From a4dcc9a1290cfb82fde44bb8f4a4ab8d4668cd5b Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Wed, 29 Apr 2015 19:41:14 +0200

Subject: [PATCH 203/207] confdb: Add new option subdomain_inherit

Adds a new option subdomain_inherit that would allow administrators to pick

and choose which option to pass to subdomains.

This option is required for:

    https://fedorahosted.org/sssd/ticket/2644

as a short-term fix.

The proper solution is described in:

    https://fedorahosted.org/sssd/ticket/2599

Reviewed-by: Pavel Reichl <preichl@redhat.com>

(cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8)

---

 src/confdb/confdb.c                  | 13 +++++++++++++

 src/confdb/confdb.h                  |  2 ++

 src/config/SSSDConfig/__init__.py.in |  1 +

 src/config/SSSDConfigTest.py         |  6 ++++--

 src/config/etc/sssd.api.conf         |  1 +

 src/man/sssd.conf.5.xml              | 20 +++++++++++++++++++-

 6 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c

index c55a945..6b2ce73 100644

--- a/src/confdb/confdb.c

+++ b/src/confdb/confdb.c

@@ -1212,6 +1212,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,

         }

     }

+    tmp = ldb_msg_find_attr_as_string(res->msgs[0],

+                                      CONFDB_DOMAIN_SUBDOMAIN_INHERIT,

+                                      NULL);

+    if (tmp != NULL) {

+        ret = split_on_separator(domain, tmp, ',', true, true,

+                                 &domain->sd_inherit, NULL);

+        if (ret != 0) {

+            DEBUG(SSSDBG_FATAL_FAILURE,

+                  "Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE);

+            goto done;

+        }

+    }

+

     ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval,

                               CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400);

     if (ret != EOK || domain->subdomain_refresh_interval == 0) {

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h

index 159aa9f..468c757 100644

--- a/src/confdb/confdb.h

+++ b/src/confdb/confdb.h

@@ -183,6 +183,7 @@

 #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"

 #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval"

 #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout"

+#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit"

 /* Local Provider */

 #define CONFDB_LOCAL_DEFAULT_SHELL   "default_shell"

@@ -263,6 +264,7 @@ struct sss_domain_info {

     struct sss_domain_info *next;

     bool disabled;

+    char **sd_inherit;

 };

 /**

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in

index 500bd71..8b9ab5a 100644

--- a/src/config/SSSDConfig/__init__.py.in

+++ b/src/config/SSSDConfig/__init__.py.in

@@ -144,6 +144,7 @@ option_strings = {

     'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),

     'subdomain_enumerate' : _('Control enumeration of trusted domains'),

     'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),

+    'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),

     # [provider/ipa]

     'ipa_domain' : _('IPA domain'),

diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py

index 78e22f6..6719132 100755

--- a/src/config/SSSDConfigTest.py

+++ b/src/config/SSSDConfigTest.py

@@ -538,7 +538,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):

             'hostid_provider',

             'subdomains_provider',

             'realmd_tags',

-            'subdomain_refresh_interval']

+            'subdomain_refresh_interval',

+            'subdomain_inherit']

         self.assertTrue(type(options) == dict,

                         "Options should be a dictionary")

@@ -897,7 +898,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):

             'hostid_provider',

             'subdomains_provider',

             'realmd_tags',

-            'subdomain_refresh_interval']

+            'subdomain_refresh_interval',

+            'subdomain_inherit']

         self.assertTrue(type(options) == dict,

                         "Options should be a dictionary")

diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf

index c16769a..8b3dee6 100644

--- a/src/config/etc/sssd.api.conf

+++ b/src/config/etc/sssd.api.conf

@@ -129,6 +129,7 @@ default_shell = str, None, false

 description = str, None, false

 realmd_tags = str, None, false

 subdomain_refresh_interval = int, None, false

+subdomain_inherit = str, None, false

 #Entry cache timeouts

 entry_cache_user_timeout = int, None, false

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml

index 2002ccc..f7d688a 100644

--- a/src/man/sssd.conf.5.xml

+++ b/src/man/sssd.conf.5.xml

@@ -476,7 +476,25 @@

                         </para>

                     </listitem>

                 </varlistentry>

-

+                <varlistentry>

+                    <term>subdomain_inherit (string)</term>

+                    <listitem>

+                        <para>

+                            Specifies a list of configuration parameters that

+                            should be inherited by a subdomain. Please note

+                            that only selected parameters can be inherited.

+                        </para>

+                        <para>

+                            Example:

+                            <programlisting>

+subdomain_inherit = ldap_purge_cache_timeout

+                            </programlisting>

+                        </para>

+                        <para>

+                            Default: none

+                        </para>

+                    </listitem>

+                </varlistentry>

             </variablelist>

         </refsect2>

-- 

2.1.0