diff options
-rw-r--r-- | server/confdb/confdb.c | 146 | ||||
-rw-r--r-- | server/confdb/confdb.h | 2 | ||||
-rw-r--r-- | server/confdb/confdb_private.h | 55 | ||||
-rw-r--r-- | server/monitor/monitor.c | 76 |
4 files changed, 157 insertions, 122 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c index dd5c1bd6..0154c140 100644 --- a/server/confdb/confdb.c +++ b/server/confdb/confdb.c @@ -24,12 +24,14 @@ #include "ldb_errors.h" #include "util/util.h" #include "confdb/confdb.h" +#include "confdb/confdb_private.h" #include "util/btreemap.h" #include "db/sysdb.h" #define CONFDB_VERSION "0.1" #define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config" #define CONFDB_DOMAIN_ATTR "cn" #define CONFDB_MPG "magicPrivateGroups" +#define CONFDB_FQ "useFullyQualifiedNames" #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ @@ -522,6 +524,8 @@ static int confdb_test(struct confdb_ctx *cdb) static int confdb_init_db(struct confdb_ctx *cdb) { + const char *base_ldif; + struct ldb_ldif *ldif; const char *val[2]; int ret; TALLOC_CTX *tmp_ctx; @@ -529,88 +533,18 @@ static int confdb_init_db(struct confdb_ctx *cdb) tmp_ctx = talloc_new(cdb); if(tmp_ctx == NULL) return ENOMEM; - val[0] = CONFDB_VERSION; - val[1] = NULL; - - /* Add the confdb version */ - ret = confdb_add_param(cdb, - false, - "config", - "version", - val); - if (ret != EOK) goto done; - - /* Set up default monitored services */ - val[0] = "Local service configuration"; - ret = confdb_add_param(cdb, false, "config/services", "description", val); - if (ret != EOK) goto done; - -/* PAM */ - /* set the sssd_pam description */ - val[0] = "PAM Responder Configuration"; - ret = confdb_add_param(cdb, false, "config/services/pam", "description", val); - if (ret != EOK) goto done; - - /* Set the sssd_pam command path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_pam", SSSD_LIBEXEC_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/pam", "command", val); - if (ret != EOK) goto done; - -#if 0 /* for future use */ - /* Set the sssd_pam socket path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/pam", PIPE_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/pam", "unixSocket", val); - if (ret != EOK) goto done; -#endif /* for future use */ - - /* Add PAM to the list of active services */ - val[0] = "pam"; - ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); - if (ret != EOK) goto done; - -/* NSS */ - /* set the sssd_nss description */ - val[0] = "NSS Responder Configuration"; - ret = confdb_add_param(cdb, false, "config/services/nss", "description", val); - if (ret != EOK) goto done; - - /* Set the sssd_nss command path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", SSSD_LIBEXEC_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/nss", "command", val); - if (ret != EOK) goto done; - -#if 0 /* for future use */ - /* Set the sssd_nss socket path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", PIPE_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/nss", "unixSocket", val); - if (ret != EOK) goto done; -#endif /* for future use */ - - /* Add NSS to the list of active services */ - val[0] = "nss"; - ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); - if (ret != EOK) goto done; - -/* Data Provider */ - /* Set the sssd_dp description */ - val[0] = "Data Provider Configuration"; - ret = confdb_add_param(cdb, false, "config/services/dp", "description", val); - if (ret != EOK) goto done; - - /* Set the sssd_dp command path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_dp", SSSD_LIBEXEC_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/dp", "command", val); - if (ret != EOK) goto done; - - /* Add the Data Provider to the list of active services */ - val[0] = "dp"; - ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); - if (ret != EOK) goto done; + /* cn=confdb does not exists, means db is empty, populate */ + base_ldif = CONFDB_BASE_LDIF; + while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) { + ret = ldb_add(cdb->ldb, ldif->msg); + if (ret != LDB_SUCCESS) { + DEBUG(0, ("Failed to inizialiaze DB (%d,[%s]), aborting!\n", + ret, ldb_errstring(cdb->ldb))); + ret = EIO; + goto done; + } + ldb_ldif_read_free(cdb->ldb, ldif); + } /* InfoPipe */ #ifdef HAVE_INFOPIPE @@ -635,47 +569,21 @@ static int confdb_init_db(struct confdb_ctx *cdb) #ifdef HAVE_POLICYKIT /* Set the sssd_pk description */ val[0] = "PolicyKit Backend Configuration"; - ret = confdb_add_param(cdb, false, "config/services/spk", "description", val); + ret = confdb_add_param(cdb, false, "config/services/pk", "description", val); if (ret != EOK) goto done; /* Set the sssd_info command path */ val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_pk", SSSD_LIBEXEC_PATH); CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/spk", "command", val); + ret = confdb_add_param(cdb, false, "config/services/pk", "command", val); if (ret != EOK) goto done; /* Add the InfoPipe to the list of active services */ - val[0] = "spk"; + val[0] = "pk"; ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); if (ret != EOK) goto done; #endif -/* Domains */ - val[0] = "Domains served by SSSD"; - ret = confdb_add_param(cdb, false, "config/domains", "description", val); - if (ret != EOK) goto done; - - /* Default LOCAL domain */ - val[0] = "Reserved domain for local configurations"; - ret = confdb_add_param(cdb, false, "config/domains/LOCAL", "description", val); - if (ret != EOK) goto done; - - val[0] = "LOCAL"; - ret = confdb_add_param(cdb, false, "config/domains", "default", val); - if(ret != EOK) goto done; - - /* Set enumeration of LOCAL domain to allow user and groups - * (mask 1: users, 2: groups) - */ - val[0] = "3"; - ret = confdb_add_param(cdb, false, "config/domains/LOCAL", "enumerate", val); - if (ret != EOK) goto done; - - /* LOCAL uses Magic Private Groups by default */ - val[0] = "TRUE"; - ret = confdb_add_param(cdb, false, "config/domains/LOCAL", CONFDB_MPG, val); - if (ret != EOK) goto done; - done: talloc_free(tmp_ctx); return ret; @@ -795,6 +703,15 @@ int confdb_get_domains(struct confdb_ctx *cdb, goto done; } + tmp = ldb_msg_find_attr_as_string(res->msgs[i], "provider", NULL); + if (tmp) { + domain->provider = talloc_strdup(domain, tmp); + if (!domain->provider) { + ret = ENOMEM; + goto done; + } + } + domain->timeout = ldb_msg_find_attr_as_int(res->msgs[i], "timeout", 0); @@ -815,6 +732,13 @@ int confdb_get_domains(struct confdb_ctx *cdb, domain->mpg = true; } + /* Determine if user/group names will be Fully Qualified + * in NSS interfaces */ + if (ldb_msg_find_attr_as_bool(res->msgs[i], CONFDB_FQ, 0)) { + domain->fqnames = true; + } + + domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[i], "minId", SSSD_MIN_ID); domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[i], diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h index 4767a78e..6d385443 100644 --- a/server/confdb/confdb.h +++ b/server/confdb/confdb.h @@ -32,8 +32,10 @@ struct sss_domain_info { char *name; + char *provider; int timeout; int enumerate; + bool fqnames; bool legacy; bool mpg; uint32_t id_min; diff --git a/server/confdb/confdb_private.h b/server/confdb/confdb_private.h new file mode 100644 index 00000000..a911e9c4 --- /dev/null +++ b/server/confdb/confdb_private.h @@ -0,0 +1,55 @@ + +#define CONFDB_BASE_LDIF \ + "dn: @ATTRIBUTES\n" \ + "cn: CASE_INSENSITIVE\n" \ + "dc: CASE_INSENSITIVE\n" \ + "dn: CASE_INSENSITIVE\n" \ + "name: CASE_INSENSITIVE\n" \ + "objectclass: CASE_INSENSITIVE\n" \ + "\n" \ + "dn: @INDEXLIST\n" \ + "@IDXATTR: cn\n" \ + "\n" \ + "dn: @MODULES\n" \ + "@LIST: server_sort\n" \ + "\n" \ + "dn: cn=config\n" \ + "cn: config\n" \ + "version: 0.1\n" \ + "description: base object\n" \ + "\n" \ + "dn: cn=services,cn=config\n" \ + "cn: services\n" \ + "description: Local service configuration\n" \ + "activeServices: dp\n" \ + "activeServices: nss\n" \ + "activeServices: pam\n" \ + "activeServices: info\n" \ + "\n" \ + "dn: cn=monitor,cn=services,cn=config\n" \ + "cn: monitor\n" \ + "description: Monitor Configuration\n" \ + "\n" \ + "dn: cn=dp,cn=services,cn=config\n" \ + "cn: dp\n" \ + "description: Data Provider Configuration\n" \ + "\n" \ + "dn: cn=nss,cn=services,cn=config\n" \ + "cn: nss\n" \ + "description: NSS Responder Configuration\n" \ + "\n" \ + "dn: cn=pam,cn=services,cn=config\n" \ + "cn: pam\n" \ + "description: PAM Responder Configuration\n" \ + "\n" \ + "dn: cn=domains,cn=config\n" \ + "cn: domains\n" \ + "description: Domains served by SSSD\n" \ + "default: LOCAL\n" \ + "\n" \ + "dn: cn=LOCAL,cn=domains,cn=config\n" \ + "cn: LOCAL\n" \ + "description: LOCAL domain\n" \ + "enumerate: 3\n" \ + "magicPrivateGroups: TRUE\n" \ + "\n" diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c index d797ae0e..4a6abdc9 100644 --- a/server/monitor/monitor.c +++ b/server/monitor/monitor.c @@ -50,8 +50,10 @@ struct mt_svc { struct mt_conn *mt_conn; struct mt_ctx *mt_ctx; + char *provider; char *command; char *name; + char *identity; pid_t pid; int ping_time; @@ -59,6 +61,8 @@ struct mt_svc { int restarts; time_t last_restart; time_t last_pong; + + int debug_level; }; struct mt_ctx { @@ -412,22 +416,44 @@ int monitor_process_init(TALLOC_CTX *mem_ctx, talloc_free(ctx); return ENOMEM; } - svc->name = ctx->services[i]; svc->mt_ctx = ctx; + svc->name = talloc_strdup(svc, ctx->services[i]); + if (!svc->name) { + talloc_free(ctx); + return ENOMEM; + } + + svc->identity = talloc_strdup(svc, ctx->services[i]); + if (!svc->identity) { + talloc_free(ctx); + return ENOMEM; + } + path = talloc_asprintf(svc, "config/services/%s", svc->name); if (!path) { talloc_free(ctx); return ENOMEM; } - ret = confdb_get_string(cdb, svc, path, "command", NULL, &svc->command); + ret = confdb_get_string(cdb, svc, path, "command", + NULL, &svc->command); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); talloc_free(svc); continue; } + if (!svc->command) { + svc->command = talloc_asprintf(svc, "%s/sssd_%s -d %d", + SSSD_LIBEXEC_PATH, svc->name, + debug_level); + if (!svc->command) { + talloc_free(ctx); + return ENOMEM; + } + } + ret = confdb_get_int(cdb, svc, path, "timeout", MONITOR_DEF_PING_TIME, &svc->ping_time); if (ret != EOK) { @@ -463,18 +489,38 @@ int monitor_process_init(TALLOC_CTX *mem_ctx, talloc_free(ctx); return ENOMEM; } - svc->name = talloc_asprintf(svc, "%%BE_%s", doms[i]); svc->mt_ctx = ctx; + svc->name = talloc_strdup(svc, doms[i]); + if (!svc->name) { + talloc_free(ctx); + return ENOMEM; + } + + svc->identity = talloc_asprintf(svc, "%%BE_%s", svc->name); + if (!svc->identity) { + talloc_free(ctx); + return ENOMEM; + } + path = talloc_asprintf(svc, "config/domains/%s", doms[i]); if (!path) { talloc_free(ctx); return ENOMEM; } + + ret = confdb_get_string(cdb, svc, path, + "provider", NULL, &svc->provider); + if (ret != EOK) { + DEBUG(0, ("Failed to find provider from [%s] configuration\n", doms[i])); + talloc_free(svc); + continue; + } + ret = confdb_get_string(cdb, svc, path, "command", NULL, &svc->command); if (ret != EOK) { - DEBUG(0, ("Failed to find provider [%s] configuration\n", doms[i])); + DEBUG(0, ("Failed to find command from [%s] configuration\n", doms[i])); talloc_free(svc); continue; } @@ -489,16 +535,24 @@ int monitor_process_init(TALLOC_CTX *mem_ctx, talloc_free(path); - /* if no command is present do not run the domain */ - if (svc->command == NULL) { - /* the LOCAL domain does not need a backend at the moment */ - if (strcasecmp(doms[i], "LOCAL") != 0) { - DEBUG(0, ("Missing command to run provider\n")); - } + /* if no provider is present do not run the domain */ + if (!svc->provider) { talloc_free(svc); continue; } + /* if there are no custom commands, build a default one */ + if (!svc->command) { + svc->command = talloc_asprintf(svc, + "%s/sssd_be -d %d --provider %s --domain %s", + SSSD_LIBEXEC_PATH, debug_level, + svc->provider, svc->name); + if (!svc->command) { + talloc_free(ctx); + return ENOMEM; + } + } + ret = start_service(svc); if (ret != EOK) { DEBUG(0,("Failed to start provider for '%s'\n", doms[i])); @@ -657,7 +711,7 @@ static void identity_check(DBusPendingCall *pending, void *data) /* search this service in the list */ svc = fake_svc->mt_ctx->svc_list; while (svc) { - ret = strcasecmp(svc->name, svc_name); + ret = strcasecmp(svc->identity, svc_name); if (ret == 0) { break; } |