summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2015-04-29 19:41:14 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-06-08 13:27:06 +0200
commitee8b34f7a5c885b228678bf205dbc0c84be1afe2 (patch)
tree26afa0d7b657b464d0320461021667aba8adee66
parent798cc692b5452b1711fb25f801ee9b3541a57a3c (diff)
downloadsssd-ee8b34f7a5c885b228678bf205dbc0c84be1afe2.tar.gz
sssd-ee8b34f7a5c885b228678bf205dbc0c84be1afe2.tar.xz
sssd-ee8b34f7a5c885b228678bf205dbc0c84be1afe2.zip
confdb: Add new option subdomain_inherit
Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8) (cherry picked from commit da2d33f81746a9bf8abd97becaf17005e4f89d2c)
-rw-r--r--src/confdb/confdb.c13
-rw-r--r--src/confdb/confdb.h2
-rw-r--r--src/config/SSSDConfig/__init__.py.in1
-rwxr-xr-xsrc/config/SSSDConfigTest.py6
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/man/sssd.conf.5.xml20
6 files changed, 40 insertions, 3 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index dd93410cf..9ce7b1311 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1216,6 +1216,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
}
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_DOMAIN_SUBDOMAIN_INHERIT,
+ NULL);
+ if (tmp != NULL) {
+ ret = split_on_separator(domain, tmp, ',', true, true,
+ &domain->sd_inherit, NULL);
+ if (ret != 0) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE);
+ goto done;
+ }
+ }
+
ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval,
CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400);
if (ret != EOK || domain->subdomain_refresh_interval == 0) {
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 19c564020..e97c46b34 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -184,6 +184,7 @@
#define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"
#define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval"
#define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout"
+#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit"
/* Local Provider */
#define CONFDB_LOCAL_DEFAULT_SHELL "default_shell"
@@ -264,6 +265,7 @@ struct sss_domain_info {
struct sss_domain_info *next;
bool disabled;
+ char **sd_inherit;
};
/**
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index dbbffebf3..51354eb52 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -148,6 +148,7 @@ option_strings = {
'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
'subdomain_enumerate' : _('Control enumeration of trusted domains'),
'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
+ 'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),
# [provider/ipa]
'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 3a5312ea9..f94b79b25 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -538,7 +538,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'hostid_provider',
'subdomains_provider',
'realmd_tags',
- 'subdomain_refresh_interval']
+ 'subdomain_refresh_interval',
+ 'subdomain_inherit']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
@@ -897,7 +898,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'hostid_provider',
'subdomains_provider',
'realmd_tags',
- 'subdomain_refresh_interval']
+ 'subdomain_refresh_interval',
+ 'subdomain_inherit']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 4fa542704..59d755c26 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -131,6 +131,7 @@ default_shell = str, None, false
description = str, None, false
realmd_tags = str, None, false
subdomain_refresh_interval = int, None, false
+subdomain_inherit = str, None, false
#Entry cache timeouts
entry_cache_user_timeout = int, None, false
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 5325e422c..4786b02cc 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -476,7 +476,25 @@
</para>
</listitem>
</varlistentry>
-
+ <varlistentry>
+ <term>subdomain_inherit (string)</term>
+ <listitem>
+ <para>
+ Specifies a list of configuration parameters that
+ should be inherited by a subdomain. Please note
+ that only selected parameters can be inherited.
+ </para>
+ <para>
+ Example:
+ <programlisting>
+subdomain_inherit = ldap_purge_cache_timeout
+ </programlisting>
+ </para>
+ <para>
+ Default: none
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect2>