Lines 1-96
Link Here
|
1 |
From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001 |
|
|
2 |
From: Tomas Halman <thalman@redhat.com> |
3 |
Date: Mon, 3 Dec 2018 14:11:31 +0100 |
4 |
Subject: [PATCH] nss: sssd returns '/' for emtpy home directories |
5 |
|
6 |
For empty home directory in passwd file sssd returns "/". Sssd |
7 |
should respect system behaviour and return the same as nsswitch |
8 |
"files" module - return empty string. |
9 |
|
10 |
Resolves: |
11 |
https://pagure.io/SSSD/sssd/issue/3901 |
12 |
|
13 |
Reviewed-by: Simo Sorce <simo@redhat.com> |
14 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
15 |
(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49) |
16 |
--- |
17 |
src/confdb/confdb.c | 9 +++++++++ |
18 |
src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ |
19 |
src/responder/nss/nss_protocol_pwent.c | 2 +- |
20 |
src/tests/intg/test_files_provider.py | 2 +- |
21 |
4 files changed, 30 insertions(+), 2 deletions(-) |
22 |
|
23 |
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c |
24 |
index a3eb9c66d9..17bb4f8274 100644 |
25 |
--- a/src/confdb/confdb.c |
26 |
+++ b/src/confdb/confdb.c |
27 |
@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, |
28 |
ret = ENOMEM; |
29 |
goto done; |
30 |
} |
31 |
+ } else { |
32 |
+ if (strcasecmp(domain->provider, "ad") == 0) { |
33 |
+ /* ad provider default */ |
34 |
+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); |
35 |
+ if (!domain->fallback_homedir) { |
36 |
+ ret = ENOMEM; |
37 |
+ goto done; |
38 |
+ } |
39 |
+ } |
40 |
} |
41 |
|
42 |
tmp = ldb_msg_find_attr_as_string(res->msgs[0], |
43 |
diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml |
44 |
index 818a2bf787..425b7e8ee0 100644 |
45 |
--- a/src/man/include/ad_modified_defaults.xml |
46 |
+++ b/src/man/include/ad_modified_defaults.xml |
47 |
@@ -76,4 +76,23 @@ |
48 |
</listitem> |
49 |
</itemizedlist> |
50 |
</refsect2> |
51 |
+ <refsect2 id='nss_modifications'> |
52 |
+ <title>NSS configuration</title> |
53 |
+ <itemizedlist> |
54 |
+ <listitem> |
55 |
+ <para> |
56 |
+ fallback_homedir = /home/%d/%u |
57 |
+ </para> |
58 |
+ <para> |
59 |
+ The AD provider automatically sets |
60 |
+ "fallback_homedir = /home/%d/%u" to provide personal |
61 |
+ home directories for users without the homeDirectory |
62 |
+ attribute. If your AD Domain is properly |
63 |
+ populated with Posix attributes, and you want to avoid |
64 |
+ this fallback behavior, you can explicitly |
65 |
+ set "fallback_homedir = %o". |
66 |
+ </para> |
67 |
+ </listitem> |
68 |
+ </itemizedlist> |
69 |
+ </refsect2> |
70 |
</refsect1> |
71 |
diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c |
72 |
index af9e74fc86..86fa4ec465 100644 |
73 |
--- a/src/responder/nss/nss_protocol_pwent.c |
74 |
+++ b/src/responder/nss/nss_protocol_pwent.c |
75 |
@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, |
76 |
|
77 |
homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); |
78 |
if (homedir == NULL) { |
79 |
- return "/"; |
80 |
+ return ""; |
81 |
} |
82 |
|
83 |
return homedir; |
84 |
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py |
85 |
index ead1cc4c34..4761f1bd15 100644 |
86 |
--- a/src/tests/intg/test_files_provider.py |
87 |
+++ b/src/tests/intg/test_files_provider.py |
88 |
@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): |
89 |
Test that resolving a user without a homedir defined works and returns |
90 |
a fallback value |
91 |
""" |
92 |
- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) |
93 |
+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) |
94 |
|
95 |
|
96 |
def test_user_no_gecos(setup_pw_with_canary, files_domain_only): |