>From e5dba59a12d8d2a05238a767f3587dcbd7f20e22 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 29 Apr 2015 19:41:14 +0200
Subject: [PATCH 1/5] confdb: Add new option subdomain_inherit

Adds a new option subdomain_inherit that would allow administrators to pick
and choose which option to pass to subdomains.

This option is required for:
    https://fedorahosted.org/sssd/ticket/2644
as a short-term fix.

The proper solution is described in:
    https://fedorahosted.org/sssd/ticket/2599
---
 src/confdb/confdb.c                  | 13 +++++++++++++
 src/confdb/confdb.h                  |  2 ++
 src/config/SSSDConfig/__init__.py.in |  1 +
 src/config/SSSDConfigTest.py         |  6 ++++--
 src/config/etc/sssd.api.conf         |  1 +
 src/man/sssd.conf.5.xml              | 20 +++++++++++++++++++-
 6 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 87960c4db6e698ee5c3b2a24ca18f8d53458c7ca..9af754912e248b83a71b253109e408bf004eda31 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1256,6 +1256,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         }
     }
 
+    tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                      CONFDB_DOMAIN_SUBDOMAIN_INHERIT,
+                                      NULL);
+    if (tmp != NULL) {
+        ret = split_on_separator(domain, tmp, ',', true, true,
+                                 &domain->sd_inherit, NULL);
+        if (ret != 0) {
+            DEBUG(SSSDBG_FATAL_FAILURE,
+                  "Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE);
+            goto done;
+        }
+    }
+
     ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval,
                               CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400);
     if (ret != EOK || domain->subdomain_refresh_interval == 0) {
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index c8c91288cd63df7629a98802b7b5373df92d6ca4..93fbce5e5e46e4a7517d971f2ab886ded65a68f3 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -187,6 +187,7 @@
 #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"
 #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval"
 #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout"
+#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit"
 
 /* Local Provider */
 #define CONFDB_LOCAL_DEFAULT_SHELL   "default_shell"
@@ -268,6 +269,7 @@ struct sss_domain_info {
     struct sss_domain_info *next;
 
     bool disabled;
+    char **sd_inherit;
 };
 
 /**
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index f58c52faf7dd3f9199bd0af4286546d4fe804a88..af7f1bffbd910c0dee177eb64996233ac18fff19 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -148,6 +148,7 @@ option_strings = {
     'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
     'subdomain_enumerate' : _('Control enumeration of trusted domains'),
     'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
+    'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),
 
     # [provider/ipa]
     'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 60f51ca769503be42ba9c82cdb07cf555407d61b..c6ba9f05106990d9e43df106305babb2dafdeea5 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -546,7 +546,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'hostid_provider',
             'subdomains_provider',
             'realmd_tags',
-            'subdomain_refresh_interval']
+            'subdomain_refresh_interval',
+            'subdomain_inherit']
 
         self.assertTrue(type(options) == dict,
                         "Options should be a dictionary")
@@ -908,7 +909,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'hostid_provider',
             'subdomains_provider',
             'realmd_tags',
-            'subdomain_refresh_interval']
+            'subdomain_refresh_interval',
+            'subdomain_inherit']
 
         self.assertTrue(type(options) == dict,
                         "Options should be a dictionary")
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index f1ac6366c73c03fe5c60c79bfe7b15fde9382215..7ad84cd826a648ca61d9d2ede70e7886049d469a 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -132,6 +132,7 @@ default_shell = str, None, false
 description = str, None, false
 realmd_tags = str, None, false
 subdomain_refresh_interval = int, None, false
+subdomain_inherit = str, None, false
 
 #Entry cache timeouts
 entry_cache_user_timeout = int, None, false
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index b5782b7942939fd18fb2e719e0c3e8c31ae25621..7d0ba057437f6b4b053b5ce3abec9d5324124d14 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -479,7 +479,25 @@
                         </para>
                     </listitem>
                 </varlistentry>
-
+                <varlistentry>
+                    <term>subdomain_inherit (string)</term>
+                    <listitem>
+                        <para>
+                            Specifies a list of configuration parameters that
+                            should be inherited by a subdomain. Please note
+                            that only selected parameters can be inherited.
+                        </para>
+                        <para>
+                            Example:
+                            <programlisting>
+subdomain_inherit = ldap_purge_cache_timeout
+                            </programlisting>
+                        </para>
+                        <para>
+                            Default: none
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </refsect2>
 
-- 
2.1.0