summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/confdb/confdb.c52
-rw-r--r--server/confdb/confdb.h69
-rw-r--r--server/confdb/confdb_setup.c41
-rw-r--r--server/confdb/confdb_setup.h5
-rw-r--r--server/monitor/monitor.c37
-rw-r--r--server/monitor/monitor_interfaces.h3
-rw-r--r--server/monitor/monitor_sbus.c20
-rw-r--r--server/providers/data_provider.c25
-rw-r--r--server/providers/data_provider.h3
-rw-r--r--server/providers/data_provider_be.c22
-rw-r--r--server/providers/dp_sbus.c20
-rw-r--r--server/providers/krb5/krb5_auth.c17
-rw-r--r--server/providers/ldap/sdap.c116
-rw-r--r--server/providers/proxy.c5
-rw-r--r--server/responder/common/responder_common.c4
-rw-r--r--server/responder/nss/nsssrv.c62
-rw-r--r--server/responder/nss/nsssrv.h2
-rw-r--r--server/responder/pam/pamsrv.c9
-rw-r--r--server/tools/sss_sync_ops.c19
-rw-r--r--server/util/server.c6
-rw-r--r--server/util/usertools.c10
21 files changed, 310 insertions, 237 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index bb1fc2b2..ca7be454 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -30,19 +30,6 @@
#include "util/strtonum.h"
#include "db/sysdb.h"
-#define CONFDB_DOMAINS_PATH "config/domains"
-#define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config"
-#define CONFDB_DOMAIN_ATTR "cn"
-#define CONFDB_PROVIDER "provider"
-#define CONFDB_TIMEOUT "timeout"
-#define CONFDB_ENUMERATE "enumerate"
-#define CONFDB_MINID "minId"
-#define CONFDB_MAXID "maxId"
-#define CONFDB_CACHE_CREDS "cache-credentials"
-#define CONFDB_LEGACY_PASS "store-legacy-passwords"
-#define CONFDB_MPG "magicPrivateGroups"
-#define CONFDB_FQ "useFullyQualifiedNames"
-
#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
if (!var) { \
ret = err; \
@@ -728,7 +715,6 @@ static errno_t get_entry_as_bool(struct ldb_message *msg,
bool default_value)
{
const char *tmp = NULL;
- char *endptr;
*return_value = 0;
@@ -808,7 +794,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
goto done;
}
- tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_PROVIDER, NULL);
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_DOMAIN_ID_PROVIDER,
+ NULL);
if (tmp) {
domain->provider = talloc_strdup(domain, tmp);
if (!domain->provider) {
@@ -817,20 +805,20 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
}
else {
- DEBUG(0, ("Domain [%s] does not specify a provider, disabling!\n",
+ DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n",
domain->name));
ret = EINVAL;
goto done;
}
domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
- CONFDB_TIMEOUT, 0);
+ CONFDB_DOMAIN_TIMEOUT, 0);
/* Determine if this domain can be enumerated */
/* TEMP: test if the old bitfield conf value is used and warn it has been
* superceeded. */
- val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_ENUMERATE, 0);
+ val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0);
if (val > 0) { /* ok there was a number in here */
DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! "
"Enumeration is now a boolean and takes true/false values. "
@@ -838,9 +826,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
domain->enumerate = true;
} else { /* assume the new format */
ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,
- CONFDB_ENUMERATE, 0);
+ CONFDB_DOMAIN_ENUMERATE, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_ENUMERATE));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE));
goto done;
}
}
@@ -849,9 +837,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
/* Determine if this is domain uses MPG */
- ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_MPG, 0);
+ ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_DOMAIN_MPG, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_MPG));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_MPG));
goto done;
}
@@ -862,14 +850,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
/* Determine if user/group names will be Fully Qualified
* in NSS interfaces */
- ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_FQ, 0);
+ ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_FQ));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ));
goto done;
}
ret = get_entry_as_uint32(res->msgs[0], &domain->id_min,
- CONFDB_MINID, SSSD_MIN_ID);
+ CONFDB_DOMAIN_MINID, SSSD_MIN_ID);
if (ret != EOK) {
DEBUG(0, ("Invalid value for minId\n"));
ret = EINVAL;
@@ -877,7 +865,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
ret = get_entry_as_uint32(res->msgs[0], &domain->id_max,
- CONFDB_MAXID, 0);
+ CONFDB_DOMAIN_MAXID, 0);
if (ret != EOK) {
DEBUG(0, ("Invalid value for maxId\n"));
ret = EINVAL;
@@ -892,16 +880,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
/* Do we allow to cache credentials */
ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials,
- CONFDB_CACHE_CREDS, 0);
+ CONFDB_DOMAIN_CACHE_CREDS, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_CACHE_CREDS));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS));
goto done;
}
ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords,
- CONFDB_LEGACY_PASS, 0);
+ CONFDB_DOMAIN_LEGACY_PASS, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_LEGACY_PASS));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS));
goto done;
}
@@ -930,7 +918,9 @@ int confdb_get_domains(struct confdb_ctx *cdb,
if (!tmp_ctx) return ENOMEM;
ret = confdb_get_string_as_list(cdb, tmp_ctx,
- CONFDB_DOMAINS_PATH, "domains", &domlist);
+ CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_ACTIVE_DOMAINS,
+ &domlist);
if (ret == ENOENT) {
DEBUG(0, ("No domains configured, fatal error!\n"));
goto done;
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index a0da9b4f..7ca85507 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -34,7 +34,74 @@
#define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
#define SSSD_MIN_ID 1000
-#define SERVICE_CONF_ENTRY "config/services"
+/* Configuration options */
+
+/* Services */
+#define CONFDB_SERVICE_PATH_TMPL "config/%s"
+#define CONFDB_SERVICE_COMMAND "command"
+#define CONFDB_SERVICE_DEBUG_LEVEL "debug_level"
+#define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
+#define CONFDB_SERVICE_TIMEOUT "timeout"
+#define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries"
+
+/* Monitor */
+#define CONFDB_MONITOR_CONF_ENTRY "config/sssd"
+#define CONFDB_MONITOR_SBUS_TIMEOUT "sbus_timeout"
+#define CONFDB_MONITOR_ACTIVE_SERVICES "services"
+#define CONFDB_MONITOR_ACTIVE_DOMAINS "domains"
+#define CONFDB_MONITOR_NAME_REGEX "re_expression"
+#define CONFDB_MONITOR_FULL_NAME_FORMAT "full_name_format"
+
+/* NSS */
+#define CONFDB_NSS_CONF_ENTRY "config/nss"
+#define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout"
+#define CONFDB_NSS_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
+#define CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT "entry_cache_nowait_timeout"
+#define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout"
+#define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups"
+#define CONFDB_NSS_FILTER_USERS "filter_users"
+#define CONFDB_NSS_FILTER_GROUPS "filter_groups"
+
+/* PAM */
+#define CONFDB_PAM_CONF_ENTRY "config/pam"
+
+/* Data Provider */
+#define CONFDB_DP_CONF_ENTRY "config/dp"
+
+/* Domains */
+#define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s"
+#define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config"
+#define CONFDB_DOMAIN_ID_PROVIDER "id_provider"
+#define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider"
+#define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider"
+#define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider"
+#define CONFDB_DOMAIN_COMMAND "command"
+#define CONFDB_DOMAIN_TIMEOUT "timeout"
+#define CONFDB_DOMAIN_ATTR "cn"
+#define CONFDB_DOMAIN_ENUMERATE "enumerate"
+#define CONFDB_DOMAIN_MINID "min_id"
+#define CONFDB_DOMAIN_MAXID "max_id"
+#define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials"
+#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords"
+#define CONFDB_DOMAIN_MPG "magic_private_groups"
+#define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
+
+/* Local Provider */
+#define CONFDB_LOCAL_DEFAULT_SHELL "default_shell"
+#define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory"
+
+/* Proxy Provider */
+#define CONFDB_PROXY_LIBNAME "proxy_lib_name"
+#define CONFDB_PROXY_PAM_TARGET "proxy_pam_target"
+
+/* KRB5 Provider */
+#define CONFDB_KRB5_KDCIP "krb5_kdcip"
+#define CONFDB_KRB5_REALM "krb5_realm"
+#define CONFDB_KRB5_CCACHEDIR "krb5_ccachedir"
+#define CONFDB_KRB5_CCNAME_TMPL "krb5_ccname_template"
+#define CONFDB_KRB5_TRY_SIMPLE_UPN "krb5_try_simple_upn"
+#define CONFDB_KRB5_CHANGEPW_PRINC "krb5_changepw_principle"
+#define CONFDB_KRB5_AUTH_TIMEOUT "krb5_auth_timeout"
struct confdb_ctx;
struct config_file_ctx;
diff --git a/server/confdb/confdb_setup.c b/server/confdb/confdb_setup.c
index 00bba7f1..9110a5e9 100644
--- a/server/confdb/confdb_setup.c
+++ b/server/confdb/confdb_setup.c
@@ -57,9 +57,15 @@ int confdb_test(struct confdb_ctx *cdb)
}
if (strcmp(values[0], CONFDB_VERSION) != 0) {
- /* bad version get out */
+ /* Existing version does not match executable version */
+ DEBUG(1, ("Upgrading confdb version from %s to %s\n",
+ values[0], CONFDB_VERSION));
+
+ /* This is recoverable, since we purge the confdb file
+ * when we re-initialize it.
+ */
talloc_free(values);
- return EIO;
+ return ENOENT;
}
talloc_free(values);
@@ -266,12 +272,14 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb)
int ret, i;
struct collection_item *sssd_config = NULL;
struct collection_item *error_list = NULL;
+ struct collection_item *item = NULL;
char *config_ldif;
struct ldb_ldif *ldif;
TALLOC_CTX *tmp_ctx;
char *lasttimestr, timestr[21];
const char *vals[2] = { timestr, NULL };
struct stat cstat;
+ int version;
tmp_ctx = talloc_new(cdb);
if (tmp_ctx == NULL) return ENOMEM;
@@ -327,6 +335,35 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb)
goto done;
}
+ /* Make sure that the config file version matches the confdb version */
+ ret = get_config_item("sssd", "config_file_version",
+ sssd_config, &item);
+ if (ret != EOK) {
+ DEBUG(0, ("Internal error determining config_file_version\n"));
+ goto done;
+ }
+ if (item == NULL) {
+ /* No known version. Assumed to be version 1 */
+ DEBUG(0, ("Config file is an old version. "
+ "Please run configuration upgrade script.\n"));
+ ret = EINVAL;
+ goto done;
+ }
+ version = get_int_config_value(item, 1, -1, &ret);
+ if (ret != EOK) {
+ DEBUG(0, ("Config file version could not be determined\n"));
+ goto done;
+ } else if (version < CONFDB_VERSION_INT) {
+ DEBUG(0, ("Config file is an old version. "
+ "Please run configuration upgrade script.\n"));
+ ret = EINVAL;
+ goto done;
+ } else if (version > CONFDB_VERSION_INT) {
+ DEBUG(0, ("Config file version is newer than confdb\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = confdb_create_ldif(tmp_ctx, sssd_config, &config_ldif);
free_ini_config(sssd_config);
if (ret != EOK) {
diff --git a/server/confdb/confdb_setup.h b/server/confdb/confdb_setup.h
index 7cba0b91..2b8802f6 100644
--- a/server/confdb/confdb_setup.h
+++ b/server/confdb/confdb_setup.h
@@ -22,7 +22,8 @@
#ifndef CONFDB_SETUP_H_
#define CONFDB_SETUP_H_
-#define CONFDB_VERSION "1"
+#define CONFDB_VERSION "2"
+#define CONFDB_VERSION_INT 2
#define CONFDB_BASE_LDIF \
"dn: @ATTRIBUTES\n" \
@@ -41,7 +42,7 @@
#define CONFDB_INTERNAL_LDIF \
"dn: cn=config\n" \
- "version: 1\n" \
+ "version: "CONFDB_VERSION"\n" \
"\n"
int confdb_create_base(struct confdb_ctx *cdb);
diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c
index fa9eb0e8..b78a768c 100644
--- a/server/monitor/monitor.c
+++ b/server/monitor/monitor.c
@@ -57,7 +57,6 @@
/* ping time cannot be less then once every few seconds or the
* monitor will get crazy hammering children with messages */
#define MONITOR_DEF_PING_TIME 10
-#define MONITOR_CONF_ENTRY "config/services/monitor"
struct svc_spy;
@@ -341,10 +340,9 @@ static int monitor_dbus_init(struct mt_ctx *ctx)
char *monitor_address;
int ret;
- monitor_address = talloc_asprintf(ctx, "unix:path=%s/%s",
- PIPE_PATH, SSSD_SERVICE_PIPE);
- if (!monitor_address) {
- return ENOMEM;
+ ret = monitor_get_sbus_address(ctx, &monitor_address);
+ if (ret != EOK) {
+ return ret;
}
ret = sbus_new_server(ctx, ctx->ev,
@@ -845,7 +843,8 @@ int get_monitor_config(struct mt_ctx *ctx)
int timeout_seconds;
ret = confdb_get_int(ctx->cdb, ctx,
- MONITOR_CONF_ENTRY, "sbusTimeout",
+ CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_SBUS_TIMEOUT,
10, &timeout_seconds);
if (ret != EOK) {
return ret;
@@ -858,7 +857,8 @@ int get_monitor_config(struct mt_ctx *ctx)
return ENOMEM;
}
ret = confdb_get_string_as_list(ctx->cdb, ctx->service_ctx,
- SERVICE_CONF_ENTRY, "activeServices",
+ CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_ACTIVE_SERVICES,
&ctx->services);
if (ret != EOK) {
DEBUG(0, ("No services configured!\n"));
@@ -922,13 +922,14 @@ static int get_service_config(struct mt_ctx *ctx, const char *name,
return ENOMEM;
}
- path = talloc_asprintf(svc, "config/services/%s", svc->name);
+ path = talloc_asprintf(svc, CONFDB_SERVICE_PATH_TMPL, svc->name);
if (!path) {
talloc_free(svc);
return ENOMEM;
}
- ret = confdb_get_string(ctx->cdb, svc, path, "command",
+ ret = confdb_get_string(ctx->cdb, svc, path,
+ CONFDB_SERVICE_COMMAND,
NULL, &svc->command);
if (ret != EOK) {
DEBUG(0,("Failed to start service '%s'\n", svc->name));
@@ -948,7 +949,8 @@ static int get_service_config(struct mt_ctx *ctx, const char *name,
}
}
- ret = confdb_get_int(ctx->cdb, svc, path, "timeout",
+ ret = confdb_get_int(ctx->cdb, svc, path,
+ CONFDB_SERVICE_TIMEOUT,
MONITOR_DEF_PING_TIME, &svc->ping_time);
if (ret != EOK) {
DEBUG(0,("Failed to start service '%s'\n", svc->name));
@@ -1007,29 +1009,32 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name,
return ENOMEM;
}
- path = talloc_asprintf(svc, "config/domains/%s", name);
+ path = talloc_asprintf(svc, CONFDB_DOMAIN_PATH_TMPL, name);
if (!path) {
talloc_free(svc);
return ENOMEM;
}
ret = confdb_get_string(ctx->cdb, svc, path,
- "provider", NULL, &svc->provider);
+ CONFDB_DOMAIN_ID_PROVIDER,
+ NULL, &svc->provider);
if (ret != EOK) {
- DEBUG(0, ("Failed to find provider from [%s] configuration\n", name));
+ DEBUG(0, ("Failed to find ID provider from [%s] configuration\n", name));
talloc_free(svc);
return ret;
}
ret = confdb_get_string(ctx->cdb, svc, path,
- "command", NULL, &svc->command);
+ CONFDB_DOMAIN_COMMAND,
+ NULL, &svc->command);
if (ret != EOK) {
DEBUG(0, ("Failed to find command from [%s] configuration\n", name));
talloc_free(svc);
return ret;
}
- ret = confdb_get_int(ctx->cdb, svc, path, "timeout",
+ ret = confdb_get_int(ctx->cdb, svc, path,
+ CONFDB_DOMAIN_TIMEOUT,
MONITOR_DEF_PING_TIME, &svc->ping_time);
if (ret != EOK) {
DEBUG(0,("Failed to start service '%s'\n", svc->name));
@@ -2427,7 +2432,7 @@ int main(int argc, const char *argv[])
if (ret != EOK) return 4;
/* set up things like debug , signals, daemonization, etc... */
- ret = server_setup("sssd", flags, MONITOR_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd", flags, CONFDB_MONITOR_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
monitor->ev = main_ctx->event_ctx;
diff --git a/server/monitor/monitor_interfaces.h b/server/monitor/monitor_interfaces.h
index 7d0390bf..1835718f 100644
--- a/server/monitor/monitor_interfaces.h
+++ b/server/monitor/monitor_interfaces.h
@@ -44,8 +44,7 @@
#define SSSD_SERVICE_PIPE "private/sbus-monitor"
-int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb,
- char **address);
+int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address);
int monitor_common_send_id(struct sbus_connection *conn,
const char *name, uint16_t version);
int monitor_common_pong(DBusMessage *message,
diff --git a/server/monitor/monitor_sbus.c b/server/monitor/monitor_sbus.c
index 9995986b..3f73e84f 100644
--- a/server/monitor/monitor_sbus.c
+++ b/server/monitor/monitor_sbus.c
@@ -29,9 +29,8 @@
#include "sbus/sssd_dbus.h"
#include "monitor/monitor_interfaces.h"
-int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, char **address)
+int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address)
{
- int ret;
char *default_address;
*address = NULL;
@@ -41,21 +40,8 @@ int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, cha
return ENOMEM;
}
- if (confdb == NULL) {
- /* If the confdb isn't specified, fall to the default */
- *address = default_address;
- talloc_steal(mem_ctx, default_address);
- ret = EOK;
- goto done;
- }
-
- ret = confdb_get_string(confdb, mem_ctx,
- "config/services/monitor", "sbusAddress",
- default_address, address);
-
-done:
- talloc_free(default_address);
- return ret;
+ *address = default_address;
+ return EOK;
}
static void id_callback(DBusPendingCall *pending, void *ptr)
diff --git a/server/providers/data_provider.c b/server/providers/data_provider.c
index f8efcc8d..f727c555 100644
--- a/server/providers/data_provider.c
+++ b/server/providers/data_provider.c
@@ -41,8 +41,6 @@
#include "dp_interfaces.h"
#include "monitor/monitor_interfaces.h"
-#define DP_CONF_ENTRY "config/services/dp"
-
struct dp_backend;
struct dp_frontend;
@@ -149,7 +147,7 @@ static int dp_monitor_init(struct dp_ctx *dpctx)
int ret;
/* Set up SBUS connection to the monitor */
- ret = monitor_get_sbus_address(dpctx, dpctx->cdb, &sbus_address);
+ ret = monitor_get_sbus_address(dpctx, &sbus_address);
if (ret != EOK) {
DEBUG(0, ("Could not locate monitor address.\n"));
return ret;
@@ -927,31 +925,14 @@ static int dp_frontend_destructor(void *ctx)
static int dp_srv_init(struct dp_ctx *dpctx)
{
char *dpbus_address;
- char *default_dp_address;
int ret;
DEBUG(3, ("Initializing Data Provider D-BUS Server\n"));
- default_dp_address = talloc_asprintf(dpctx, "unix:path=%s/%s",
- PIPE_PATH, DATA_PROVIDER_PIPE);
- if (default_dp_address == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = confdb_get_string(dpctx->cdb, dpctx,
- DP_CONF_ENTRY, "dpbusAddress",
- default_dp_address, &dpbus_address);
- if (ret != EOK) goto done;
+ ret = dp_get_sbus_address(dpctx, &dpbus_address);
ret = sbus_new_server(dpctx, dpctx->ev, dpbus_address,
&dp_interface, &dpctx->sbus_srv,
dp_client_init, dpctx);
- if (ret != EOK) {
- goto done;
- }
-
-done:
- talloc_free(default_dp_address);
return ret;
}
@@ -1012,7 +993,7 @@ int main(int argc, const char *argv[])
poptFreeContext(pc);
/* set up things like debug , signals, daemonization, etc... */
- ret = server_setup("sssd[dp]", 0, DP_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[dp]", 0, CONFDB_DP_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h
index 790194ce..779da0f3 100644
--- a/server/providers/data_provider.h
+++ b/server/providers/data_provider.h
@@ -143,8 +143,7 @@ int dp_common_send_id(struct sbus_connection *conn,
const char *name, const char *domain);
/* from dp_sbus.c */
-int dp_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb,
- char **address);
+int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address);
#endif /* __DATA_PROVIDER_ */
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 85281d4c..62ce7bbe 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -44,8 +44,6 @@
#include "providers/dp_backend.h"
#include "monitor/monitor_interfaces.h"
-#define BE_CONF_ENTRY "config/domains/%s"
-
struct sbus_method monitor_be_methods[] = {
{ MON_CLI_METHOD_PING, monitor_common_pong },
{ MON_CLI_METHOD_RES_INIT, monitor_common_res_init },
@@ -81,10 +79,10 @@ struct sbus_interface be_interface = {
static struct bet_data bet_data[] = {
{BET_NULL, NULL, NULL},
- {BET_ID, "provider", "sssm_%s_init"},
- {BET_AUTH, "auth-module", "sssm_%s_auth_init"},
- {BET_ACCESS, "access-module", "sssm_%s_access_init"},
- {BET_CHPASS, "chpass-module", "sssm_%s_chpass_init"},
+ {BET_ID, CONFDB_DOMAIN_ID_PROVIDER, "sssm_%s_init"},
+ {BET_AUTH, CONFDB_DOMAIN_AUTH_PROVIDER, "sssm_%s_auth_init"},
+ {BET_ACCESS, CONFDB_DOMAIN_ACCESS_PROVIDER, "sssm_%s_access_init"},
+ {BET_CHPASS, CONFDB_DOMAIN_CHPASS_PROVIDER, "sssm_%s_chpass_init"},
{BET_MAX, NULL, NULL}
};
@@ -514,7 +512,7 @@ static int mon_cli_init(struct be_ctx *ctx)
int ret;
/* Set up SBUS connection to the monitor */
- ret = monitor_get_sbus_address(ctx, ctx->cdb, &sbus_address);
+ ret = monitor_get_sbus_address(ctx, &sbus_address);
if (ret != EOK) {
DEBUG(0, ("Could not locate monitor address.\n"));
return ret;
@@ -550,7 +548,7 @@ static int be_cli_init(struct be_ctx *ctx)
char *sbus_address;
/* Set up SBUS connection to the monitor */
- ret = dp_get_sbus_address(ctx, ctx->cdb, &sbus_address);
+ ret = dp_get_sbus_address(ctx, &sbus_address);
if (ret != EOK) {
DEBUG(0, ("Could not locate monitor address.\n"));
return ret;
@@ -574,8 +572,8 @@ static int be_cli_init(struct be_ctx *ctx)
}
/* Enable automatic reconnection to the Data Provider */
- ret = confdb_get_int(ctx->cdb, ctx, SERVICE_CONF_ENTRY,
- "reconnection_retries", 3, &max_retries);
+ ret = confdb_get_int(ctx->cdb, ctx, CONFDB_DP_CONF_ENTRY,
+ CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
return ret;
@@ -833,7 +831,7 @@ int be_process_init(TALLOC_CTX *mem_ctx,
ctx->ev = ev;
ctx->cdb = cdb;
ctx->identity = talloc_asprintf(ctx, "%%BE_%s", be_domain);
- ctx->conf_path = talloc_asprintf(ctx, "config/domains/%s", be_domain);
+ ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (!ctx->identity || !ctx->conf_path) {
DEBUG(0, ("Out of memory!?\n"));
return ENOMEM;
@@ -953,7 +951,7 @@ int main(int argc, const char *argv[])
srv_name = talloc_asprintf(NULL, "sssd[be[%s]]", be_domain);
if (!srv_name) return 2;
- conf_entry = talloc_asprintf(NULL, BE_CONF_ENTRY, be_domain);
+ conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (!conf_entry) return 2;
ret = server_setup(srv_name, 0, conf_entry, &main_ctx);
diff --git a/server/providers/dp_sbus.c b/server/providers/dp_sbus.c
index c5ccdc9a..c5c9a001 100644
--- a/server/providers/dp_sbus.c
+++ b/server/providers/dp_sbus.c
@@ -27,9 +27,8 @@
#include "providers/data_provider.h"
#include "providers/dp_interfaces.h"
-int dp_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, char **address)
+int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address)
{
- int ret;
char *default_address;
*address = NULL;
@@ -39,20 +38,7 @@ int dp_get_sbus_address(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, char **a
return ENOMEM;
}
- if (confdb == NULL) {
- /* If the confdb isn't specified, fall to the default */
- *address = default_address;
- talloc_steal(mem_ctx, default_address);
- ret = EOK;
- goto done;
- }
-
- ret = confdb_get_string(confdb, mem_ctx,
- "config/services/dp", "sbusAddress",
- default_address, address);
-
-done:
- talloc_free(default_address);
- return ret;
+ *address = default_address;
+ return EOK;
}
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index 631f7086..7510c066 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -867,7 +867,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->action = INIT_PW;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "krb5KDCIP", NULL, &value);
+ CONFDB_KRB5_KDCIP, NULL, &value);
if (ret != EOK) goto fail;
if (value == NULL) {
DEBUG(2, ("Missing krb5KDCIP, authentication might fail.\n"));
@@ -881,7 +881,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->kdcip = value;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "krb5REALM", NULL, &value);
+ CONFDB_KRB5_REALM, NULL, &value);
if (ret != EOK) goto fail;
if (value == NULL) {
DEBUG(4, ("Missing krb5REALM authentication might fail.\n"));
@@ -895,7 +895,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->realm = value;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "krb5ccache_dir", "/tmp", &value);
+ CONFDB_KRB5_CCACHEDIR, "/tmp", &value);
if (ret != EOK) goto fail;
ret = lstat(value, &stat_buf);
if (ret != EOK) {
@@ -910,7 +910,8 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->ccache_dir = value;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "krb5ccname_template", "FILE:%d/krb5cc_%U_XXXXXX",
+ CONFDB_KRB5_CCNAME_TMPL,
+ "FILE:%d/krb5cc_%U_XXXXXX",
&value);
if (ret != EOK) goto fail;
if (value[0] != '/' && strncmp(value, "FILE:", 5) != 0) {
@@ -921,12 +922,14 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->ccname_template = value;
ret = confdb_get_bool(bectx->cdb, ctx, bectx->conf_path,
- "krb5try_simple_upn", false, &bool_value);
+ CONFDB_KRB5_TRY_SIMPLE_UPN, false,
+ &bool_value);
if (ret != EOK) goto fail;
ctx->try_simple_upn = bool_value;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "krb5changepw_principle", "kadmin/changepw",
+ CONFDB_KRB5_CHANGEPW_PRINC,
+ "kadmin/changepw",
&value);
if (ret != EOK) goto fail;
if (strchr(value, '@') == NULL) {
@@ -945,7 +948,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path,
- "krb5auth_timeout", 15, &int_value);
+ CONFDB_KRB5_AUTH_TIMEOUT, 15, &int_value);
if (ret != EOK) goto fail;
if (int_value <= 0) {
DEBUG(4, ("krb5auth_timeout has to be a positive value.\n"));
diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c
index 22d238e6..eded6eed 100644
--- a/server/providers/ldap/sdap.c
+++ b/server/providers/ldap/sdap.c
@@ -32,78 +32,78 @@
#define BOOL_TRUE { .boolean = true }
struct sdap_gen_opts default_basic_opts[] = {
- { "ldapUri", SDAP_STRING, { "ldap://localhost" }, NULL_STRING },
- { "defaultBindDn", SDAP_STRING, NULL_STRING, NULL_STRING },
- { "defaultAuthtokType", SDAP_STRING, NULL_STRING, NULL_STRING},
- { "defaultAuthtok", SDAP_BLOB, NULL_BLOB, NULL_BLOB },
- { "network_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER },
- { "opt_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER },
- { "tls_reqcert", SDAP_STRING, { "hard" }, NULL_STRING },
- { "userSearchBase", SDAP_STRING, { "ou=People,dc=example,dc=com" }, NULL_STRING },
- { "userSearchScope", SDAP_STRING, { "sub" }, NULL_STRING },
- { "userSearchFilter", SDAP_STRING, NULL_STRING, NULL_STRING },
- { "groupSearchBase", SDAP_STRING, { "ou=Group,dc=example,dc=com" }, NULL_STRING },
- { "groupSearchScope", SDAP_STRING, { "sub" }, NULL_STRING },
- { "groupSearchFilter", SDAP_STRING, NULL_STRING, NULL_STRING },
- { "ldapSchema", SDAP_STRING, { "rfc2307" }, NULL_STRING },
- { "offline_timeout", SDAP_NUMBER, { .number = 60 }, NULL_NUMBER },
- { "force_upper_case_realm", SDAP_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "enumeration_refresh_timeout", SDAP_NUMBER, { .number = 300 }, NULL_NUMBER },
- { "stale_time", SDAP_NUMBER, { .number = 1800 }, NULL_NUMBER }
+ { "ldap_uri", SDAP_STRING, { "ldap://localhost" }, NULL_STRING },
+ { "ldap_default_bind_dn", SDAP_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_default_authtok_type", SDAP_STRING, NULL_STRING, NULL_STRING},
+ { "ldap_default_authtok", SDAP_BLOB, NULL_BLOB, NULL_BLOB },
+ { "ldap_network_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER },
+ { "ldap_opt_timeout", SDAP_NUMBER, { .number = 5 }, NULL_NUMBER },
+ { "ldap_tls_reqcert", SDAP_STRING, { "hard" }, NULL_STRING },
+ { "ldap_user_search_base", SDAP_STRING, { "ou=People,dc=example,dc=com" }, NULL_STRING },
+ { "ldap_user_search_scope", SDAP_STRING, { "sub" }, NULL_STRING },
+ { "ldap_user_search_filter", SDAP_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_group_search_base", SDAP_STRING, { "ou=Group,dc=example,dc=com" }, NULL_STRING },
+ { "ldap_group_search_scope", SDAP_STRING, { "sub" }, NULL_STRING },
+ { "ldap_group_search_filter", SDAP_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_schema", SDAP_STRING, { "rfc2307" }, NULL_STRING },
+ { "ldap_offline_timeout", SDAP_NUMBER, { .number = 60 }, NULL_NUMBER },
+ { "ldap_force_upper_case_realm", SDAP_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ldap_enumeration_refresh_timeout", SDAP_NUMBER, { .number = 300 }, NULL_NUMBER },
+ { "ldap_stale_time", SDAP_NUMBER, { .number = 1800 }, NULL_NUMBER }
};
struct sdap_id_map rfc2307_user_map[] = {
- { "userObjectClass", "posixAccount", SYSDB_USER_CLASS, NULL },
- { "userName", "uid", SYSDB_NAME, NULL },
- { "userPwd", "userPassword", SYSDB_PWD, NULL },
- { "userUidNumber", "uidNumber", SYSDB_UIDNUM, NULL },
- { "userGidNumber", "gidNumber", SYSDB_GIDNUM, NULL },
- { "userGecos", "gecos", SYSDB_GECOS, NULL },
- { "userHomeDirectory", "homeDirectory", SYSDB_HOMEDIR, NULL },
- { "userShell", "loginShell", SYSDB_SHELL, NULL },
- { "userPrincipal", "krbPrincipalName", SYSDB_UPN, NULL },
- { "userFullname", "cn", SYSDB_FULLNAME, NULL },
- { "userMemberOf", NULL, SYSDB_MEMBEROF, NULL },
- { "userUUID", NULL, SYSDB_UUID, NULL },
- { "userModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+ { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL },
+ { "ldap_user_name", "uid", SYSDB_NAME, NULL },
+ { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL },
+ { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL },
+ { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+ { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL },
+ { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL },
+ { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL },
+ { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
+ { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
+ { "ldap_user_member_of", NULL, SYSDB_MEMBEROF, NULL },
+ { "ldap_user_uuid", NULL, SYSDB_UUID, NULL },
+ { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
struct sdap_id_map rfc2307_group_map[] = {
- { "groupObjectClass", "posixGroup", SYSDB_GROUP_CLASS, NULL },
- { "groupName", "cn", SYSDB_NAME, NULL },
- { "groupPwd", "userPassword", SYSDB_PWD, NULL },
- { "groupGidNumber", "gidNumber", SYSDB_GIDNUM, NULL },
- { "groupMember", "memberuid", SYSDB_MEMBER, NULL },
- { "groupUUID", NULL, SYSDB_UUID, NULL },
- { "groupModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+ { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL },
+ { "ldap_group_name", "cn", SYSDB_NAME, NULL },
+ { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
+ { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+ { "ldap_group_member", "memberuid", SYSDB_MEMBER, NULL },
+ { "ldap_group_uuid", NULL, SYSDB_UUID, NULL },
+ { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
struct sdap_id_map rfc2307bis_user_map[] = {
- { "userObjectClass", "posixAccount", SYSDB_USER_CLASS, NULL },
- { "userName", "uid", SYSDB_NAME, NULL },
- { "userPwd", "userPassword", SYSDB_PWD, NULL },
- { "userUidNumber", "uidNumber", SYSDB_UIDNUM, NULL },
- { "userGidNumber", "gidNumber", SYSDB_GIDNUM, NULL },
- { "userGecos", "gecos", SYSDB_GECOS, NULL },
- { "userHomeDirectory", "homeDirectory", SYSDB_HOMEDIR, NULL },
- { "userShell", "loginShell", SYSDB_SHELL, NULL },
- { "userPrincipal", "krbPrincipalName", SYSDB_UPN, NULL },
- { "userFullname", "cn", SYSDB_FULLNAME, NULL },
- { "userMemberOf", "memberOf", SYSDB_MEMBEROF, NULL },
+ { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL },
+ { "ldap_user_name", "uid", SYSDB_NAME, NULL },
+ { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL },
+ { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL },
+ { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+ { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL },
+ { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL },
+ { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL },
+ { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
+ { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
+ { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
/* FIXME: this is 389ds specific */
- { "userUUID", "nsUniqueId", SYSDB_UUID, NULL },
- { "userModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+ { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
struct sdap_id_map rfc2307bis_group_map[] = {
- { "groupObjectClass", "posixGroup", SYSDB_GROUP_CLASS, NULL },
- { "groupName", "cn", SYSDB_NAME, NULL },
- { "groupPwd", "userPassword", SYSDB_PWD, NULL },
- { "groupGidNumber", "gidNumber", SYSDB_GIDNUM, NULL },
- { "groupMember", "member", SYSDB_MEMBER, NULL },
+ { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL },
+ { "ldap_group_name", "cn", SYSDB_NAME, NULL },
+ { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
+ { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+ { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
/* FIXME: this is 389ds specific */
- { "groupUUID", "nsUniqueId", SYSDB_UUID, NULL },
- { "groupModifyTimestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+ { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
/* =Retrieve-Options====================================================== */
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index dde019b9..54d4487e 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -2215,7 +2215,7 @@ int sssm_proxy_init(struct be_ctx *bectx,
ctx->be = bectx;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "libName", NULL, &libname);
+ CONFDB_PROXY_LIBNAME, NULL, &libname);
if (ret != EOK) goto done;
if (libname == NULL) {
ret = ENOENT;
@@ -2339,7 +2339,8 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
ctx->be = bectx;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
- "pam-target", NULL, &ctx->pam_target);
+ CONFDB_PROXY_PAM_TARGET, NULL,
+ &ctx->pam_target);
if (ret != EOK) goto done;
if (!ctx->pam_target) {
ctx->pam_target = talloc_strdup(ctx, "sssd_pam_proxy_default");
diff --git a/server/responder/common/responder_common.c b/server/responder/common/responder_common.c
index 57c8678b..a3ac6e81 100644
--- a/server/responder/common/responder_common.c
+++ b/server/responder/common/responder_common.c
@@ -293,7 +293,7 @@ static int sss_monitor_init(struct resp_ctx *rctx,
int ret;
/* Set up SBUS connection to the monitor */
- ret = monitor_get_sbus_address(rctx, rctx->cdb, &sbus_address);
+ ret = monitor_get_sbus_address(rctx, &sbus_address);
if (ret != EOK) {
DEBUG(0, ("Could not locate monitor address.\n"));
return ret;
@@ -326,7 +326,7 @@ static int sss_dp_init(struct resp_ctx *rctx,
int ret;
/* Set up SBUS connection to the monitor */
- ret = dp_get_sbus_address(rctx, rctx->cdb, &sbus_address);
+ ret = dp_get_sbus_address(rctx, &sbus_address);
if (ret != EOK) {
DEBUG(0, ("Could not locate DP address.\n"));
return ret;
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 3920189a..e000dfa1 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -87,29 +87,29 @@ static int nss_get_config(struct nss_ctx *nctx,
tmpctx = talloc_new(nctx);
if (!tmpctx) return ENOMEM;
- ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
- "EnumCacheTimeout", 120,
+ ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120,
&nctx->enum_cache_timeout);
if (ret != EOK) goto done;
- ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
- "EntryCacheTimeout", 600,
+ ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENTRY_CACHE_TIMEOUT, 600,
&nctx->cache_timeout);
if (ret != EOK) goto done;
- ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
- "EntryNegativeTimeout", 15,
+ ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
&nctx->neg_timeout);
if (ret != EOK) goto done;
- ret = confdb_get_bool(cdb, nctx, NSS_SRV_CONFIG,
- "filterUsersInGroups", true,
+ ret = confdb_get_bool(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_FILTER_USERS_IN_GROUPS, true,
&nctx->filter_users_in_groups);
if (ret != EOK) goto done;
- ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
- "EntryCacheNoWaitRefreshTimeout", 0,
+ ret = confdb_get_int(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT, 0,
&nctx->cache_refresh_timeout);
if (ret != EOK) goto done;
if (nctx->cache_refresh_timeout >= nctx->cache_timeout) {
@@ -123,9 +123,18 @@ static int nss_get_config(struct nss_ctx *nctx,
nctx->cache_refresh_timeout = 0;
}
- ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG,
- "filterUsers", &filter_list);
- if (ret == ENOENT) filter_list = NULL;
+ ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_FILTER_USERS, &filter_list);
+ if (ret == ENOENT) {
+ filter_list = talloc_array(tmpctx, char *, 2);
+ filter_list[0] = talloc_strdup(tmpctx, "root");
+ filter_list[1] = NULL;
+ if (!filter_list || !filter_list[0]) {
+ ret = ENOMEM;
+ goto done;
+ }
+ ret = EOK;
+ }
else if (ret != EOK) goto done;
for (i = 0; (filter_list && filter_list[i]); i++) {
@@ -158,12 +167,21 @@ static int nss_get_config(struct nss_ctx *nctx,
}
}
- ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG,
- "filterGroups", &filter_list);
- if (ret == ENOENT) filter_list = NULL;
+ ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_FILTER_GROUPS, &filter_list);
+ if (ret == ENOENT) {
+ filter_list = talloc_array(tmpctx, char *, 2);
+ filter_list[0] = talloc_strdup(tmpctx, "root");
+ filter_list[1] = NULL;
+ if (!filter_list || !filter_list[0]) {
+ ret = ENOMEM;
+ goto done;
+ }
+ ret = EOK;
+ }
else if (ret != EOK) goto done;
- for (i = 0; filter_list[i]; i++) {
+ for (i = 0; (filter_list && filter_list[i]); i++) {
ret = sss_parse_name(tmpctx, nctx->rctx->names,
filter_list[i], &domain, &name);
if (ret != EOK) {
@@ -193,6 +211,7 @@ static int nss_get_config(struct nss_ctx *nctx,
}
}
+ ret = 0;
done:
talloc_free(tmpctx);
return ret;
@@ -269,7 +288,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
ret = sss_process_init(nctx, ev, cdb,
nss_cmds,
SSS_NSS_SOCKET_NAME, NULL,
- NSS_SRV_CONFIG,
+ CONFDB_NSS_CONF_ENTRY,
NSS_SBUS_SERVICE_NAME,
NSS_SBUS_SERVICE_VERSION,
&monitor_nss_interface,
@@ -291,8 +310,9 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(nctx->rctx->cdb, nctx->rctx,
- SERVICE_CONF_ENTRY,
- "reconnection_retries", 3, &max_retries);
+ CONFDB_NSS_CONF_ENTRY,
+ CONFDB_SERVICE_RECON_RETRIES,
+ 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
return ret;
@@ -334,7 +354,7 @@ int main(int argc, const char *argv[])
poptFreeContext(pc);
/* set up things like debug , signals, daemonization, etc... */
- ret = server_setup("sssd[nss]", 0, NSS_SRV_CONFIG, &main_ctx);
+ ret = server_setup("sssd[nss]", 0, CONFDB_NSS_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index a5adbaf8..14d2aad4 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -39,8 +39,6 @@
#define NSS_PACKET_MAX_RECV_SIZE 1024
-#define NSS_SRV_CONFIG "config/services/nss"
-
struct getent_ctx;
struct nss_ctx {
diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c
index c751528f..50acc26c 100644
--- a/server/responder/pam/pamsrv.c
+++ b/server/responder/pam/pamsrv.c
@@ -46,7 +46,6 @@
#define PAM_SBUS_SERVICE_VERSION 0x0001
#define PAM_SBUS_SERVICE_NAME "pam"
-#define PAM_SRV_CONFIG "config/services/pam"
static int service_reload(DBusMessage *message, struct sbus_connection *conn);
@@ -135,7 +134,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
pam_cmds,
SSS_PAM_SOCKET_NAME,
SSS_PAM_PRIV_SOCKET_NAME,
- PAM_SRV_CONFIG,
+ CONFDB_PAM_CONF_ENTRY,
PAM_SBUS_SERVICE_NAME,
PAM_SBUS_SERVICE_VERSION,
&monitor_pam_interface,
@@ -152,8 +151,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
/* FIXME: "retries" is too generic, either get it from a global config
* or specify these retries are about the sbus connections to DP */
- ret = confdb_get_int(rctx->cdb, rctx, SERVICE_CONF_ENTRY,
- "reconnection_retries", 3, &max_retries);
+ ret = confdb_get_int(rctx->cdb, rctx, CONFDB_PAM_CONF_ENTRY,
+ CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
return ret;
@@ -192,7 +191,7 @@ int main(int argc, const char *argv[])
poptFreeContext(pc);
/* set up things like debug , signals, daemonization, etc... */
- ret = server_setup("sssd[pam]", 0, PAM_SRV_CONFIG, &main_ctx);
+ ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/server/tools/sss_sync_ops.c b/server/tools/sss_sync_ops.c
index d9db2304..50eb197e 100644
--- a/server/tools/sss_sync_ops.c
+++ b/server/tools/sss_sync_ops.c
@@ -27,11 +27,6 @@
#include "tools/sss_sync_ops.h"
/* Default settings for user attributes */
-#define CONFDB_DFL_SECTION "config/user_defaults"
-
-#define DFL_SHELL_ATTR "defaultShell"
-#define DFL_BASEDIR_ATTR "baseDirectory"
-
#define DFL_SHELL_VAL "/bin/bash"
#define DFL_BASEDIR_VAL "/home"
@@ -1129,17 +1124,24 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
int ret;
char *basedir = NULL;
char *dfl_shell = NULL;
+ char *conf_path = NULL;
+
+ conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name);
+ if (!conf_path) {
+ return ENOMEM;
+ }
data->gecos = talloc_strdup(mem_ctx, gecos ? gecos : data->name);
if (!data->gecos) {
- return ENOMEM;
+ ret = ENOMEM;
+ goto done;
}
if (homedir) {
data->home = talloc_strdup(data, homedir);
} else {
ret = confdb_get_string(confdb, mem_ctx,
- CONFDB_DFL_SECTION, DFL_BASEDIR_ATTR,
+ conf_path, CONFDB_LOCAL_DEFAULT_BASEDIR,
DFL_BASEDIR_VAL, &basedir);
if (ret != EOK) {
goto done;
@@ -1157,7 +1159,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
if (!shell) {
ret = confdb_get_string(confdb, mem_ctx,
- CONFDB_DFL_SECTION, DFL_SHELL_ATTR,
+ conf_path, CONFDB_LOCAL_DEFAULT_SHELL,
DFL_SHELL_VAL, &dfl_shell);
if (ret != EOK) {
goto done;
@@ -1174,6 +1176,7 @@ int useradd_defaults(TALLOC_CTX *mem_ctx,
done:
talloc_free(dfl_shell);
talloc_free(basedir);
+ talloc_free(conf_path);
return ret;
}
diff --git a/server/util/server.c b/server/util/server.c
index 0760e60f..a8c50240 100644
--- a/server/util/server.c
+++ b/server/util/server.c
@@ -362,7 +362,8 @@ int server_setup(const char *name, int flags,
/* set debug level if any in conf_entry */
ret = confdb_get_int(ctx->confdb_ctx, ctx, conf_entry,
- "debug-level", debug_level, &debug_level);
+ CONFDB_SERVICE_DEBUG_LEVEL,
+ debug_level, &debug_level);
if (ret != EOK) {
DEBUG(0, ("Error reading from confdb (%d) [%s]\n",
ret, strerror(ret)));
@@ -372,7 +373,8 @@ int server_setup(const char *name, int flags,
/* same for debug timestamps */
dt = (debug_timestamps != 0);
ret = confdb_get_bool(ctx->confdb_ctx, ctx, conf_entry,
- "debug-timestamps", dt, &dt);
+ CONFDB_SERVICE_DEBUG_TIMESTAMPS,
+ dt, &dt);
if (ret != EOK) {
DEBUG(0, ("Error reading from confdb (%d) [%s]\n",
ret, strerror(ret)));
diff --git a/server/util/usertools.c b/server/util/usertools.c
index e4e941a6..44f5ba29 100644
--- a/server/util/usertools.c
+++ b/server/util/usertools.c
@@ -27,8 +27,6 @@
#include "confdb/confdb.h"
#include "util/util.h"
-#define NAMES_CONFIG "config/names"
-
#ifdef HAVE_LIBPCRE_LESSER_THAN_7
#define NAME_DOMAIN_PATTERN_OPTIONS (PCRE_EXTENDED)
#else
@@ -58,8 +56,8 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct sss_names
ctx = talloc_zero(ctx, struct sss_names_ctx);
if (!ctx) return ENOMEM;
- ret = confdb_get_string(cdb, ctx, NAMES_CONFIG,
- "re-expression", NULL, &ctx->re_pattern);
+ ret = confdb_get_string(cdb, ctx, CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_NAME_REGEX, NULL, &ctx->re_pattern);
if (ret != EOK) goto done;
if (!ctx->re_pattern) {
@@ -79,8 +77,8 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct sss_names
#endif
}
- ret = confdb_get_string(cdb, ctx, NAMES_CONFIG,
- "full-name-format", NULL, &ctx->fq_fmt);
+ ret = confdb_get_string(cdb, ctx, CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_FULL_NAME_FORMAT, NULL, &ctx->fq_fmt);
if (ret != EOK) goto done;
if (!ctx->fq_fmt) {