECOS, NULL);
@@ -757,6 +766,14 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
         name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive);
         if (!name) return ENOMEM;
 
+        name = sss_reverse_replace_whitespaces(dctx, name,
+                                               nctx->override_default_wsp_str);
+        if (name == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_reverse_replace_whitespaces failed\n");
+            return ENOMEM;
+        }
+
         /* verify this user has not yet been negatively cached,
         * or has been permanently filtered */
         ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
@@ -2269,7 +2286,7 @@ static int fill_members(struct sss_packet *packet,
     int memnum = *_memnum;
     size_t rzero= *_rzero;
     size_t rsize = *_rsize;
-    char *tmpstr;
+    const char *tmpstr;
     struct sized_string name;
     TALLOC_CTX *tmp_ctx = NULL;
 
@@ -2298,6 +2315,15 @@ static int fill_members(struct sss_packet *packet,
             continue;
         }
 
+        tmpstr = sss_replace_whitespaces(tmp_ctx, tmpstr,
+                                         nctx->override_default_wsp_str);
+        if (tmpstr == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_replace_whitespaces failed\n");
+            ret = ENOMEM;
+            goto done;
+        }
+
         if (nctx->filter_users_in_groups) {
             ret = sss_ncache_check_user(nctx->ncache,
                                         nctx->neg_timeout,
@@ -2472,6 +2498,15 @@ static int fill_grent(struct sss_packet *packet,
                   "sss_get_cased_name failed, skipping\n");
             continue;
         }
+
+        tmpstr = sss_replace_whitespaces(tmp_ctx, tmpstr,
+                                         nctx->override_default_wsp_str);
+        if (tmpstr == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_replace_whitespaces failed, skipping\n");
+            continue;
+        }
+
         to_sized_string(&name, tmpstr);
 
         /* fill in gid and name and set pointer for number of members */
@@ -2675,6 +2710,14 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
         name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive);
         if (!name) return ENOMEM;
 
+        name = sss_reverse_replace_whitespaces(dctx, name,
+                                               nctx->override_default_wsp_str);
+        if (name == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_reverse_replace_whitespaces failed\n");
+            return ENOMEM;
+        }
+
         /* verify this group has not yet been negatively cached,
         * or has been permanently filtered */
         ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout,
@@ -3702,6 +3745,14 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
         name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive);
         if (!name) return ENOMEM;
 
+        name = sss_reverse_replace_whitespaces(dctx, name,
+                                               nctx->override_default_wsp_str);
+        if (name == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_reverse_replace_whitespaces failed\n");
+            return ENOMEM;
+        }
+
         /* verify this user has not yet been negatively cached,
         * or has been permanently filtered */
         ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
@@ -3862,6 +3913,15 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
                 goto done;
             }
 
+            name = sss_reverse_replace_whitespaces(dctx, name,
+                                               nctx->override_default_wsp_str);
+            if (name == NULL) {
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      "sss_reverse_replace_whitespaces failed\n");
+                ret = ENOMEM;
+                goto done;
+            }
+
             /* For subdomains a fully qualified name is needed for
              * sysdb_search_user_by_name and sysdb_search_group_by_name. */
             if (IS_SUBDOMAIN(dom)) {