summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-01-13 15:04:52 +0100
committerJakub Hrozek <jhrozek@redhat.com>2016-01-13 15:31:29 +0100
commit17c77befe6e9bb9fd67ae5d226d7ffcc233acd43 (patch)
treef0dad0064cee388b6e299660f30eacd71a8a3e83
parented7a26276ad68d55bf10058dda0d617dc7666edf (diff)
downloadsssd-sysdb.tar.gz
sssd-sysdb.tar.xz
sssd-sysdb.zip
foo2sysdb
-rw-r--r--src/db/sysdb_ops.c15
-rw-r--r--src/providers/simple/simple_access_check.c9
-rw-r--r--src/tests/cmocka/test_simple_access.c440
-rw-r--r--src/util/util_errors.c1
-rw-r--r--src/util/util_errors.h1
5 files changed, 421 insertions, 45 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 106ae5e2e..a1cdedc5f 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -333,8 +333,6 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx,
size_t msgs_count = 0;
char *sanitized_name;
char *lc_sanitized_name;
- char *fqname;
- char *lc_fqname;
char *filter;
int ret;
@@ -371,17 +369,8 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx,
goto done;
}
- fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name,
- domain->name);
- lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name,
- domain->name);
- if (fqname == NULL || lc_fqname == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- filter = talloc_asprintf(tmp_ctx, filter_tmpl, lc_fqname,
- fqname, fqname);
+ filter = talloc_asprintf(tmp_ctx, filter_tmpl, lc_sanitized_name,
+ sanitized_name, sanitized_name);
if (!filter) {
ret = ENOMEM;
goto done;
diff --git a/src/providers/simple/simple_access_check.c b/src/providers/simple/simple_access_check.c
index 14d833be2..8cb956478 100644
--- a/src/providers/simple/simple_access_check.c
+++ b/src/providers/simple/simple_access_check.c
@@ -720,6 +720,15 @@ struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx,
state->access_granted = false;
state->ctx = ctx;
+
+ ret = sss_parse_internal_fqname(state, username, NULL, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Username [%s] is not in the expected format!\n", username);
+ ret = ERR_WRONG_NAME_FORMAT;
+ goto immediate;
+ }
+
state->username = talloc_strdup(state, username);
if (!state->username) {
ret = ENOMEM;
diff --git a/src/tests/cmocka/test_simple_access.c b/src/tests/cmocka/test_simple_access.c
index f3b1e0bd8..428b2e25c 100644
--- a/src/tests/cmocka/test_simple_access.c
+++ b/src/tests/cmocka/test_simple_access.c
@@ -34,10 +34,6 @@
#define TEST_SUBDOM_NAME "test.subdomain"
#define TEST_ID_PROVIDER "ldap"
-const char *ulist_1[] = {"u1", "u2", NULL};
-const char *glist_1[] = {"g1", "g2", NULL};
-const char *glist_1_case[] = {"G1", "G2", NULL};
-
int sssm_simple_access_init(struct be_ctx *bectx, struct bet_ops **ops,
void **pvt_data);
@@ -166,42 +162,333 @@ static void simple_access_check_done(struct tevent_req *req)
simple_test_ctx->tctx->done = true;
}
+static void run_simple_access_check(struct simple_test_ctx *simple_test_ctx,
+ const char *username,
+ int expected_rv,
+ bool allow_access)
+{
+ int ret;
+ struct tevent_req *req;
+
+ simple_test_ctx->tctx->done = false;
+ req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
+ simple_test_ctx->ctx, username);
+ assert_non_null(req);
+ tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+
+ ret = test_ev_loop(simple_test_ctx->tctx);
+ assert_int_equal(ret, expected_rv);
+
+ /* otherwise the output is undefined */
+ if (expected_rv == EOK) {
+ assert_true(simple_test_ctx->access_granted == allow_access);
+ }
+}
+
static void test_both_empty(void **state)
{
errno_t ret;
- struct tevent_req *req;
struct simple_test_ctx *simple_test_ctx = \
talloc_get_type(*state, struct simple_test_ctx);
ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, NULL);
assert_int_equal(ret, EOK);
- req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
- simple_test_ctx->ctx, "u1");
- assert_non_null(req);
- tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+}
- ret = test_ev_loop(simple_test_ctx->tctx);
+static void test_allow_empty(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_deny_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
assert_int_equal(ret, EOK);
- assert_true(simple_test_ctx->access_granted);
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u1", ERR_WRONG_NAME_FORMAT, false);
}
-static void test_allow_empty(void **state)
+static void test_deny_empty(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_both_set(void **state)
{
errno_t ret;
- struct tevent_req *req;
struct simple_test_ctx *simple_test_ctx = \
talloc_get_type(*state, struct simple_test_ctx);
struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
{ "simple_deny_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_deny_wrong_case(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "U1@simple_test", EOK, false);
+}
+
+static void test_allow_case_insensitive(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ simple_test_ctx->tctx->dom->case_sensitive = false;
+ run_simple_access_check(simple_test_ctx, "U1@simple_test", EOK, true);
+}
+
+static void test_unknown_user(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "foo@simple_test", EOK, false);
+}
+
+static void test_space(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "space user, another user@simple_test" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "space user@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "another user@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "not allowed@simple_test", EOK, false);
+}
+
+static int simple_group_test_setup(void **state)
+{
+ int ret;
+ char *u1;
+ char *u2;
+ char *u3;
+ char *g1;
+ char *g2;
+ char *sp;
+ char *sp2;
+ char *pvt;
+ struct simple_test_ctx *test_ctx;
+
+ ret = simple_test_setup((void **) &test_ctx);
+ if (ret != EOK) {
+ return 1;
+ }
+
+ u1 = sss_create_internal_fqname(test_ctx, "u1",
+ test_ctx->be_ctx->domain->name);
+ u2 = sss_create_internal_fqname(test_ctx, "u2",
+ test_ctx->be_ctx->domain->name);
+ u3 = sss_create_internal_fqname(test_ctx, "u3",
+ test_ctx->be_ctx->domain->name);
+ g1 = sss_create_internal_fqname(test_ctx, "g1",
+ test_ctx->be_ctx->domain->name);
+ g2 = sss_create_internal_fqname(test_ctx, "g2",
+ test_ctx->be_ctx->domain->name);
+ sp = sss_create_internal_fqname(test_ctx, "space group",
+ test_ctx->be_ctx->domain->name);
+ sp2 = sss_create_internal_fqname(test_ctx, "another space",
+ test_ctx->be_ctx->domain->name);
+ pvt = sss_create_internal_fqname(test_ctx, "pvt",
+ test_ctx->be_ctx->domain->name);
+ if (u1 == NULL || u2 == NULL || u3 == NULL
+ || g1 == NULL || g2 == NULL || pvt == NULL
+ || sp == NULL || sp2 == NULL) {
+ return 1;
+ }
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, pvt, 999, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_store_user(test_ctx->be_ctx->domain,
+ u1, NULL, 123, 999, "u1", "/home/u1",
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_store_user(test_ctx->be_ctx->domain,
+ u2, NULL, 456, 999, "u1", "/home/u1",
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_store_user(test_ctx->be_ctx->domain,
+ u3, NULL, 789, 999, "u1", "/home/u1",
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, g1, 321, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, g2, 654, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, sp, 1234, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, sp2, 5678, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ g1, u1, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ sp, u1, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ g2, u2, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ sp2, u2, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ *state = test_ctx;
+ return 0;
+}
+
+static int simple_group_test_teardown(void **state)
+{
+ int ret;
+ char *u1;
+ char *u2;
+ char *u3;
+ char *g1;
+ char *g2;
+ char *sp;
+ char *sp2;
+ char *pvt;
+ struct simple_test_ctx *test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+
+ u1 = sss_create_internal_fqname(test_ctx, "u1",
+ test_ctx->be_ctx->domain->name);
+ u2 = sss_create_internal_fqname(test_ctx, "u2",
+ test_ctx->be_ctx->domain->name);
+ u3 = sss_create_internal_fqname(test_ctx, "u3",
+ test_ctx->be_ctx->domain->name);
+ g1 = sss_create_internal_fqname(test_ctx, "g1",
+ test_ctx->be_ctx->domain->name);
+ g2 = sss_create_internal_fqname(test_ctx, "g2",
+ test_ctx->be_ctx->domain->name);
+ sp = sss_create_internal_fqname(test_ctx, "space group",
+ test_ctx->be_ctx->domain->name);
+ sp2 = sss_create_internal_fqname(test_ctx, "another space",
+ test_ctx->be_ctx->domain->name);
+ pvt = sss_create_internal_fqname(test_ctx, "pvt",
+ test_ctx->be_ctx->domain->name);
+ if (u1 == NULL || u2 == NULL || u3 == NULL
+ || g1 == NULL || g2 == NULL || pvt == NULL
+ || sp == NULL || sp2 == NULL) {
+ return 1;
+ }
+
+ ret = sysdb_delete_user(test_ctx->be_ctx->domain, u1, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_user(test_ctx->be_ctx->domain, u2, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_user(test_ctx->be_ctx->domain, u3, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, g1, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, g2, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, sp, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, sp2, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, pvt, 0);
+ if (ret != EOK) return 1;
+
+ /* make sure there are no leftovers from previous tests */
+ test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+ talloc_free(test_ctx);
+ return 0;
+}
+
+static void test_group_allow_empty(void **state)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_deny_groups", "g1, g2" },
+ { NULL, NULL },
};
ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
assert_int_equal(ret, EOK);
req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
- simple_test_ctx->ctx, "u1");
+ simple_test_ctx->ctx, "u1@simple_test");
assert_non_null(req);
tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
@@ -210,9 +497,8 @@ static void test_allow_empty(void **state)
assert_false(simple_test_ctx->access_granted);
simple_test_ctx->tctx->done = false;
-
req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
- simple_test_ctx->ctx, "u3");
+ simple_test_ctx->ctx, "u3@simple_test");
assert_non_null(req);
tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
@@ -221,38 +507,96 @@ static void test_allow_empty(void **state)
assert_true(simple_test_ctx->access_granted);
}
-static void test_deny_empty(void **state)
+static void test_group_deny_empty(void **state)
{
errno_t ret;
- struct tevent_req *req;
struct simple_test_ctx *simple_test_ctx = \
talloc_get_type(*state, struct simple_test_ctx);
struct sss_test_conf_param params[] = {
- { "simple_allow_users", "u1, u2" },
+ { "simple_allow_groups", "g1, g2" },
+ { NULL, NULL },
};
ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
assert_int_equal(ret, EOK);
- req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
- simple_test_ctx->ctx, "u1");
- assert_non_null(req);
- tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
- ret = test_ev_loop(simple_test_ctx->tctx);
+static void test_group_both_set(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "g1, g2" },
+ { "simple_deny_groups", "g1, g2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_group_deny_wrong_case(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "G1, G2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
assert_int_equal(ret, EOK);
- assert_true(simple_test_ctx->access_granted);
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+}
+
+static void test_group_allow_case_insensitive(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "G1, G2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ /* Case-sensitive domain, wrong case */
simple_test_ctx->tctx->done = false;
+ simple_test_ctx->tctx->dom->case_sensitive = false;
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+}
- req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
- simple_test_ctx->ctx, "u3");
- assert_non_null(req);
- tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+static void test_group_space(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "space group, another space@simple_test" },
+ { NULL, NULL },
+ };
- ret = test_ev_loop(simple_test_ctx->tctx);
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
assert_int_equal(ret, EOK);
- assert_false(simple_test_ctx->access_granted);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
}
int main(int argc, const char *argv[])
@@ -270,7 +614,6 @@ int main(int argc, const char *argv[])
};
const struct CMUnitTest tests[] = {
- /* FIXME - group fixtures? */
cmocka_unit_test_setup_teardown(test_both_empty,
simple_test_setup,
simple_test_teardown),
@@ -280,6 +623,39 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_deny_empty,
simple_test_setup,
simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_both_set,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_deny_wrong_case,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_allow_case_insensitive,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_unknown_user,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_space,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_allow_empty,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_deny_empty,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_both_set,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_deny_wrong_case,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_allow_case_insensitive,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_space,
+ simple_group_test_setup,
+ simple_group_test_teardown),
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index ed19346d9..fe3bbab85 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -82,6 +82,7 @@ struct err_string error_to_str[] = {
{ "Address family not supported" }, /* ERR_ADDR_FAMILY_NOT_SUPPORTED */
{ "Message sender is the bus" }, /* ERR_SBUS_SENDER_BUS */
{ "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */
+ { "Username not in the expected format" }, /* ERR_WRONG_NAME_FORMAT */
{ "ERR_LAST" } /* ERR_LAST */
};
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index c1d081912..a47967b1b 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -104,6 +104,7 @@ enum sssd_errors {
ERR_ADDR_FAMILY_NOT_SUPPORTED,
ERR_SBUS_SENDER_BUS,
ERR_SUBDOM_INACTIVE,
+ ERR_WRONG_NAME_FORMAT,
ERR_LAST /* ALWAYS LAST */
};