DESKPROFILE: Introduce the new IPA session provider

In order to provide FleetCommander[0] integration, a session provider
has been introduced for IPA. The design of this feature and more
technical details can be found at [1] and [2], which are the design
pages of both freeIPA and SSSD parts.

As there's no way to test freeIPA integration with our upstream tests,
no test has been provided yet.

Is also worth to mention that the name "deskprofile" has been chosen
instead of "fleetcmd" in order to match with the freeIPA plugin. It
means that, for consistence, all source files, directories created,
options added, functions prefixes and so on are following the choice
accordingly.

[0]: https://wiki.gnome.org/Projects/FleetCommander
[1]: https://github.com/abbra/freeipa-desktop-profile/blob/master/plugin/Feature.mediawiki
[2]: https://docs.pagure.org/SSSD.sssd/design_pages/fleet_commander_integration.html

Resolves:
https://pagure.io/SSSD/sssd/issue/2995

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

6 files changed, 13 insertions, 0 deletions

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index de757521c..2a19b60a9 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -154,6 +154,7 @@ option_strings = {
     'autofs_provider' : _('Autofs provider'),
     'hostid_provider' : _('Host identity provider'),
     'selinux_provider' : _('SELinux provider'),
+    'session_provider' : _('Session management provider'),
 
     # [domain]
     'domain_type' : _('Whether the domain is usable by the OS or by applications'),
@@ -217,6 +218,8 @@ option_strings = {
     'ipa_anchor_uuid': _("Attribute with the reference to the original object"),
     'ipa_user_override_object_class': _("Objectclass for user override objects"),
     'ipa_group_override_object_class': _("Objectclass for group override objects"),
+    'ipa_deskprofile_search_base': _("Search base for Desktop Profile related objects"),
+    'ipa_deskprofile_refresh': _("The amount of time in seconds between lookups of the Desktop Profile rules against the IPA server"),
 
     # [provider/ad]
     'ad_domain' : _('Active Directory domain'),
diff --git a/src/config/SSSDConfig/sssd_upgrade_config.py b/src/config/SSSDConfig/sssd_upgrade_config.py
index 767d06ddc..d2d94b21e 100644
--- a/src/config/SSSDConfig/sssd_upgrade_config.py
+++ b/src/config/SSSDConfig/sssd_upgrade_config.py
@@ -148,6 +148,7 @@ class SSSDConfigFile(SSSDChangeConf):
                        'auth_provider' : 'auth-module',
                        'access_provider' : 'access-module',
                        'chpass_provider' : 'chpass-module',
+                       'session_provider' : 'session-module',
                        'use_fully_qualified_names' : 'useFullyQualifiedNames',
                        'store_legacy_passwords' : 'store-legacy-passwords',
                       }
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 5f3ff3958..d0e97f02b 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -616,6 +616,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'hostid_provider',
             'subdomains_provider',
             'selinux_provider',
+            'session_provider',
             'realmd_tags',
             'subdomain_refresh_interval',
             'subdomain_inherit',
@@ -986,6 +987,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'hostid_provider',
             'subdomains_provider',
             'selinux_provider',
+            'session_provider',
             'realmd_tags',
             'subdomain_refresh_interval',
             'subdomain_inherit',
@@ -1381,6 +1383,7 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
             'id_provider',
             'auth_provider',
             'access_provider',
+            'session_provider',
             'default_shell',
             'fallback_homedir',
             'cache_credentials',
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index cba59d2c3..3ebd39e93 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -330,6 +330,7 @@ option = autofs_provider
 option = hostid_provider
 option = subdomains_provider
 option = selinux_provider
+option = session_provider
 
 # Options available to all domains
 option = domain_type
@@ -438,6 +439,8 @@ option = ad_site
 option = ipa_anchor_uuid
 option = ipa_automount_location
 option = ipa_backup_server
+option = ipa_deskprofile_refresh
+option = ipa_deskprofile_search_base
 option = ipa_domain
 option = ipa_dyndns_iface
 option = ipa_dyndns_ttl
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 0d11771ae..9eb6aeb83 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -139,6 +139,7 @@ autofs_provider = str, None, false
 hostid_provider = str, None, false
 subdomains_provider = str, None, false
 selinux_provider = str, None, false
+session_provider = str, None, false
 
 [domain]
 # Options available to all domains
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index f36b568c3..8178b123e 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -3,6 +3,7 @@ ipa_domain = str, None, false
 ipa_server = str, None, false
 ipa_backup_server = str, None, false
 ipa_hostname = str, None, false
+ipa_deskprofile_search_base = str, None, false
 ipa_dyndns_update = bool, None, false
 ipa_dyndns_ttl = int, None, false
 ipa_dyndns_iface = str, None, false
@@ -193,6 +194,7 @@ ldap_autofs_search_base = str, None, false
 [provider/ipa/chpass]
 
 [provider/ipa/session]
+ipa_deskprofile_refresh = int, None, false
 ipa_host_object_class = str, None, false
 ipa_host_name = str, None, false
 ipa_host_fqdn = str, None, false