> Can you also provide a version that compiles on > sssd-1-11 ? The sysdb API already diverged..
Sure.
>From 14ff434a4c0d0a707a8295e7b6f8edc829db8f3e Mon Sep 17 00:00:00 2001 From: Pavel Reichl <[email protected]> Date: Tue, 21 Jan 2014 15:06:37 +0000 Subject: [PATCH 1/4] Revert "NSS: add support for subdomain_homedir" This reverts commit 1dc7694a1cbc62b0d7e23cc1369579e5ce0071e8. --- src/responder/nss/nsssrv_cmd.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 9ac3680de4d6ff12fe0c77a3963f84934e385276..c59078b545842561a7e5f62e9a99da6057b23660 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -201,14 +201,6 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, name, uid, homedir, dom->name, NULL); } - /* Override home directory location for subdomains. - * This option can be overriden by override_homedir. - */ - if (IS_SUBDOMAIN(dom) && dom->subdomain_homedir) { - return expand_homedir_template(mem_ctx, dom->subdomain_homedir, - name, uid, homedir, dom->name, NULL); - } - if (!homedir || *homedir == '\0') { /* In the case of a NULL or empty homedir, check to see if * we have a fallback homedir to use. -- 1.8.4.2
>From 3be4e3e1ad499e3b2a2a79249b8bfd85e3fdbdb5 Mon Sep 17 00:00:00 2001 From: Pavel Reichl <[email protected]> Date: Wed, 22 Jan 2014 16:47:22 +0000 Subject: [PATCH 2/4] AD: support for subdomain_homedir Homedir is defaultly set accordingly to subdomain_homedir for users from AD. Resolves: https://fedorahosted.org/sssd/ticket/2169 --- src/providers/ipa/ipa_subdomains_id.c | 190 ++++++++++++++++++++++++++++++++++ 1 file changed, 190 insertions(+) diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index c29a2a3047af105966b636422105abd15e8a3992..fb1ad896885866dd9c34f9db960e09d92763f86d 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -25,6 +25,7 @@ #include <errno.h> #include "util/util.h" +#include "util/sss_nss.h" #include "util/strtonum.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" @@ -350,6 +351,185 @@ ipa_get_ad_id_ctx(struct ipa_id_ctx *ipa_ctx, return (iter) ? iter->ad_id_ctx : NULL; } +static errno_t +get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, + const char *fqname, uint32_t uid, + const char **_homedir) +{ + errno_t ret; + char *name; + const char *homedir; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sss_parse_name(tmp_ctx, dom->names, fqname, NULL, &name); + if (ret != EOK) { + goto done; + } + + homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir, name, + uid, NULL, dom->name, dom->flat_name); + + if (homedir == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("expand_homedir_template failed\n")); + ret = ENOMEM; + goto done; + } + + if (_homedir == NULL) { + ret = EINVAL; + goto done; + } + *_homedir = talloc_steal(mem_ctx, homedir); + +done: + talloc_free(tmp_ctx); + return ret; +} + +static errno_t +store_homedir_of_user(struct sss_domain_info *domain, + const char *fqname, const char *homedir) +{ + errno_t ret; + errno_t sret; + TALLOC_CTX *tmp_ctx; + bool in_transaction = false; + struct sysdb_attrs *attrs; + struct sysdb_ctx *sysdb = domain->sysdb; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + attrs = sysdb_new_attrs(tmp_ctx); + if (attrs == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting homedir: [%s]\n", + strerror(ret))); + goto done; + } + + ret = sysdb_transaction_start(sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); + goto done; + } + + in_transaction = true; + + ret = sysdb_set_user_attr(sysdb, domain, fqname, attrs, SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to update homedir information!\n")); + goto done; + } + + ret = sysdb_transaction_commit(sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot commit sysdb transaction [%d]: %s.\n", + ret, strerror(ret))); + goto done; + } + + in_transaction = false; + +done: + if (in_transaction) { + sret = sysdb_transaction_cancel(sysdb); + if (sret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction.\n")); + } + } + talloc_free(tmp_ctx); + return ret; +} + +static errno_t +apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, + int filter_type, const char *filter_value) +{ + errno_t ret; + uint32_t uid; + const char *fqname; + const char *homedir = NULL; + struct ldb_result *res; + + if (filter_type == BE_FILTER_NAME) { + ret = sysdb_getpwnam(mem_ctx, dom->sysdb, dom, filter_value, &res); + } else if (filter_type == BE_FILTER_IDNUM) { + errno = 0; + uid = strtouint32(filter_value, NULL, 10); + if (errno != 0) { + ret = errno; + goto done; + } + ret = sysdb_getpwuid(mem_ctx, dom->sysdb, dom, uid, &res); + } else { + DEBUG(SSSDBG_OP_FAILURE, + ("Unsupported filter type: [%d].\n", filter_type)); + ret = EINVAL; + goto done; + } + + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to make request to our cache: [%d]: [%s]\n", + ret, sss_strerror(ret))); + goto done; + } + + if (res->count == 0) { + ret = ENOENT; + goto done; + } + + /* + * Homedir is always overriden by subdomain_homedir even if it was + * explicitly set by user. + */ + fqname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); + uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); + if (uid == 0) { + DEBUG(SSSDBG_OP_FAILURE, ("UID for user [%s] is not known.\n", + filter_value)); + ret = ENOENT; + goto done; + } + + ret = get_subdomain_homedir_of_user(mem_ctx, dom, fqname, uid, &homedir); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("get_subdomain_homedir_of_user failed: [%d]: [%s]\n", + ret, sss_strerror(ret))); + goto done; + } + + ret = store_homedir_of_user(dom, fqname, homedir); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("store_homedir_of_user failed: [%d]: [%s]\n", + ret, sss_strerror(ret))); + goto done; + } + +done: + return ret; +} + static void ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq) { @@ -367,6 +547,16 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq) return; } + ret = apply_subdomain_homedir(state, state->user_dom, + state->ar->filter_type, + state->ar->filter_value); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("apply_subdomain_homedir failed: [%d]: [%s].\n", + ret, sss_strerror(ret))); + goto fail; + } + if ((state->ar->entry_type & BE_REQ_TYPE_MASK) != BE_REQ_INITGROUPS) { tevent_req_done(req); return; -- 1.8.4.2
>From 047ebef221060acadc534dee75a6d0bec4ae44f8 Mon Sep 17 00:00:00 2001 From: Pavel Reichl <[email protected]> Date: Wed, 29 Jan 2014 16:55:30 +0000 Subject: [PATCH 3/4] MAN: update of subdomain_homedir usage Resolves: https://fedorahosted.org/sssd/ticket/2169 --- src/man/sssd.conf.5.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 84770f6b28876278a0ddd6d8a8a8f9a8e0d3146f..5d861c73cfeb41920619d95e5c1e5c1975dcc45b 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1771,7 +1771,8 @@ fallback_homedir = /home/%u <listitem> <para> Use this homedir as default value for all subdomains - within this domain. See <emphasis>override_homedir</emphasis> + within this domain in IPA AD trust. + See <emphasis>override_homedir</emphasis> for info about possible values. In addition to those, the expansion below can only be used with <emphasis>subdomain_homedir</emphasis>. -- 1.8.4.2
>From 216c4a242893127fd47872819a0ad9dbb74739cd Mon Sep 17 00:00:00 2001 From: Pavel Reichl <[email protected]> Date: Sun, 26 Jan 2014 12:39:43 +0000 Subject: [PATCH 4/4] utils: handling NULL params in sss_parse_name --- src/util/usertools.c | 50 +++++++++++++++++++++++++++----------------------- src/util/util.h | 2 +- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/src/util/usertools.c b/src/util/usertools.c index 9edae41e0f216f9f0d1660e473f3aa1bf7160b06..fab0a261e82b8c4d8071ced1dac99b8e3b987b00 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -322,7 +322,7 @@ done: int sss_parse_name(TALLOC_CTX *memctx, struct sss_names_ctx *snctx, - const char *orig, char **domain, char **name) + const char *orig, char **_domain, char **_name) { pcre *re = snctx->re; const char *result; @@ -346,31 +346,35 @@ int sss_parse_name(TALLOC_CTX *memctx, strnum = ret; - result = NULL; - ret = pcre_get_named_substring(re, orig, ovec, strnum, "name", &result); - if (ret < 0 || !result) { - DEBUG(2, ("Name not found!\n")); - return EINVAL; + if (_name != NULL) { + result = NULL; + ret = pcre_get_named_substring(re, orig, ovec, strnum, "name", &result); + if (ret < 0 || !result) { + DEBUG(2, ("Name not found!\n")); + return EINVAL; + } + *_name = talloc_strdup(memctx, result); + pcre_free_substring(result); + if (!*_name) return ENOMEM; } - *name = talloc_strdup(memctx, result); - pcre_free_substring(result); - if (!*name) return ENOMEM; - - result = NULL; - ret = pcre_get_named_substring(re, orig, ovec, strnum, "domain", &result); - if (ret < 0 || !result) { - DEBUG(4, ("Domain not provided!\n")); - *domain = NULL; - } else { - /* ignore "" string */ - if (*result) { - *domain = talloc_strdup(memctx, result); - pcre_free_substring(result); - if (!*domain) return ENOMEM; + if (_domain != NULL) { + result = NULL; + ret = pcre_get_named_substring(re, orig, ovec, strnum, "domain", + &result); + if (ret < 0 || !result) { + DEBUG(4, ("Domain not provided!\n")); + *_domain = NULL; } else { - pcre_free_substring(result); - *domain = NULL; + /* ignore "" string */ + if (*result) { + *_domain = talloc_strdup(memctx, result); + pcre_free_substring(result); + if (!*_domain) return ENOMEM; + } else { + pcre_free_substring(result); + *_domain = NULL; + } } } diff --git a/src/util/util.h b/src/util/util.h index 3334476ab83a137d957765fe2c9afba4ad0d014c..7b185bcb4287a4afc5bf67b40164cf69b9beeb19 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -349,7 +349,7 @@ int sss_names_init(TALLOC_CTX *mem_ctx, int sss_parse_name(TALLOC_CTX *memctx, struct sss_names_ctx *snctx, - const char *orig, char **domain, char **name); + const char *orig, char **_domain, char **_name); char * sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, -- 1.8.4.2
_______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
