From 0b813ab764fd0b255e342765b79533e1869cd06e Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Wed, 22 Jan 2014 16:47:22 +0000
Subject: [PATCH 78/80] AD: support for subdomain_homedir
Homedir is defaultly set accordingly to subdomain_homedir for users from AD.
Resolves:
https://fedorahosted.org/sssd/ticket/2169
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/ipa/ipa_subdomains_id.c | 190 ++++++++++++++++++++++++++++++++++
1 file changed, 190 insertions(+)
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index c29a2a3047af105966b636422105abd15e8a3992..fb1ad896885866dd9c34f9db960e09d92763f86d 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include "util/util.h"
+#include "util/sss_nss.h"
#include "util/strtonum.h"
#include "db/sysdb.h"
#include "providers/ldap/ldap_common.h"
@@ -350,6 +351,185 @@ ipa_get_ad_id_ctx(struct ipa_id_ctx *ipa_ctx,
return (iter) ? iter->ad_id_ctx : NULL;
}
+static errno_t
+get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
+ const char *fqname, uint32_t uid,
+ const char **_homedir)
+{
+ errno_t ret;
+ char *name;
+ const char *homedir;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (tmp_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sss_parse_name(tmp_ctx, dom->names, fqname, NULL, &name);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir, name,
+ uid, NULL, dom->name, dom->flat_name);
+
+ if (homedir == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("expand_homedir_template failed\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (_homedir == NULL) {
+ ret = EINVAL;
+ goto done;
+ }
+ *_homedir = talloc_steal(mem_ctx, homedir);
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+static errno_t
+store_homedir_of_user(struct sss_domain_info *domain,
+ const char *fqname, const char *homedir)
+{
+ errno_t ret;
+ errno_t sret;
+ TALLOC_CTX *tmp_ctx;
+ bool in_transaction = false;
+ struct sysdb_attrs *attrs;
+ struct sysdb_ctx *sysdb = domain->sysdb;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ attrs = sysdb_new_attrs(tmp_ctx);
+ if (attrs == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting homedir: [%s]\n",
+ strerror(ret)));
+ goto done;
+ }
+
+ ret = sysdb_transaction_start(sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
+ goto done;
+ }
+
+ in_transaction = true;
+
+ ret = sysdb_set_user_attr(sysdb, domain, fqname, attrs, SYSDB_MOD_REP);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to update homedir information!\n"));
+ goto done;
+ }
+
+ ret = sysdb_transaction_commit(sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Cannot commit sysdb transaction [%d]: %s.\n",
+ ret, strerror(ret)));
+ goto done;
+ }
+
+ in_transaction = false;
+
+done:
+ if (in_transaction) {
+ sret = sysdb_transaction_cancel(sysdb);
+ if (sret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction.\n"));
+ }
+ }
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+static errno_t
+apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
+ int filter_type, const char *filter_value)
+{
+ errno_t ret;
+ uint32_t uid;
+ const char *fqname;
+ const char *homedir = NULL;
+ struct ldb_result *res;
+
+ if (filter_type == BE_FILTER_NAME) {
+ ret = sysdb_getpwnam(mem_ctx, dom->sysdb, dom, filter_value, &res);
+ } else if (filter_type == BE_FILTER_IDNUM) {
+ errno = 0;
+ uid = strtouint32(filter_value, NULL, 10);
+ if (errno != 0) {
+ ret = errno;
+ goto done;
+ }
+ ret = sysdb_getpwuid(mem_ctx, dom->sysdb, dom, uid, &res);
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Unsupported filter type: [%d].\n", filter_type));
+ ret = EINVAL;
+ goto done;
+ }
+
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to make request to our cache: [%d]: [%s]\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+
+ if (res->count == 0) {
+ ret = ENOENT;
+ goto done;
+ }
+
+ /*
+ * Homedir is always overriden by subdomain_homedir even if it was
+ * explicitly set by user.
+ */
+ fqname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
+ uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);
+ if (uid == 0) {
+ DEBUG(SSSDBG_OP_FAILURE, ("UID for user [%s] is not known.\n",
+ filter_value));
+ ret = ENOENT;
+ goto done;
+ }
+
+ ret = get_subdomain_homedir_of_user(mem_ctx, dom, fqname, uid, &homedir);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("get_subdomain_homedir_of_user failed: [%d]: [%s]\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+
+ ret = store_homedir_of_user(dom, fqname, homedir);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("store_homedir_of_user failed: [%d]: [%s]\n",
+ ret, sss_strerror(ret)));
+ goto done;
+ }
+
+done:
+ return ret;
+}
+
static void
ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)
{
@@ -367,6 +547,16 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)
return;
}
+ ret = apply_subdomain_homedir(state, state->user_dom,
+ state->ar->filter_type,
+ state->ar->filter_value);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("apply_subdomain_homedir failed: [%d]: [%s].\n",
+ ret, sss_strerror(ret)));
+ goto fail;
+ }
+
if ((state->ar->entry_type & BE_REQ_TYPE_MASK) != BE_REQ_INITGROUPS) {
tevent_req_done(req);
return;
--
1.8.5.3