>From 52d55a95754e77deb8daa7154bc8310e7ba08d24 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 28 Apr 2015 13:48:42 +0200
Subject: [PATCH 5/5] subdomains: Inherit cleanup period and tokengroup
 settings from parent domain

Allows the administrator to extend the functionality of
ldap_purge_cache_timeout, ldap_user_principal and ldap_use_tokengroups to
the subdomains.

This is a less intrusive way of achieving:
    https://fedorahosted.org/sssd/ticket/2627
---
 src/man/sssd.conf.5.xml            |  9 +++++++
 src/providers/ad/ad_subdomains.c   |  4 ++++
 src/providers/ipa/ipa_subdomains.c |  4 ++++
 src/providers/ldap/ldap_common.c   | 49 ++++++++++++++++++++++++++++++++++++++
 src/providers/ldap/ldap_common.h   |  3 +++
 5 files changed, 69 insertions(+)

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 55623991c981615e2ad552d7bc5ca956bd45cc62..75d13a631e23c0c9518e05f48d66209c8c47d237 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -492,6 +492,15 @@
                             ignore_group_members
                         </para>
                         <para>
+                            ldap_purge_cache_timeout
+                        </para>
+                        <para>
+                            ldap_use_tokengroups
+                        </para>
+                        <para>
+                            ldap_user_principal
+                        </para>
+                        <para>
                             Example:
                             <programlisting>
 subdomain_inherit = ldap_purge_cache_timeout
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 5a6e9338d6dc581fba4f76e8b28f92a558eb6294..7785582693ece96a642c52c5210290305cfbc718 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -183,6 +183,10 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
         return EFAULT;
     }
 
+    sdap_inherit_options(subdom->parent,
+                         id_ctx->sdap_id_ctx->opts,
+                         ad_id_ctx->sdap_id_ctx->opts);
+
     /* Set up the ID mapping object */
     ad_id_ctx->sdap_id_ctx->opts->idmap_ctx =
         id_ctx->sdap_id_ctx->opts->idmap_ctx;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index f863b806c8fed01f498d18b953832ebeba7a85d3..31785b6fdb94124c17105f35e0053050a6842e44 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -232,6 +232,10 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
         return EFAULT;
     }
 
+    sdap_inherit_options(subdom->parent,
+                         id_ctx->sdap_id_ctx->opts,
+                         ad_id_ctx->sdap_id_ctx->opts);
+
     ret = sdap_id_setup_tasks(be_ctx,
                               ad_id_ctx->sdap_id_ctx,
                               sdom,
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 8133431cc35f008768484b43cf7926d41fa0b2e0..222240b6bea6fc462f4f496cf6e270a904afbdfd 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -962,3 +962,52 @@ sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
 
     return sdap_ctx;
 }
+
+static void sdap_inherit_basic_options(struct sss_domain_info *parent_dom,
+                                       struct dp_option *parent_opts,
+                                       struct dp_option *subdom_opts)
+{
+    int inherit_options[] = {
+        SDAP_CACHE_PURGE_TIMEOUT,
+        SDAP_AD_USE_TOKENGROUPS,
+        SDAP_OPTS_BASIC     /* sentinel */
+    };
+    int i;
+
+    for (i = 0; inherit_options[i] != SDAP_OPTS_BASIC; i++) {
+        dp_option_inherit(parent_dom,
+                          inherit_options[i],
+                          parent_opts,
+                          subdom_opts);
+    }
+}
+
+static void sdap_inherit_user_options(struct sss_domain_info *parent_dom,
+                                      struct sdap_attr_map *parent_user_map,
+                                      struct sdap_attr_map *child_user_map)
+{
+    int inherit_options[] = {
+        SDAP_AT_USER_PRINC,
+        SDAP_OPTS_USER          /* sentinel */
+    };
+    int i;
+
+    for (i = 0; inherit_options[i] != SDAP_OPTS_USER; i++) {
+        sdap_copy_map_entry(parent_user_map,
+                            child_user_map,
+                            inherit_options[i]);
+    }
+}
+
+void sdap_inherit_options(struct sss_domain_info *parent_dom,
+                          struct sdap_options *parent_sdap_opts,
+                          struct sdap_options *child_sdap_opts)
+{
+    sdap_inherit_basic_options(parent_dom,
+                               parent_sdap_opts->basic,
+                               child_sdap_opts->basic);
+
+    sdap_inherit_user_options(parent_dom,
+                              parent_sdap_opts->user_map,
+                              child_sdap_opts->user_map);
+}
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index c142af3452a0bc9a10d90d13c9586c4dd78a768b..33d4259a50026777d55cb51faac23a107b9307fd 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -331,4 +331,7 @@ sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
 errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx,
                           struct sdap_id_ctx *id_ctx);
 
+void sdap_inherit_options(struct sss_domain_info *parent_dom,
+                          struct sdap_options *parent_sdap_opts,
+                          struct sdap_options *child_sdap_opts);
 #endif /* _LDAP_COMMON_H_ */
-- 
2.1.0