From f6dbb235373b122ae15643ef5dbbe821ee1307d9 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 9 May 2012 11:07:31 -0400 Subject: NSS: Add fallback_homedir option This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250 --- src/confdb/confdb.c | 20 ++++++++++++++++---- src/confdb/confdb.h | 2 ++ src/config/SSSDConfig.py | 1 + src/config/SSSDConfigTest.py | 2 ++ src/config/etc/sssd.api.conf | 2 ++ src/man/sssd.conf.5.xml | 18 ++++++++++++++++++ src/responder/nss/nsssrv.c | 5 +++++ src/responder/nss/nsssrv.h | 1 + src/responder/nss/nsssrv_cmd.c | 23 +++++++++++++++++++++-- 9 files changed, 68 insertions(+), 6 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 427101e9b..1c5e40cd1 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -949,10 +949,22 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_OVERRIDE_HOMEDIR, NULL); - domain->override_homedir = talloc_strdup(domain, tmp); - if (!domain->name) { - ret = ENOMEM; - goto done; + if (tmp != NULL) { + domain->override_homedir = talloc_strdup(domain, tmp); + if (!domain->override_homedir) { + ret = ENOMEM; + goto done; + } + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_NSS_FALLBACK_HOMEDIR, NULL); + if (tmp != NULL) { + domain->fallback_homedir = talloc_strdup(domain, tmp); + if (!domain->fallback_homedir) { + ret = ENOMEM; + goto done; + } } tmp = ldb_msg_find_attr_as_string(res->msgs[0], diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 5ec9f721c..c816d5334 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -81,6 +81,7 @@ #define CONFDB_NSS_FILTER_GROUPS "filter_groups" #define CONFDB_NSS_PWFIELD "pwfield" #define CONFDB_NSS_OVERRIDE_HOMEDIR "override_homedir" +#define CONFDB_NSS_FALLBACK_HOMEDIR "fallback_homedir" #define CONFDB_NSS_VETOED_SHELL "vetoed_shells" #define CONFDB_NSS_ALLOWED_SHELL "allowed_shells" #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" @@ -192,6 +193,7 @@ struct sss_domain_info { gid_t override_gid; const char *override_homedir; + const char *fallback_homedir; const char *subdomain_homedir; uint32_t user_timeout; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index aa35f9c6c..894837d40 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -63,6 +63,7 @@ option_strings = { 'filter_users_in_groups' : _('Should filtered users appear in groups'), 'pwfield' : _('The value of the password field the NSS provider should return'), 'override_homedir' : _('Override homedir value from the identity provider with this value'), + 'fallback_homedir' : _('Substitute empty homedir value from the identity provider with this value'), 'allowed_shells' : _('The list of shells users are allowed to log in with'), 'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'), 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index df4826664..1e1fe98e6 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -493,6 +493,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'override_gid', 'case_sensitive', 'override_homedir', + 'fallback_homedir', 'pwd_expiration_warning', 'id_provider', 'auth_provider', @@ -822,6 +823,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'override_gid', 'case_sensitive', 'override_homedir', + 'fallback_homedir', 'pwd_expiration_warning', 'id_provider', 'auth_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index a5fdbffb6..ca946dab0 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -32,6 +32,7 @@ filter_groups = list, str, false filter_users_in_groups = bool, None, false pwfield = str, None, false override_homedir = str, None, false +fallback_homedir = str, None, false allowed_shells = list, str, false vetoed_shells = list, str, false shell_fallback = str, None, false @@ -97,6 +98,7 @@ dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false +fallback_homedir = str, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 457639fc6..24c6a74a5 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -446,6 +446,24 @@ + + fallback_homedir (string) + + + Set a default template for a user's home directory + if one is not specified explicitly by the domain's + data provider. + + + The available values for this option are the same + as for override_homedir. + + + Default: not set (no substitution for unset home + directories) + + + allowed_shells (string) diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 1a0dcf439..c8ee444a8 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -178,6 +178,11 @@ static int nss_get_config(struct nss_ctx *nctx, &nctx->override_homedir); if (ret != EOK) goto done; + ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_FALLBACK_HOMEDIR, NULL, + &nctx->fallback_homedir); + if (ret != EOK) goto done; + ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ALLOWED_SHELL, &nctx->allowed_shells); diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h index 2871c2bf8..5b5ae50b9 100644 --- a/src/responder/nss/nsssrv.h +++ b/src/responder/nss/nsssrv.h @@ -61,6 +61,7 @@ struct nss_ctx { char *pwfield; char *override_homedir; + char *fallback_homedir; char **allowed_shells; char **vetoed_shells; char **etc_shells; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 508db5569..d448fa859 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -122,6 +122,11 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, const char *name, uint32_t uid) { + const char *homedir; + + /* Check whether we are unconditionally overriding the server + * for home directory locations. + */ if (dom->override_homedir) { return expand_homedir_template(mem_ctx, dom->override_homedir, name, uid, dom->name); @@ -130,8 +135,22 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, name, uid, dom->name); } - return talloc_strdup(mem_ctx, - ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL)); + homedir = ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL); + if (!homedir || *homedir == '\0') { + /* In the case of a NULL or empty homedir, check to see if + * we have a fallback homedir to use. + */ + if (dom->fallback_homedir) { + return expand_homedir_template(mem_ctx, dom->fallback_homedir, + name, uid, dom->name); + } else if (nctx->fallback_homedir) { + return expand_homedir_template(mem_ctx, nctx->fallback_homedir, + name, uid, dom->name); + } + } + + /* Return the value we got from the provider */ + return talloc_strdup(mem_ctx, homedir); } static const char *get_shell_override(TALLOC_CTX *mem_ctx, -- cgit