From b3e9cac972b94444a3e8b1ee94dbd30a49957582 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 18 Feb 2011 10:54:31 -0500
Subject: Set the loginShell attribute on winsynced entries if configured

Fixes: https://fedorahosted.org/freeipa/ticket/266
---
 .../ipa-winsync/ipa-winsync-conf.ldif              |  1 +
 .../ipa-winsync/ipa-winsync-config.c               | 53 ++++++++++++++++++++++
 .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c    |  6 +++
 .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.h    |  7 ++-
 4 files changed, 66 insertions(+), 1 deletion(-)

(limited to 'daemons/ipa-slapi-plugins')

diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
index 5b5c56acb..e1e397f90 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
@@ -19,6 +19,7 @@ ipaWinSyncNewEntryFilter: (cn=ipaConfig)
 ipaWinSyncNewUserOCAttr: ipauserobjectclasses
 ipaWinSyncUserFlatten: true
 ipaWinsyncHomeDirAttr: ipaHomesRootDir
+ipaWinsyncLoginShellAttr: ipaDefaultLoginShell
 ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
 ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
 ipaWinSyncAcctDisable: both
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
index a61cabb14..b089d3d14 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
@@ -238,6 +238,15 @@ ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_E
         goto done2;
     }
 
+    /* get login_shell_attr */
+    if (slapi_entry_attr_find(e, IPA_WINSYNC_LOGIN_SHELL_ATTR,
+                              &testattr) ||
+        (NULL == testattr)) {
+        PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+                    "Warning: no value given for %s",
+                    IPA_WINSYNC_LOGIN_SHELL_ATTR);
+    }
+
     /* get default_group_attr */
     if (slapi_entry_attr_find(e, IPA_WINSYNC_DEFAULTGROUP_ATTR,
                               &testattr) ||
@@ -372,6 +381,7 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
     char *new_entry_filter = NULL;
     char *new_user_oc_attr = NULL; /* don't care about groups for now */
     char *homedir_prefix_attr = NULL;
+    char *login_shell_attr = NULL;
     char *default_group_attr = NULL;
     char *default_group_filter = NULL;
     char *acct_disable = NULL;
@@ -436,6 +446,15 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
         goto done3;
     }
 
+    /* get login_shell_attr */
+    login_shell_attr = slapi_entry_attr_get_charptr(e,
+                                                IPA_WINSYNC_LOGIN_SHELL_ATTR);
+    if (!login_shell_attr) {
+        PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+                    "Warning: no value given for %s",
+                    IPA_WINSYNC_LOGIN_SHELL_ATTR);
+    }
+
     /* get default_group_attr */
     if (!(default_group_attr = slapi_entry_attr_get_charptr(
               e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) {
@@ -567,6 +586,11 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
     slapi_ch_free_string(&theConfig.homedir_prefix_attr);
     theConfig.homedir_prefix_attr = homedir_prefix_attr;
     homedir_prefix_attr = NULL;
+    if (login_shell_attr) {
+        slapi_ch_free_string(&theConfig.login_shell_attr);
+        theConfig.login_shell_attr = login_shell_attr;
+        login_shell_attr = NULL;
+    }
     slapi_ch_free_string(&theConfig.default_group_attr);
     theConfig.default_group_attr = default_group_attr;
     default_group_attr = NULL;
@@ -594,6 +618,7 @@ done3:
     slapi_ch_free_string(&new_entry_filter);
     slapi_ch_free_string(&new_user_oc_attr);
     slapi_ch_free_string(&homedir_prefix_attr);
+    slapi_ch_free_string(&login_shell_attr);
     slapi_ch_free_string(&default_group_attr);
     slapi_ch_free_string(&default_group_filter);
     slapi_ch_array_free(attrsvals);
@@ -636,6 +661,7 @@ ipa_winsync_config_destroy_domain(
     iwdc->domain_e = NULL;
     slapi_ch_free_string(&iwdc->realm_name);
     slapi_ch_free_string(&iwdc->homedir_prefix);
+    slapi_ch_free_string(&iwdc->login_shell);
     slapi_ch_free_string(&iwdc->inactivated_group_dn);
     slapi_ch_free_string(&iwdc->activated_group_dn);
     slapi_ch_free((void **)&iwdc);
@@ -752,6 +778,7 @@ ipa_winsync_config_refresh_domain(
     char *new_entry_filter = NULL;
     char *new_user_oc_attr = NULL; /* don't care about groups for now */
     char *homedir_prefix_attr = NULL;
+    char *login_shell_attr = NULL;
     char *default_group_attr = NULL;
     char *default_group_filter = NULL;
     char *default_group_name = NULL;
@@ -774,6 +801,9 @@ ipa_winsync_config_refresh_domain(
     new_entry_filter = slapi_ch_strdup(theConfig.new_entry_filter);
     new_user_oc_attr = slapi_ch_strdup(theConfig.new_user_oc_attr);
     homedir_prefix_attr = slapi_ch_strdup(theConfig.homedir_prefix_attr);
+    if (theConfig.login_shell_attr) {
+        login_shell_attr = slapi_ch_strdup(theConfig.login_shell_attr);
+    }
     default_group_attr = slapi_ch_strdup(theConfig.default_group_attr);
     default_group_filter = slapi_ch_strdup(theConfig.default_group_filter);
     acct_disable = theConfig.acct_disable;
@@ -840,6 +870,27 @@ ipa_winsync_config_refresh_domain(
         goto out;
     }
 
+    /* get the login shell value */
+    /* note - this is in the same entry as the new entry template, so
+       use the same filter */
+    slapi_ch_free_string(&iwdc->login_shell);
+    if (login_shell_attr) {
+        ret = internal_find_entry_get_attr_val(config_dn, search_scope,
+                                               new_entry_filter,
+                                               login_shell_attr,
+                                               NULL, &iwdc->login_shell);
+        if (!iwdc->login_shell) {
+            LOG("Warning: could not find the entry containing the login shell "
+                "attribute for ds subtree [%s] filter [%s] attr [%s]\n",
+                slapi_sdn_get_dn(ds_subtree), new_entry_filter,
+                login_shell_attr);
+        }
+    }
+    if (!iwdc->login_shell) {
+        /* could not find the login shell or was not configured */
+        LOG("Warning: no login shell configured!");
+    }
+
     /* find the default group - the entry above contains the group name, but
        we need the gidNumber for posixAccount - so first find the entry
        and attr value which has the group name, then lookup the group
@@ -939,6 +990,7 @@ out:
     slapi_ch_free_string(&new_entry_filter);
     slapi_ch_free_string(&new_user_oc_attr);
     slapi_ch_free_string(&homedir_prefix_attr);
+    slapi_ch_free_string(&login_shell_attr);
     slapi_ch_free_string(&default_group_attr);
     slapi_ch_free_string(&default_group_filter);
     slapi_ch_free_string(&default_group_name);
@@ -952,6 +1004,7 @@ out:
     if (LDAP_SUCCESS != ret) {
         slapi_ch_free_string(&iwdc->realm_name);
         slapi_ch_free_string(&iwdc->homedir_prefix);
+        slapi_ch_free_string(&iwdc->login_shell);
         slapi_entry_free(iwdc->domain_e);
         iwdc->domain_e = NULL;
     }
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index 3816ff567..2c0f4d1d2 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -350,6 +350,12 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
         }
     }
 
+    /* add a loginShell if we have a default */
+    if (ipaconfig->login_shell) {
+        slapi_entry_attr_set_charptr(ds_entry, "loginShell",
+                                     ipaconfig->login_shell);
+    }
+
     sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS,
                       ds_entry, NULL, NULL);
     LOG("<-- ipa_winsync_pre_ds_add_user_cb -- end\n");
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
index eb2a14b70..8f79dc64e 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
@@ -68,6 +68,7 @@ typedef struct ipa_winsync_config_struct {
     char *new_entry_filter;
     char *new_user_oc_attr; /* don't care about groups for now */
     char *homedir_prefix_attr;
+    char *login_shell_attr;
     char *default_group_attr;
     char *default_group_filter;
     int acct_disable; /* see below for possible values */
@@ -84,6 +85,7 @@ typedef struct ipa_winsync_domain_config {
     Slapi_Entry *domain_e; /* info is stored in this entry */
     char *realm_name; /* realm name */
     char *homedir_prefix;
+    char *login_shell;
     char *inactivated_group_dn; /* DN of inactivated group */
     char *activated_group_dn; /* DN of activated group */
 } IPA_WinSync_Domain_Config;
@@ -124,7 +126,10 @@ void ipa_winsync_config_destroy_domain(void *cbdata, const Slapi_DN *ds_subtree,
 #define IPA_WINSYNC_NEW_USER_ATTRS_VALS "ipaWinSyncUserAttr"
 /* name of attribute holding the name of the attribute which
    has the homeDirectory prefix - suffix is the uid */
-#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinsyncHomeDirAttr"
+#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinSyncHomeDirAttr"
+/* name of attribute holding the name of the attribute which
+   has the loginShell value */
+#define IPA_WINSYNC_LOGIN_SHELL_ATTR "ipaWinSyncLoginShellAttr"
 /* name of attribute holding the name of the attribute which is
    used to get the default posix gidNumber */
 #define IPA_WINSYNC_DEFAULTGROUP_ATTR "ipaWinSyncDefaultGroupAttr"
-- 
cgit