From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001

From: Mikle Kolyada <zlogene@gentoo.org>

Date: Sun, 16 Dec 2018 20:42:39 +0300

Subject: [PATCH] tev_curl.c: remove case duplication

CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided

by net-misc/curl-7.62.0 and older

---

 tev_curl.c | 3 ---

 1 file changed, 3 deletions(-)

diff --git a/tev_curl.c b/tev_curl.c

index 6a7a580..ce6fdba 100644

--- a/src/util/tev_curl.c

+++ b/src/util/tev_curl.c

@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)

         return ETIMEDOUT;

     case CURLE_SSL_ISSUER_ERROR:

     case CURLE_SSL_CACERT_BADFILE:

-    case CURLE_SSL_CACERT:

     case CURLE_SSL_CERTPROBLEM:

         return ERR_INVALID_CERT;

@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)

     case CURLE_SSL_ENGINE_NOTFOUND:

     case CURLE_SSL_CONNECT_ERROR:

         return ERR_SSL_FAILURE;

-    case CURLE_PEER_FAILED_VERIFICATION:

-        return ERR_UNABLE_TO_VERIFY_PEER;

     case CURLE_COULDNT_RESOLVE_HOST:

         return ERR_UNABLE_TO_RESOLVE_HOST;

     default:

-- 

2.19.2

From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001

From: Tomas Halman <thalman@redhat.com>

Date: Mon, 3 Dec 2018 14:11:31 +0100

Subject: [PATCH] nss: sssd returns '/' for emtpy home directories

For empty home directory in passwd file sssd returns "/". Sssd

should respect system behaviour and return the same as nsswitch

"files" module - return empty string.

Resolves:

https://pagure.io/SSSD/sssd/issue/3901

Reviewed-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)

---

 src/confdb/confdb.c                      |  9 +++++++++

 src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++

 src/responder/nss/nss_protocol_pwent.c   |  2 +-

 src/tests/intg/test_files_provider.py    |  2 +-

 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c

index a3eb9c66d9..17bb4f8274 100644

--- a/src/confdb/confdb.c

+++ b/src/confdb/confdb.c

@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,

             ret = ENOMEM;

             goto done;

         }

+    } else {

+        if (strcasecmp(domain->provider, "ad") == 0) {

+            /* ad provider default */

+            domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");

+            if (!domain->fallback_homedir) {

+                ret = ENOMEM;

+                goto done;

+            }

+        }

     }

     tmp = ldb_msg_find_attr_as_string(res->msgs[0],

diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml

index 818a2bf787..425b7e8ee0 100644

--- a/src/man/include/ad_modified_defaults.xml

+++ b/src/man/include/ad_modified_defaults.xml

@@ -76,4 +76,23 @@

             </listitem>

         </itemizedlist>

     </refsect2>

+    <refsect2 id='nss_modifications'>

+        <title>NSS configuration</title>

+        <itemizedlist>

+            <listitem>

+                <para>

+                    fallback_homedir = /home/%d/%u

+                </para>

+                <para>

+                    The AD provider automatically sets

+                    "fallback_homedir = /home/%d/%u" to provide personal

+                    home directories for users without the homeDirectory

+                    attribute. If your AD Domain is properly

+                    populated with Posix attributes, and you want to avoid

+                    this fallback behavior, you can explicitly

+                    set "fallback_homedir = %o".

+                </para>

+            </listitem>

+        </itemizedlist>

+    </refsect2>

 </refsect1>

diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c

index af9e74fc86..86fa4ec465 100644

--- a/src/responder/nss/nss_protocol_pwent.c

+++ b/src/responder/nss/nss_protocol_pwent.c

@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,

     homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);

     if (homedir == NULL) {

-        return "/";

+        return "";

     }

     return homedir;

diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py

index ead1cc4c34..4761f1bd15 100644

--- a/src/tests/intg/test_files_provider.py

+++ b/src/tests/intg/test_files_provider.py

@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):

     Test that resolving a user without a homedir defined works and returns

     a fallback value

     """

-    check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))

+    check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))

 def test_user_no_gecos(setup_pw_with_canary, files_domain_only):

	eapply "${FILESDIR}"/${PN}-curl-macros.patch

	eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch

-