summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/confdb/confdb.c20
-rw-r--r--src/confdb/confdb.h2
-rw-r--r--src/config/SSSDConfig.py1
-rwxr-xr-xsrc/config/SSSDConfigTest.py2
-rw-r--r--src/config/etc/sssd.api.conf2
-rw-r--r--src/man/sssd.conf.5.xml18
-rw-r--r--src/responder/nss/nsssrv.c5
-rw-r--r--src/responder/nss/nsssrv.h1
-rw-r--r--src/responder/nss/nsssrv_cmd.c23
9 files changed, 68 insertions, 6 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 427101e9..1c5e40cd 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -949,10 +949,22 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_NSS_OVERRIDE_HOMEDIR, NULL);
- domain->override_homedir = talloc_strdup(domain, tmp);
- if (!domain->name) {
- ret = ENOMEM;
- goto done;
+ if (tmp != NULL) {
+ domain->override_homedir = talloc_strdup(domain, tmp);
+ if (!domain->override_homedir) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_NSS_FALLBACK_HOMEDIR, NULL);
+ if (tmp != NULL) {
+ domain->fallback_homedir = talloc_strdup(domain, tmp);
+ if (!domain->fallback_homedir) {
+ ret = ENOMEM;
+ goto done;
+ }
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 5ec9f721..c816d533 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -81,6 +81,7 @@
#define CONFDB_NSS_FILTER_GROUPS "filter_groups"
#define CONFDB_NSS_PWFIELD "pwfield"
#define CONFDB_NSS_OVERRIDE_HOMEDIR "override_homedir"
+#define CONFDB_NSS_FALLBACK_HOMEDIR "fallback_homedir"
#define CONFDB_NSS_VETOED_SHELL "vetoed_shells"
#define CONFDB_NSS_ALLOWED_SHELL "allowed_shells"
#define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
@@ -192,6 +193,7 @@ struct sss_domain_info {
gid_t override_gid;
const char *override_homedir;
+ const char *fallback_homedir;
const char *subdomain_homedir;
uint32_t user_timeout;
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index aa35f9c6..894837d4 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -63,6 +63,7 @@ option_strings = {
'filter_users_in_groups' : _('Should filtered users appear in groups'),
'pwfield' : _('The value of the password field the NSS provider should return'),
'override_homedir' : _('Override homedir value from the identity provider with this value'),
+ 'fallback_homedir' : _('Substitute empty homedir value from the identity provider with this value'),
'allowed_shells' : _('The list of shells users are allowed to log in with'),
'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'),
'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index df482666..1e1fe98e 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -493,6 +493,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'override_gid',
'case_sensitive',
'override_homedir',
+ 'fallback_homedir',
'pwd_expiration_warning',
'id_provider',
'auth_provider',
@@ -822,6 +823,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'override_gid',
'case_sensitive',
'override_homedir',
+ 'fallback_homedir',
'pwd_expiration_warning',
'id_provider',
'auth_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index a5fdbffb..ca946dab 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -32,6 +32,7 @@ filter_groups = list, str, false
filter_users_in_groups = bool, None, false
pwfield = str, None, false
override_homedir = str, None, false
+fallback_homedir = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
@@ -97,6 +98,7 @@ dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = bool, None, false
override_homedir = str, None, false
+fallback_homedir = str, None, false
#Entry cache timeouts
entry_cache_user_timeout = int, None, false
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 457639fc..24c6a74a 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -447,6 +447,24 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>fallback_homedir (string)</term>
+ <listitem>
+ <para>
+ Set a default template for a user's home directory
+ if one is not specified explicitly by the domain's
+ data provider.
+ </para>
+ <para>
+ The available values for this option are the same
+ as for override_homedir.
+ </para>
+ <para>
+ Default: not set (no substitution for unset home
+ directories)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>allowed_shells (string)</term>
<listitem>
<para>
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 1a0dcf43..c8ee444a 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -178,6 +178,11 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->override_homedir);
if (ret != EOK) goto done;
+ ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_FALLBACK_HOMEDIR, NULL,
+ &nctx->fallback_homedir);
+ if (ret != EOK) goto done;
+
ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_ALLOWED_SHELL,
&nctx->allowed_shells);
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 2871c2bf..5b5ae50b 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -61,6 +61,7 @@ struct nss_ctx {
char *pwfield;
char *override_homedir;
+ char *fallback_homedir;
char **allowed_shells;
char **vetoed_shells;
char **etc_shells;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 508db556..d448fa85 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -122,6 +122,11 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
const char *name,
uint32_t uid)
{
+ const char *homedir;
+
+ /* Check whether we are unconditionally overriding the server
+ * for home directory locations.
+ */
if (dom->override_homedir) {
return expand_homedir_template(mem_ctx, dom->override_homedir,
name, uid, dom->name);
@@ -130,8 +135,22 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
name, uid, dom->name);
}
- return talloc_strdup(mem_ctx,
- ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL));
+ homedir = ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL);
+ if (!homedir || *homedir == '\0') {
+ /* In the case of a NULL or empty homedir, check to see if
+ * we have a fallback homedir to use.
+ */
+ if (dom->fallback_homedir) {
+ return expand_homedir_template(mem_ctx, dom->fallback_homedir,
+ name, uid, dom->name);
+ } else if (nctx->fallback_homedir) {
+ return expand_homedir_template(mem_ctx, nctx->fallback_homedir,
+ name, uid, dom->name);
+ }
+ }
+
+ /* Return the value we got from the provider */
+ return talloc_strdup(mem_ctx, homedir);
}
static const char *get_shell_override(TALLOC_CTX *mem_ctx,