From 3660f49f81e4db07be66fe0887af9d62065f1f2c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 6 Nov 2013 14:12:11 +0100
Subject: IFP: use a list of allowed_uids for authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Similar to the PAC responder, the InfoPipe uses a list of UIDs that are
allowed to communicate with the IFP responder.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
---
 src/config/SSSDConfig/__init__.py.in | 3 +++
 src/config/SSSDConfigTest.py         | 6 ++++--
 src/config/etc/sssd.api.conf         | 4 ++++
 3 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'src/config')

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 64807d8d1..3f17a923b 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -95,6 +95,9 @@ option_strings = {
     # [pac]
     'allowed_uids': _('List of UIDs or user names allowed to access the PAC responder'),
 
+    # [ifp]
+    'allowed_uids': _('List of UIDs or user names allowed to access the InfoPipe responder'),
+
     # [provider]
     'id_provider' : _('Identity provider'),
     'auth_provider' : _('Authentication provider'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index bfec8d058..a3c25540d 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1234,7 +1234,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
             'sudo',
             'autofs',
             'ssh',
-            'pac']
+            'pac',
+            'ifp']
         for section in control_list:
             self.assertTrue(sssdconfig.has_section(section),
                             "Section [%s] missing" %
@@ -1327,7 +1328,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
             'sudo',
             'autofs',
             'ssh',
-            'pac']
+            'pac',
+            'ifp']
         service_list = sssdconfig.list_services()
         for service in control_list:
             self.assertTrue(service in service_list,
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 14e80639e..a5cb62f45 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -71,6 +71,10 @@ ssh_known_hosts_timeout = int, None, false
 # PAC responder
 allowed_uids = str, None, false
 
+[ifp]
+# InfoPipe responder
+allowed_uids = str, None, false
+
 [provider]
 #Available provider types
 id_provider = str, None, true
-- 
cgit