Hello,
Last SSSD meeting it was decided that for the time being user's homedir
set on the AD side will always be overriden by subdomain_homedir.
>
> Please amend the subdomain_homedir documentation to make it clear that
> currently the parameter only works in the IPA-AD scenario.
>
I think there's no need to amend documentation now, so I do not include
the 3rd patch (which did so).
PR
>From 4300f985377bfe16c40faf3f373e1875e5f80433 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <prei...@redhat.com>
Date: Tue, 21 Jan 2014 15:06:37 +0000
Subject: [PATCH 1/3] Revert "NSS: add support for subdomain_homedir"
This reverts commit 1dc7694a1cbc62b0d7e23cc1369579e5ce0071e8.
---
src/responder/nss/nsssrv_cmd.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 6a1e6a06a5e5323c59c2ee1973d207e82b473f93..2e2d7c86adf6d6444652435f888748385c64acf2 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -201,14 +201,6 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
name, uid, homedir, dom->name, NULL);
}
- /* Override home directory location for subdomains.
- * This option can be overriden by override_homedir.
- */
- if (IS_SUBDOMAIN(dom) && dom->subdomain_homedir) {
- return expand_homedir_template(mem_ctx, dom->subdomain_homedir,
- name, uid, homedir, dom->name, NULL);
- }
-
if (!homedir || *homedir == '\0') {
/* In the case of a NULL or empty homedir, check to see if
* we have a fallback homedir to use.
--
1.8.4.2
>From 76ac048c2cb4a1a47f125f83f602be101f248c8d Mon Sep 17 00:00:00 2001
From: Pavel Reichl <prei...@redhat.com>
Date: Wed, 22 Jan 2014 16:47:22 +0000
Subject: [PATCH 2/3] AD: support for subdomain_homedir
Homedir is defaultly set accordingly to subdomain_homedir for users from AD.
Resolves:
https://fedorahosted.org/sssd/ticket/2169
---
src/providers/ipa/ipa_subdomains_id.c | 190 ++++++++++++++++++++++++++++++++++
1 file changed, 190 insertions(+)
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index c29a2a3047af105966b636422105abd15e8a3992..4c70545cb72f7af19764faf00c2ec30769490dbd 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include "util/util.h"
+#include "util/sss_nss.h"
#include "util/strtonum.h"
#include "db/sysdb.h"
#include "providers/ldap/ldap_common.h"
@@ -350,6 +351,185 @@ ipa_get_ad_id_ctx(struct ipa_id_ctx *ipa_ctx,
return (iter) ? iter->ad_id_ctx : NULL;
}
+static errno_t
+get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
+ const char *fqname, uint32_t uid,
+ const char **_homedir)
+{
+ errno_t ret;
+ char *name;
+ const char *homedir;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (tmp_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sss_parse_name(tmp_ctx, dom->names, fqname, NULL, &name);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir, name,
+ uid, NULL, dom->name, dom->flat_name);
+
+ if (homedir == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("expand_homedir_template failed\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (_homedir == NULL) {
+ ret = EINVAL;
+ goto done;
+ }
+ *_homedir = talloc_steal(mem_ctx, homedir);
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+static errno_t
+store_homedir_of_user(struct sss_domain_info *domain,
+ const char *fqname, const char *homedir)
+{
+ errno_t ret;
+ errno_t sret;
+ TALLOC_CTX *tmp_ctx;
+ bool in_transaction = false;
+ struct sysdb_attrs *attrs;
+ struct sysdb_ctx *sysdb = domain->sysdb;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ attrs = sysdb_new_attrs(tmp_ctx);
+ if (attrs == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting homedir: [%s]\n",
+ strerror(ret)));
+ goto done;
+ }
+
+ ret = sysdb_transaction_start(sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
+ goto done;
+ }
+
+ in_transaction = true;
+
+ ret = sysdb_set_user_attr(domain, fqname, attrs, SYSDB_MOD_REP);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to update homedir information!\n"));
+ goto done;
+ }
+
+ ret = sysdb_transaction_commit(sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Cannot commit sysdb transaction [%d]: %s.\n",
+ ret, strerror(ret)));
+ goto done;
+ }
+
+ in_transaction = false;
+
+done:
+ if (in_transaction) {
+ sret = sysdb_transaction_cancel(sysdb);
+ if (sret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction.\n"));
+ }
+ }
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+static errno_t
+apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
+ int filter_type, const char *filter_value)
+{
+ errno_t ret;
+ uint32_t uid;
+ const char *fqname;
+ const char *homedir = NULL;
+ struct ldb_result *res;
+
+ if (filter_type == BE_FILTER_NAME) {
+ ret = sysdb_getpwnam(mem_ctx, dom, filter_value, &res);
+ } else if (filter_type == BE_FILTER_IDNUM) {
+ errno = 0;
+ uid = strtouint32(filter_value, NULL, 10);
+ if (errno != 0) {
+ ret = errno;
+ goto done;
+ }
+ ret = sysdb_getpwuid(mem_ctx, dom, uid, &res);
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Unsupported filter type: [%d].\n", filter_type));
+ ret = EINVAL;
+ goto done;
+ }
+
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to make request to our cache: [%d]: [%s]\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+
+ if (res->count == 0) {
+ ret = ENOENT;
+ goto done;
+ }
+
+ /*
+ * Homedir is always overriden by subdomain_homedir even if it was
+ * explicitly set by user.
+ */
+ fqname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
+ uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);
+ if (uid == 0) {
+ DEBUG(SSSDBG_OP_FAILURE, ("UID for user [%s] is not known.\n",
+ filter_value));
+ ret = ENOENT;
+ goto done;
+ }
+
+ ret = get_subdomain_homedir_of_user(mem_ctx, dom, fqname, uid, &homedir);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("get_subdomain_homedir_of_user failed: [%d]: [%s]\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+
+ ret = store_homedir_of_user(dom, fqname, homedir);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("store_homedir_of_user failed: [%d]: [%s]\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+
+done:
+ return ret;
+}
+
static void
ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)
{
@@ -367,6 +547,16 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)
return;
}
+ ret = apply_subdomain_homedir(state, state->user_dom,
+ state->ar->filter_type,
+ state->ar->filter_value);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("apply_subdomain_homedir failed: [%d]: [%s].\n",
+ ret, sss_strerror(ret)));
+ goto fail;
+ }
+
if ((state->ar->entry_type & BE_REQ_TYPE_MASK) != BE_REQ_INITGROUPS) {
tevent_req_done(req);
return;
--
1.8.4.2
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
