diff options
| -rw-r--r-- | src/confdb/confdb.h | 1 | ||||
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 7 | ||||
| -rw-r--r-- | src/config/cfg_rules.ini | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
| -rw-r--r-- | src/man/sssd.conf.5.xml | 20 | ||||
| -rw-r--r-- | src/responder/common/responder.h | 1 | ||||
| -rw-r--r-- | src/responder/common/responder_common.c | 27 |
8 files changed, 58 insertions, 1 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index fb60675ca..56a603652 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -74,6 +74,7 @@ #define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification" #define CONFDB_MONITOR_DISABLE_NETLINK "disable_netlink" #define CONFDB_MONITOR_ENABLE_FILES_DOM "enable_files_domain" +#define CONFDB_MONITOR_DOMAIN_RESOLUTION_ORDER "domain_resolution_order" /* Both monitor and domains */ #define CONFDB_NAME_REGEX "re_expression" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 29e9b4fae..0edc3ea84 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -66,6 +66,7 @@ option_strings = { 'override_space': _('All spaces in group or user names will be replaced with this character'), 'disable_netlink' : _('Tune sssd to honor or ignore netlink state changes'), 'enable_files_domain' : _('Enable or disable the implicit files domain'), + 'domain_resolution_order': _('A specific order of the domains to be looked up'), # [nss] 'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 457a6f0a0..6899bf8ae 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -94,6 +94,10 @@ class SSSDConfigTestValid(unittest.TestCase): self.assertTrue('default_domain_suffix' in new_options) self.assertEquals(new_options['default_domain_suffix'][0], str) + self.assertTrue('domain_resolution_order' in new_options) + self.assertEquals(new_options['domain_resolution_order'][0], list) + self.assertEquals(new_options['domain_resolution_order'][1], str) + del sssdconfig def testDomains(self): @@ -314,7 +318,8 @@ class SSSDConfigTestSSSDService(unittest.TestCase): 'certificate_verification', 'override_space', 'disable_netlink', - 'enable_files_domain'] + 'enable_files_domain', + 'domain_resolution_order'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 933ebccd8..41efcea55 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -43,6 +43,7 @@ option = override_space option = config_file_version option = disable_netlink option = enable_files_domain +option = domain_resolution_order [rule/allowed_nss_options] validator = ini_allowed_options diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 08cecf003..6965028e1 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -32,6 +32,7 @@ certificate_verification = str, None, false override_space = str, None, false disable_netlink = bool, None, false enable_files_domain = str, None, false +domain_resolution_order = list, str, false [nss] # Name service diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 1c27742cf..4fe13b85d 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -542,6 +542,26 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>domain_resolution_order</term> + <listitem> + <para> + Comma separated list of domains and subdomains + representing the lookup order that will be + followed. + The list doesn't have to include all possible + domains as the missing domains will be looked + up based on the order they're presented in the + <quote>domains</quote> configuration option. + The subdomains which are not listed as part of + <quote>lookup_order</quote> will be looked up + in a random order for each parent domain. + </para> + <para> + Default: Not set + </para> + </listitem> + </varlistentry> </variablelist> </para> </refsect2> diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 29e3f95ca..421030748 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -115,6 +115,7 @@ struct resp_ctx { int client_idle_timeout; struct cache_req_domain *cr_domains; + const char *domain_resolution_order; time_t last_request_time; int idle_timeout; diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 1792a4c37..154d7dc77 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1163,6 +1163,19 @@ int sss_process_init(TALLOC_CTX *mem_ctx, rctx->override_space = tmp[0]; } + ret = confdb_get_string(rctx->cdb, rctx, + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_DOMAIN_RESOLUTION_ORDER, NULL, + &tmp); + if (ret == EOK) { + rctx->domain_resolution_order = sss_replace_char(rctx, tmp, ',', ':'); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot get the \"domain_resolution_order\" option.\n" + "The set up lookup_order won't be followed [%d]: %s.\n", + ret, sss_strerror(ret)); + } + ret = sss_monitor_init(rctx, rctx->ev, monitor_intf, svc_name, svc_version, MT_SVC_SERVICE, rctx, &rctx->last_request_time, @@ -1546,6 +1559,20 @@ errno_t sss_resp_populate_cr_domains(struct resp_ctx *rctx) struct sss_domain_info *dom; errno_t ret; + if (rctx->domain_resolution_order != NULL) { + cr_domains = cache_req_domain_new_list_from_domain_resolution_order( + rctx, rctx->domains, rctx->domain_resolution_order); + + if (cr_domains == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to use domain_resolution_order set in the config file.\n" + "Trying to fallback to use ipaDomainOrderResolution setup by " + "IPA.\n"); + } else { + goto done; + } + } + for (dom = rctx->domains; dom != NULL; dom = dom->next) { if (dom->provider != NULL && strcmp(dom->provider, "ipa") == 0) { break; |