diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-12-02 14:19:09 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-06-03 12:57:18 +0200 |
| commit | 00fb34246a4d1d2cb846a6e2a40d8155ee5a36a1 (patch) | |
| tree | 9d1a6b17d085e187154a4dce0a08b7096f73255c /src | |
| parent | f9b90ac1cb9ea76f369459470097996cbbc7b343 (diff) | |
| download | sssd-00fb34246a4d1d2cb846a6e2a40d8155ee5a36a1.tar.gz sssd-00fb34246a4d1d2cb846a6e2a40d8155ee5a36a1.tar.xz sssd-00fb34246a4d1d2cb846a6e2a40d8155ee5a36a1.zip | |
NSS: Add option to expand homedir template format
LDAP server can contain template for home directory instead of plain string.
This patch adds new expand option "%H", which will be replaced with value
from configuration option homedir_substring (from sssd.conf)
Resolves:
https://fedorahosted.org/sssd/ticket/1853
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/confdb/confdb.c | 10 | ||||
| -rw-r--r-- | src/confdb/confdb.h | 3 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 2 | ||||
| -rw-r--r-- | src/man/include/homedir_substring.xml | 18 | ||||
| -rw-r--r-- | src/man/include/override_homedir.xml | 7 | ||||
| -rw-r--r-- | src/man/po/po4a.cfg | 1 | ||||
| -rw-r--r-- | src/man/sssd-ad.5.xml | 1 | ||||
| -rw-r--r-- | src/man/sssd.conf.5.xml | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 1 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.c | 6 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.h | 1 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 11 | ||||
| -rw-r--r-- | src/responder/pac/pacsrv_utils.c | 1 | ||||
| -rw-r--r-- | src/util/domain_info_utils.c | 1 | ||||
| -rw-r--r-- | src/util/sss_nss.c | 11 | ||||
| -rw-r--r-- | src/util/sss_nss.h | 1 |
18 files changed, 77 insertions, 2 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index c93c6659e..19d888477 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1114,6 +1114,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_NSS_HOMEDIR_SUBSTRING, NULL); + if (tmp != NULL) { + domain->homedir_substr = talloc_strdup(domain, tmp); + if (domain->homedir_substr == NULL) { + ret = ENOMEM; + goto done; + } + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_OVERRIDE_SHELL, NULL); if (tmp != NULL) { domain->override_shell = talloc_strdup(domain, tmp); diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 75f272eee..465b41db0 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -96,6 +96,8 @@ #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" #define CONFDB_NSS_DEFAULT_SHELL "default_shell" #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout" +#define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring" +#define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home" /* PAM */ #define CONFDB_PAM_CONF_ENTRY "config/pam" @@ -220,6 +222,7 @@ struct sss_domain_info { const char *override_homedir; const char *fallback_homedir; const char *subdomain_homedir; + const char *homedir_substr; const char *override_shell; const char *default_shell; diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 98b2fee63..a539b805f 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -521,6 +521,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'case_sensitive', 'override_homedir', 'fallback_homedir', + 'homedir_substring', 'override_shell', 'default_shell', 'pwd_expiration_warning', @@ -877,6 +878,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'case_sensitive', 'override_homedir', 'fallback_homedir', + 'homedir_substring', 'override_shell', 'default_shell', 'pwd_expiration_warning', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index ed65d2d78..9805dddfe 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -36,6 +36,7 @@ filter_users_in_groups = bool, None, false pwfield = str, None, false override_homedir = str, None, false fallback_homedir = str, None, false +homedir_substring = str, None, false, /home override_shell = str, None, false allowed_shells = list, str, false vetoed_shells = list, str, false @@ -112,6 +113,7 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false fallback_homedir = str, None, false +homedir_substring = str, None, false override_shell = str, None, false default_shell = str, None, false description = str, None, false diff --git a/src/man/include/homedir_substring.xml b/src/man/include/homedir_substring.xml new file mode 100644 index 000000000..54d9bc94b --- /dev/null +++ b/src/man/include/homedir_substring.xml @@ -0,0 +1,18 @@ +<varlistentry> + <term>homedir_substring (string)</term> + <listitem> + <para> + The value of this option will be used in the expansion of the + <emphasis>override_homedir</emphasis> option if the template + contains the format string <emphasis>%H</emphasis>. An LDAP + directory entry can directly contain this template so that this + option can be used to expand the home directory path for each + client machine (or operating system). It can be set per-domain or + globally in the [nss] section. A value specified in a domain + section will override one set in the [nss] section. + </para> + <para> + Default: /home + </para> + </listitem> +</varlistentry> diff --git a/src/man/include/override_homedir.xml b/src/man/include/override_homedir.xml index 773d0b661..552d7eb9d 100644 --- a/src/man/include/override_homedir.xml +++ b/src/man/include/override_homedir.xml @@ -31,6 +31,13 @@ </para></listitem> </varlistentry> <varlistentry> + <term>%H</term> + <listitem><para> + The value of configure option + <emphasis>homedir_substring</emphasis>. + </para></listitem> + </varlistentry> + <varlistentry> <term>%%</term> <listitem><para>a literal '%'</para> </listitem> diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg index 7939eac75..88f997bae 100644 --- a/src/man/po/po4a.cfg +++ b/src/man/po/po4a.cfg @@ -37,3 +37,4 @@ [type:docbook] include/ldap_search_bases_experimental.xml $lang:$(builddir)/$lang/include/ldap_search_bases_experimental.xml opt:"-k 0" [type:docbook] include/autofs_restart.xml $lang:$(builddir)/$lang/include/autofs_restart.xml opt:"-k 0" [type:docbook] include/override_homedir.xml $lang:$(builddir)/$lang/include/override_homedir.xml opt:"-k 0" +[type:docbook] include/homedir_substring.xml $lang:$(builddir)/$lang/include/homedir_substring.xml opt:"-k 0" diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 0554317f5..4dd657716 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -349,6 +349,7 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) </varlistentry> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" /> <varlistentry> <term>krb5_use_enterprise_principal (boolean)</term> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 854b55019..1a7eb4196 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -475,6 +475,7 @@ </listitem> </varlistentry> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" /> <varlistentry> <term>fallback_homedir (string)</term> <listitem> diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 6bb3384b1..c86cf84a9 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -743,6 +743,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) homedir_ctx.uid = attrs->a.user.pw_uid; homedir_ctx.domain = state->dom->name; homedir_ctx.flatname = state->dom->flat_name; + homedir_ctx.config_homedir_substr = state->dom->homedir_substr; homedir = expand_homedir_template(state, state->dom->subdomain_homedir, diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 96891b348..c5fe14634 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -382,6 +382,7 @@ get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, homedir_ctx.uid = uid; homedir_ctx.domain = dom->name; homedir_ctx.flatname = dom->flat_name; + homedir_ctx.config_homedir_substr = dom->homedir_substr; ret = sss_parse_name_const(tmp_ctx, dom->names, fqname, NULL, &name); if (ret != EOK) { diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index c6e7cb402..d74558b62 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -291,6 +291,12 @@ static int nss_get_config(struct nss_ctx *nctx, &nctx->default_shell); if (ret != EOK) goto done; + ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_HOMEDIR_SUBSTRING, + CONFDB_DEFAULT_HOMEDIR_SUBSTRING, + &nctx->homedir_substr); + if (ret != EOK) goto done; + ret = 0; done: return ret; diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h index b279f8a76..0f0a75a8f 100644 --- a/src/responder/nss/nsssrv.h +++ b/src/responder/nss/nsssrv.h @@ -60,6 +60,7 @@ struct nss_ctx { char *override_homedir; char *fallback_homedir; + char *homedir_substr; char **allowed_shells; char *override_shell; char **vetoed_shells; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 6022d0aaf..26f61a64b 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -190,6 +190,13 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, return NULL; } + /* Check to see which homedir_prefix to use. */ + if (dom->homedir_substr != NULL) { + homedir_ctx->config_homedir_substr = dom->homedir_substr; + } else if (nctx->homedir_substr != NULL) { + homedir_ctx->config_homedir_substr = nctx->homedir_substr; + } + /* Check whether we are unconditionally overriding the server * for home directory locations. */ @@ -214,8 +221,8 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, } } - /* Return the value we got from the provider */ - return talloc_strdup(mem_ctx, homedir); + /* Provider can also return template, try to expand it.*/ + return expand_homedir_template(mem_ctx, homedir, homedir_ctx); } static const char *get_shell_override(TALLOC_CTX *mem_ctx, diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index ee72664c2..52f8ec1a6 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -448,6 +448,7 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, homedir_ctx.uid = pwd->pw_uid; homedir_ctx.domain = dom->name; homedir_ctx.flatname = dom->flat_name; + homedir_ctx.config_homedir_substr = dom->homedir_substr; pwd->pw_dir = expand_homedir_template(pwd, dom->subdomain_homedir, &homedir_ctx); diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index bd45a11cd..033297a92 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -277,6 +277,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->subdomain_homedir = parent->subdomain_homedir; dom->override_shell = parent->override_shell; dom->default_shell = parent->default_shell; + dom->homedir_substr = parent->homedir_substr; if (parent->sysdb == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n"); diff --git a/src/util/sss_nss.c b/src/util/sss_nss.c index 25a030c3f..8cc1416d7 100644 --- a/src/util/sss_nss.c +++ b/src/util/sss_nss.c @@ -136,6 +136,17 @@ char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, homedir_ctx->flatname); break; + case 'H': + if (homedir_ctx->config_homedir_substr == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand home directory substring template " + "substring is empty.\n"); + goto done; + } + result = talloc_asprintf_append(result, "%s%s", p, + homedir_ctx->config_homedir_substr); + break; + case '%': result = talloc_asprintf_append(result, "%s%%", p); break; diff --git a/src/util/sss_nss.h b/src/util/sss_nss.h index 771b9ce58..19bf26589 100644 --- a/src/util/sss_nss.h +++ b/src/util/sss_nss.h @@ -31,6 +31,7 @@ struct sss_nss_homedir_ctx { const char *original; const char *domain; const char *flatname; + const char *config_homedir_substr; }; char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, |