diff options
-rw-r--r-- | src/confdb/confdb.c | 10 | ||||
-rw-r--r-- | src/confdb/confdb.h | 3 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 2 | ||||
-rw-r--r-- | src/man/include/homedir_substring.xml | 18 | ||||
-rw-r--r-- | src/man/include/override_homedir.xml | 7 | ||||
-rw-r--r-- | src/man/po/po4a.cfg | 1 | ||||
-rw-r--r-- | src/man/sssd-ad.5.xml | 1 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 1 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.c | 6 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.h | 1 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 11 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_utils.c | 1 | ||||
-rw-r--r-- | src/util/domain_info_utils.c | 1 | ||||
-rw-r--r-- | src/util/sss_nss.c | 11 | ||||
-rw-r--r-- | src/util/sss_nss.h | 1 |
18 files changed, 77 insertions, 2 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 6f36535fd..15de9616f 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1118,6 +1118,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_NSS_HOMEDIR_SUBSTRING, NULL); + if (tmp != NULL) { + domain->homedir_substr = talloc_strdup(domain, tmp); + if (domain->homedir_substr == NULL) { + ret = ENOMEM; + goto done; + } + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_OVERRIDE_SHELL, NULL); if (tmp != NULL) { domain->override_shell = talloc_strdup(domain, tmp); diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 2cebf2426..ba33ea5d7 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -97,6 +97,8 @@ #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" #define CONFDB_NSS_DEFAULT_SHELL "default_shell" #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout" +#define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring" +#define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home" /* PAM */ #define CONFDB_PAM_CONF_ENTRY "config/pam" @@ -220,6 +222,7 @@ struct sss_domain_info { const char *override_homedir; const char *fallback_homedir; const char *subdomain_homedir; + const char *homedir_substr; const char *override_shell; const char *default_shell; diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index a3c25540d..d4ed06ae8 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -522,6 +522,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'case_sensitive', 'override_homedir', 'fallback_homedir', + 'homedir_substring', 'override_shell', 'default_shell', 'pwd_expiration_warning', @@ -879,6 +880,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'case_sensitive', 'override_homedir', 'fallback_homedir', + 'homedir_substring', 'override_shell', 'default_shell', 'pwd_expiration_warning', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index c7c1232c3..5e5a9284e 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -36,6 +36,7 @@ filter_users_in_groups = bool, None, false pwfield = str, None, false override_homedir = str, None, false fallback_homedir = str, None, false +homedir_substring = str, None, false, /home override_shell = str, None, false allowed_shells = list, str, false vetoed_shells = list, str, false @@ -118,6 +119,7 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false fallback_homedir = str, None, false +homedir_substring = str, None, false override_shell = str, None, false default_shell = str, None, false description = str, None, false diff --git a/src/man/include/homedir_substring.xml b/src/man/include/homedir_substring.xml new file mode 100644 index 000000000..54d9bc94b --- /dev/null +++ b/src/man/include/homedir_substring.xml @@ -0,0 +1,18 @@ +<varlistentry> + <term>homedir_substring (string)</term> + <listitem> + <para> + The value of this option will be used in the expansion of the + <emphasis>override_homedir</emphasis> option if the template + contains the format string <emphasis>%H</emphasis>. An LDAP + directory entry can directly contain this template so that this + option can be used to expand the home directory path for each + client machine (or operating system). It can be set per-domain or + globally in the [nss] section. A value specified in a domain + section will override one set in the [nss] section. + </para> + <para> + Default: /home + </para> + </listitem> +</varlistentry> diff --git a/src/man/include/override_homedir.xml b/src/man/include/override_homedir.xml index 773d0b661..552d7eb9d 100644 --- a/src/man/include/override_homedir.xml +++ b/src/man/include/override_homedir.xml @@ -31,6 +31,13 @@ </para></listitem> </varlistentry> <varlistentry> + <term>%H</term> + <listitem><para> + The value of configure option + <emphasis>homedir_substring</emphasis>. + </para></listitem> + </varlistentry> + <varlistentry> <term>%%</term> <listitem><para>a literal '%'</para> </listitem> diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg index baad09d30..70fa28c88 100644 --- a/src/man/po/po4a.cfg +++ b/src/man/po/po4a.cfg @@ -37,3 +37,4 @@ [type:docbook] include/ldap_search_bases.xml $lang:$(builddir)/$lang/include/ldap_search_bases.xml opt:"-k 0" [type:docbook] include/autofs_restart.xml $lang:$(builddir)/$lang/include/autofs_restart.xml opt:"-k 0" [type:docbook] include/override_homedir.xml $lang:$(builddir)/$lang/include/override_homedir.xml opt:"-k 0" +[type:docbook] include/homedir_substring.xml $lang:$(builddir)/$lang/include/homedir_substring.xml opt:"-k 0" diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 21f735e0a..9070144ce 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -413,6 +413,7 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) </varlistentry> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" /> <varlistentry> <term>krb5_use_enterprise_principal (boolean)</term> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index c542b5256..48fd22070 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -513,6 +513,7 @@ </listitem> </varlistentry> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" /> <varlistentry> <term>fallback_homedir (string)</term> <listitem> diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 82beb3658..ccf4c2317 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -744,6 +744,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) homedir_ctx.uid = attrs->a.user.pw_uid; homedir_ctx.domain = state->dom->name; homedir_ctx.flatname = state->dom->flat_name; + homedir_ctx.config_homedir_substr = state->dom->homedir_substr; homedir = expand_homedir_template(state, state->dom->subdomain_homedir, diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 8657f90fa..1c4c315a7 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -382,6 +382,7 @@ get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, homedir_ctx.uid = uid; homedir_ctx.domain = dom->name; homedir_ctx.flatname = dom->flat_name; + homedir_ctx.config_homedir_substr = dom->homedir_substr; ret = sss_parse_name_const(tmp_ctx, dom->names, fqname, NULL, &name); if (ret != EOK) { diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index e4896a79d..1f762cca8 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -291,6 +291,12 @@ static int nss_get_config(struct nss_ctx *nctx, &nctx->default_shell); if (ret != EOK) goto done; + ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_HOMEDIR_SUBSTRING, + CONFDB_DEFAULT_HOMEDIR_SUBSTRING, + &nctx->homedir_substr); + if (ret != EOK) goto done; + ret = 0; done: return ret; diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h index a36589837..a5b946b7e 100644 --- a/src/responder/nss/nsssrv.h +++ b/src/responder/nss/nsssrv.h @@ -62,6 +62,7 @@ struct nss_ctx { char *override_homedir; char *fallback_homedir; + char *homedir_substr; char **allowed_shells; char *override_shell; char **vetoed_shells; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index b47a1ded5..a168a3e5d 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -190,6 +190,13 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, return NULL; } + /* Check to see which homedir_prefix to use. */ + if (dom->homedir_substr != NULL) { + homedir_ctx->config_homedir_substr = dom->homedir_substr; + } else if (nctx->homedir_substr != NULL) { + homedir_ctx->config_homedir_substr = nctx->homedir_substr; + } + /* Check whether we are unconditionally overriding the server * for home directory locations. */ @@ -214,8 +221,8 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, } } - /* Return the value we got from the provider */ - return talloc_strdup(mem_ctx, homedir); + /* Provider can also return template, try to expand it.*/ + return expand_homedir_template(mem_ctx, homedir, homedir_ctx); } static const char *get_shell_override(TALLOC_CTX *mem_ctx, diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index fe7e88934..7d37cda87 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -446,6 +446,7 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, homedir_ctx.uid = pwd->pw_uid; homedir_ctx.domain = dom->name; homedir_ctx.flatname = dom->flat_name; + homedir_ctx.config_homedir_substr = dom->homedir_substr; pwd->pw_dir = expand_homedir_template(pwd, dom->subdomain_homedir, &homedir_ctx); diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index fc4287076..a0fb7b2ab 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -281,6 +281,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->subdomain_homedir = parent->subdomain_homedir; dom->override_shell = parent->override_shell; dom->default_shell = parent->default_shell; + dom->homedir_substr = parent->homedir_substr; if (parent->sysdb == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n"); diff --git a/src/util/sss_nss.c b/src/util/sss_nss.c index 25a030c3f..8cc1416d7 100644 --- a/src/util/sss_nss.c +++ b/src/util/sss_nss.c @@ -136,6 +136,17 @@ char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, homedir_ctx->flatname); break; + case 'H': + if (homedir_ctx->config_homedir_substr == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot expand home directory substring template " + "substring is empty.\n"); + goto done; + } + result = talloc_asprintf_append(result, "%s%s", p, + homedir_ctx->config_homedir_substr); + break; + case '%': result = talloc_asprintf_append(result, "%s%%", p); break; diff --git a/src/util/sss_nss.h b/src/util/sss_nss.h index 771b9ce58..19bf26589 100644 --- a/src/util/sss_nss.h +++ b/src/util/sss_nss.h @@ -31,6 +31,7 @@ struct sss_nss_homedir_ctx { const char *original; const char *domain; const char *flatname; + const char *config_homedir_substr; }; char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, |