From 5377817417b800335c5ae21f7e6b301ddbcbe1d1 Mon Sep 17 00:00:00 2001
From: Petr Cech <pcech@redhat.com>
Date: Fri, 13 May 2016 05:21:07 -0400
Subject: [PATCH 103/108] AD_PROVIDER: Add ad_enabled_domains option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves:
https://fedorahosted.org/sssd/ticket/2828

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/config/SSSDConfig/__init__.py.in   |  1 +
 src/config/cfg_rules.ini               |  1 +
 src/config/etc/sssd.api.d/sssd-ad.conf |  1 +
 src/man/sssd-ad.5.xml                  | 27 +++++++++++++++++++++++++++
 src/providers/ad/ad_common.h           |  1 +
 src/providers/ad/ad_opts.c             |  1 +
 6 files changed, 32 insertions(+)

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index ac538788b9878dc2613cb48b7483d392cca41d47..1718a9babf390b95710ec356f25f09ea679bdd73 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -192,6 +192,7 @@ option_strings = {
 
     # [provider/ad]
     'ad_domain' : _('Active Directory domain'),
+    'ad_enabled_domains' : _('Enabled Active Directory domains'),
     'ad_server' : _('Active Directory server address'),
     'ad_backup_server' : _('Active Directory backup server address'),
     'ad_hostname' : _('Active Directory client hostname'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index bd0116f334e2605e7671a208225761421511a75a..ef6435b08aee416e377fe854e6768f3fa4fd9650 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -335,6 +335,7 @@ option = ad_access_filter
 option = ad_backup_server
 option = ad_domain
 option = ad_enable_dns_sites
+option = ad_enabled_domains
 option = ad_enable_gc
 option = ad_gpo_access_control
 option = ad_gpo_cache_timeout
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index 87a74f4af0770874c71baaea02d2313721db78bf..8d97a416c8c97bff096042b0b70a3b2c18183710 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -1,5 +1,6 @@
 [provider/ad]
 ad_domain = str, None, false
+ad_enabled_domains = str, None, false
 ad_server = str, None, false
 ad_backup_server = str, None, false
 ad_hostname = str, None, false
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index ef27976dd62e164cfb91359efc69bd54e1aa9711..8a2f4ade9387f0d5723b7056bdce9e83363cf035 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -114,6 +114,33 @@ ldap_id_mapping = False
                 </varlistentry>
 
                 <varlistentry>
+                    <term>ad_enabled_domains (string)</term>
+                    <listitem>
+                        <para>
+                            A comma-separated list of enabled Active Directory domains.
+                            If provided, SSSD will ignore any domains not listed in this
+                            option. If left unset, all domains from the AD forest will
+                            be available.
+                        </para>
+                        <para>
+                            For proper operation, this option must be specified in all
+                            lower-case and as the fully qualified domain name of the
+                            Active Directory domain. For example:
+                            <programlisting>
+ad_enabled_domains = sales.example.com, eng.example.com
+                            </programlisting>
+                        </para>
+                        <para>
+                            The short domain name (also known as the NetBIOS or the flat
+                            name) will be autodetected by SSSD.
+                        </para>
+                        <para>
+                            Default: Not set
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ad_server, ad_backup_server (string)</term>
                     <listitem>
                         <para>
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index 7e86faf1142d7be49eef01e1ddd7bfafea2fcedc..23351e328968918aa9ca9009c052e670a7d55258 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -42,6 +42,7 @@ struct ad_options;
 
 enum ad_basic_opt {
     AD_DOMAIN = 0,
+    AD_ENABLED_DOMAINS,
     AD_SERVER,
     AD_BACKUP_SERVER,
     AD_HOSTNAME,
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 829f9d9556bc3fa74a95eb76db0e31b19befe8fe..fc1dc67337845754eba8c879c78e08c1777a4abc 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -28,6 +28,7 @@
 
 struct dp_option ad_basic_opts[] = {
     { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "ad_enabled_domains", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-- 
2.4.11