Skip to content

Commit

Permalink
SERVICE: set domain name at startup
Browse files Browse the repository at this point in the history
:relnote: SSSD service will set `NISDOMAIN` value from `/etc/sysconfig/network`
as a domain name at service startup. This is required to support netgroups in
LDAP-stored SUDO rules.

Resolves: #7224
  • Loading branch information
alexey-tikhonov committed Oct 31, 2024
1 parent 8cdebfc commit c03e876
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 0 deletions.
13 changes: 13 additions & 0 deletions Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ sssdlibexec_PROGRAMS = \
ldap_child \
proxy_child \
sss_signal \
setdomainname \
$(NULL)
if BUILD_SUDO
sssdlibexec_PROGRAMS += sssd_sudo
Expand Down Expand Up @@ -220,6 +221,7 @@ if BUILD_PAC_RESPONDER
endif
if HAVE_SYSTEMD_UNIT
sssdlibexec_PROGRAMS += sssd_check_socket_activated_responders
sssdlibexec_SCRIPTS = src/sysv/systemd/set-nis-domainname
endif

if HAVE_CHECK
Expand Down Expand Up @@ -1916,6 +1918,8 @@ sss_signal_LDADD = \
libsss_debug.la \
$(NULL)

setdomainname_SOURCES = src/tools/setdomainname.c $(NULL)

sss_override_SOURCES = \
src/tools/sss_override.c \
src/tools/common/sss_colondb.c \
Expand Down Expand Up @@ -5406,6 +5410,14 @@ src/sysv/systemd/sssd-kcm.service: src/sysv/systemd/sssd-kcm.service.in Makefile
$(replace_script)
endif

EXTRA_DIST += \
src/sysv/systemd/set-nis-domainname.in \
$(NULL)

src/sysv/systemd/set-nis-domainname: src/sysv/systemd/set-nis-domainname.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)

EXTRA_DIST += \
src/tools/wrappers/sss_debuglevel.in \
$(NULL)
Expand Down Expand Up @@ -5695,6 +5707,7 @@ endif
rm -f $(builddir)/src/sysv/systemd/sssd-sudo.service
rm -f $(builddir)/src/sysv/systemd/sssd-kcm.socket
rm -f $(builddir)/src/sysv/systemd/sssd-kcm.service
rm -f $(builddir)/src/sysv/systemd/set-nis-domainname
rm -f $(builddir)/src/tools/wrappers/sss_debuglevel
rm -Rf $(builddir)/src/examples
rm -Rf $(builddir)/contrib
Expand Down
2 changes: 2 additions & 0 deletions contrib/sssd.spec.in
Original file line number Diff line number Diff line change
Expand Up @@ -845,6 +845,8 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
%{_bindir}/sss_ssh_knownhostsproxy
%{_sbindir}/sss_cache
%{_libexecdir}/%{servicename}/sss_signal
%{_libexecdir}/%{servicename}/setdomainname
%{_libexecdir}/%{servicename}/set-nis-domainname

%attr(775,%{sssd_user},%{sssd_user}) %dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
Expand Down
12 changes: 12 additions & 0 deletions src/sysv/systemd/set-nis-domainname.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/usr/bin/sh

source /etc/sysconfig/network

# Note: this tool requires 'CAP_SYS_ADMIN'.
# Intended usage is to run from systemd service file.

if [ -n "${NISDOMAIN}" ] && [ -x @libexecdir@/sssd/setdomainname ]; then
@libexecdir@/sssd/setdomainname ${NISDOMAIN}
fi

exit 0
1 change: 1 addition & 0 deletions src/sysv/systemd/sssd.service.in
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ StartLimitBurst=5
[Service]
Environment=DEBUG_LOGGER=--logger=files
EnvironmentFile=-@environment_file@
ExecStartPre=+-@libexecdir@/sssd/set-nis-domainname
ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@
ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
Expand Down
38 changes: 38 additions & 0 deletions src/tools/setdomainname.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
Copyright (C) 2024 Red Hat
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

#include <stddef.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>


int main(int argc, const char *argv[])
{
if (argc != 2) {
return EINVAL;
}

if ((argv[1] == NULL) || (argv[1][0] == 0)) {
return EINVAL;
}

errno = 0;
setdomainname(argv[1], strlen(argv[1]));

return errno;
}

0 comments on commit c03e876

Please sign in to comment.