dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0206-UTIL-Inherit-ignore_group_members.patch

e543c9
From 71565f0969738171e04f35e9aba93e63e4e83a8e Mon Sep 17 00:00:00 2001
e543c9
From: Jakub Hrozek <jhrozek@redhat.com>
e543c9
Date: Tue, 28 Apr 2015 17:04:51 +0200
e543c9
Subject: [PATCH 206/207] UTIL: Inherit ignore_group_members
e543c9
e543c9
Resolves:
e543c9
    https://fedorahosted.org/sssd/ticket/2644
e543c9
e543c9
Allows the administrators to extend ignore_group_members to subdomains
e543c9
as well by setting:
e543c9
    subdomain_inherit = ignore_group_members
e543c9
in the domain section.
e543c9
e543c9
Reviewed-by: Pavel Reichl <preichl@redhat.com>
e543c9
(cherry picked from commit 01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44)
e543c9
---
e543c9
 src/man/sssd.conf.5.xml      | 4 ++++
e543c9
 src/util/domain_info_utils.c | 9 +++++++++
e543c9
 2 files changed, 13 insertions(+)
e543c9
e543c9
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
e543c9
index f7d688a..19995be 100644
e543c9
--- a/src/man/sssd.conf.5.xml
e543c9
+++ b/src/man/sssd.conf.5.xml
e543c9
@@ -483,6 +483,10 @@
e543c9
                             Specifies a list of configuration parameters that
e543c9
                             should be inherited by a subdomain. Please note
e543c9
                             that only selected parameters can be inherited.
e543c9
+                            Currently the following options can be inherited:
e543c9
+                        </para>
e543c9
+                        <para>
e543c9
+                            ignore_group_members
e543c9
                         </para>
e543c9
                         <para>
e543c9
                             Example:
e543c9
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
e543c9
index e0f1120..75eca8a 100644
e543c9
--- a/src/util/domain_info_utils.c
e543c9
+++ b/src/util/domain_info_utils.c
e543c9
@@ -206,6 +206,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
e543c9
                                       const char *forest)
e543c9
 {
e543c9
     struct sss_domain_info *dom;
e543c9
+    bool inherit_option;
e543c9
 
e543c9
     DEBUG(SSSDBG_TRACE_FUNC,
e543c9
           "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
e543c9
@@ -281,6 +282,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
e543c9
     dom->enumerate = enumerate;
e543c9
     dom->fqnames = true;
e543c9
     dom->mpg = mpg;
e543c9
+    /* If the parent domain filters out group members, the subdomain should
e543c9
+     * as well if configured */
e543c9
+    inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
e543c9
+                                    parent->sd_inherit, false);
e543c9
+    if (inherit_option) {
e543c9
+        dom->ignore_group_members = parent->ignore_group_members;
e543c9
+    }
e543c9
+
e543c9
     /* If the parent domain explicitly limits ID ranges, the subdomain
e543c9
      * should honour the limits as well.
e543c9
      */
e543c9
-- 
e543c9
2.1.0
e543c9