>From c52ce81272c0027109bbb4e75bed0c5371053182 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Mon, 2 Dec 2013 14:19:09 +0100 Subject: [PATCH 3/3] NSS: Add option to expand homedir template format LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853 --- src/confdb/confdb.c | 10 ++++++++++ src/confdb/confdb.h | 3 +++ src/config/SSSDConfigTest.py | 2 ++ src/config/etc/sssd.api.conf | 2 ++ src/man/include/homedir_substring.xml | 17 +++++++++++++++++ src/man/include/override_homedir.xml | 7 +++++++ src/man/sssd-ad.5.xml | 1 + src/man/sssd.conf.5.xml | 1 + src/providers/ipa/ipa_s2n_exop.c | 1 + src/providers/ipa/ipa_subdomains_id.c | 1 + src/responder/nss/nsssrv.c | 6 ++++++ src/responder/nss/nsssrv.h | 1 + src/responder/nss/nsssrv_cmd.c | 11 +++++++++-- src/util/sss_nss.c | 11 +++++++++++ src/util/sss_nss.h | 1 + 15 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 src/man/include/homedir_substring.xml diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 9a13f723de601413205cbb580a92791015b94aa1..1da285df1aff0412f70a66370a5b50e483d719e5 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1118,6 +1118,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_NSS_HOMEDIR_SUBSTRING, NULL); + if (tmp) { + domain->homedir_substr = talloc_strdup(domain, tmp); + if (! domain->homedir_substr) { + ret = ENOMEM; + goto done; + } + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_OVERRIDE_SHELL, NULL); if (tmp != NULL) { domain->override_shell = talloc_strdup(domain, tmp); diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 11a9252126089d2ac6edb4a1da92bcd545a9635c..49abcfa17695c6b64681da2400e35ee927604364 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -97,6 +97,8 @@ #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" #define CONFDB_NSS_DEFAULT_SHELL "default_shell" #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout" +#define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring" +#define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home" /* PAM */ #define CONFDB_PAM_CONF_ENTRY "config/pam" @@ -216,6 +218,7 @@ struct sss_domain_info { const char *override_homedir; const char *fallback_homedir; const char *subdomain_homedir; + const char *homedir_substr; const char *override_shell; const char *default_shell; diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index bfec8d058f6df2dc636eb0873b0e33495f40be7b..5eb900b1aba32ada9115db175d75cddf2760f7e0 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -522,6 +522,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'case_sensitive', 'override_homedir', 'fallback_homedir', + 'homedir_substring', 'override_shell', 'default_shell', 'pwd_expiration_warning', @@ -879,6 +880,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'case_sensitive', 'override_homedir', 'fallback_homedir', + 'homedir_substring', 'override_shell', 'default_shell', 'pwd_expiration_warning', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 14e80639e8b26884c2ebe3affee29cd1bc4e8037..b76aba572b9920c0715f8e9d7a8578bd26760be1 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -36,6 +36,7 @@ filter_users_in_groups = bool, None, false pwfield = str, None, false override_homedir = str, None, false fallback_homedir = str, None, false +homedir_substring = str, None, false, /home override_shell = str, None, false allowed_shells = list, str, false vetoed_shells = list, str, false @@ -113,6 +114,7 @@ override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false fallback_homedir = str, None, false +homedir_substring = str, None, false override_shell = str, None, false default_shell = str, None, false description = str, None, false diff --git a/src/man/include/homedir_substring.xml b/src/man/include/homedir_substring.xml new file mode 100644 index 0000000000000000000000000000000000000000..d138c473e186f64a87e09ea09e9684091e571f3c --- /dev/null +++ b/src/man/include/homedir_substring.xml @@ -0,0 +1,17 @@ + + homedir_substring (string) + + + Value of this option will be used in the expansion of + override_homedir option if template contains + format string %H. LDAP directory can directly + contain template and this option can be used to expand home + directory for each machine (or Operating system). + It can be set in the [nss] section or per-domain. + The value from domain section has higher priority. + + + Default: /home + + + diff --git a/src/man/include/override_homedir.xml b/src/man/include/override_homedir.xml index 773d0b6616858ab5c0139033255bc60076857651..552d7eb9d3c8c4ec01cface4e062723ef9c29e1f 100644 --- a/src/man/include/override_homedir.xml +++ b/src/man/include/override_homedir.xml @@ -31,6 +31,13 @@ + %H + + The value of configure option + homedir_substring. + + + %% a literal '%' diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 1e38c13a95fcbcc242f3e9e8c9eda6e23e7a67c7..36acc5da14327f4137e7561a01eed4cad2ee1ac6 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -349,6 +349,7 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + krb5_use_enterprise_principal (boolean) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 4c5337606418f440f7b0e1523cfb48f8bebad431..1b96f31e94b77e0c9e984b0c6613ab056c00fef1 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -512,6 +512,7 @@ + fallback_homedir (string) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 02e87f86b75f4b5603b8be2e11e25c0a9fcdec7c..5b1d0d87640de0cf7c2319c863e5df3b5dbaaa84 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -748,6 +748,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) homedir_ctx->uid = attrs->a.user.pw_uid; homedir_ctx->domain = state->dom->name; homedir_ctx->flatname = state->dom->flat_name; + homedir_ctx->config_homedir_substr = state->dom->homedir_substr; homedir = expand_homedir_template(state, state->dom->subdomain_homedir, diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 1255fccdbb6b67ea15cd7e49ff8b45094694b293..c6018807075960046c7b33eef089ed7e8bfcbee2 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -386,6 +386,7 @@ get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, homedir_ctx->uid = uid; homedir_ctx->domain = dom->name; homedir_ctx->flatname = dom->flat_name; + homedir_ctx->config_homedir_substr = dom->homedir_substr; ret = sss_parse_name_const(tmp_ctx, dom->names, fqname, NULL, &name); if (ret != EOK) { diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index a385f2943e68022c0cc2fe8022000e9d8e8854d4..46fa57c3b6c40adaa20cd5fd4e142c2829ceaca1 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -303,6 +303,12 @@ static int nss_get_config(struct nss_ctx *nctx, &nctx->default_shell); if (ret != EOK) goto done; + ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_HOMEDIR_SUBSTRING, + CONFDB_DEFAULT_HOMEDIR_SUBSTRING, + &nctx->homedir_substr); + if (ret != EOK) goto done; + ret = 0; done: return ret; diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h index a36589837529a7b61768845eb3493197b13df8cd..a5b946b7e4a38d7d8b35ec5df1b6644d01896470 100644 --- a/src/responder/nss/nsssrv.h +++ b/src/responder/nss/nsssrv.h @@ -62,6 +62,7 @@ struct nss_ctx { char *override_homedir; char *fallback_homedir; + char *homedir_substr; char **allowed_shells; char *override_shell; char **vetoed_shells; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index cb912d7c9adcabd68823bae6d516e6eaf138feab..ef7e0e411d6fb8cfe9fb8d053af3e61b16de1d65 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -190,6 +190,13 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, return NULL; } + /* Check to see which homedir_prefix to use. */ + if (dom->homedir_substr) { + homedir_ctx->config_homedir_substr = dom->homedir_substr; + } else if (nctx->homedir_substr) { + homedir_ctx->config_homedir_substr = nctx->homedir_substr; + } + /* Check whether we are unconditionally overriding the server * for home directory locations. */ @@ -214,8 +221,8 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, } } - /* Return the value we got from the provider */ - return talloc_strdup(mem_ctx, homedir); + /* Provider can also return template, try to expand it.*/ + return expand_homedir_template(mem_ctx, homedir, homedir_ctx); } static const char *get_shell_override(TALLOC_CTX *mem_ctx, diff --git a/src/util/sss_nss.c b/src/util/sss_nss.c index c5e964c03d4c6cd56a8458d14cb25d5c49c0dd0b..5495d6870f9a5321096c9b0515f9ad261f4d6cf5 100644 --- a/src/util/sss_nss.c +++ b/src/util/sss_nss.c @@ -135,6 +135,17 @@ char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, homedir_ctx->flatname); break; + case 'H': + if (! homedir_ctx->config_homedir_substr) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot expand home directory substring template " + "substring is empty.\n")); + goto done; + } + result = talloc_asprintf_append(result, "%s%s", p, + homedir_ctx->config_homedir_substr); + break; + case '%': result = talloc_asprintf_append(result, "%s%%", p); break; diff --git a/src/util/sss_nss.h b/src/util/sss_nss.h index 771b9ce58db858f8cef8cac6ae3bf9fb382ef0d0..19bf26589a9a5d76369f56ef9ecf7bedbb29e07b 100644 --- a/src/util/sss_nss.h +++ b/src/util/sss_nss.h @@ -31,6 +31,7 @@ struct sss_nss_homedir_ctx { const char *original; const char *domain; const char *flatname; + const char *config_homedir_substr; }; char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, -- 1.8.5.3