Fixes #266

I haven't been able to test this as the Windows machine we have
available decided to not behave today.
I may try again next week assuming I have time.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From c8044a8ba346c0b0e5858e327a8b6e949bea6dd1 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Fri, 18 Feb 2011 10:54:31 -0500
Subject: [PATCH] Set the loginShell attribute on winsynced entries if configured

Fixes: https://fedorahosted.org/freeipa/ticket/266
---
 .../ipa-winsync/ipa-winsync-conf.ldif              |    1 +
 .../ipa-winsync/ipa-winsync-config.c               |   53 ++++++++++++++++++++
 .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c    |    6 ++
 .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.h    |    7 ++-
 4 files changed, 66 insertions(+), 1 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
index 5b5c56acb311569ab76b37da8c9094d6cedf6fa8..e1e397f9054c6bef2ee295c314195a5249a6560e 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
@@ -19,6 +19,7 @@ ipaWinSyncNewEntryFilter: (cn=ipaConfig)
 ipaWinSyncNewUserOCAttr: ipauserobjectclasses
 ipaWinSyncUserFlatten: true
 ipaWinsyncHomeDirAttr: ipaHomesRootDir
+ipaWinsyncLoginShellAttr: ipaDefaultLoginShell
 ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
 ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
 ipaWinSyncAcctDisable: both
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
index a61cabb142a5e90f404fc563720bbdfa3f17ccfc..b089d3d1486e7d5420b204a8de3eb2118cf05af9 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
@@ -238,6 +238,15 @@ ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_E
         goto done2;
     }
 
+    /* get login_shell_attr */
+    if (slapi_entry_attr_find(e, IPA_WINSYNC_LOGIN_SHELL_ATTR,
+                              &testattr) ||
+        (NULL == testattr)) {
+        PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+                    "Warning: no value given for %s",
+                    IPA_WINSYNC_LOGIN_SHELL_ATTR);
+    }
+
     /* get default_group_attr */
     if (slapi_entry_attr_find(e, IPA_WINSYNC_DEFAULTGROUP_ATTR,
                               &testattr) ||
@@ -372,6 +381,7 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
     char *new_entry_filter = NULL;
     char *new_user_oc_attr = NULL; /* don't care about groups for now */
     char *homedir_prefix_attr = NULL;
+    char *login_shell_attr = NULL;
     char *default_group_attr = NULL;
     char *default_group_filter = NULL;
     char *acct_disable = NULL;
@@ -436,6 +446,15 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
         goto done3;
     }
 
+    /* get login_shell_attr */
+    login_shell_attr = slapi_entry_attr_get_charptr(e,
+                                                IPA_WINSYNC_LOGIN_SHELL_ATTR);
+    if (!login_shell_attr) {
+        PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+                    "Warning: no value given for %s",
+                    IPA_WINSYNC_LOGIN_SHELL_ATTR);
+    }
+
     /* get default_group_attr */
     if (!(default_group_attr = slapi_entry_attr_get_charptr(
               e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) {
@@ -567,6 +586,11 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
     slapi_ch_free_string(&theConfig.homedir_prefix_attr);
     theConfig.homedir_prefix_attr = homedir_prefix_attr;
     homedir_prefix_attr = NULL;
+    if (login_shell_attr) {
+        slapi_ch_free_string(&theConfig.login_shell_attr);
+        theConfig.login_shell_attr = login_shell_attr;
+        login_shell_attr = NULL;
+    }
     slapi_ch_free_string(&theConfig.default_group_attr);
     theConfig.default_group_attr = default_group_attr;
     default_group_attr = NULL;
@@ -594,6 +618,7 @@ done3:
     slapi_ch_free_string(&new_entry_filter);
     slapi_ch_free_string(&new_user_oc_attr);
     slapi_ch_free_string(&homedir_prefix_attr);
+    slapi_ch_free_string(&login_shell_attr);
     slapi_ch_free_string(&default_group_attr);
     slapi_ch_free_string(&default_group_filter);
     slapi_ch_array_free(attrsvals);
@@ -636,6 +661,7 @@ ipa_winsync_config_destroy_domain(
     iwdc->domain_e = NULL;
     slapi_ch_free_string(&iwdc->realm_name);
     slapi_ch_free_string(&iwdc->homedir_prefix);
+    slapi_ch_free_string(&iwdc->login_shell);
     slapi_ch_free_string(&iwdc->inactivated_group_dn);
     slapi_ch_free_string(&iwdc->activated_group_dn);
     slapi_ch_free((void **)&iwdc);
@@ -752,6 +778,7 @@ ipa_winsync_config_refresh_domain(
     char *new_entry_filter = NULL;
     char *new_user_oc_attr = NULL; /* don't care about groups for now */
     char *homedir_prefix_attr = NULL;
+    char *login_shell_attr = NULL;
     char *default_group_attr = NULL;
     char *default_group_filter = NULL;
     char *default_group_name = NULL;
@@ -774,6 +801,9 @@ ipa_winsync_config_refresh_domain(
     new_entry_filter = slapi_ch_strdup(theConfig.new_entry_filter);
     new_user_oc_attr = slapi_ch_strdup(theConfig.new_user_oc_attr);
     homedir_prefix_attr = slapi_ch_strdup(theConfig.homedir_prefix_attr);
+    if (theConfig.login_shell_attr) {
+        login_shell_attr = slapi_ch_strdup(theConfig.login_shell_attr);
+    }
     default_group_attr = slapi_ch_strdup(theConfig.default_group_attr);
     default_group_filter = slapi_ch_strdup(theConfig.default_group_filter);
     acct_disable = theConfig.acct_disable;
@@ -840,6 +870,27 @@ ipa_winsync_config_refresh_domain(
         goto out;
     }
 
+    /* get the login shell value */
+    /* note - this is in the same entry as the new entry template, so
+       use the same filter */
+    slapi_ch_free_string(&iwdc->login_shell);
+    if (login_shell_attr) {
+        ret = internal_find_entry_get_attr_val(config_dn, search_scope,
+                                               new_entry_filter,
+                                               login_shell_attr,
+                                               NULL, &iwdc->login_shell);
+        if (!iwdc->login_shell) {
+            LOG("Warning: could not find the entry containing the login shell "
+                "attribute for ds subtree [%s] filter [%s] attr [%s]\n",
+                slapi_sdn_get_dn(ds_subtree), new_entry_filter,
+                login_shell_attr);
+        }
+    }
+    if (!iwdc->login_shell) {
+        /* could not find the login shell or was not configured */
+        LOG("Warning: no login shell configured!");
+    }
+
     /* find the default group - the entry above contains the group name, but
        we need the gidNumber for posixAccount - so first find the entry
        and attr value which has the group name, then lookup the group
@@ -939,6 +990,7 @@ out:
     slapi_ch_free_string(&new_entry_filter);
     slapi_ch_free_string(&new_user_oc_attr);
     slapi_ch_free_string(&homedir_prefix_attr);
+    slapi_ch_free_string(&login_shell_attr);
     slapi_ch_free_string(&default_group_attr);
     slapi_ch_free_string(&default_group_filter);
     slapi_ch_free_string(&default_group_name);
@@ -952,6 +1004,7 @@ out:
     if (LDAP_SUCCESS != ret) {
         slapi_ch_free_string(&iwdc->realm_name);
         slapi_ch_free_string(&iwdc->homedir_prefix);
+        slapi_ch_free_string(&iwdc->login_shell);
         slapi_entry_free(iwdc->domain_e);
         iwdc->domain_e = NULL;
     }
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index 3816ff567ad293783f02a3e66cddafcf348307c0..2c0f4d1d2438420a95950cb72bded9288e3abf79 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -350,6 +350,12 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
         }
     }
 
+    /* add a loginShell if we have a default */
+    if (ipaconfig->login_shell) {
+        slapi_entry_attr_set_charptr(ds_entry, "loginShell",
+                                     ipaconfig->login_shell);
+    }
+
     sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS,
                       ds_entry, NULL, NULL);
     LOG("<-- ipa_winsync_pre_ds_add_user_cb -- end\n");
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
index eb2a14b7092c69fcda81ce7946af10bc57da9d9d..8f79dc64e6f565f871fac8682360c406700662d7 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
@@ -68,6 +68,7 @@ typedef struct ipa_winsync_config_struct {
     char *new_entry_filter;
     char *new_user_oc_attr; /* don't care about groups for now */
     char *homedir_prefix_attr;
+    char *login_shell_attr;
     char *default_group_attr;
     char *default_group_filter;
     int acct_disable; /* see below for possible values */
@@ -84,6 +85,7 @@ typedef struct ipa_winsync_domain_config {
     Slapi_Entry *domain_e; /* info is stored in this entry */
     char *realm_name; /* realm name */
     char *homedir_prefix;
+    char *login_shell;
     char *inactivated_group_dn; /* DN of inactivated group */
     char *activated_group_dn; /* DN of activated group */
 } IPA_WinSync_Domain_Config;
@@ -124,7 +126,10 @@ void ipa_winsync_config_destroy_domain(void *cbdata, const Slapi_DN *ds_subtree,
 #define IPA_WINSYNC_NEW_USER_ATTRS_VALS "ipaWinSyncUserAttr"
 /* name of attribute holding the name of the attribute which
    has the homeDirectory prefix - suffix is the uid */
-#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinsyncHomeDirAttr"
+#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinSyncHomeDirAttr"
+/* name of attribute holding the name of the attribute which
+   has the loginShell value */
+#define IPA_WINSYNC_LOGIN_SHELL_ATTR "ipaWinSyncLoginShellAttr"
 /* name of attribute holding the name of the attribute which is
    used to get the default posix gidNumber */
 #define IPA_WINSYNC_DEFAULTGROUP_ATTR "ipaWinSyncDefaultGroupAttr"
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to