diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/confdb/confdb.c | 52 | ||||
-rw-r--r-- | server/confdb/confdb.h | 69 | ||||
-rw-r--r-- | server/confdb/confdb_setup.c | 41 | ||||
-rw-r--r-- | server/confdb/confdb_setup.h | 5 | ||||
-rw-r--r-- | server/monitor/monitor.c | 37 | ||||
-rw-r--r-- | server/monitor/monitor_interfaces.h | 3 | ||||
-rw-r--r-- | server/monitor/monitor_sbus.c | 20 | ||||
-rw-r--r-- | server/providers/data_provider.c | 25 | ||||
-rw-r--r-- | server/providers/data_provider.h | 3 | ||||
-rw-r--r-- | server/providers/data_provider_be.c | 22 | ||||
-rw-r--r-- | server/providers/dp_sbus.c | 20 | ||||
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 17 | ||||
-rw-r--r-- | server/providers/ldap/sdap.c | 116 | ||||
-rw-r--r-- | server/providers/proxy.c | 5 | ||||
-rw-r--r-- | server/responder/common/responder_common.c | 4 | ||||
-rw-r--r-- | server/responder/nss/nsssrv.c | 62 | ||||
-rw-r--r-- | server/responder/nss/nsssrv.h | 2 | ||||
-rw-r--r-- | server/responder/pam/pamsrv.c | 9 | ||||
-rw-r--r-- | server/tools/sss_sync_ops.c | 19 | ||||
-rw-r--r-- | server/util/server.c | 6 | ||||
-rw-r--r-- | server/util/usertools.c | 10 |
21 files changed, 310 insertions, 237 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c index bb1fc2b2..ca7be454 100644 --- a/server/confdb/confdb.c +++ b/server/confdb/confdb.c @@ -30,19 +30,6 @@ #include "util/strtonum.h" #include "db/sysdb.h" -#define CONFDB_DOMAINS_PATH "config/domains" -#define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config" -#define CONFDB_DOMAIN_ATTR "cn" -#define CONFDB_PROVIDER "provider" -#define CONFDB_TIMEOUT "timeout" -#define CONFDB_ENUMERATE "enumerate" -#define CONFDB_MINID "minId" -#define CONFDB_MAXID "maxId" -#define CONFDB_CACHE_CREDS "cache-credentials" -#define CONFDB_LEGACY_PASS "store-legacy-passwords" -#define CONFDB_MPG "magicPrivateGroups" -#define CONFDB_FQ "useFullyQualifiedNames" - #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ @@ -728,7 +715,6 @@ static errno_t get_entry_as_bool(struct ldb_message *msg, bool default_value) { const char *tmp = NULL; - char *endptr; *return_value = 0; @@ -808,7 +794,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_PROVIDER, NULL); + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_ID_PROVIDER, + NULL); if (tmp) { domain->provider = talloc_strdup(domain, tmp); if (!domain->provider) { @@ -817,20 +805,20 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } else { - DEBUG(0, ("Domain [%s] does not specify a provider, disabling!\n", + DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n", domain->name)); ret = EINVAL; goto done; } domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0], - CONFDB_TIMEOUT, 0); + CONFDB_DOMAIN_TIMEOUT, 0); /* Determine if this domain can be enumerated */ /* TEMP: test if the old bitfield conf value is used and warn it has been * superceeded. */ - val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_ENUMERATE, 0); + val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0); if (val > 0) { /* ok there was a number in here */ DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! " "Enumeration is now a boolean and takes true/false values. " @@ -838,9 +826,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, domain->enumerate = true; } else { /* assume the new format */ ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, - CONFDB_ENUMERATE, 0); + CONFDB_DOMAIN_ENUMERATE, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_ENUMERATE)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE)); goto done; } } @@ -849,9 +837,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } /* Determine if this is domain uses MPG */ - ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_MPG, 0); + ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_DOMAIN_MPG, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_MPG)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_MPG)); goto done; } @@ -862,14 +850,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, /* Determine if user/group names will be Fully Qualified * in NSS interfaces */ - ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_FQ, 0); + ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_FQ)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ)); goto done; } ret = get_entry_as_uint32(res->msgs[0], &domain->id_min, - CONFDB_MINID, SSSD_MIN_ID); + CONFDB_DOMAIN_MINID, SSSD_MIN_ID); if (ret != EOK) { DEBUG(0, ("Invalid value for minId\n")); ret = EINVAL; @@ -877,7 +865,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } ret = get_entry_as_uint32(res->msgs[0], &domain->id_max, - CONFDB_MAXID, 0); + CONFDB_DOMAIN_MAXID, 0); if (ret != EOK) { DEBUG(0, ("Invalid value for maxId\n")); ret = EINVAL; @@ -892,16 +880,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, /* Do we allow to cache credentials */ ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials, - CONFDB_CACHE_CREDS, 0); + CONFDB_DOMAIN_CACHE_CREDS, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_CACHE_CREDS)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS)); goto done; } ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, - CONFDB_LEGACY_PASS, 0); + CONFDB_DOMAIN_LEGACY_PASS, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_LEGACY_PASS)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS)); goto done; } @@ -930,7 +918,9 @@ int confdb_get_domains(struct confdb_ctx *cdb, if (!tmp_ctx) return ENOMEM; ret = confdb_get_string_as_list(cdb, tmp_ctx, - CONFDB_DOMAINS_PATH, "domains", &domlist); + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_ACTIVE_DOMAINS, + &domlist); if (ret == ENOENT) { DEBUG(0, ("No domains configured, fatal error!\n")); goto done; diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h index a0da9b4f..7ca85507 100644 --- a/server/confdb/confdb.h +++ b/server/confdb/confdb.h @@ -34,7 +34,74 @@ #define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf" #define SSSD_MIN_ID 1000 -#define SERVICE_CONF_ENTRY "config/services" +/* Configuration options */ + +/* Services */ +#define CONFDB_SERVICE_PATH_TMPL "config/%s" +#define CONFDB_SERVICE_COMMAND "command" +#define CONFDB_SERVICE_DEBUG_LEVEL "debug_level" +#define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps" +#define CONFDB_SERVICE_TIMEOUT "timeout" +#define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries" + +/* Monitor */ +#define CONFDB_MONITOR_CONF_ENTRY "config/sssd" +#define CONFDB_MONITOR_SBUS_TIMEOUT "sbus_timeout" +#define CONFDB_MONITOR_ACTIVE_SERVICES "services" +#define CONFDB_MONITOR_ACTIVE_DOMAINS "domains" +#define CONFDB_MONITOR_NAME_REGEX "re_expression" +#define CONFDB_MONITOR_FULL_NAME_FORMAT "full_name_format" + +/* NSS */ +#define CONFDB_NSS_CONF_ENTRY "config/nss" +#define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout" +#define CONFDB_NSS_ENTRY_CACHE_TIMEOUT "entry_cache_timeout" +#define CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT "entry_cache_nowait_timeout" +#define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout" +#define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups" +#define CONFDB_NSS_FILTER_USERS "filter_users" +#define CONFDB_NSS_FILTER_GROUPS "filter_groups" + +/* PAM */ +#define CONFDB_PAM_CONF_ENTRY "config/pam" + +/* Data Provider */ +#define CONFDB_DP_CONF_ENTRY "config/dp" + +/* Domains */ +#define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s" +#define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config" +#define CONFDB_DOMAIN_ID_PROVIDER "id_provider" +#define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider" +#define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider" +#define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider" +#define CONFDB_DOMAIN_COMMAND "command" +#define CONFDB_DOMAIN_TIMEOUT "timeout" +#define CONFDB_DOMAIN_ATTR "cn" +#define CONFDB_DOMAIN_ENUMERATE "enumerate" +#define CONFDB_DOMAIN_MINID "min_id" +#define CONFDB_DOMAIN_MAXID "max_id" +#define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials" +#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords" +#define CONFDB_DOMAIN_MPG "magic_private_groups" +#define CONFDB_DOMAIN_FQ "use_fully_qualified_names" + +/* Local Provider */ +#define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" +#define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" + +/* Proxy Provider */ +#define CONFDB_PROXY_LIBNAME "proxy_lib_name" +#define CONFDB_PROXY_PAM_TARGET "proxy_pam_target" + +/* KRB5 Provider */ +#define CONFDB_KRB5_KDCIP "krb5_kdcip" +#define CONFDB_KRB5_REALM "krb5_realm" +#define CONFDB_KRB5_CCACHEDIR "krb5_ccachedir" +#define CONFDB_KRB5_CCNAME_TMPL "krb5_ccname_template" +#define CONFDB_KRB5_TRY_SIMPLE_UPN "krb5_try_simple_upn" +#define CONFDB_KRB5_CHANGEPW_PRINC "krb5_changepw_principle" +#define CONFDB_KRB5_AUTH_TIMEOUT "krb5_auth_timeout" struct confdb_ctx; struct config_file_ctx; diff --git a/server/confdb/confdb_setup.c b/server/confdb/confdb_setup.c index 00bba7f1..9110a5e9 100644 --- a/server/confdb/confdb_setup.c +++ b/server/confdb/confdb_setup.c @@ -57,9 +57,15 @@ int confdb_test(struct confdb_ctx *cdb) } if (strcmp(values[0], CONFDB_VERSION) != 0) { - /* bad version get out */ + /* Existing version does not match executable version */ + DEBUG(1, ("Upgrading confdb version from %s to %s\n", + values[0], CONFDB_VERSION)); + + /* This is recoverable, since we purge the confdb file + * when we re-initialize it. + */ talloc_free(values); - return EIO; + return ENOENT; } talloc_free(values); @@ -266,12 +272,14 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb) int ret, i; struct collection_item *sssd_config = NULL; struct collection_item *error_list = NULL; + struct collection_item *item = NULL; char *config_ldif; struct ldb_ldif *ldif; TALLOC_CTX *tmp_ctx; char *lasttimestr, timestr[21]; const char *vals[2] = { timestr, NULL }; struct stat cstat; + int version; tmp_ctx = talloc_new(cdb); if (tmp_ctx == NULL) return ENOMEM; @@ -327,6 +335,35 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb) goto done; } + /* Make sure that the config file version matches the confdb version */ + ret = get_config_item("sssd", "config_file_version", + sssd_config, &item); + if (ret != EOK) { + DEBUG(0, ("Internal error determining config_file_version\n")); + goto done; + } + if (item == NULL) { + /* No known version. Assumed to be version 1 */ + DEBUG(0, ("Config file is an old version. " + "Please run configuration upgrade script.\n")); + ret = EINVAL; + goto done; + } + version = get_int_config_value(item, 1, -1, &ret); + if (ret != EOK) { + DEBUG(0, ("Config file version could not be determined\n")); + goto done; + } else if (version < CONFDB_VERSION_INT) { + DEBUG(0, ("Config file is an old version. " + "Please run configuration upgrade script.\n")); + ret = EINVAL; + goto done; + } else if (version > CONFDB_VERSION_INT) { + DEBUG(0, ("Config file version is newer than confdb\n")); + ret = EINVAL; + goto done; + } + ret = confdb_create_ldif(tmp_ctx, sssd_config, &config_ldif); free_ini_config(sssd_config); if (ret != EOK) { diff --git a/server/confdb/confdb_setup.h b/server/confdb/confdb_setup.h index 7cba0b91..2b8802f6 100644 --- a/server/confdb/confdb_setup.h +++ b/server/confdb/confdb_setup.h @@ -22,7 +22,8 @@ #ifndef CONFDB_SETUP_H_ #define CONFDB_SETUP_H_ -#define CONFDB_VERSION "1" +#define CONFDB_VERSION "2" +#define CONFDB_VERSION_INT 2 #define CONFDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ @@ -41,7 +42,7 @@ #define CONFDB_INTERNAL_LDIF \ "dn: cn=config\n" \ - "version: 1\n" \ + "version: "CONFDB_VERSION"\n" \ "\n" int confdb_create_base(struct confdb_ctx *cdb); diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c index fa9eb0e8..b78a768c 100644 --- a/server/monitor/monitor.c +++ b/server/monitor/monitor.c @@ -57,7 +57,6 @@ /* ping time cannot be less then once every few seconds or the * monitor will get crazy hammering children with messages */ #define MONITOR_DEF_PING_TIME 10 -#define MONITOR_CONF_ENTRY "config/services/monitor" struct svc_spy; @@ -341,10 +340,9 @@ static int monitor_dbus_init(struct mt_ctx *ctx) char *monitor_address; int ret; - monitor_address = talloc_asprintf(ctx, "unix:path=%s/%s", - PIPE_PATH, SSSD_SERVICE_PIPE); - if (!monitor_address) { - return ENOMEM; + ret = monitor_get_sbus_address(ctx, &monitor_address); + if (ret != EOK) { + return ret; } ret = sbus_new_server(ctx, ctx->ev, @@ -845,7 +843,8 @@ int get_monitor_config(struct mt_ctx *ctx) int timeout_seconds; ret = confdb_get_int(ctx->cdb, ctx, - MONITOR_CONF_ENTRY, "sbusTimeout", + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_SBUS_TIMEOUT, 10, &timeout_seconds); if (ret != EOK) { return ret; @@ -858,7 +857,8 @@ int get_monitor_config(struct mt_ctx *ctx) return ENOMEM; } ret = confdb_get_string_as_list(ctx->cdb, ctx->service_ctx, - SERVICE_CONF_ENTRY, "activeServices", + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_ACTIVE_SERVICES, &ctx->services); if (ret != EOK) { DEBUG(0, ("No services configured!\n")); @@ -922,13 +922,14 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, return ENOMEM; } - path = talloc_asprintf(svc, "config/services/%s", svc->name); + path = talloc_asprintf(svc, CONFDB_SERVICE_PATH_TMPL, svc->name); if (!path) { talloc_free(svc); return ENOMEM; } - ret = confdb_get_string(ctx->cdb, svc, path, "command", + ret = confdb_get_string(ctx->cdb, svc, path, + CONFDB_SERVICE_COMMAND, NULL, &svc->command); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); @@ -948,7 +949,8 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, } } - ret = confdb_get_int(ctx->cdb, svc, path, "timeout", + ret = confdb_get_int(ctx->cdb, svc, path, + CONFDB_SERVICE_TIMEOUT, MONITOR_DEF_PING_TIME, &svc->ping_time); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); @@ -1007,29 +1009,32 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name, return ENOMEM; } - path = talloc_asprintf(svc, "config/domains/%s", name); + path = talloc_asprintf(svc, CONFDB_DOMAIN_PATH_TMPL, name); if (!path) { talloc_free(svc); return ENOMEM; } ret = confdb_get_string(ctx->cdb, svc, path, - "provider", NULL, &svc->provider); + CONFDB_DOMAIN_ID_PROVIDER, + NULL, &svc->provider); if (ret != EOK) { - DEBUG(0, ("Failed to find provider from [%s] configuration\n", name)); + DEBUG(0, ("Failed to find ID provider from [%s] configuration\n", name)); talloc_free(svc); return ret; } ret = confdb_get_string(ctx->cdb, svc, path, - "command", NULL, &svc->command); + CONFDB_DOMAIN_COMMAND, + NULL, &svc->command); if (ret != EOK) { DEBUG(0, ("Failed to find command from [%s] configuration\n", name)); talloc_free(svc); return ret; } - ret = confdb_get_int(ctx->cdb, svc, path, "timeout", + ret = confdb_get_int(ctx->cdb, svc, path, + CONFDB_DOMAIN_TIMEOUT, MONITOR_DEF_PING_TIME, &svc->ping_time); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); @@ -2427,7 +2432,7 @@ int main(int argc, const char *argv[]) if (ret != EOK) return 4; /* set up things like debug , signals, daemonization, etc... */ - ret = server_setup("sssd", flags, MONITOR_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd", flags, CONFDB_MONITOR_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; monitor->ev = main_ctx->event_ctx; diff --git a/server/monitor/monitor_interfaces.h b/server/monitor/monitor_interfaces.h index 7d0390bf..1835718f 100644 --- a/server/monitor/monitor_interfaces.h +++ b/server/monitor/monitor_interfaces.h @@ -44,8 +44,7 @@ #define SSSD_SERVICE_PIPE "private/sbus-monitor" -int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, - char **address); +int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); int monitor_common_send_id(struct sbus_connection *conn, const char *name, uint16_t version); int monitor_common_pong(DBusMessage *message, diff --git a/server/monitor/monitor_sbus.c b/server/monitor/monitor_sbus.c index 9995986b..3f73e84f 100644 --- a/server/monitor/monitor_sbus.c +++ b/server/monitor/monitor_sbus.c @@ -29,9 +29,8 @@ #include "sbus/sssd_dbus.h" #include "monitor/monitor_interfaces.h" -int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, char **address) +int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address) { - int ret; char *default_address; *address = NULL; @@ -41,21 +40,8 @@ int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, cha return ENOMEM; } - if (confdb == NULL) { - /* If the confdb isn't specified, fall to the default */ - *address = default_address; - talloc_steal(mem_ctx, default_address); - ret = EOK; - goto done; - } - - ret = confdb_get_string(confdb, mem_ctx, - "config/services/monitor", "sbusAddress", - default_address, address); - -done: - talloc_free(default_address); - return ret; + *address = default_address; + return EOK; } static void id_callback(DBusPendingCall *pending, void *ptr) diff --git a/server/providers/data_provider.c b/server/providers/data_provider.c index f8efcc8d..f727c555 100644 --- a/server/providers/data_provider.c +++ b/server/providers/data_provider.c @@ -41,8 +41,6 @@ #include "dp_interfaces.h" #include "monitor/monitor_interfaces.h" -#define DP_CONF_ENTRY "config/services/dp" - struct dp_backend; struct dp_frontend; @@ -149,7 +147,7 @@ static int dp_monitor_init(struct dp_ctx *dpctx) int ret; /* Set up SBUS connection to the monitor */ - ret = monitor_get_sbus_address(dpctx, dpctx->cdb, &sbus_address); + ret = monitor_get_sbus_address(dpctx, &sbus_address); if (ret != EOK) { DEBUG(0, ("Could not locate monitor address.\n")); return ret; @@ -927,31 +925,14 @@ static int dp_frontend_destructor(void *ctx) static int dp_srv_init(struct dp_ctx *dpctx) { char *dpbus_address; - char *default_dp_address; int ret; DEBUG(3, ("Initializing Data Provider D-BUS Server\n")); - default_dp_address = talloc_asprintf(dpctx, "unix:path=%s/%s", - PIPE_PATH, DATA_PROVIDER_PIPE); - if (default_dp_address == NULL) { - ret = ENOMEM; - goto done; - } - - ret = confdb_get_string(dpctx->cdb, dpctx, - DP_CONF_ENTRY, "dpbusAddress", - default_dp_address, &dpbus_address); - if (ret != EOK) goto done; + ret = dp_get_sbus_address(dpctx, &dpbus_address); ret = sbus_new_server(dpctx, dpctx->ev, dpbus_address, &dp_interface, &dpctx->sbus_srv, dp_client_init, dpctx); - if (ret != EOK) { - goto done; - } - -done: - talloc_free(default_dp_address); return ret; } @@ -1012,7 +993,7 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); /* set up things like debug , signals, daemonization, etc... */ - ret = server_setup("sssd[dp]", 0, DP_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[dp]", 0, CONFDB_DP_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h index 790194ce..779da0f3 100644 --- a/server/providers/data_provider.h +++ b/server/providers/data_provider.h @@ -143,8 +143,7 @@ int dp_common_send_id(struct sbus_connection *conn, const char *name, const char *domain); /* from dp_sbus.c */ -int dp_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, - char **address); +int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); #endif /* __DATA_PROVIDER_ */ diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c index 85281d4c..62ce7bbe 100644 --- a/server/providers/data_provider_be.c +++ b/server/providers/data_provider_be.c @@ -44,8 +44,6 @@ #include "providers/dp_backend.h" #include "monitor/monitor_interfaces.h" -#define BE_CONF_ENTRY "config/domains/%s" - struct sbus_method monitor_be_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, @@ -81,10 +79,10 @@ struct sbus_interface be_interface = { static struct bet_data bet_data[] = { {BET_NULL, NULL, NULL}, - {BET_ID, "provider", "sssm_%s_init"}, - {BET_AUTH, "auth-module", "sssm_%s_auth_init"}, - {BET_ACCESS, "access-module", "sssm_%s_access_init"}, - {BET_CHPASS, "chpass-module", "sssm_%s_chpass_init"}, + {BET_ID, CONFDB_DOMAIN_ID_PROVIDER, "sssm_%s_init"}, + {BET_AUTH, CONFDB_DOMAIN_AUTH_PROVIDER, "sssm_%s_auth_init"}, + {BET_ACCESS, CONFDB_DOMAIN_ACCESS_PROVIDER, "sssm_%s_access_init"}, + {BET_CHPASS, CONFDB_DOMAIN_CHPASS_PROVIDER, "sssm_%s_chpass_init"}, {BET_MAX, NULL, NULL} }; @@ -514,7 +512,7 @@ static int mon_cli_init(struct be_ctx *ctx) int ret; /* Set up SBUS connection to the monitor */ - ret = monitor_get_sbus_address(ctx, ctx->cdb, &sbus_address); + ret = monitor_get_sbus_address(ctx, &sbus_address); if (ret != EOK) { DEBUG(0, ("Could not locate monitor address.\n")); return ret; @@ -550,7 +548,7 @@ static int be_cli_init(struct be_ctx *ctx) char *sbus_address; /* Set up SBUS connection to the monitor */ - ret = dp_get_sbus_address(ctx, ctx->cdb, &sbus_address); + ret = dp_get_sbus_address(ctx, &sbus_address); if (ret != EOK) { DEBUG(0, ("Could not locate monitor address.\n")); return ret; @@ -574,8 +572,8 @@ static int be_cli_init(struct be_ctx *ctx) } /* Enable automatic reconnection to the Data Provider */ - ret = confdb_get_int(ctx->cdb, ctx, SERVICE_CONF_ENTRY, - "reconnection_retries", 3, &max_retries); + ret = confdb_get_int(ctx->cdb, ctx, CONFDB_DP_CONF_ENTRY, + CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); return ret; @@ -833,7 +831,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, ctx->ev = ev; ctx->cdb = cdb; ctx->identity = talloc_asprintf(ctx, "%%BE_%s", be_domain); - ctx->conf_path = talloc_asprintf(ctx, "config/domains/%s", be_domain); + ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!ctx->identity || !ctx->conf_path) { DEBUG(0, ("Out of memory!?\n")); return ENOMEM; @@ -953,7 +951,7 @@ int main(int argc, const char *argv[]) srv_name = talloc_asprintf(NULL, "sssd[be[%s]]", be_domain); if (!srv_name) return 2; - conf_entry = talloc_asprintf(NULL, BE_CONF_ENTRY, be_domain); + conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!conf_entry) return 2; ret = server_setup(srv_name, 0, conf_entry, &main_ctx); diff --git a/server/providers/dp_sbus.c b/server/providers/dp_sbus.c index c5ccdc9a..c5c9a001 100644 --- a/server/providers/dp_sbus.c +++ b/server/providers/dp_sbus.c @@ -27,9 +27,8 @@ #include "providers/data_provider.h" #include "providers/dp_interfaces.h" -int dp_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, char **address) +int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address) { - int ret; char *default_address; *address = NULL; @@ -39,20 +38,7 @@ int dp_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, char **a return ENOMEM; } - if (confdb == NULL) { - /* If the confdb isn't specified, fall to the default */ - *address = default_address; - talloc_steal(mem_ctx, default_address); - ret = EOK; - goto done; - } - - ret = confdb_get_string(confdb, mem_ctx, - "config/services/dp", "sbusAddress", - default_address, address); - -done: - talloc_free(default_address); - return ret; + *address = default_address; + return EOK; } diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 631f7086..7510c066 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -867,7 +867,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->action = INIT_PW; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "krb5KDCIP", NULL, &value); + CONFDB_KRB5_KDCIP, NULL, &value); if (ret != EOK) goto fail; if (value == NULL) { DEBUG(2, ("Missing krb5KDCIP, authentication might fail.\n")); @@ -881,7 +881,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->kdcip = value; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "krb5REALM", NULL, &value); + CONFDB_KRB5_REALM, NULL, &value); if (ret != EOK) goto fail; if (value == NULL) { DEBUG(4, ("Missing krb5REALM authentication might fail.\n")); @@ -895,7 +895,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->realm = value; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "krb5ccache_dir", "/tmp", &value); + CONFDB_KRB5_CCACHEDIR, "/tmp", &value); if (ret != EOK) goto fail; ret = lstat(value, &stat_buf); if (ret != EOK) { @@ -910,7 +910,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->ccache_dir = value; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "krb5ccname_template", "FILE:%d/krb5cc_%U_XXXXXX", + CONFDB_KRB5_CCNAME_TMPL, + "FILE:%d/krb5cc_%U_XXXXXX", &value); if (ret != EOK) goto fail; if (value[0] != '/' && strncmp(value, "FILE:", 5) != 0) { @@ -921,12 +922,14 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->ccname_template = value; ret = confdb_get_bool(bectx->cdb, ctx, bectx->conf_path, - "krb5try_simple_upn", false, &bool_value); + CONFDB_KRB5_TRY_SIMPLE_UPN, false, + &bool_value); if (ret != EOK) goto fail; ctx->try_simple_upn = bool_value; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "krb5changepw_principle", "kadmin/changepw", + CONFDB_KRB5_CHANGEPW_PRINC, + "kadmin/changepw", &value); if (ret != EOK) goto fail; if (strchr(value, '@') == NULL) { @@ -945,7 +948,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, - "krb5auth_timeout", 15, &int_value); + CONFDB_KRB5_AUTH_TIMEOUT, 15, &int_value); if (ret != EOK) goto fail; if (int_value <= 0) { DEBUG(4, ("krb5auth_timeout has to be a positive value.\n")); diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c index 22d238e6..eded6eed 100644 --- a/server/providers/ldap/sdap.c +++ b/server/providers/ldap/sdap.c @@ -32,78 +32,78 @@ #define BOOL_TRUE { .boolean = true } struct sdap_gen_opts default_basic_opts[] = { - { "ldapUri", SDAP_STRING, { "ldap://localhost" }, NULL_STRING }, - { "defaultBindDn", SDAP_STRING, NULL_STRING, NULL_STRING }, - { "defaultAuthtokType", SDAP_STRING, NULL_STRING, NULL_STRING}, - { "defaultAuthtok", SDAP_BLOB, NULL_BLOB, NULL_BLOB }, - { "network_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER }, - { "opt_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER }, - { "tls_reqcert", SDAP_STRING, { "hard" }, NULL_STRING }, - { "userSearchBase", SDAP_STRING, { "ou=People,dc=example,dc=com" }, NULL_STRING }, - { "userSearchScope", SDAP_STRING, { "sub" }, NULL_STRING }, - { "userSearchFilter", SDAP_STRING, NULL_STRING, NULL_STRING }, - { "groupSearchBase", SDAP_STRING, { "ou=Group,dc=example,dc=com" }, NULL_STRING }, - { "groupSearchScope", SDAP_STRING, { "sub" }, NULL_STRING }, - { "groupSearchFilter", SDAP_STRING, NULL_STRING, NULL_STRING }, - { "ldapSchema", SDAP_STRING, { "rfc2307" }, NULL_STRING }, - { "offline_timeout", SDAP_NUMBER, { .number = 60 }, NULL_NUMBER }, - { "force_upper_case_realm", SDAP_BOOL, BOOL_FALSE, BOOL_FALSE }, - { "enumeration_refresh_timeout", SDAP_NUMBER, { .number = 300 }, NULL_NUMBER }, - { "stale_time", SDAP_NUMBER, { .number = 1800 }, NULL_NUMBER } + { "ldap_uri", SDAP_STRING, { "ldap://localhost" }, NULL_STRING }, + { "ldap_default_bind_dn", SDAP_STRING, NULL_STRING, NULL_STRING }, + { "ldap_default_authtok_type", SDAP_STRING, NULL_STRING, NULL_STRING}, + { "ldap_default_authtok", SDAP_BLOB, NULL_BLOB, NULL_BLOB }, + { "ldap_network_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER }, + { "ldap_opt_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER }, + { "ldap_tls_reqcert", SDAP_STRING, { "hard" }, NULL_STRING }, + { "ldap_user_search_base", SDAP_STRING, { "ou=People,dc=example,dc=com" }, NULL_STRING }, + { "ldap_user_search_scope", SDAP_STRING, { "sub" }, NULL_STRING }, + { "ldap_user_search_filter", SDAP_STRING, NULL_STRING, NULL_STRING }, + { "ldap_group_search_base", SDAP_STRING, { "ou=Group,dc=example,dc=com" }, NULL_STRING }, + { "ldap_group_search_scope", SDAP_STRING, { "sub" }, NULL_STRING }, + { "ldap_group_search_filter", SDAP_STRING, NULL_STRING, NULL_STRING }, + { "ldap_schema", SDAP_STRING, { "rfc2307" }, NULL_STRING }, + { "ldap_offline_timeout", SDAP_NUMBER, { .number = 60 }, NULL_NUMBER }, + { "ldap_force_upper_case_realm", SDAP_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_enumeration_refresh_timeout", SDAP_NUMBER, { .number = 300 }, NULL_NUMBER }, + { "ldap_stale_time", SDAP_NUMBER, { .number = 1800 }, NULL_NUMBER } }; struct sdap_id_map rfc2307_user_map[] = { - { "userObjectClass", "posixAccount", SYSDB_USER_CLASS, NULL }, - { "userName", "uid", SYSDB_NAME, NULL }, - { "userPwd", "userPassword", SYSDB_PWD, NULL }, - { "userUidNumber", "uidNumber", SYSDB_UIDNUM, NULL }, - { "userGidNumber", "gidNumber", SYSDB_GIDNUM, NULL }, - { "userGecos", "gecos", SYSDB_GECOS, NULL }, - { "userHomeDirectory", "homeDirectory", SYSDB_HOMEDIR, NULL }, - { "userShell", "loginShell", SYSDB_SHELL, NULL }, - { "userPrincipal", "krbPrincipalName", SYSDB_UPN, NULL }, - { "userFullname", "cn", SYSDB_FULLNAME, NULL }, - { "userMemberOf", NULL, SYSDB_MEMBEROF, NULL }, - { "userUUID", NULL, SYSDB_UUID, NULL }, - { "userModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } + { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, + { "ldap_user_name", "uid", SYSDB_NAME, NULL }, + { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, + { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, + { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, + { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, + { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL }, + { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, + { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL }, + { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, + { "ldap_user_member_of", NULL, SYSDB_MEMBEROF, NULL }, + { "ldap_user_uuid", NULL, SYSDB_UUID, NULL }, + { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; struct sdap_id_map rfc2307_group_map[] = { - { "groupObjectClass", "posixGroup", SYSDB_GROUP_CLASS, NULL }, - { "groupName", "cn", SYSDB_NAME, NULL }, - { "groupPwd", "userPassword", SYSDB_PWD, NULL }, - { "groupGidNumber", "gidNumber", SYSDB_GIDNUM, NULL }, - { "groupMember", "memberuid", SYSDB_MEMBER, NULL }, - { "groupUUID", NULL, SYSDB_UUID, NULL }, - { "groupModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } + { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, + { "ldap_group_name", "cn", SYSDB_NAME, NULL }, + { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, + { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, + { "ldap_group_member", "memberuid", SYSDB_MEMBER, NULL }, + { "ldap_group_uuid", NULL, SYSDB_UUID, NULL }, + { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; struct sdap_id_map rfc2307bis_user_map[] = { - { "userObjectClass", "posixAccount", SYSDB_USER_CLASS, NULL }, - { "userName", "uid", SYSDB_NAME, NULL }, - { "userPwd", "userPassword", SYSDB_PWD, NULL }, - { "userUidNumber", "uidNumber", SYSDB_UIDNUM, NULL }, - { "userGidNumber", "gidNumber", SYSDB_GIDNUM, NULL }, - { "userGecos", "gecos", SYSDB_GECOS, NULL }, - { "userHomeDirectory", "homeDirectory", SYSDB_HOMEDIR, NULL }, - { "userShell", "loginShell", SYSDB_SHELL, NULL }, - { "userPrincipal", "krbPrincipalName", SYSDB_UPN, NULL }, - { "userFullname", "cn", SYSDB_FULLNAME, NULL }, - { "userMemberOf", "memberOf", SYSDB_MEMBEROF, NULL }, + { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, + { "ldap_user_name", "uid", SYSDB_NAME, NULL }, + { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, + { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, + { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, + { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, + { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL }, + { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, + { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL }, + { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, + { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, /* FIXME: this is 389ds specific */ - { "userUUID", "nsUniqueId", SYSDB_UUID, NULL }, - { "userModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } + { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; struct sdap_id_map rfc2307bis_group_map[] = { - { "groupObjectClass", "posixGroup", SYSDB_GROUP_CLASS, NULL }, - { "groupName", "cn", SYSDB_NAME, NULL }, - { "groupPwd", "userPassword", SYSDB_PWD, NULL }, - { "groupGidNumber", "gidNumber", SYSDB_GIDNUM, NULL }, - { "groupMember", "member", SYSDB_MEMBER, NULL }, + { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, + { "ldap_group_name", "cn", SYSDB_NAME, NULL }, + { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, + { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, + { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, /* FIXME: this is 389ds specific */ - { "groupUUID", "nsUniqueId", SYSDB_UUID, NULL }, - { "groupModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } + { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; /* =Retrieve-Options====================================================== */ diff --git a/server/providers/proxy.c b/server/providers/proxy.c index dde019b9..54d4487e 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -2215,7 +2215,7 @@ int sssm_proxy_init(struct be_ctx *bectx, ctx->be = bectx; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "libName", NULL, &libname); + CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; if (libname == NULL) { ret = ENOENT; @@ -2339,7 +2339,8 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, ctx->be = bectx; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, - "pam-target", NULL, &ctx->pam_target); + CONFDB_PROXY_PAM_TARGET, NULL, + &ctx->pam_target); if (ret != EOK) goto done; if (!ctx->pam_target) { ctx->pam_target = talloc_strdup(ctx, "sssd_pam_proxy_default"); diff --git a/server/responder/common/responder_common.c b/server/responder/common/responder_common.c index 57c8678b..a3ac6e81 100644 --- a/server/responder/common/responder_common.c +++ b/server/responder/common/responder_common.c @@ -293,7 +293,7 @@ static int sss_monitor_init(struct resp_ctx *rctx, int ret; /* Set up SBUS connection to the monitor */ - ret = monitor_get_sbus_address(rctx, rctx->cdb, &sbus_address); + ret = monitor_get_sbus_address(rctx, &sbus_address); if (ret != EOK) { DEBUG(0, ("Could not locate monitor address.\n")); return ret; @@ -326,7 +326,7 @@ static int sss_dp_init(struct resp_ctx *rctx, int ret; /* Set up SBUS connection to the monitor */ - ret = dp_get_sbus_address(rctx, rctx->cdb, &sbus_address); + ret = dp_get_sbus_address(rctx, &sbus_address); if (ret != EOK) { DEBUG(0, ("Could not locate DP address.\n")); return ret; diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c index 3920189a..e000dfa1 100644 --- a/server/responder/nss/nsssrv.c +++ b/server/responder/nss/nsssrv.c @@ -87,29 +87,29 @@ static int nss_get_config(struct nss_ctx *nctx, tmpctx = talloc_new(nctx); if (!tmpctx) return ENOMEM; - ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG, - "EnumCacheTimeout", 120, + ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120, &nctx->enum_cache_timeout); if (ret != EOK) goto done; - ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG, - "EntryCacheTimeout", 600, + ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_ENTRY_CACHE_TIMEOUT, 600, &nctx->cache_timeout); if (ret != EOK) goto done; - ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG, - "EntryNegativeTimeout", 15, + ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15, &nctx->neg_timeout); if (ret != EOK) goto done; - ret = confdb_get_bool(cdb, nctx, NSS_SRV_CONFIG, - "filterUsersInGroups", true, + ret = confdb_get_bool(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_FILTER_USERS_IN_GROUPS, true, &nctx->filter_users_in_groups); if (ret != EOK) goto done; - ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG, - "EntryCacheNoWaitRefreshTimeout", 0, + ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT, 0, &nctx->cache_refresh_timeout); if (ret != EOK) goto done; if (nctx->cache_refresh_timeout >= nctx->cache_timeout) { @@ -123,9 +123,18 @@ static int nss_get_config(struct nss_ctx *nctx, nctx->cache_refresh_timeout = 0; } - ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG, - "filterUsers", &filter_list); - if (ret == ENOENT) filter_list = NULL; + ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_FILTER_USERS, &filter_list); + if (ret == ENOENT) { + filter_list = talloc_array(tmpctx, char *, 2); + filter_list[0] = talloc_strdup(tmpctx, "root"); + filter_list[1] = NULL; + if (!filter_list || !filter_list[0]) { + ret = ENOMEM; + goto done; + } + ret = EOK; + } else if (ret != EOK) goto done; for (i = 0; (filter_list && filter_list[i]); i++) { @@ -158,12 +167,21 @@ static int nss_get_config(struct nss_ctx *nctx, } } - ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG, - "filterGroups", &filter_list); - if (ret == ENOENT) filter_list = NULL; + ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_FILTER_GROUPS, &filter_list); + if (ret == ENOENT) { + filter_list = talloc_array(tmpctx, char *, 2); + filter_list[0] = talloc_strdup(tmpctx, "root"); + filter_list[1] = NULL; + if (!filter_list || !filter_list[0]) { + ret = ENOMEM; + goto done; + } + ret = EOK; + } else if (ret != EOK) goto done; - for (i = 0; filter_list[i]; i++) { + for (i = 0; (filter_list && filter_list[i]); i++) { ret = sss_parse_name(tmpctx, nctx->rctx->names, filter_list[i], &domain, &name); if (ret != EOK) { @@ -193,6 +211,7 @@ static int nss_get_config(struct nss_ctx *nctx, } } + ret = 0; done: talloc_free(tmpctx); return ret; @@ -269,7 +288,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, ret = sss_process_init(nctx, ev, cdb, nss_cmds, SSS_NSS_SOCKET_NAME, NULL, - NSS_SRV_CONFIG, + CONFDB_NSS_CONF_ENTRY, NSS_SBUS_SERVICE_NAME, NSS_SBUS_SERVICE_VERSION, &monitor_nss_interface, @@ -291,8 +310,9 @@ int nss_process_init(TALLOC_CTX *mem_ctx, /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(nctx->rctx->cdb, nctx->rctx, - SERVICE_CONF_ENTRY, - "reconnection_retries", 3, &max_retries); + CONFDB_NSS_CONF_ENTRY, + CONFDB_SERVICE_RECON_RETRIES, + 3, &max_retries); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); return ret; @@ -334,7 +354,7 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); /* set up things like debug , signals, daemonization, etc... */ - ret = server_setup("sssd[nss]", 0, NSS_SRV_CONFIG, &main_ctx); + ret = server_setup("sssd[nss]", 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h index a5adbaf8..14d2aad4 100644 --- a/server/responder/nss/nsssrv.h +++ b/server/responder/nss/nsssrv.h @@ -39,8 +39,6 @@ #define NSS_PACKET_MAX_RECV_SIZE 1024 -#define NSS_SRV_CONFIG "config/services/nss" - struct getent_ctx; struct nss_ctx { diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c index c751528f..50acc26c 100644 --- a/server/responder/pam/pamsrv.c +++ b/server/responder/pam/pamsrv.c @@ -46,7 +46,6 @@ #define PAM_SBUS_SERVICE_VERSION 0x0001 #define PAM_SBUS_SERVICE_NAME "pam" -#define PAM_SRV_CONFIG "config/services/pam" static int service_reload(DBusMessage *message, struct sbus_connection *conn); @@ -135,7 +134,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, pam_cmds, SSS_PAM_SOCKET_NAME, SSS_PAM_PRIV_SOCKET_NAME, - PAM_SRV_CONFIG, + CONFDB_PAM_CONF_ENTRY, PAM_SBUS_SERVICE_NAME, PAM_SBUS_SERVICE_VERSION, &monitor_pam_interface, @@ -152,8 +151,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, /* FIXME: "retries" is too generic, either get it from a global config * or specify these retries are about the sbus connections to DP */ - ret = confdb_get_int(rctx->cdb, rctx, SERVICE_CONF_ENTRY, - "reconnection_retries", 3, &max_retries); + ret = confdb_get_int(rctx->cdb, rctx, CONFDB_PAM_CONF_ENTRY, + CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); return ret; @@ -192,7 +191,7 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); /* set up things like debug , signals, daemonization, etc... */ - ret = server_setup("sssd[pam]", 0, PAM_SRV_CONFIG, &main_ctx); + ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/server/tools/sss_sync_ops.c b/server/tools/sss_sync_ops.c index d9db2304..50eb197e 100644 --- a/server/tools/sss_sync_ops.c +++ b/server/tools/sss_sync_ops.c @@ -27,11 +27,6 @@ #include "tools/sss_sync_ops.h" /* Default settings for user attributes */ -#define CONFDB_DFL_SECTION "config/user_defaults" - -#define DFL_SHELL_ATTR "defaultShell" -#define DFL_BASEDIR_ATTR "baseDirectory" - #define DFL_SHELL_VAL "/bin/bash" #define DFL_BASEDIR_VAL "/home" @@ -1129,17 +1124,24 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, int ret; char *basedir = NULL; char *dfl_shell = NULL; + char *conf_path = NULL; + + conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name); + if (!conf_path) { + return ENOMEM; + } data->gecos = talloc_strdup(mem_ctx, gecos ? gecos : data->name); if (!data->gecos) { - return ENOMEM; + ret = ENOMEM; + goto done; } if (homedir) { data->home = talloc_strdup(data, homedir); } else { ret = confdb_get_string(confdb, mem_ctx, - CONFDB_DFL_SECTION, DFL_BASEDIR_ATTR, + conf_path, CONFDB_LOCAL_DEFAULT_BASEDIR, DFL_BASEDIR_VAL, &basedir); if (ret != EOK) { goto done; @@ -1157,7 +1159,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, if (!shell) { ret = confdb_get_string(confdb, mem_ctx, - CONFDB_DFL_SECTION, DFL_SHELL_ATTR, + conf_path, CONFDB_LOCAL_DEFAULT_SHELL, DFL_SHELL_VAL, &dfl_shell); if (ret != EOK) { goto done; @@ -1174,6 +1176,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx, done: talloc_free(dfl_shell); talloc_free(basedir); + talloc_free(conf_path); return ret; } diff --git a/server/util/server.c b/server/util/server.c index 0760e60f..a8c50240 100644 --- a/server/util/server.c +++ b/server/util/server.c @@ -362,7 +362,8 @@ int server_setup(const char *name, int flags, /* set debug level if any in conf_entry */ ret = confdb_get_int(ctx->confdb_ctx, ctx, conf_entry, - "debug-level", debug_level, &debug_level); + CONFDB_SERVICE_DEBUG_LEVEL, + debug_level, &debug_level); if (ret != EOK) { DEBUG(0, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); @@ -372,7 +373,8 @@ int server_setup(const char *name, int flags, /* same for debug timestamps */ dt = (debug_timestamps != 0); ret = confdb_get_bool(ctx->confdb_ctx, ctx, conf_entry, - "debug-timestamps", dt, &dt); + CONFDB_SERVICE_DEBUG_TIMESTAMPS, + dt, &dt); if (ret != EOK) { DEBUG(0, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); diff --git a/server/util/usertools.c b/server/util/usertools.c index e4e941a6..44f5ba29 100644 --- a/server/util/usertools.c +++ b/server/util/usertools.c @@ -27,8 +27,6 @@ #include "confdb/confdb.h" #include "util/util.h" -#define NAMES_CONFIG "config/names" - #ifdef HAVE_LIBPCRE_LESSER_THAN_7 #define NAME_DOMAIN_PATTERN_OPTIONS (PCRE_EXTENDED) #else @@ -58,8 +56,8 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct sss_names ctx = talloc_zero(ctx, struct sss_names_ctx); if (!ctx) return ENOMEM; - ret = confdb_get_string(cdb, ctx, NAMES_CONFIG, - "re-expression", NULL, &ctx->re_pattern); + ret = confdb_get_string(cdb, ctx, CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_NAME_REGEX, NULL, &ctx->re_pattern); if (ret != EOK) goto done; if (!ctx->re_pattern) { @@ -79,8 +77,8 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct sss_names #endif } - ret = confdb_get_string(cdb, ctx, NAMES_CONFIG, - "full-name-format", NULL, &ctx->fq_fmt); + ret = confdb_get_string(cdb, ctx, CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_FULL_NAME_FORMAT, NULL, &ctx->fq_fmt); if (ret != EOK) goto done; if (!ctx->fq_fmt) { |