Blame SOURCES/0001-Change-qualified-names-default-for-IPA.patch

688d36
From 21ab1fdd127d242a9b4e95c3c90dd2bf3159d149 Mon Sep 17 00:00:00 2001
688d36
From: Sumit Bose <sbose@redhat.com>
688d36
Date: Tue, 14 Aug 2018 16:44:39 +0200
688d36
Subject: [PATCH] Change qualified names default for IPA
688d36
688d36
In a FreeIPA domain it is typically expected that the IPA accounts use
688d36
sort names while accounts from trusted domains have fully qualified
688d36
names. This is automatically done by SSSD's IPA provider so there is no
688d36
need to force fully qualified names in the SSSD configuration.
688d36
688d36
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1619162
688d36
---
688d36
 service/realm-options.c       | 9 +++++----
688d36
 service/realm-options.h       | 3 ++-
688d36
 service/realm-samba-winbind.c | 2 +-
688d36
 service/realm-sssd-ad.c       | 2 +-
688d36
 service/realm-sssd-ipa.c      | 2 +-
688d36
 5 files changed, 10 insertions(+), 8 deletions(-)
688d36
688d36
diff --git a/service/realm-options.c b/service/realm-options.c
688d36
index bd804ea..34a209f 100644
688d36
--- a/service/realm-options.c
688d36
+++ b/service/realm-options.c
688d36
@@ -98,7 +98,7 @@ realm_options_automatic_mapping (GVariant *options,
688d36
 
688d36
 	if (realm_name && !option) {
688d36
 		section = g_utf8_casefold (realm_name, -1);
688d36
-		mapping = realm_settings_boolean (realm_name, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
688d36
+		mapping = realm_settings_boolean (section, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
688d36
 		g_free (section);
688d36
 	}
688d36
 
688d36
@@ -112,20 +112,21 @@ realm_options_automatic_join (const gchar *realm_name)
688d36
 	gboolean mapping;
688d36
 
688d36
 	section = g_utf8_casefold (realm_name, -1);
688d36
-	mapping = realm_settings_boolean (realm_name, "automatic-join", FALSE);
688d36
+	mapping = realm_settings_boolean (section, "automatic-join", FALSE);
688d36
 	g_free (section);
688d36
 
688d36
 	return mapping;
688d36
 }
688d36
 
688d36
 gboolean
688d36
-realm_options_qualify_names (const gchar *realm_name)
688d36
+realm_options_qualify_names (const gchar *realm_name,
688d36
+                             gboolean def)
688d36
 {
688d36
 	gchar *section;
688d36
 	gboolean qualify;
688d36
 
688d36
 	section = g_utf8_casefold (realm_name, -1);
688d36
-	qualify = realm_settings_boolean (realm_name, "fully-qualified-names", TRUE);
688d36
+	qualify = realm_settings_boolean (section, "fully-qualified-names", def);
688d36
 	g_free (section);
688d36
 
688d36
 	return qualify;
688d36
diff --git a/service/realm-options.h b/service/realm-options.h
688d36
index 7a1355e..b71d219 100644
688d36
--- a/service/realm-options.h
688d36
+++ b/service/realm-options.h
688d36
@@ -37,7 +37,8 @@ const gchar *  realm_options_user_principal           (GVariant *options,
688d36
 gboolean       realm_options_automatic_mapping        (GVariant *options,
688d36
 						       const gchar *realm_name);
688d36
 
688d36
-gboolean       realm_options_qualify_names            (const gchar *realm_name);
688d36
+gboolean       realm_options_qualify_names            (const gchar *realm_name,
688d36
+                                                       gboolean def);
688d36
 
688d36
 gboolean       realm_options_check_domain_name        (const gchar *domain_name);
688d36
 
688d36
diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
688d36
index 9335e26..61988eb 100644
688d36
--- a/service/realm-samba-winbind.c
688d36
+++ b/service/realm-samba-winbind.c
688d36
@@ -102,7 +102,7 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
688d36
 		                      "winbind enum groups", "no",
688d36
 		                      "winbind offline logon", "yes",
688d36
 		                      "winbind refresh tickets", "yes",
688d36
-		                      "winbind use default domain", realm_options_qualify_names (domain_name )? "no" : "yes",
688d36
+		                      "winbind use default domain", realm_options_qualify_names (domain_name, TRUE )? "no" : "yes",
688d36
 		                      "template shell", realm_settings_string ("users", "default-shell"),
688d36
 		                      NULL);
688d36
 
688d36
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
688d36
index 8543ca8..de7ce30 100644
688d36
--- a/service/realm-sssd-ad.c
688d36
+++ b/service/realm-sssd-ad.c
688d36
@@ -172,7 +172,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
688d36
 	gchar *home;
688d36
 
688d36
 	home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
688d36
-	qualify = realm_options_qualify_names (disco->domain_name);
688d36
+	qualify = realm_options_qualify_names (disco->domain_name, TRUE);
688d36
 	shell = realm_settings_string ("users", "default-shell");
688d36
 	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
688d36
 	realmd_tags = g_string_new ("");
688d36
diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
688d36
index ff1dc8a..5029f6b 100644
688d36
--- a/service/realm-sssd-ipa.c
688d36
+++ b/service/realm-sssd-ipa.c
688d36
@@ -201,7 +201,7 @@ on_ipa_client_do_restart (GObject *source,
688d36
 
688d36
 		realm_sssd_config_update_domain (config, domain, &error,
688d36
 		                                 "cache_credentials", "True",
688d36
-		                                 "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False",
688d36
+		                                 "use_fully_qualified_names", realm_options_qualify_names (domain, FALSE) ? "True" : "False",
688d36
 		                                 "krb5_store_password_if_offline", "True",
688d36
 		                                 "default_shell", shell,
688d36
 		                                 "fallback_homedir", home,
688d36
-- 
688d36
2.17.1
688d36