From a4dcc9a1290cfb82fde44bb8f4a4ab8d4668cd5b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 29 Apr 2015 19:41:14 +0200 Subject: [PATCH 203/207] confdb: Add new option subdomain_inherit Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl (cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8) --- src/confdb/confdb.c | 13 +++++++++++++ src/confdb/confdb.h | 2 ++ src/config/SSSDConfig/__init__.py.in | 1 + src/config/SSSDConfigTest.py | 6 ++++-- src/config/etc/sssd.api.conf | 1 + src/man/sssd.conf.5.xml | 20 +++++++++++++++++++- 6 files changed, 40 insertions(+), 3 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index c55a945..6b2ce73 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1212,6 +1212,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_SUBDOMAIN_INHERIT, + NULL); + if (tmp != NULL) { + ret = split_on_separator(domain, tmp, ',', true, true, + &domain->sd_inherit, NULL); + if (ret != 0) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE); + goto done; + } + } + ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval, CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400); if (ret != EOK || domain->subdomain_refresh_interval == 0) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 159aa9f..468c757 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -183,6 +183,7 @@ #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning" #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval" #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout" +#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -263,6 +264,7 @@ struct sss_domain_info { struct sss_domain_info *next; bool disabled; + char **sd_inherit; }; /** diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 500bd71..8b9ab5a 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -144,6 +144,7 @@ option_strings = { 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"), 'subdomain_enumerate' : _('Control enumeration of trusted domains'), 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'), + 'subdomain_inherit' : _('List of options that should be inherited into a subdomain'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 78e22f6..6719132 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -538,7 +538,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'hostid_provider', 'subdomains_provider', 'realmd_tags', - 'subdomain_refresh_interval'] + 'subdomain_refresh_interval', + 'subdomain_inherit'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -897,7 +898,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'hostid_provider', 'subdomains_provider', 'realmd_tags', - 'subdomain_refresh_interval'] + 'subdomain_refresh_interval', + 'subdomain_inherit'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index c16769a..8b3dee6 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -129,6 +129,7 @@ default_shell = str, None, false description = str, None, false realmd_tags = str, None, false subdomain_refresh_interval = int, None, false +subdomain_inherit = str, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 2002ccc..f7d688a 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -476,7 +476,25 @@ - + + subdomain_inherit (string) + + + Specifies a list of configuration parameters that + should be inherited by a subdomain. Please note + that only selected parameters can be inherited. + + + Example: + +subdomain_inherit = ldap_purge_cache_timeout + + + + Default: none + + + -- 2.1.0