Bug 2180981

Summary: sss allows extraneous @ characters prefixed to username #
Product: Red Hat Enterprise Linux 8 Reporter: Abhijit Roy <abroy>
Component: sssdAssignee: Tomas Halman <thalman>
Status: VERIFIED --- QA Contact: shridhar <sgadekar>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.7CC: atikhono, ipedrosa, pbrezina, rakkumar, sgadekar
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: sssd-2.9.0-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Abhijit Roy 2023-03-22 18:48:10 UTC 
Description of problem:

As per the upstream ticket https://github.com/SSSD/sssd/issues/6635 I am opening this bz.

Solution provided by Tomáš

Default re_expressions does not use "^" so they may skip/ignore some leading character (@ and \)
Changing

#define SSS_DEFAULT_RE "(?P<name>[^@]+)@?(?P<domain>[^@]*$)"
to

#define SSS_DEFAULT_RE "^(?P<name>[^@]+)@?(?P<domain>[^@]*$)"
and similar change for SSS_IPA_AD_DEFAULT_RE will solve the issue. It will make SSSD more strict about input values.

Consider that this regular expression is used also for group names and MS Windows group name can actually include @

$ grep "SSS_DEFAULT_RE" util/util.h 
#define SSS_DEFAULT_RE "(?P<name>[^@]+)@?(?P<domain>[^@]*$)"

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Alexey Tikhonov 2023-03-23 14:17:11 UTC 
*** Bug 2180998 has been marked as a duplicate of this bug. ***
Comment 2 Alexey Tikhonov 2023-03-24 09:44:44 UTC 
Upstream PR: https://github.com/SSSD/sssd/pull/6646
Comment 3 Alexey Tikhonov 2023-04-14 10:14:48 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/6646

* `master`
    * b78b508b1dbdb78c8d17916472a3398d67f76bbd - responder: regexp cleanup
    * 526aea3e8cb48dbfaabb009e06236828ad903429 - util: Improve re_expression defaults