Add a more flexible way to parse and filter names.

A new nss_parse_name function uses pcre to parse names, this makes
it possible, in future, to make the filter user configurable.

Add a new filter mechanism to filter out users that uses the negative cache by
setting a permanet negative entry.

Rework the entry points where the negative cache is checked for.

1 files changed, 10 insertions, 5 deletions

diff --git a/server/responder/nss/nsssrv_nc.h b/server/responder/nss/nsssrv_nc.h
index acc9170c6..c0fa197c2 100644
--- a/server/responder/nss/nsssrv_nc.h
+++ b/server/responder/nss/nsssrv_nc.h
@@ -35,12 +35,17 @@ int nss_ncache_check_group(struct nss_nc_ctx *ctx, int ttl,
 int nss_ncache_check_uid(struct nss_nc_ctx *ctx, int ttl, uid_t uid);
 int nss_ncache_check_gid(struct nss_nc_ctx *ctx, int ttl, gid_t gid);
 
-/* add a new neg-cache entry setting the timestamp to "now" */
-int nss_ncache_set_user(struct nss_nc_ctx *ctx,
+/* add a new neg-cache entry setting the timestamp to "now" unless
+ * "permanent" is set to true, in which case the timestamps is set to 0
+ * and the negative cache never expires (used to permanently filter out
+ * users and groups) */
+int nss_ncache_set_user(struct nss_nc_ctx *ctx, bool permanent,
                         const char *domain, const char *name);
-int nss_ncache_set_group(struct nss_nc_ctx *ctx,
+int nss_ncache_set_group(struct nss_nc_ctx *ctx, bool permanent,
                         const char *domain, const char *name);
-int nss_ncache_set_uid(struct nss_nc_ctx *ctx, uid_t uid);
-int nss_ncache_set_gid(struct nss_nc_ctx *ctx, gid_t gid);
+int nss_ncache_set_uid(struct nss_nc_ctx *ctx, bool permanent, uid_t uid);
+int nss_ncache_set_gid(struct nss_nc_ctx *ctx, bool permanent, gid_t gid);
+
+int nss_ncache_reset_permament(struct nss_nc_ctx *ctx);
 
 #endif /* _NSS_NEG_CACHE_H_ */