summaryrefslogtreecommitdiff
path: root/server/confdb
diff options
context:
space:
mode:
Diffstat (limited to 'server/confdb')
-rw-r--r--server/confdb/confdb.c146
-rw-r--r--server/confdb/confdb.h2
-rw-r--r--server/confdb/confdb_private.h55
3 files changed, 92 insertions, 111 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index dd5c1bd6..0154c140 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -24,12 +24,14 @@
#include "ldb_errors.h"
#include "util/util.h"
#include "confdb/confdb.h"
+#include "confdb/confdb_private.h"
#include "util/btreemap.h"
#include "db/sysdb.h"
#define CONFDB_VERSION "0.1"
#define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config"
#define CONFDB_DOMAIN_ATTR "cn"
#define CONFDB_MPG "magicPrivateGroups"
+#define CONFDB_FQ "useFullyQualifiedNames"
#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
if (!var) { \
@@ -522,6 +524,8 @@ static int confdb_test(struct confdb_ctx *cdb)
static int confdb_init_db(struct confdb_ctx *cdb)
{
+ const char *base_ldif;
+ struct ldb_ldif *ldif;
const char *val[2];
int ret;
TALLOC_CTX *tmp_ctx;
@@ -529,88 +533,18 @@ static int confdb_init_db(struct confdb_ctx *cdb)
tmp_ctx = talloc_new(cdb);
if(tmp_ctx == NULL) return ENOMEM;
- val[0] = CONFDB_VERSION;
- val[1] = NULL;
-
- /* Add the confdb version */
- ret = confdb_add_param(cdb,
- false,
- "config",
- "version",
- val);
- if (ret != EOK) goto done;
-
- /* Set up default monitored services */
- val[0] = "Local service configuration";
- ret = confdb_add_param(cdb, false, "config/services", "description", val);
- if (ret != EOK) goto done;
-
-/* PAM */
- /* set the sssd_pam description */
- val[0] = "PAM Responder Configuration";
- ret = confdb_add_param(cdb, false, "config/services/pam", "description", val);
- if (ret != EOK) goto done;
-
- /* Set the sssd_pam command path */
- val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_pam", SSSD_LIBEXEC_PATH);
- CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
- ret = confdb_add_param(cdb, false, "config/services/pam", "command", val);
- if (ret != EOK) goto done;
-
-#if 0 /* for future use */
- /* Set the sssd_pam socket path */
- val[0] = talloc_asprintf(tmp_ctx, "%s/pam", PIPE_PATH);
- CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
- ret = confdb_add_param(cdb, false, "config/services/pam", "unixSocket", val);
- if (ret != EOK) goto done;
-#endif /* for future use */
-
- /* Add PAM to the list of active services */
- val[0] = "pam";
- ret = confdb_add_param(cdb, false, "config/services", "activeServices", val);
- if (ret != EOK) goto done;
-
-/* NSS */
- /* set the sssd_nss description */
- val[0] = "NSS Responder Configuration";
- ret = confdb_add_param(cdb, false, "config/services/nss", "description", val);
- if (ret != EOK) goto done;
-
- /* Set the sssd_nss command path */
- val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", SSSD_LIBEXEC_PATH);
- CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
- ret = confdb_add_param(cdb, false, "config/services/nss", "command", val);
- if (ret != EOK) goto done;
-
-#if 0 /* for future use */
- /* Set the sssd_nss socket path */
- val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", PIPE_PATH);
- CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
- ret = confdb_add_param(cdb, false, "config/services/nss", "unixSocket", val);
- if (ret != EOK) goto done;
-#endif /* for future use */
-
- /* Add NSS to the list of active services */
- val[0] = "nss";
- ret = confdb_add_param(cdb, false, "config/services", "activeServices", val);
- if (ret != EOK) goto done;
-
-/* Data Provider */
- /* Set the sssd_dp description */
- val[0] = "Data Provider Configuration";
- ret = confdb_add_param(cdb, false, "config/services/dp", "description", val);
- if (ret != EOK) goto done;
-
- /* Set the sssd_dp command path */
- val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_dp", SSSD_LIBEXEC_PATH);
- CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
- ret = confdb_add_param(cdb, false, "config/services/dp", "command", val);
- if (ret != EOK) goto done;
-
- /* Add the Data Provider to the list of active services */
- val[0] = "dp";
- ret = confdb_add_param(cdb, false, "config/services", "activeServices", val);
- if (ret != EOK) goto done;
+ /* cn=confdb does not exists, means db is empty, populate */
+ base_ldif = CONFDB_BASE_LDIF;
+ while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) {
+ ret = ldb_add(cdb->ldb, ldif->msg);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0, ("Failed to inizialiaze DB (%d,[%s]), aborting!\n",
+ ret, ldb_errstring(cdb->ldb)));
+ ret = EIO;
+ goto done;
+ }
+ ldb_ldif_read_free(cdb->ldb, ldif);
+ }
/* InfoPipe */
#ifdef HAVE_INFOPIPE
@@ -635,47 +569,21 @@ static int confdb_init_db(struct confdb_ctx *cdb)
#ifdef HAVE_POLICYKIT
/* Set the sssd_pk description */
val[0] = "PolicyKit Backend Configuration";
- ret = confdb_add_param(cdb, false, "config/services/spk", "description", val);
+ ret = confdb_add_param(cdb, false, "config/services/pk", "description", val);
if (ret != EOK) goto done;
/* Set the sssd_info command path */
val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_pk", SSSD_LIBEXEC_PATH);
CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
- ret = confdb_add_param(cdb, false, "config/services/spk", "command", val);
+ ret = confdb_add_param(cdb, false, "config/services/pk", "command", val);
if (ret != EOK) goto done;
/* Add the InfoPipe to the list of active services */
- val[0] = "spk";
+ val[0] = "pk";
ret = confdb_add_param(cdb, false, "config/services", "activeServices", val);
if (ret != EOK) goto done;
#endif
-/* Domains */
- val[0] = "Domains served by SSSD";
- ret = confdb_add_param(cdb, false, "config/domains", "description", val);
- if (ret != EOK) goto done;
-
- /* Default LOCAL domain */
- val[0] = "Reserved domain for local configurations";
- ret = confdb_add_param(cdb, false, "config/domains/LOCAL", "description", val);
- if (ret != EOK) goto done;
-
- val[0] = "LOCAL";
- ret = confdb_add_param(cdb, false, "config/domains", "default", val);
- if(ret != EOK) goto done;
-
- /* Set enumeration of LOCAL domain to allow user and groups
- * (mask 1: users, 2: groups)
- */
- val[0] = "3";
- ret = confdb_add_param(cdb, false, "config/domains/LOCAL", "enumerate", val);
- if (ret != EOK) goto done;
-
- /* LOCAL uses Magic Private Groups by default */
- val[0] = "TRUE";
- ret = confdb_add_param(cdb, false, "config/domains/LOCAL", CONFDB_MPG, val);
- if (ret != EOK) goto done;
-
done:
talloc_free(tmp_ctx);
return ret;
@@ -795,6 +703,15 @@ int confdb_get_domains(struct confdb_ctx *cdb,
goto done;
}
+ tmp = ldb_msg_find_attr_as_string(res->msgs[i], "provider", NULL);
+ if (tmp) {
+ domain->provider = talloc_strdup(domain, tmp);
+ if (!domain->provider) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
domain->timeout = ldb_msg_find_attr_as_int(res->msgs[i],
"timeout", 0);
@@ -815,6 +732,13 @@ int confdb_get_domains(struct confdb_ctx *cdb,
domain->mpg = true;
}
+ /* Determine if user/group names will be Fully Qualified
+ * in NSS interfaces */
+ if (ldb_msg_find_attr_as_bool(res->msgs[i], CONFDB_FQ, 0)) {
+ domain->fqnames = true;
+ }
+
+
domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[i],
"minId", SSSD_MIN_ID);
domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[i],
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index 4767a78e..6d385443 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -32,8 +32,10 @@
struct sss_domain_info {
char *name;
+ char *provider;
int timeout;
int enumerate;
+ bool fqnames;
bool legacy;
bool mpg;
uint32_t id_min;
diff --git a/server/confdb/confdb_private.h b/server/confdb/confdb_private.h
new file mode 100644
index 00000000..a911e9c4
--- /dev/null
+++ b/server/confdb/confdb_private.h
@@ -0,0 +1,55 @@
+
+#define CONFDB_BASE_LDIF \
+ "dn: @ATTRIBUTES\n" \
+ "cn: CASE_INSENSITIVE\n" \
+ "dc: CASE_INSENSITIVE\n" \
+ "dn: CASE_INSENSITIVE\n" \
+ "name: CASE_INSENSITIVE\n" \
+ "objectclass: CASE_INSENSITIVE\n" \
+ "\n" \
+ "dn: @INDEXLIST\n" \
+ "@IDXATTR: cn\n" \
+ "\n" \
+ "dn: @MODULES\n" \
+ "@LIST: server_sort\n" \
+ "\n" \
+ "dn: cn=config\n" \
+ "cn: config\n" \
+ "version: 0.1\n" \
+ "description: base object\n" \
+ "\n" \
+ "dn: cn=services,cn=config\n" \
+ "cn: services\n" \
+ "description: Local service configuration\n" \
+ "activeServices: dp\n" \
+ "activeServices: nss\n" \
+ "activeServices: pam\n" \
+ "activeServices: info\n" \
+ "\n" \
+ "dn: cn=monitor,cn=services,cn=config\n" \
+ "cn: monitor\n" \
+ "description: Monitor Configuration\n" \
+ "\n" \
+ "dn: cn=dp,cn=services,cn=config\n" \
+ "cn: dp\n" \
+ "description: Data Provider Configuration\n" \
+ "\n" \
+ "dn: cn=nss,cn=services,cn=config\n" \
+ "cn: nss\n" \
+ "description: NSS Responder Configuration\n" \
+ "\n" \
+ "dn: cn=pam,cn=services,cn=config\n" \
+ "cn: pam\n" \
+ "description: PAM Responder Configuration\n" \
+ "\n" \
+ "dn: cn=domains,cn=config\n" \
+ "cn: domains\n" \
+ "description: Domains served by SSSD\n" \
+ "default: LOCAL\n" \
+ "\n" \
+ "dn: cn=LOCAL,cn=domains,cn=config\n" \
+ "cn: LOCAL\n" \
+ "description: LOCAL domain\n" \
+ "enumerate: 3\n" \
+ "magicPrivateGroups: TRUE\n" \
+ "\n"
generated by cgit (git 2.34.1) at 2025-02-18 17:51:00 +0000