Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate and make support of 'ad_allow_remote_domain_local_groups' #7741

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ WITH_SUDO_LIB_PATH
WITH_AUTOFS
WITH_FILES_PROVIDER
WITH_EXTENDED_ENUMERATION_SUPPORT
WITH_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS
WITH_CONF_SERVICE_USER_SUPPORT
WITH_SUBID
WITH_SUBID_LIB_PATH
Expand Down
1 change: 1 addition & 0 deletions contrib/sssd.spec.in
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,7 @@ autoreconf -ivf
--with-files-provider \
--with-extended-enumeration-support \
--with-ssh-known-hosts-proxy \
--with-allow-remote-domain-local-groups \
%endif
%if %{build_subid}
--with-subid \
Expand Down
17 changes: 17 additions & 0 deletions src/conf_macros.m4
Original file line number Diff line number Diff line change
Expand Up @@ -661,6 +661,23 @@ AC_DEFUN([WITH_EXTENDED_ENUMERATION_SUPPORT],
AM_CONDITIONAL([BUILD_EXTENDED_ENUMERATION_SUPPORT], [test x"$with_extended_enumeration_support" = xyes])
])

AC_DEFUN([WITH_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS],
[ AC_ARG_WITH([allow-remote-domain-local-groups],
[AC_HELP_STRING([--with-allow-remote-domain-local-groups],
[Whether to build support of deprecated ad_allow_remote_domain_local_groups
sssd.conf option [no].]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

I would like to suggest to mention here as well that the option is deprecated.

bye,
Sumit

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed (and rebased).

)
],
[with_allow_remote_domain_local_groups=$withval],
with_allow_remote_domain_local_groups=no
)

if test x"$with_allow_remote_domain_local_groups" = xyes; then
AC_DEFINE(BUILD_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS, 1, [Whether to build support of deprecated ad_allow_remote_domain_local_groups sssd.conf option])
fi
AM_CONDITIONAL([BUILD_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS], [test x"$with_allow_remote_domain_local_groups" = xyes])
])

AC_DEFUN([WITH_SUBID],
[ AC_ARG_WITH([subid],
[AC_HELP_STRING([--with-subid],
Expand Down
5 changes: 4 additions & 1 deletion src/man/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ ENUM_CONDS = ;with_ext_enumeration
else
ENUM_CONDS = ;without_ext_enumeration
endif
if BUILD_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS
AD_CONDS = ;with_allow_remote_domain_local_groups
endif
if SSSD_NON_ROOT_USER
SSSD_NON_ROOT_USER_CONDS = ;with_non_root_user_support
if BUILD_CONF_SERVICE_USER_SUPPORT
Expand All @@ -73,7 +76,7 @@ LIBNL_CONDS = ;have_libnl
endif


CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(SSH_KNOWN_HOSTS_PROXY_CONDS)$(PAC_RESPONDER_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)$(LOCKFREE_CLIENT_CONDS)$(HAVE_INOTIFY_CONDS)$(PASSKEY_CONDS)$(FILES_PROVIDER_CONDS)$(SSSD_NON_ROOT_USER_CONDS)$(SSSD_CONF_SERVICE_USER_CONDS)$(ENUM_CONDS)$(LIBNL_CONDS)
CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(SSH_KNOWN_HOSTS_PROXY_CONDS)$(PAC_RESPONDER_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)$(LOCKFREE_CLIENT_CONDS)$(HAVE_INOTIFY_CONDS)$(PASSKEY_CONDS)$(FILES_PROVIDER_CONDS)$(SSSD_NON_ROOT_USER_CONDS)$(SSSD_CONF_SERVICE_USER_CONDS)$(ENUM_CONDS)$(LIBNL_CONDS)$(AD_CONDS)


#Special Rules:
Expand Down
5 changes: 4 additions & 1 deletion src/man/sssd-ad.5.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1129,9 +1129,12 @@ ad_gpo_map_deny = +my_pam_service
</listitem>
</varlistentry>

<varlistentry>
<varlistentry condition="with_allow_remote_domain_local_groups">
<term>ad_allow_remote_domain_local_groups (boolean)</term>
<listitem>
<para>
This option is deprecated.
</para>
<para>
If this option is set to <quote>true</quote> SSSD
will not filter out Domain Local groups from remote
Expand Down
4 changes: 4 additions & 0 deletions src/providers/ad/ad_common.c
Original file line number Diff line number Diff line change
Expand Up @@ -1199,8 +1199,12 @@ ad_set_sdap_options(struct ad_options *ad_opts,
keytab_path);
}

#ifdef BUILD_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS
id_opts->allow_remote_domain_local_groups = dp_opt_get_bool(ad_opts->basic,
AD_ALLOW_REMOTE_DOMAIN_LOCAL);
#else
id_opts->allow_remote_domain_local_groups = false;
#endif

ret = sdap_set_sasl_options(id_opts,
dp_opt_get_string(ad_opts->basic,
Expand Down
2 changes: 2 additions & 0 deletions src/providers/ad/ad_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,9 @@ enum ad_basic_opt {
AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS,
AD_UPDATE_SAMBA_MACHINE_ACCOUNT_PASSWORD,
AD_USE_LDAPS,
#ifdef BUILD_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS
AD_ALLOW_REMOTE_DOMAIN_LOCAL,
#endif

AD_OPTS_BASIC /* opts counter */
};
Expand Down
2 changes: 2 additions & 0 deletions src/providers/ad/ad_opts.c
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,9 @@ struct dp_option ad_basic_opts[] = {
{ "ad_machine_account_password_renewal_opts", DP_OPT_STRING, { "86400:750:300" }, NULL_STRING },
{ "ad_update_samba_machine_account_password", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ad_use_ldaps", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
#ifdef BUILD_ALLOW_REMOTE_DOMAIN_LOCAL_GROUPS
{ "ad_allow_remote_domain_local_groups", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
#endif
DP_OPTION_TERMINATOR
};

Expand Down
Loading