nss: parse user_attributes option

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

3 files changed, 48 insertions, 0 deletions

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index e2cb0b81b..fbaca6672 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -711,6 +711,32 @@ fallback_homedir = /home/%u
                         </para>
                     </listitem>
                 </varlistentry>
+                <varlistentry>
+                    <term>user_attributes (string)</term>
+                    <listitem>
+                        <para>
+                            Some of the additional NSS responder requests can
+                            return more attributes than just the POSIX ones
+                            defined by the NSS interface. The list of attributes
+                            is controlled by this option. It is handle the same
+                            way as the <quote>user_attributes</quote> option of
+                            the InfoPipe responder (see
+                            <citerefentry>
+                                <refentrytitle>sssd-ifp</refentrytitle>
+                                <manvolnum>5</manvolnum>
+                            </citerefentry>
+                            for details) but with no default values.
+                        </para>
+                        <para>
+                            To make configuration more easy the NSS responder
+                            will check the InfoPipe option if it is not set for
+                            the NSS responder.
+                        </para>
+                        <para>
+                            Default: not set, fallback to InfoPipe option
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </refsect2>
         <refsect2 id='PAM'>
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 1bbeaa153..bce06c3e8 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -214,6 +214,7 @@ static int nss_get_config(struct nss_ctx *nctx,
                           struct confdb_ctx *cdb)
 {
     int ret;
+    char *tmp_str;
 
     ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
                          CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120,
@@ -298,6 +299,25 @@ static int nss_get_config(struct nss_ctx *nctx,
                             &nctx->homedir_substr);
     if (ret != EOK) goto done;
 
+
+    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+                            CONFDB_IFP_USER_ATTR_LIST, NULL, &tmp_str);
+    if (ret != EOK) goto done;
+
+    if (tmp_str == NULL) {
+        ret = confdb_get_string(cdb, nctx, CONFDB_IFP_CONF_ENTRY,
+                                CONFDB_IFP_USER_ATTR_LIST, NULL, &tmp_str);
+        if (ret != EOK) goto done;
+    }
+
+    if (tmp_str != NULL) {
+        nctx->extra_attributes = parse_attr_list_ex(nctx, tmp_str, NULL);
+        if (nctx->extra_attributes == NULL) {
+            ret = ENOMEM;
+            goto done;
+        }
+    }
+
     ret = 0;
 done:
     return ret;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index a5b946b7e..784eba2e0 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -75,6 +75,8 @@ struct nss_ctx {
 
     struct sss_idmap_ctx *idmap_ctx;
     struct sss_names_ctx *global_names;
+
+    const char **extra_attributes;
 };
 
 struct nss_packet;