1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Mon, 3 Dec 2018 14:11:31 +0100
Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
For empty home directory in passwd file sssd returns "/". Sssd
should respect system behaviour and return the same as nsswitch
"files" module - return empty string.
Resolves:
https://pagure.io/SSSD/sssd/issue/3901
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
---
src/confdb/confdb.c | 9 +++++++++
src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
src/responder/nss/nss_protocol_pwent.c | 2 +-
src/tests/intg/test_files_provider.py | 2 +-
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index a3eb9c66d9..17bb4f8274 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = ENOMEM;
goto done;
}
+ } else {
+ if (strcasecmp(domain->provider, "ad") == 0) {
+ /* ad provider default */
+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
+ if (!domain->fallback_homedir) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
index 818a2bf787..425b7e8ee0 100644
--- a/src/man/include/ad_modified_defaults.xml
+++ b/src/man/include/ad_modified_defaults.xml
@@ -76,4 +76,23 @@
</listitem>
</itemizedlist>
</refsect2>
+ <refsect2 id='nss_modifications'>
+ <title>NSS configuration</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ fallback_homedir = /home/%d/%u
+ </para>
+ <para>
+ The AD provider automatically sets
+ "fallback_homedir = /home/%d/%u" to provide personal
+ home directories for users without the homeDirectory
+ attribute. If your AD Domain is properly
+ populated with Posix attributes, and you want to avoid
+ this fallback behavior, you can explicitly
+ set "fallback_homedir = %o".
+ </para>
+ </listitem>
+ </itemizedlist>
+ </refsect2>
</refsect1>
diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
index af9e74fc86..86fa4ec465 100644
--- a/src/responder/nss/nss_protocol_pwent.c
+++ b/src/responder/nss/nss_protocol_pwent.c
@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
if (homedir == NULL) {
- return "/";
+ return "";
}
return homedir;
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index ead1cc4c34..4761f1bd15 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
Test that resolving a user without a homedir defined works and returns
a fallback value
"""
- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
|
GitWeb