diff --git a/Makefile.am b/Makefile.am index f53aaa11618..28d18b2f381 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1792,6 +1792,7 @@ sssd_kcm_SOURCES = \ src/util/sss_sockets.c \ src/util/sss_krb5.c \ src/util/sss_iobuf.c \ + src/confdb/confdb_setup.c \ $(SSSD_RESPONDER_OBJ) \ $(NULL) sssd_kcm_CFLAGS = \ diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 9b11de59b85..0ade5f88ed6 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -40,6 +40,7 @@ #define CONFDB_DEFAULT_CFG_FILE_VER 2 #define CONFDB_FILE "config.ldb" +#define CONFDB_KCM_FILE "config_kcm.ldb" #define SSSD_CONFIG_FILE_NAME "sssd.conf" #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME #define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d" diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c index 3cf345e86a8..5b459262ea2 100644 --- a/src/confdb/confdb_setup.c +++ b/src/confdb/confdb_setup.c @@ -160,7 +160,8 @@ static int confdb_write_ldif(struct confdb_ctx *cdb, static int confdb_init_db(const char *config_file, const char *config_dir, const char *only_section, - struct confdb_ctx *cdb) + struct confdb_ctx *cdb, + bool allow_missing_file) { TALLOC_CTX *tmp_ctx; int ret; @@ -189,10 +190,16 @@ static int confdb_init_db(const char *config_file, init_data, &config_ldif); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot convert INI to LDIF [%d]: [%s]\n", - ret, sss_strerror(ret)); - goto done; + if (ret == ERR_INI_EMPTY_CONFIG && allow_missing_file) { + DEBUG(SSSDBG_TRACE_FUNC, "Empty configuration. Using the defaults.\n"); + ret = EOK; + goto done; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot convert INI to LDIF [%d]: [%s]\n", + ret, sss_strerror(ret)); + goto done; + } } DEBUG(SSSDBG_CONF_SETTINGS, "LDIF file to import: \n%s\n", config_ldif); @@ -251,6 +258,7 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx, const char *config_file, const char *config_dir, const char *only_section, + bool allow_missing_file, struct confdb_ctx **_cdb) { TALLOC_CTX *tmp_ctx; @@ -295,7 +303,8 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx, } /* Initialize the CDB from the configuration file */ - ret = confdb_init_db(config_file, config_dir, only_section, cdb); + ret = confdb_init_db(config_file, config_dir, only_section, cdb, + allow_missing_file); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "ConfDB initialization has failed " "[%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/confdb/confdb_setup.h b/src/confdb/confdb_setup.h index d12441165c4..d816c7ea0a7 100644 --- a/src/confdb/confdb_setup.h +++ b/src/confdb/confdb_setup.h @@ -22,6 +22,11 @@ #ifndef CONFDB_SETUP_H_ #define CONFDB_SETUP_H_ +#include +#include + +#include "util/util_errors.h" + #define CONFDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ "cn: CASE_INSENSITIVE\n" \ @@ -37,11 +42,14 @@ "@LIST: server_sort\n" \ "\n" +struct confdb_ctx; + errno_t confdb_setup(TALLOC_CTX *mem_ctx, const char *cdb_file, const char *config_file, const char *config_dir, const char *only_section, + bool allow_missing_file, struct confdb_ctx **_cdb); #endif /* CONFDB_SETUP_H_ */ diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 2eebddce62d..14978396105 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1502,7 +1502,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, } ret = confdb_setup(ctx, cdb_file, config_file, config_dir, only_section, - &ctx->cdb); + false, &ctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", ret, sss_strerror(ret)); @@ -2001,6 +2001,7 @@ int main(int argc, const char *argv[]) POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_LOGGER_OPTS + SSSD_CONFIG_OPTS(opt_config_file) {"daemon", 'D', POPT_ARG_NONE, &opt_daemon, 0, \ _("Become a daemon (default)"), NULL }, \ {"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0, \ @@ -2008,8 +2009,6 @@ int main(int argc, const char *argv[]) {"disable-netlink", '\0', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, &opt_netlinkoff, 0, \ _("Disable netlink interface"), NULL}, \ - {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \ - _("Specify a non-default config file"), NULL}, \ {"genconf", 'g', POPT_ARG_NONE, &opt_genconf, 0, \ _("Refresh the configuration database, then exit"), \ NULL}, \ @@ -2227,7 +2226,7 @@ int main(int argc, const char *argv[]) ret = close(STDIN_FILENO); if (ret != EOK) return 6; - ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0, + ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0, CONFDB_FILE, monitor->conf_path, &main_ctx, false); if (ret != EOK) return 2; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 9e961fa3f80..91795fdc06b 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -830,7 +830,8 @@ int main(int argc, const char *argv[]) confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!confdb_path) return 2; - ret = server_setup(srv_name, false, 0, 0, 0, confdb_path, &main_ctx, false); + ret = server_setup(srv_name, false, 0, 0, 0, CONFDB_FILE, + confdb_path, &main_ctx, false); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index fada1e6861d..3975db9655a 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -562,7 +562,8 @@ int main(int argc, const char *argv[]) conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain); if (!conf_entry) return 2; - ret = server_setup(srv_name, false, 0, 0, 0, conf_entry, &main_ctx, true); + ret = server_setup(srv_name, false, 0, 0, 0, CONFDB_FILE, conf_entry, + &main_ctx, true); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index 1dbbe9fecb2..8af772b94cb 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -215,7 +215,7 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_autofs"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("autofs", true, 0, uid, gid, + ret = server_setup("autofs", true, 0, uid, gid, CONFDB_FILE, CONFDB_AUTOFS_CONF_ENTRY, &main_ctx, true); if (ret != EOK) { return 2; diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index c147cbca10a..2965f48767b 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -341,7 +341,7 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_ifp"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("ifp", true, 0, uid, gid, + ret = server_setup("ifp", true, 0, uid, gid, CONFDB_FILE, CONFDB_IFP_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index f61d47841fc..74a60e4993a 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -23,6 +23,7 @@ #include +#include "confdb/confdb_setup.h" #include "responder/kcm/kcmsrv_ccache.h" #include "responder/kcm/kcmsrv_pvt.h" #include "responder/kcm/kcm_renew.h" @@ -311,21 +312,63 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx, return ret; } +static errno_t load_configuration(const char *config_file, + const char *config_dir, + const char *only_section) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + struct confdb_ctx *cdb; + char *cdb_file; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate the initial context\n"); + return ENOMEM; + } + + cdb_file = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_KCM_FILE); + if (cdb_file == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate memory for the filename\n"); + ret = ENOMEM; + goto done; + } + + ret = confdb_setup(tmp_ctx, cdb_file, config_file, config_dir, only_section, + true, &cdb); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + int main(int argc, const char *argv[]) { + TALLOC_CTX *tmp_ctx; int opt; poptContext pc; char *opt_logger = NULL; + char *opt_config_file = NULL; + const char *config_file = NULL; struct main_context *main_ctx; int ret; uid_t uid = 0; gid_t gid = 0; + int flags = 0; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_LOGGER_OPTS SSSD_SERVER_OPTS(uid, gid) + SSSD_CONFIG_OPTS(opt_config_file) POPT_TABLEEND }; @@ -347,14 +390,39 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return 3; + } + /* set up things like debug, signals, daemonization, etc. */ debug_log_file = "sssd_kcm"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("kcm", true, 0, uid, gid, CONFDB_KCM_CONF_ENTRY, - &main_ctx, true); + if (opt_config_file == NULL) { + config_file = SSSD_CONFIG_FILE; + } else { + config_file = opt_config_file; + } + + /* Parse config file, fail if cannot be done */ + ret = load_configuration(config_file, CONFDB_DEFAULT_CONFIG_DIR, "kcm"); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "KCM couldn't load the configuration [%d]: %s\n", + ret, sss_strerror(ret)); + sss_log(SSS_LOG_CRIT, + "KCM couldn't load the configuration [%d]: %s\n", + ret, sss_strerror(ret)); + return 4; + } + + ret = server_setup("kcm", true, flags, uid, gid, CONFDB_KCM_FILE, + CONFDB_KCM_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; + DEBUG(SSSDBG_TRACE_FUNC, "CONFIG: %s\n", config_file); + ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ @@ -370,5 +438,7 @@ int main(int argc, const char *argv[]) /* loop on main */ server_loop(main_ctx); + free(opt_config_file); + return 0; } diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 4673a64ca47..14c34b4a84a 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -716,8 +716,8 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_nss"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("nss", true, 0, uid, gid, CONFDB_NSS_CONF_ENTRY, - &main_ctx, false); + ret = server_setup("nss", true, 0, uid, gid, CONFDB_FILE, + CONFDB_NSS_CONF_ENTRY, &main_ctx, false); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 8d3db9d2658..615b75a6f48 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -208,7 +208,7 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_pac"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("pac", true, 0, uid, gid, + ret = server_setup("pac", true, 0, uid, gid, CONFDB_FILE, CONFDB_PAC_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 73ebb0a9cd2..b47c4eedde4 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -504,8 +504,8 @@ int main(int argc, const char *argv[]) "debugging might not work!\n"); } - ret = server_setup("pam", true, 0, uid, gid, CONFDB_PAM_CONF_ENTRY, - &main_ctx, false); + ret = server_setup("pam", true, 0, uid, gid, CONFDB_FILE, + CONFDB_PAM_CONF_ENTRY, &main_ctx, false); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 91fb77b24b7..798b107bcdd 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -208,7 +208,7 @@ int main(int argc, const char *argv[]) "debugging might not work!\n"); } - ret = server_setup("ssh", true, 0, uid, gid, + ret = server_setup("ssh", true, 0, uid, gid, CONFDB_FILE, CONFDB_SSH_CONF_ENTRY, &main_ctx, true); if (ret != EOK) { return 2; diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 8568e6e9593..8b6cf9f05f9 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -196,8 +196,8 @@ int main(int argc, const char *argv[]) } } - ret = server_setup("sudo", true, 0, uid, gid, CONFDB_SUDO_CONF_ENTRY, - &main_ctx, true); + ret = server_setup("sudo", true, 0, uid, gid, CONFDB_FILE, + CONFDB_SUDO_CONF_ENTRY, &main_ctx, true); if (ret != EOK) { return 2; } diff --git a/src/sysv/gentoo/sssd-kcm.in b/src/sysv/gentoo/sssd-kcm.in index c9242bf9fb9..2268bc692d4 100644 --- a/src/sysv/gentoo/sssd-kcm.in +++ b/src/sysv/gentoo/sssd-kcm.in @@ -8,11 +8,6 @@ command_background="true" command_args="--uid=0 --gid=0 --logger=files ${SSSD_KCM_OPTIONS}" pidfile="@pidpath@/sssd_kcm.pid" -start_pre() -{ - "@sbindir@/sssd" --genconf-section=kcm || return $? -} - depend() { need localmount clock diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in index a8af4eadcff..853d19f7b9d 100644 --- a/src/sysv/systemd/sssd-kcm.service.in +++ b/src/sysv/systemd/sssd-kcm.service.in @@ -9,7 +9,6 @@ Also=sssd-kcm.socket [Service] Environment=DEBUG_LOGGER=--logger=files -ExecStartPre=-@sbindir@/sssd --genconf-section=kcm ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER} # Currently SSSD KCM server ('sssd_kcm') always runs under 'root' # ('User=' and 'Group=' defaults to 'root' for system services) diff --git a/src/tests/cwrap/test_server.c b/src/tests/cwrap/test_server.c index 9cabf5905fc..4b6a4bad0f3 100644 --- a/src/tests/cwrap/test_server.c +++ b/src/tests/cwrap/test_server.c @@ -101,7 +101,7 @@ void test_run_as_root_fg(void **state) pid = fork(); if (pid == 0) { - ret = server_setup(__FUNCTION__, false, 0, 0, 0, + ret = server_setup(__FUNCTION__, false, 0, 0, 0, CONFDB_FILE, __FUNCTION__, &main_ctx, true); assert_int_equal(ret, 0); exit(0); @@ -125,7 +125,7 @@ void test_run_as_sssd_fg(void **state) pid = fork(); if (pid == 0) { ret = server_setup(__FUNCTION__, false, 0, sssd->pw_uid, sssd->pw_gid, - __FUNCTION__, &main_ctx, true); + CONFDB_FILE, __FUNCTION__, &main_ctx, true); assert_int_equal(ret, 0); exit(0); } @@ -149,8 +149,8 @@ void test_run_as_root_daemon(void **state) pid = fork(); if (pid == 0) { - ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE, - 0, 0, __FUNCTION__, &main_ctx, true); + ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE, 0, 0, + CONFDB_FILE, __FUNCTION__, &main_ctx, true); assert_int_equal(ret, 0); server_loop(main_ctx); diff --git a/src/tests/intg/test_kcm.py b/src/tests/intg/test_kcm.py index 370e2a9174c..0d2638f211f 100644 --- a/src/tests/intg/test_kcm.py +++ b/src/tests/intg/test_kcm.py @@ -79,9 +79,6 @@ def create_conf_fixture(request, contents): def create_sssd_kcm_fixture(sock_path, krb5_conf_path, request): - if subprocess.call(['sssd', "--genconf"]) != 0: - raise Exception("failed to regenerate confdb") - resp_path = os.path.join(config.LIBEXEC_PATH, "sssd", "sssd_kcm") if not os.access(resp_path, os.X_OK): # It would be cleaner to use pytest.mark.skipif on the package level diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c index e67de3a66ab..fd8075421fc 100644 --- a/src/tools/common/sss_tools.c +++ b/src/tools/common/sss_tools.c @@ -102,8 +102,7 @@ static errno_t sss_tool_confdb_init(TALLOC_CTX *mem_ctx, ret = confdb_setup(mem_ctx, path, SSSD_CONFIG_FILE, CONFDB_DEFAULT_CONFIG_DIR, - NULL, - &confdb); + NULL, false, &confdb); talloc_zfree(path); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c index 4b32b1b3f44..101483e0902 100644 --- a/src/tools/sssctl/sssctl_config.c +++ b/src/tools/sssctl/sssctl_config.c @@ -71,8 +71,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline, const char *config_path = NULL; const char *config_snippet_path = NULL; struct poptOption long_options[] = { - {"config", 'c', POPT_ARG_STRING, &config_path, - 0, _("Specify a non-default config file"), NULL}, + SSSD_CONFIG_OPTS(config_path) {"snippet", 's', POPT_ARG_STRING, &config_snippet_path, 0, _("Specify a non-default snippet dir (The default is to look in " "the same place where the main config file is located. For " diff --git a/src/util/server.c b/src/util/server.c index 76a558fb512..62a8c086e3e 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -475,6 +475,7 @@ static const char *get_pid_path(void) int server_setup(const char *name, bool is_responder, int flags, uid_t uid, gid_t gid, + const char *db_file, const char *conf_entry, struct main_context **main_ctx, bool allow_sss_loop) @@ -622,8 +623,7 @@ int server_setup(const char *name, bool is_responder, return EIO; } - conf_db = talloc_asprintf(ctx, "%s/%s", - get_db_path(), CONFDB_FILE); + conf_db = talloc_asprintf(ctx, "%s/%s", get_db_path(), db_file); if (conf_db == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory, aborting!\n"); return ENOMEM; diff --git a/src/util/util.h b/src/util/util.h index 76086315f77..cfd55f05da9 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -96,6 +96,10 @@ {"gid", 0, POPT_ARG_INT, &gid, 0, \ _("The group ID to run the server as"), NULL}, +#define SSSD_CONFIG_OPTS(opt_config_file) \ + {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \ + _("Specify a non-default config file"), NULL}, \ + extern int socket_activated; #ifdef HAVE_SYSTEMD @@ -212,6 +216,7 @@ int pidfile(const char *file); int server_setup(const char *name, bool is_responder, int flags, uid_t uid, gid_t gid, + const char *db_file, const char *conf_entry, struct main_context **main_ctx, bool allow_sss_loop);