URL: https://github.com/SSSD/sssd/pull/703 Author: thalman Title: #703: nss: sssd returns '/' for emtpy home directories Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/703/head:pr703 git checkout pr703
From be15343f9ad0d725586bd365486c0d4b2765f8aa Mon Sep 17 00:00:00 2001 From: Tomas Halman <thal...@redhat.com> Date: Mon, 3 Dec 2018 14:11:31 +0100 Subject: [PATCH] nss: sssd returns '/' for emtpy home directories For empty home directory in passwd file sssd returns "/". Sssd should respect system behaviour and return the same as nsswitch "files" module - return empty string. Resolves: https://pagure.io/SSSD/sssd/issue/3901 --- src/confdb/confdb.c | 9 +++++++++ src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ src/responder/nss/nss_protocol_pwent.c | 2 +- src/tests/intg/test_files_provider.py | 2 +- 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b0d886c9d..d3fdd3199 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, ret = ENOMEM; goto done; } + } else { + if (strcasecmp(domain->provider, "ad") == 0) { + /* ad provider default */ + domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); + if (!domain->fallback_homedir) { + ret = ENOMEM; + goto done; + } + } } tmp = ldb_msg_find_attr_as_string(res->msgs[0], diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml index 818a2bf78..425b7e8ee 100644 --- a/src/man/include/ad_modified_defaults.xml +++ b/src/man/include/ad_modified_defaults.xml @@ -76,4 +76,23 @@ </listitem> </itemizedlist> </refsect2> + <refsect2 id='nss_modifications'> + <title>NSS configuration</title> + <itemizedlist> + <listitem> + <para> + fallback_homedir = /home/%d/%u + </para> + <para> + The AD provider automatically sets + "fallback_homedir = /home/%d/%u" to provide personal + home directories for users without the homeDirectory + attribute. If your AD Domain is properly + populated with Posix attributes, and you want to avoid + this fallback behavior, you can explicitly + set "fallback_homedir = %o". + </para> + </listitem> + </itemizedlist> + </refsect2> </refsect1> diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c index af9e74fc8..86fa4ec46 100644 --- a/src/responder/nss/nss_protocol_pwent.c +++ b/src/responder/nss/nss_protocol_pwent.c @@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); if (homedir == NULL) { - return "/"; + return ""; } return homedir; diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py index f0155a2f7..b5e5c3fd9 100644 --- a/src/tests/intg/test_files_provider.py +++ b/src/tests/intg/test_files_provider.py @@ -656,7 +656,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): Test that resolving a user without a homedir defined works and returns a fallback value """ - check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) + check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org