On (22/05/14 17:08), Pavel Reichl wrote:
>Sorry Lukas, but the patches do not apply to master.
>
rebased patches are attached.
LS
>From 39b216012c4bc8d17bb15802c240cc02ec8c06d9 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Fri, 28 Feb 2014 23:42:19 +0100
Subject: [PATCH 1/3] UTIL: Add function sss_parse_name_const
Variable with type 'const char *' can be used as output argument in function
sss_parse_name, but there will be warning.
warning: passing 'const char **' to parameter of type 'char **'
discards qualifiers in nested pointer types
[-Wincompatible-pointer-types-discards-qualifiers]
---
src/util/usertools.c | 22 ++++++++++++++++++++++
src/util/util.h | 4 ++++
2 files changed, 26 insertions(+)
diff --git a/src/util/usertools.c b/src/util/usertools.c
index
ea2123061d36bada99bfca71b18b11efd2e343e0..c69e7298434970717396e0c735d71e015206f821
100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -366,6 +366,28 @@ int sss_parse_name(TALLOC_CTX *memctx,
return EOK;
}
+int sss_parse_name_const(TALLOC_CTX *memctx,
+ struct sss_names_ctx *snctx, const char *orig,
+ const char **_domain, const char **_name)
+{
+ char *domain;
+ char *name;
+ int ret;
+
+ ret = sss_parse_name(memctx, snctx, orig,
+ (_domain == NULL) ? NULL : &domain,
+ (_name == NULL) ? NULL : &name);
+ if (_domain != NULL) {
+ *_domain = domain;
+ }
+
+ if (_name != NULL) {
+ *_name = name;
+ }
+
+ return ret;
+}
+
static struct sss_domain_info * match_any_domain_or_subdomain_name(
struct sss_domain_info *dom,
const char *dmatch)
diff --git a/src/util/util.h b/src/util/util.h
index
54c6c6c78b87398da66e276d67a04f4558cec790..f08690b63d91f8253505e16c41c101026f2fb950
100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -279,6 +279,10 @@ int sss_parse_name(TALLOC_CTX *memctx,
struct sss_names_ctx *snctx,
const char *orig, char **_domain, char **_name);
+int sss_parse_name_const(TALLOC_CTX *memctx,
+ struct sss_names_ctx *snctx, const char *orig,
+ const char **_domain, const char **_name);
+
int sss_parse_name_for_domains(TALLOC_CTX *memctx,
struct sss_domain_info *domains,
const char *default_domain,
--
1.9.0
>From fba24e40eca2d53ecbb18a1dcfe6b2d03a036c21 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Mon, 2 Dec 2013 13:03:33 +0100
Subject: [PATCH 2/3] NSS: Refactor expand_homedir_template
Function expand_homedir_template had lot of parameters.
After adding new expand option, all function call should be rewritten,
(usually argument NULL will be added)
This patch wraps all necessary arguments to structure.
---
src/providers/ipa/ipa_s2n_exop.c | 17 ++++++++++----
src/providers/ipa/ipa_subdomains_id.c | 27 ++++++++++++++--------
src/responder/nss/nsssrv_cmd.c | 34 ++++++++++++++++++---------
src/responder/pac/pacsrv_utils.c | 14 ++++++++++--
src/util/sss_nss.c | 43 ++++++++++++++++++++---------------
src/util/sss_nss.h | 12 +++++++---
6 files changed, 99 insertions(+), 48 deletions(-)
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index
59a99061ac3ad6f24a8af50e9c1d574282301a1d..7306962fe3f815588a3dcf85a5b2dd1443065c27
100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -648,6 +648,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
struct resp_attrs *simple_attrs = NULL;
time_t now;
uint64_t timeout = 10*60*60; /* FIXME: find a better timeout ! */
+ struct sss_nss_homedir_ctx *homedir_ctx;
const char *homedir = NULL;
struct sysdb_attrs *user_attrs = NULL;
struct sysdb_attrs *group_attrs = NULL;
@@ -738,13 +739,19 @@ static void ipa_s2n_get_user_done(struct tevent_req
*subreq)
switch (attrs->response_type) {
case RESP_USER:
if (state->dom->subdomain_homedir) {
+ homedir_ctx = talloc_zero(state, struct sss_nss_homedir_ctx);
+ if (homedir_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ homedir_ctx->username = attrs->a.user.pw_name;
+ homedir_ctx->uid = attrs->a.user.pw_uid;
+ homedir_ctx->domain = state->dom->name;
+ homedir_ctx->flatname = state->dom->flat_name;
+
homedir = expand_homedir_template(state,
state->dom->subdomain_homedir,
- attrs->a.user.pw_name,
- attrs->a.user.pw_uid,
- NULL,
- state->dom->name,
- state->dom->flat_name);
+ homedir_ctx);
if (homedir == NULL) {
ret = ENOMEM;
goto done;
diff --git a/src/providers/ipa/ipa_subdomains_id.c
b/src/providers/ipa/ipa_subdomains_id.c
index
21e9f85a1bf9277073c94708d31612e3bd8e6113..818bf5f49c3dc4afe6beea12d3fcdd621795c3fc
100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -366,10 +366,10 @@ get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct
sss_domain_info *dom,
const char **_homedir)
{
errno_t ret;
- char *name;
- char *lc_name;
+ const char *name;
const char *homedir;
TALLOC_CTX *tmp_ctx;
+ struct sss_nss_homedir_ctx *homedir_ctx;
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
@@ -377,22 +377,31 @@ get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct
sss_domain_info *dom,
goto done;
}
- ret = sss_parse_name(tmp_ctx, dom->names, fqname, NULL, &name);
+ homedir_ctx = talloc_zero(tmp_ctx, struct sss_nss_homedir_ctx);
+ if (homedir_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ homedir_ctx->uid = uid;
+ homedir_ctx->domain = dom->name;
+ homedir_ctx->flatname = dom->flat_name;
+ ret = sss_parse_name_const(tmp_ctx, dom->names, fqname,
+ NULL, &name);
if (ret != EOK) {
goto done;
}
/* To be compatible with the old winbind based user lookups and IPA
* clients the user name in the home directory path will be lower-case. */
- lc_name = sss_tc_utf8_str_tolower(tmp_ctx, name);
- if (lc_name == NULL) {
- ret =ENOMEM;
+ homedir_ctx->username = sss_tc_utf8_str_tolower(tmp_ctx, name);
+ if (homedir_ctx->username == NULL) {
+ ret = ENOMEM;
goto done;
}
- homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir, lc_name,
- uid, NULL, dom->name, dom->flat_name);
-
+ homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir,
+ homedir_ctx);
if (homedir == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "expand_homedir_template failed\n");
ret = ENOMEM;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index
e00849a481064769a89ed92c447519796c031065..2d9b3ede31288305542519003568821e3e6d5447
100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -172,17 +172,18 @@ static const char *get_homedir_override(TALLOC_CTX
*mem_ctx,
struct ldb_message *msg,
struct nss_ctx *nctx,
struct sss_domain_info *dom,
- const char *orig_name,
- uint32_t uid)
+ struct sss_nss_homedir_ctx
*homedir_ctx)
{
const char *homedir;
- char *name;
+ const char *orig_name = homedir_ctx->username;
errno_t ret;
homedir = ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL);
+ homedir_ctx->original = homedir;
/* Subdomain users store FQDN in their name attribute */
- ret = sss_parse_name(mem_ctx, dom->names, orig_name, NULL, &name);
+ ret = sss_parse_name_const(mem_ctx, dom->names, orig_name,
+ NULL, &homedir_ctx->username);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into "
"name-value components.\n", orig_name);
@@ -194,10 +195,10 @@ static const char *get_homedir_override(TALLOC_CTX
*mem_ctx,
*/
if (dom->override_homedir) {
return expand_homedir_template(mem_ctx, dom->override_homedir,
- name, uid, homedir, dom->name, NULL);
+ homedir_ctx);
} else if (nctx->override_homedir) {
return expand_homedir_template(mem_ctx, nctx->override_homedir,
- name, uid, homedir, dom->name, NULL);
+ homedir_ctx);
}
if (!homedir || *homedir == '\0') {
@@ -206,12 +207,10 @@ static const char *get_homedir_override(TALLOC_CTX
*mem_ctx,
*/
if (dom->fallback_homedir) {
return expand_homedir_template(mem_ctx, dom->fallback_homedir,
- name, uid, homedir,
- dom->name, NULL);
+ homedir_ctx);
} else if (nctx->fallback_homedir) {
return expand_homedir_template(mem_ctx, nctx->fallback_homedir,
- name, uid, homedir,
- dom->name, NULL);
+ homedir_ctx);
}
}
@@ -317,6 +316,7 @@ static int fill_pwent(struct sss_packet *packet,
bool packet_initialized = false;
int ncret;
TALLOC_CTX *tmp_ctx = NULL;
+ struct sss_nss_homedir_ctx *homedir_ctx;
to_sized_string(&pwfield, nctx->pwfield);
@@ -372,7 +372,19 @@ static int fill_pwent(struct sss_packet *packet,
} else {
to_sized_string(&gecos, tmpstr);
}
- tmpstr = get_homedir_override(tmp_ctx, msg, nctx, dom, name.str, uid);
+
+ homedir_ctx = talloc_zero(tmp_ctx, struct sss_nss_homedir_ctx);
+ if (homedir_ctx == NULL) {
+ num = 0;
+ ret = ENOMEM;
+ goto done;
+ }
+
+ homedir_ctx->username = name.str;
+ homedir_ctx->uid = uid;
+ homedir_ctx->domain = dom->name;
+
+ tmpstr = get_homedir_override(tmp_ctx, msg, nctx, dom, homedir_ctx);
if (!tmpstr) {
to_sized_string(&homedir, "/");
} else {
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index
035fe84c0f39aaa40a403a8ac5f19527b2191267..8c773a84d52ba8dd9a74dc4821823499f931d44c
100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -353,6 +353,7 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
char *upn;
hash_key_t key;
hash_value_t value;
+ struct sss_nss_homedir_ctx *homedir_ctx;
pwd = talloc_zero(mem_ctx, struct passwd);
if (pwd == NULL) {
@@ -439,9 +440,18 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
/* Check if there is a special homedir template for sub-domains. If not a
* fallback will be added by the NSS responder. */
if (IS_SUBDOMAIN(dom) && dom->subdomain_homedir) {
+ homedir_ctx = talloc_zero(pwd, struct sss_nss_homedir_ctx);
+ if (homedir_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ homedir_ctx->username = lname;
+ homedir_ctx->uid = pwd->pw_uid;
+ homedir_ctx->domain = dom->name;
+ homedir_ctx->flatname = dom->flat_name;
+
pwd->pw_dir = expand_homedir_template(pwd, dom->subdomain_homedir,
- lname, pwd->pw_uid, NULL,
- dom->name, dom->flat_name);
+ homedir_ctx);
if (pwd->pw_dir == NULL) {
ret = ENOMEM;
goto done;
diff --git a/src/util/sss_nss.c b/src/util/sss_nss.c
index
406c95cd0f76c9e73705bc49b4261160d26bfc58..66b0e59d5288a425d1086caf6e6f6f04ec7b57d6
100644
--- a/src/util/sss_nss.c
+++ b/src/util/sss_nss.c
@@ -23,9 +23,7 @@
#include "util/sss_nss.h"
char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template,
- const char *username, uint32_t uid,
- const char *original, const char *domain,
- const char *flatname)
+ struct sss_nss_homedir_ctx *homedir_ctx)
{
char *copy;
char *p;
@@ -40,6 +38,11 @@ char *expand_homedir_template(TALLOC_CTX *mem_ctx, const
char *template,
return NULL;
}
+ if (homedir_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Missing home directory data.\n"));
+ return NULL;
+ }
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return NULL;
@@ -66,67 +69,71 @@ char *expand_homedir_template(TALLOC_CTX *mem_ctx, const
char *template,
}
switch( *n ) {
case 'u':
- if (username == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand user name
template "
- "because user name is
empty.\n");
+ if (homedir_ctx->username == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot expand user name template because user name "
+ "is empty.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p,
- username);
+ homedir_ctx->username);
break;
case 'U':
- if (uid == 0) {
+ if (homedir_ctx->uid == 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template "
"because uid is invalid.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%d", p,
- uid);
+ homedir_ctx->uid);
break;
case 'd':
- if (domain == NULL) {
+ if (homedir_ctx->domain == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand domain name "
"template because domain name "
"is empty.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p,
- domain);
+ homedir_ctx->domain);
break;
case 'f':
- if (domain == NULL || username == NULL) {
+ if (homedir_ctx->domain == NULL
+ || homedir_ctx->username == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand fully qualified "
"name template because domain "
"or user name is empty.\n");
goto done;
}
result = talloc_asprintf_append(result, "%s%s@%s", p,
- username, domain);
+ homedir_ctx->username,
+ homedir_ctx->domain);
break;
case 'o':
- if (original == NULL) {
+ if (homedir_ctx->original == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Original home directory for %s is not available, "
- "using empty string\n", username);
+ "using empty string\n", homedir_ctx->username);
orig = "";
} else {
- orig = original;
+ orig = homedir_ctx->original;
}
result = talloc_asprintf_append(result, "%s%s", p, orig);
break;
case 'F':
- if (flatname == NULL) {
+ if (homedir_ctx->flatname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand domain name "
"template because domain flat "
"name is empty.\n");
goto done;
}
- result = talloc_asprintf_append(result, "%s%s", p, flatname);
+ result = talloc_asprintf_append(result, "%s%s", p,
+ homedir_ctx->flatname);
break;
case '%':
diff --git a/src/util/sss_nss.h b/src/util/sss_nss.h
index
6dcdbaef376ffb6cc45733ce6af8aeceaabe05bb..771b9ce58db858f8cef8cac6ae3bf9fb382ef0d0
100644
--- a/src/util/sss_nss.h
+++ b/src/util/sss_nss.h
@@ -25,8 +25,14 @@
#include <sys/types.h>
#include <talloc.h>
+struct sss_nss_homedir_ctx {
+ const char *username;
+ uint32_t uid;
+ const char *original;
+ const char *domain;
+ const char *flatname;
+};
+
char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template,
- const char *username, uint32_t uid,
- const char *original, const char *domain,
- const char *flatname);
+ struct sss_nss_homedir_ctx *homedir_ctx);
#endif
--
1.9.0
>From 1269f0ec46a4460e6172de22b40424fc70f2de86 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Mon, 2 Dec 2013 14:19:09 +0100
Subject: [PATCH 3/3] NSS: Add option to expand homedir template format
LDAP server can contain template for home directory instead of plain string.
This patch adds new expand option "%H", which will be replaced with value
from configuration option homedir_substring (from sssd.conf)
Resolves:
https://fedorahosted.org/sssd/ticket/1853
---
src/confdb/confdb.c | 10 ++++++++++
src/confdb/confdb.h | 3 +++
src/config/SSSDConfigTest.py | 2 ++
src/config/etc/sssd.api.conf | 2 ++
src/man/include/homedir_substring.xml | 17 +++++++++++++++++
src/man/include/override_homedir.xml | 7 +++++++
src/man/sssd-ad.5.xml | 1 +
src/man/sssd.conf.5.xml | 1 +
src/providers/ipa/ipa_s2n_exop.c | 1 +
src/providers/ipa/ipa_subdomains_id.c | 1 +
src/responder/nss/nsssrv.c | 6 ++++++
src/responder/nss/nsssrv.h | 1 +
src/responder/nss/nsssrv_cmd.c | 11 +++++++++--
src/util/sss_nss.c | 11 +++++++++++
src/util/sss_nss.h | 1 +
15 files changed, 73 insertions(+), 2 deletions(-)
create mode 100644 src/man/include/homedir_substring.xml
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index
9a13f723de601413205cbb580a92791015b94aa1..4b139facbee187ad8841773bd75a6317de2f4340
100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1118,6 +1118,16 @@ static int confdb_get_domain_internal(struct confdb_ctx
*cdb,
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_NSS_HOMEDIR_SUBSTRING, NULL);
+ if (tmp != NULL) {
+ domain->homedir_substr = talloc_strdup(domain, tmp);
+ if (domain->homedir_substr == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_NSS_OVERRIDE_SHELL, NULL);
if (tmp != NULL) {
domain->override_shell = talloc_strdup(domain, tmp);
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index
7994a67576b219cb476ea7ca19d63521664e491c..b6079cd76e1e987e8f543ee83239410db80348c6
100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -97,6 +97,8 @@
#define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
#define CONFDB_NSS_DEFAULT_SHELL "default_shell"
#define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
+#define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
+#define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
/* PAM */
#define CONFDB_PAM_CONF_ENTRY "config/pam"
@@ -220,6 +222,7 @@ struct sss_domain_info {
const char *override_homedir;
const char *fallback_homedir;
const char *subdomain_homedir;
+ const char *homedir_substr;
const char *override_shell;
const char *default_shell;
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index
a3c25540d2a870eb02df51a416736736fde279d9..d4ed06ae85f23debb7a715eee5f338de8aad466c
100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -522,6 +522,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'case_sensitive',
'override_homedir',
'fallback_homedir',
+ 'homedir_substring',
'override_shell',
'default_shell',
'pwd_expiration_warning',
@@ -879,6 +880,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'case_sensitive',
'override_homedir',
'fallback_homedir',
+ 'homedir_substring',
'override_shell',
'default_shell',
'pwd_expiration_warning',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index
c7c1232c378d7e641da678d853247ddfd31bb736..5e5a9284e9ad80d822fe1db4269353aeb7925682
100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -36,6 +36,7 @@ filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
+homedir_substring = str, None, false, /home
override_shell = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
@@ -118,6 +119,7 @@ override_gid = int, None, false
case_sensitive = bool, None, false
override_homedir = str, None, false
fallback_homedir = str, None, false
+homedir_substring = str, None, false
override_shell = str, None, false
default_shell = str, None, false
description = str, None, false
diff --git a/src/man/include/homedir_substring.xml
b/src/man/include/homedir_substring.xml
new file mode 100644
index
0000000000000000000000000000000000000000..d138c473e186f64a87e09ea09e9684091e571f3c
--- /dev/null
+++ b/src/man/include/homedir_substring.xml
@@ -0,0 +1,17 @@
+<varlistentry>
+ <term>homedir_substring (string)</term>
+ <listitem>
+ <para>
+ Value of this option will be used in the expansion of
+ <emphasis>override_homedir</emphasis> option if template contains
+ format string <emphasis>%H</emphasis>. LDAP directory can directly
+ contain template and this option can be used to expand home
+ directory for each machine (or Operating system).
+ It can be set in the [nss] section or per-domain.
+ The value from domain section has higher priority.
+ </para>
+ <para>
+ Default: /home
+ </para>
+ </listitem>
+</varlistentry>
diff --git a/src/man/include/override_homedir.xml
b/src/man/include/override_homedir.xml
index
773d0b6616858ab5c0139033255bc60076857651..552d7eb9d3c8c4ec01cface4e062723ef9c29e1f
100644
--- a/src/man/include/override_homedir.xml
+++ b/src/man/include/override_homedir.xml
@@ -31,6 +31,13 @@
</para></listitem>
</varlistentry>
<varlistentry>
+ <term>%H</term>
+ <listitem><para>
+ The value of configure option
+ <emphasis>homedir_substring</emphasis>.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
<term>%%</term>
<listitem><para>a literal '%'</para>
</listitem>
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index
21f735e0a6c5c900723d82f13da30171f0ddeb9b..9070144ce4f478d20e93c8b7a4f732b56de98836
100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -413,6 +413,7 @@
FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
</varlistentry>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="include/override_homedir.xml" />
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="include/homedir_substring.xml" />
<varlistentry>
<term>krb5_use_enterprise_principal (boolean)</term>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index
6f63e3611ed59f5f393268c036f778c7b45a3e7b..951b6e9bb30b9393a24541580698bc7698e2d9af
100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -513,6 +513,7 @@
</listitem>
</varlistentry>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="include/override_homedir.xml" />
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="include/homedir_substring.xml" />
<varlistentry>
<term>fallback_homedir (string)</term>
<listitem>
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index
7306962fe3f815588a3dcf85a5b2dd1443065c27..4a8c14491ecb0bd6383d82c7cade41f9880c512b
100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -748,6 +748,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
homedir_ctx->uid = attrs->a.user.pw_uid;
homedir_ctx->domain = state->dom->name;
homedir_ctx->flatname = state->dom->flat_name;
+ homedir_ctx->config_homedir_substr =
state->dom->homedir_substr;
homedir = expand_homedir_template(state,
state->dom->subdomain_homedir,
diff --git a/src/providers/ipa/ipa_subdomains_id.c
b/src/providers/ipa/ipa_subdomains_id.c
index
818bf5f49c3dc4afe6beea12d3fcdd621795c3fc..123c54ef4b2cd3eb60c23bd2fc4686be8c742f0e
100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -386,6 +386,7 @@ get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct
sss_domain_info *dom,
homedir_ctx->uid = uid;
homedir_ctx->domain = dom->name;
homedir_ctx->flatname = dom->flat_name;
+ homedir_ctx->config_homedir_substr = dom->homedir_substr;
ret = sss_parse_name_const(tmp_ctx, dom->names, fqname,
NULL, &name);
if (ret != EOK) {
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index
e4896a79dc8a15554cdb1a7616d5353650eca209..1f762cca83083c911e2619263c7d89e267a34d61
100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -291,6 +291,12 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->default_shell);
if (ret != EOK) goto done;
+ ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_HOMEDIR_SUBSTRING,
+ CONFDB_DEFAULT_HOMEDIR_SUBSTRING,
+ &nctx->homedir_substr);
+ if (ret != EOK) goto done;
+
ret = 0;
done:
return ret;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index
a36589837529a7b61768845eb3493197b13df8cd..a5b946b7e4a38d7d8b35ec5df1b6644d01896470
100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -62,6 +62,7 @@ struct nss_ctx {
char *override_homedir;
char *fallback_homedir;
+ char *homedir_substr;
char **allowed_shells;
char *override_shell;
char **vetoed_shells;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index
2d9b3ede31288305542519003568821e3e6d5447..9d09f1008ed1855f11f5f7f855686bb71a1afe87
100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -190,6 +190,13 @@ static const char *get_homedir_override(TALLOC_CTX
*mem_ctx,
return NULL;
}
+ /* Check to see which homedir_prefix to use. */
+ if (dom->homedir_substr != NULL) {
+ homedir_ctx->config_homedir_substr = dom->homedir_substr;
+ } else if (nctx->homedir_substr != NULL) {
+ homedir_ctx->config_homedir_substr = nctx->homedir_substr;
+ }
+
/* Check whether we are unconditionally overriding the server
* for home directory locations.
*/
@@ -214,8 +221,8 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
}
}
- /* Return the value we got from the provider */
- return talloc_strdup(mem_ctx, homedir);
+ /* Provider can also return template, try to expand it.*/
+ return expand_homedir_template(mem_ctx, homedir, homedir_ctx);
}
static const char *get_shell_override(TALLOC_CTX *mem_ctx,
diff --git a/src/util/sss_nss.c b/src/util/sss_nss.c
index
66b0e59d5288a425d1086caf6e6f6f04ec7b57d6..26989369b70a99a93c6bcf56478f5af49a80d40d
100644
--- a/src/util/sss_nss.c
+++ b/src/util/sss_nss.c
@@ -136,6 +136,17 @@ char *expand_homedir_template(TALLOC_CTX *mem_ctx, const
char *template,
homedir_ctx->flatname);
break;
+ case 'H':
+ if (homedir_ctx->config_homedir_substr == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Cannot expand home directory substring template "
+ "substring is empty.\n"));
+ goto done;
+ }
+ result = talloc_asprintf_append(result, "%s%s", p,
+ homedir_ctx->config_homedir_substr);
+ break;
+
case '%':
result = talloc_asprintf_append(result, "%s%%", p);
break;
diff --git a/src/util/sss_nss.h b/src/util/sss_nss.h
index
771b9ce58db858f8cef8cac6ae3bf9fb382ef0d0..19bf26589a9a5d76369f56ef9ecf7bedbb29e07b
100644
--- a/src/util/sss_nss.h
+++ b/src/util/sss_nss.h
@@ -31,6 +31,7 @@ struct sss_nss_homedir_ctx {
const char *original;
const char *domain;
const char *flatname;
+ const char *config_homedir_substr;
};
char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template,
--
1.9.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
