dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0007-SYSDB-Inherit-cached_auth_timeout-from-the-main-doma.patch

841ac7
From fedfc4fa5978dc0ef2c3b6efcd1e9462a8575b3a Mon Sep 17 00:00:00 2001
841ac7
From: Jakub Hrozek <jhrozek@redhat.com>
841ac7
Date: Thu, 7 Mar 2019 22:13:32 +0100
841ac7
Subject: [PATCH] SYSDB: Inherit cached_auth_timeout from the main domain
841ac7
MIME-Version: 1.0
841ac7
Content-Type: text/plain; charset=UTF-8
841ac7
Content-Transfer-Encoding: 8bit
841ac7
841ac7
cached_auth_timeout is a domain option used by the responder. And
841ac7
because at the moment the options read from a subdomain section (e.g.
841ac7
[domain/main/trusted] are only those represented by the back end specific
841ac7
dp_option structure instance, the option cached_auth_timeout, which
841ac7
is directly read from the confdb was not set for the main domain.
841ac7
841ac7
This is a minimal patch that just inherits the option from the main
841ac7
domain until SSSD has a more systematic way of inheriting config
841ac7
attributes regardless of how they are read and set.
841ac7
841ac7
Resolves:
841ac7
https://pagure.io/SSSD/sssd/issue/3960
841ac7
841ac7
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
841ac7
(cherry picked from commit 4dd268333ca9ca13555f5dfbd2928154b885a3e7)
841ac7
---
841ac7
 src/db/sysdb_subdomains.c | 1 +
841ac7
 src/man/sssd.conf.5.xml   | 5 +++++
841ac7
 2 files changed, 6 insertions(+)
841ac7
841ac7
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
841ac7
index e380e6c8b..34d052fdd 100644
841ac7
--- a/src/db/sysdb_subdomains.c
841ac7
+++ b/src/db/sysdb_subdomains.c
841ac7
@@ -154,6 +154,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
841ac7
     dom->cache_credentials = parent->cache_credentials;
841ac7
     dom->cache_credentials_min_ff_length =
841ac7
                                         parent->cache_credentials_min_ff_length;
841ac7
+    dom->cached_auth_timeout = parent->cached_auth_timeout;
841ac7
     dom->case_sensitive = false;
841ac7
     dom->user_timeout = parent->user_timeout;
841ac7
     dom->group_timeout = parent->group_timeout;
841ac7
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
841ac7
index ef5a4b952..41ba7b924 100644
841ac7
--- a/src/man/sssd.conf.5.xml
841ac7
+++ b/src/man/sssd.conf.5.xml
841ac7
@@ -2962,6 +2962,11 @@ subdomain_inherit = ldap_purge_cache_timeout
841ac7
                             authenticated using cached credentials while
841ac7
                             SSSD is in the online mode.
841ac7
                         </para>
841ac7
+                        <para>
841ac7
+                            This option's value is inherited by all trusted
841ac7
+                            domains. At the moment it is not possible to set
841ac7
+                            a different value per trusted domain.
841ac7
+                        </para>
841ac7
                         <para>
841ac7
                             Special value 0 implies that this feature is
841ac7
                             disabled.
841ac7
-- 
841ac7
2.19.1
841ac7