confdb: Add new option subdomain_inherit

Adds a new option subdomain_inherit that would allow administrators to pick
and choose which option to pass to subdomains.

This option is required for:
    https://fedorahosted.org/sssd/ticket/2644
as a short-term fix.

The proper solution is described in:
    https://fedorahosted.org/sssd/ticket/2599

Reviewed-by: Pavel Reichl <preichl@redhat.com>

2 files changed, 15 insertions, 0 deletions

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 87960c4db..9af754912 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1256,6 +1256,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         }
     }
 
+    tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                      CONFDB_DOMAIN_SUBDOMAIN_INHERIT,
+                                      NULL);
+    if (tmp != NULL) {
+        ret = split_on_separator(domain, tmp, ',', true, true,
+                                 &domain->sd_inherit, NULL);
+        if (ret != 0) {
+            DEBUG(SSSDBG_FATAL_FAILURE,
+                  "Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE);
+            goto done;
+        }
+    }
+
     ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval,
                               CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400);
     if (ret != EOK || domain->subdomain_refresh_interval == 0) {
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index c8c91288c..93fbce5e5 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -187,6 +187,7 @@
 #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"
 #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval"
 #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout"
+#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit"
 
 /* Local Provider */
 #define CONFDB_LOCAL_DEFAULT_SHELL   "default_shell"
@@ -268,6 +269,7 @@ struct sss_domain_info {
     struct sss_domain_info *next;
 
     bool disabled;
+    char **sd_inherit;
 };
 
 /**