Skip to content

Commit

Permalink
CONFDB: split confdb_setup() into 2 steps
Browse files Browse the repository at this point in the history
It will be used by 'monitor' to first read 'sssd.conf' (potentially
using CAP_DAC_OVERRIDE) then drop caps / switch user before writing
'config.ldb'
  • Loading branch information
alexey-tikhonov committed Sep 14, 2023
1 parent 3cc57de commit 201837a
Showing 1 changed file with 51 additions and 52 deletions.
103 changes: 51 additions & 52 deletions src/confdb/confdb_setup.c
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,31 @@
"\n"


errno_t confdb_read_ini(TALLOC_CTX *mem_ctx,
const char *config_file,
const char *config_dir,
struct sss_ini **_ini)
{
int ret;

*_ini = sss_ini_new(mem_ctx);
if (*_ini == NULL) {
return ENOMEM;
}

ret = sss_ini_read_sssd_conf(*_ini,
config_file,
config_dir);
if (ret != EOK) {
talloc_zfree(*_ini);
return ret;
}

sss_ini_call_validators(*_ini, SSSDDATADIR"/cfg_rules.ini");

return EOK;
}

static int confdb_purge(struct confdb_ctx *cdb)
{
int ret;
Expand Down Expand Up @@ -100,37 +125,6 @@ static int confdb_create_base(struct confdb_ctx *cdb)
return EOK;
}

static int confdb_ldif_from_ini_file(TALLOC_CTX *mem_ctx,
const char *config_file,
const char *config_dir,
struct sss_ini *init_data,
const char **_ldif)
{
errno_t ret;

ret = sss_ini_read_sssd_conf(init_data,
config_file,
config_dir);
if (ret != EOK) {
return ret;
}

ret = sss_ini_call_validators(init_data,
SSSDDATADIR"/cfg_rules.ini");
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to call validators\n");
/* This is not fatal, continue */
}

ret = sss_confdb_create_ldif(mem_ctx, init_data, _ldif);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not create LDIF for confdb\n");
return ret;
}

return EOK;
}

static int confdb_write_ldif(struct confdb_ctx *cdb, const char *config_ldif)
{
int ret;
Expand Down Expand Up @@ -160,35 +154,22 @@ static int confdb_write_ldif(struct confdb_ctx *cdb, const char *config_ldif)
return EOK;
}

static int confdb_init_db(const char *config_file,
const char *config_dir,
static int confdb_populate(const struct sss_ini *ini,
struct confdb_ctx *cdb)
{
TALLOC_CTX *tmp_ctx;
int ret;
int sret = EOK;
bool in_transaction = false;
const char *config_ldif;
struct sss_ini *init_data;

tmp_ctx = talloc_new(cdb);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n");
return ENOMEM;
}

init_data = sss_ini_new(tmp_ctx);
if (!init_data) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n");
ret = ENOMEM;
goto done;
}

ret = confdb_ldif_from_ini_file(tmp_ctx,
config_file,
config_dir,
init_data,
&config_ldif);
ret = sss_confdb_create_ldif(tmp_ctx, ini, &config_ldif);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot convert INI to LDIF [%d]: [%s]\n",
Expand Down Expand Up @@ -242,11 +223,10 @@ static int confdb_init_db(const char *config_file,
return ret;
}

errno_t confdb_setup(TALLOC_CTX *mem_ctx,
const char *cdb_file,
const char *config_file,
const char *config_dir,
struct confdb_ctx **_cdb)
errno_t confdb_write_ini(TALLOC_CTX *mem_ctx,
const struct sss_ini *ini,
const char *cdb_file,
struct confdb_ctx **_cdb)
{
TALLOC_CTX *tmp_ctx;
struct stat statbuf;
Expand Down Expand Up @@ -290,7 +270,7 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx,
}

/* Initialize the CDB from the configuration file */
ret = confdb_init_db(config_file, config_dir, cdb);
ret = confdb_populate(ini, cdb);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "ConfDB initialization has failed "
"[%d]: %s\n", ret, sss_strerror(ret));
Expand All @@ -305,3 +285,22 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx,
talloc_free(tmp_ctx);
return ret;
}

errno_t confdb_setup(TALLOC_CTX *mem_ctx,
const char *cdb_file,
const char *config_file,
const char *config_dir,
struct confdb_ctx **_cdb)
{
int ret;
struct sss_ini *ini;

ret = confdb_read_ini(mem_ctx, config_file, config_dir, &ini);
if (ret != EOK) {
return ret;
}

ret = confdb_write_ini(mem_ctx, ini, cdb_file, _cdb);

return ret;
}

0 comments on commit 201837a

Please sign in to comment.