URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
pedrohc commented:
"""
CVE-2019-3811 was assigned to this issue.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-453608710
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
* sssd-1-16: 28792523a01a7d21bcc8931794164f253e691a68
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-446378330
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
* master: 90f32399b4100ce39cf665649fde82d215e5eb49
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-446378006
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
Thank @jhrozek this clears it!
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-446204376
___
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
The patch does change the behaviour, but it's also just a fallback, so whatever
you had defined in AD LDAP is still used.
Let me give an example:
- before the
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
Wait, does this mean it changes current behavior for AD domains ?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-446198589
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
Or would it previously return "/" unconditionally ?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-446198697
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
Seems to work fine, by default I get /home/domain/username for all admins, when
I set fallback_homedir=%o then the unixHomeDirectory attribute is used instead.
"""
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
thalman commented:
"""
there is now one extra commit with default for ad, just to be on the same page
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
I also had a follow-up discussion with simo on IRC, let me paste rephrasing:
- the AD provider should have an AD specific internal option that generates
the homedir.
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
On Tue, 2018-12-04 at 05:51 -0800, Jakub Hrozek wrote:
> Then why not set a default value for fallback homedir? :-)
Because that would override an empty home dir in all
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
I thought that fallback_homedir = "" would work but it doesn't, not even with
escaping quotes. An empty attribute is silently ignored.
About whether we care about
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
thalman commented:
"""
> > Or at least we should IMO add some backwards compatible handling when this
> > patch makes it to fedora or RHEL otherwise admins might not be happy. From
> >
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
> On Tue, 2018-12-04 at 04:51 -0800, Jakub Hrozek wrote: Thanks, this passes
> the test. And of course the patch is correct, but after some more testing, I
> wonder
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
On Tue, 2018-12-04 at 04:51 -0800, Jakub Hrozek wrote:
> Thanks, this passes the test. And of course the patch is correct,
> but after some more testing, I wonder if we
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
Thanks, this passes the test. And of course the patch is correct, but after
some more testing, I wonder if we should at least for one release default to
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
You also need to amend `test_user_no_dir` in
`src/tests/intg/test_files_provider.py`
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
thalman commented:
"""
@simo5 I thought about it more and I get to the same conclusion, PR updated
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-444059683
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
@thalman those other cases are already handled in the call right above your
change.
So if those are handled homdir will arelady be "not null".
I think all you need to
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
thalman commented:
"""
> This should probably not be specific to the files provider.
> An empty home directory is a valid value and should be returned as is if the
> source database
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
thalman commented:
"""
> This should probably not be specific to the files provider.
> An empty home directory is a valid value and should be returned as is if the
> source database
URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
simo5 commented:
"""
This should probably not be specific to the files provider.
An empty home directory is a valid value and should be returned as is if the
source database specifies an
22 matches
Mail list logo
