LDAP: Qualify user and group names when saving the sudo users

If the sudoUser values we fetch from LDAP correspond to a user or a group name per: http://www.sudo.ws/man/1.8.14/sudoers.ldap.man.html then we parse the usernames into (name,domain) tuples and store them qualified. This patch not only makes the sudo provider work with qualified names, but also makes it possible to use qualified names on the LDAP side, allowing for example AD users from different domains to access sudo rules.
author: Jakub Hrozek <jhrozek@redhat.com> 2016-06-22 10:33:09 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-07-06 17:40:22 +0200
commit: dd9651c395bbba72443a31d17a767be60581da2c (patch)
tree: 6577cf75dd86189feeb07df39802bfe3ea65bfe2 /src/util/util.h
parent: cc1f70155706873db7fe67f2466e302b4496f5fc (diff)
download: sssd-dd9651c395bbba72443a31d17a767be60581da2c.tar.gz
sssd-dd9651c395bbba72443a31d17a767be60581da2c.tar.xz
sssd-dd9651c395bbba72443a31d17a767be60581da2c.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h
index de26ff19f..bf668f5fd 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -381,6 +381,9 @@ errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx,
                            hash_delete_callback *delete_callback,
                            void *delete_private_data);
 
+/* Returns true if sudoUser value is a username or a groupname */
+bool is_user_or_group_name(const char *sudo_user_value);
+
 /**
  * @brief Add two list of strings
  *
author	Jakub Hrozek <jhrozek@redhat.com>	2016-06-22 10:33:09 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-07-06 17:40:22 +0200
commit	dd9651c395bbba72443a31d17a767be60581da2c (patch)
tree	6577cf75dd86189feeb07df39802bfe3ea65bfe2 /src/util/util.h
parent	cc1f70155706873db7fe67f2466e302b4496f5fc (diff)
download	sssd-dd9651c395bbba72443a31d17a767be60581da2c.tar.gz sssd-dd9651c395bbba72443a31d17a767be60581da2c.tar.xz sssd-dd9651c395bbba72443a31d17a767be60581da2c.zip