diff --git a/Makefile.am b/Makefile.am index 640acbd9539..e689ced1c68 100644 --- a/Makefile.am +++ b/Makefile.am @@ -626,7 +626,6 @@ SSSD_TOOLS_OBJ = \ src/tools/tools_util.c \ src/tools/common/sss_tools.c \ src/tools/common/sss_process.c \ - src/confdb/confdb_setup.c \ src/util/nscd.c \ $(NULL) @@ -1235,6 +1234,7 @@ libsss_iface_sync_la_LDFLAGS = \ pkglib_LTLIBRARIES += libsss_util.la libsss_util_la_SOURCES = \ src/confdb/confdb.c \ + src/confdb/confdb_setup.c \ src/db/sysdb.c \ src/db/sysdb_ops.c \ src/db/sysdb_search.c \ @@ -1513,7 +1513,6 @@ endif sssd_SOURCES = \ src/monitor/monitor.c \ src/monitor/monitor_netlink.c \ - src/confdb/confdb_setup.c \ src/util/nscd.c \ $(NULL) sssd_LDADD = \ diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 9b11de59b85..0ade5f88ed6 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -40,6 +40,7 @@ #define CONFDB_DEFAULT_CFG_FILE_VER 2 #define CONFDB_FILE "config.ldb" +#define CONFDB_KCM_FILE "config_kcm.ldb" #define SSSD_CONFIG_FILE_NAME "sssd.conf" #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME #define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d" diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index 12ab5ce3e56..7255b87c68f 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -23,6 +23,7 @@ #include +#include "confdb/confdb_setup.h" #include "responder/kcm/kcmsrv_ccache.h" #include "responder/kcm/kcmsrv_pvt.h" #include "responder/kcm/kcm_renew.h" @@ -38,6 +39,11 @@ #define SSS_KCM_SOCKET_NAME DEFAULT_KCM_SOCKET_PATH #endif +#define CONF_FILE_PERM_ERROR_MSG "Cannot read config file %s. Please check "\ + "that the file is accessible only by the "\ + "owner and owned by root.root.\n" + + static int kcm_responder_ctx_destructor(void *ptr) { struct resp_ctx *rctx = talloc_get_type(ptr, struct resp_ctx); @@ -311,21 +317,65 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx, return ret; } +static errno_t load_configuration(const char *config_file, + const char *config_dir, + const char *only_section) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + uid_t sssd_uid; + gid_t sssd_gid; + struct confdb_ctx *cdb; + char *cdb_file; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate the initial context\n"); + return ENOMEM; + } + + cdb_file = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_KCM_FILE); + if (cdb_file == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate memory for the filename\n"); + ret = ENOMEM; + goto done; + } + + ret = confdb_setup(tmp_ctx, cdb_file, config_file, config_dir, only_section, + &cdb); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + int main(int argc, const char *argv[]) { + TALLOC_CTX *tmp_ctx; int opt; poptContext pc; char *opt_logger = NULL; + char *opt_config_file = NULL; + const char *config_file = NULL; struct main_context *main_ctx; int ret; uid_t uid = 0; gid_t gid = 0; + int flags = 0; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_LOGGER_OPTS SSSD_SERVER_OPTS(uid, gid) + SSSD_CONFIG_OPTS(opt_config_file) POPT_TABLEEND }; @@ -347,14 +397,49 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return 3; + } + /* set up things like debug, signals, daemonization, etc. */ debug_log_file = "sssd_kcm"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("kcm", true, 0, uid, gid, CONFDB_FILE, + if (opt_config_file == NULL) { + config_file = SSSD_CONFIG_FILE; + } else { + config_file = opt_config_file; + } + + /* Parse config file, fail if cannot be done */ + ret = load_configuration(config_file, CONFDB_DEFAULT_CONFIG_DIR, "kcm"); + if (ret != EOK) { + switch (ret) { + case EPERM: + case EACCES: + DEBUG(SSSDBG_FATAL_FAILURE, + CONF_FILE_PERM_ERROR_MSG, config_file); + sss_log(SSS_LOG_CRIT, CONF_FILE_PERM_ERROR_MSG, config_file); + break; + default: + DEBUG(SSSDBG_FATAL_FAILURE, + "KCM couldn't load the configuration database [%d]: %s\n", + ret, sss_strerror(ret)); + sss_log(SSS_LOG_CRIT, + "KCM couldn't load the configuration database [%d]: %s\n", + ret, sss_strerror(ret)); + break; + } + return 4; + } + + ret = server_setup("kcm", true, flags, uid, gid, CONFDB_KCM_FILE, CONFDB_KCM_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; + DEBUG(SSSDBG_TRACE_FUNC, "CONFIG: %s\n", config_file); + ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ @@ -370,5 +455,7 @@ int main(int argc, const char *argv[]) /* loop on main */ server_loop(main_ctx); + free(opt_config_file); + return 0; } diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in index a8af4eadcff..853d19f7b9d 100644 --- a/src/sysv/systemd/sssd-kcm.service.in +++ b/src/sysv/systemd/sssd-kcm.service.in @@ -9,7 +9,6 @@ Also=sssd-kcm.socket [Service] Environment=DEBUG_LOGGER=--logger=files -ExecStartPre=-@sbindir@/sssd --genconf-section=kcm ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER} # Currently SSSD KCM server ('sssd_kcm') always runs under 'root' # ('User=' and 'Group=' defaults to 'root' for system services)