From 0b813ab764fd0b255e342765b79533e1869cd06e Mon Sep 17 00:00:00 2001

From: Pavel Reichl <preichl@redhat.com>

Date: Wed, 22 Jan 2014 16:47:22 +0000

Subject: [PATCH 78/80] AD: support for subdomain_homedir

Homedir is defaultly set accordingly to subdomain_homedir for users from AD.

Resolves:

https://fedorahosted.org/sssd/ticket/2169

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

 src/providers/ipa/ipa_subdomains_id.c | 190 ++++++++++++++++++++++++++++++++++

 1 file changed, 190 insertions(+)

diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c

index c29a2a3047af105966b636422105abd15e8a3992..fb1ad896885866dd9c34f9db960e09d92763f86d 100644

--- a/src/providers/ipa/ipa_subdomains_id.c

+++ b/src/providers/ipa/ipa_subdomains_id.c

@@ -25,6 +25,7 @@

 #include <errno.h>

 #include "util/util.h"

+#include "util/sss_nss.h"

 #include "util/strtonum.h"

 #include "db/sysdb.h"

 #include "providers/ldap/ldap_common.h"

@@ -350,6 +351,185 @@ ipa_get_ad_id_ctx(struct ipa_id_ctx *ipa_ctx,

     return (iter) ? iter->ad_id_ctx : NULL;

 }

+static errno_t

+get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,

+                              const char *fqname, uint32_t uid,

+                              const char **_homedir)

+{

+    errno_t ret;

+    char *name;

+    const char *homedir;

+    TALLOC_CTX *tmp_ctx;

+

+    tmp_ctx = talloc_new(mem_ctx);

+    if (tmp_ctx == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    ret = sss_parse_name(tmp_ctx, dom->names, fqname, NULL, &name);

+    if (ret != EOK) {

+        goto done;

+    }

+

+    homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir, name,

+                                      uid, NULL, dom->name, dom->flat_name);

+

+    if (homedir == NULL) {

+        DEBUG(SSSDBG_OP_FAILURE, ("expand_homedir_template failed\n"));

+        ret = ENOMEM;

+        goto done;

+    }

+

+    if (_homedir == NULL) {

+        ret = EINVAL;

+        goto done;

+    }

+    *_homedir = talloc_steal(mem_ctx, homedir);

+

+done:

+    talloc_free(tmp_ctx);

+    return ret;

+}

+

+static errno_t

+store_homedir_of_user(struct sss_domain_info *domain,

+                      const char *fqname, const char *homedir)

+{

+    errno_t ret;

+    errno_t sret;

+    TALLOC_CTX *tmp_ctx;

+    bool in_transaction = false;

+    struct sysdb_attrs *attrs;

+    struct sysdb_ctx *sysdb = domain->sysdb;

+

+    tmp_ctx = talloc_new(NULL);

+    if (tmp_ctx == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    attrs = sysdb_new_attrs(tmp_ctx);

+    if (attrs == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting homedir: [%s]\n",

+                                     strerror(ret)));

+        goto done;

+    }

+

+    ret = sysdb_transaction_start(sysdb);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));

+        goto done;

+    }

+

+    in_transaction = true;

+

+    ret = sysdb_set_user_attr(sysdb, domain, fqname, attrs, SYSDB_MOD_REP);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_CRIT_FAILURE,

+              ("Failed to update homedir information!\n"));

+        goto done;

+    }

+

+    ret = sysdb_transaction_commit(sysdb);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_CRIT_FAILURE,

+              ("Cannot commit sysdb transaction [%d]: %s.\n",

+               ret, strerror(ret)));

+        goto done;

+    }

+

+    in_transaction = false;

+

+done:

+    if (in_transaction) {

+        sret = sysdb_transaction_cancel(sysdb);

+        if (sret != EOK) {

+            DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction.\n"));

+        }

+    }

+    talloc_free(tmp_ctx);

+    return ret;

+}

+

+static errno_t

+apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,

+                        int filter_type, const char *filter_value)

+{

+    errno_t ret;

+    uint32_t uid;

+    const char *fqname;

+    const char *homedir = NULL;

+    struct ldb_result *res;

+

+    if (filter_type == BE_FILTER_NAME) {

+        ret = sysdb_getpwnam(mem_ctx, dom->sysdb, dom, filter_value, &res;;

+    } else if (filter_type == BE_FILTER_IDNUM) {

+        errno = 0;

+        uid = strtouint32(filter_value, NULL, 10);

+        if (errno != 0) {

+            ret = errno;

+            goto done;

+        }

+        ret = sysdb_getpwuid(mem_ctx, dom->sysdb, dom, uid, &res;;

+    } else {

+        DEBUG(SSSDBG_OP_FAILURE,

+              ("Unsupported filter type: [%d].\n", filter_type));

+        ret = EINVAL;

+        goto done;

+    }

+

+    if (ret != EOK) {

+        DEBUG(SSSDBG_OP_FAILURE,

+              ("Failed to make request to our cache: [%d]: [%s]\n",

+               ret, sss_strerror(ret)));

+        goto done;

+    }

+

+    if (res->count == 0) {

+        ret = ENOENT;

+        goto done;

+    }

+

+    /*

+     * Homedir is always overriden by subdomain_homedir even if it was

+     * explicitly set by user.

+     */

+    fqname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);

+    uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);

+    if (uid == 0) {

+        DEBUG(SSSDBG_OP_FAILURE, ("UID for user [%s] is not known.\n",

+                                  filter_value));

+        ret = ENOENT;

+        goto done;

+    }

+

+    ret = get_subdomain_homedir_of_user(mem_ctx, dom, fqname, uid, &homedir);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_OP_FAILURE,

+              ("get_subdomain_homedir_of_user failed: [%d]: [%s]\n",

+               ret, sss_strerror(ret)));

+        goto done;

+    }

+

+    ret = store_homedir_of_user(dom, fqname, homedir);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_OP_FAILURE,

+              ("store_homedir_of_user failed: [%d]: [%s]\n",

+               ret, sss_strerror(ret)));

+        goto done;

+    }

+

+done:

+    return ret;

+}

+

 static void

 ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)

 {

@@ -367,6 +547,16 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)

         return;

     }

+    ret = apply_subdomain_homedir(state, state->user_dom,

+                                  state->ar->filter_type,

+                                  state->ar->filter_value);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_OP_FAILURE,

+              ("apply_subdomain_homedir failed: [%d]: [%s].\n",

+               ret, sss_strerror(ret)));

+        goto fail;

+    }

+

     if ((state->ar->entry_type & BE_REQ_TYPE_MASK) != BE_REQ_INITGROUPS) {

         tevent_req_done(req);

         return;

-- 

1.8.5.3