From 7f78c54bbeae07323b716d18eea3c631347fcc45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 20 Sep 2023 10:58:29 +0200 Subject: [PATCH 1/5] UTILS: Create a macro for the --config option Other common options already have their macro. I'm creating the macro SSS_CONFIG_OPTS for this one. --- src/monitor/monitor.c | 3 +-- src/tools/sssctl/sssctl_config.c | 3 +-- src/util/util.h | 4 ++++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 2eebddce62d..7ce67ff5931 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -2001,6 +2001,7 @@ int main(int argc, const char *argv[]) POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_LOGGER_OPTS + SSSD_CONFIG_OPTS(opt_config_file) {"daemon", 'D', POPT_ARG_NONE, &opt_daemon, 0, \ _("Become a daemon (default)"), NULL }, \ {"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0, \ @@ -2008,8 +2009,6 @@ int main(int argc, const char *argv[]) {"disable-netlink", '\0', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, &opt_netlinkoff, 0, \ _("Disable netlink interface"), NULL}, \ - {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \ - _("Specify a non-default config file"), NULL}, \ {"genconf", 'g', POPT_ARG_NONE, &opt_genconf, 0, \ _("Refresh the configuration database, then exit"), \ NULL}, \ diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c index 4b32b1b3f44..101483e0902 100644 --- a/src/tools/sssctl/sssctl_config.c +++ b/src/tools/sssctl/sssctl_config.c @@ -71,8 +71,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline, const char *config_path = NULL; const char *config_snippet_path = NULL; struct poptOption long_options[] = { - {"config", 'c', POPT_ARG_STRING, &config_path, - 0, _("Specify a non-default config file"), NULL}, + SSSD_CONFIG_OPTS(config_path) {"snippet", 's', POPT_ARG_STRING, &config_snippet_path, 0, _("Specify a non-default snippet dir (The default is to look in " "the same place where the main config file is located. For " diff --git a/src/util/util.h b/src/util/util.h index 76086315f77..72c55b49384 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -96,6 +96,10 @@ {"gid", 0, POPT_ARG_INT, &gid, 0, \ _("The group ID to run the server as"), NULL}, +#define SSSD_CONFIG_OPTS(opt_config_file) \ + {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \ + _("Specify a non-default config file"), NULL}, \ + extern int socket_activated; #ifdef HAVE_SYSTEMD From 1de7758b066b5d64330b6cee47f8ba99daaa5283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 20 Sep 2023 13:12:22 +0200 Subject: [PATCH 2/5] UTILS: Add the db file name to server_setup()'s parameters The db file was forced to CONFDB_FILE and there was no possibility of changing it. Now it is passed as an argument. --- src/monitor/monitor.c | 2 +- src/providers/data_provider_be.c | 3 ++- src/providers/proxy/proxy_child.c | 3 ++- src/responder/autofs/autofssrv.c | 2 +- src/responder/ifp/ifpsrv.c | 2 +- src/responder/kcm/kcm.c | 4 ++-- src/responder/nss/nsssrv.c | 4 ++-- src/responder/pac/pacsrv.c | 2 +- src/responder/pam/pamsrv.c | 4 ++-- src/responder/ssh/sshsrv.c | 2 +- src/responder/sudo/sudosrv.c | 4 ++-- src/tests/cwrap/test_server.c | 8 ++++---- src/util/server.c | 4 ++-- src/util/util.h | 1 + 14 files changed, 24 insertions(+), 21 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 7ce67ff5931..68d36b91c2c 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -2226,7 +2226,7 @@ int main(int argc, const char *argv[]) ret = close(STDIN_FILENO); if (ret != EOK) return 6; - ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0, + ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0, CONFDB_FILE, monitor->conf_path, &main_ctx, false); if (ret != EOK) return 2; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 9e961fa3f80..91795fdc06b 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -830,7 +830,8 @@ int main(int argc, const char *argv[]) confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!confdb_path) return 2; - ret = server_setup(srv_name, false, 0, 0, 0, confdb_path, &main_ctx, false); + ret = server_setup(srv_name, false, 0, 0, 0, CONFDB_FILE, + confdb_path, &main_ctx, false); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index fada1e6861d..3975db9655a 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -562,7 +562,8 @@ int main(int argc, const char *argv[]) conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain); if (!conf_entry) return 2; - ret = server_setup(srv_name, false, 0, 0, 0, conf_entry, &main_ctx, true); + ret = server_setup(srv_name, false, 0, 0, 0, CONFDB_FILE, conf_entry, + &main_ctx, true); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index 1dbbe9fecb2..8af772b94cb 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -215,7 +215,7 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_autofs"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("autofs", true, 0, uid, gid, + ret = server_setup("autofs", true, 0, uid, gid, CONFDB_FILE, CONFDB_AUTOFS_CONF_ENTRY, &main_ctx, true); if (ret != EOK) { return 2; diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index c147cbca10a..2965f48767b 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -341,7 +341,7 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_ifp"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("ifp", true, 0, uid, gid, + ret = server_setup("ifp", true, 0, uid, gid, CONFDB_FILE, CONFDB_IFP_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index f61d47841fc..12ab5ce3e56 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -351,8 +351,8 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_kcm"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("kcm", true, 0, uid, gid, CONFDB_KCM_CONF_ENTRY, - &main_ctx, true); + ret = server_setup("kcm", true, 0, uid, gid, CONFDB_FILE, + CONFDB_KCM_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 4673a64ca47..14c34b4a84a 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -716,8 +716,8 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_nss"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("nss", true, 0, uid, gid, CONFDB_NSS_CONF_ENTRY, - &main_ctx, false); + ret = server_setup("nss", true, 0, uid, gid, CONFDB_FILE, + CONFDB_NSS_CONF_ENTRY, &main_ctx, false); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 8d3db9d2658..615b75a6f48 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -208,7 +208,7 @@ int main(int argc, const char *argv[]) debug_log_file = "sssd_pac"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("pac", true, 0, uid, gid, + ret = server_setup("pac", true, 0, uid, gid, CONFDB_FILE, CONFDB_PAC_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 73ebb0a9cd2..b47c4eedde4 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -504,8 +504,8 @@ int main(int argc, const char *argv[]) "debugging might not work!\n"); } - ret = server_setup("pam", true, 0, uid, gid, CONFDB_PAM_CONF_ENTRY, - &main_ctx, false); + ret = server_setup("pam", true, 0, uid, gid, CONFDB_FILE, + CONFDB_PAM_CONF_ENTRY, &main_ctx, false); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 91fb77b24b7..798b107bcdd 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -208,7 +208,7 @@ int main(int argc, const char *argv[]) "debugging might not work!\n"); } - ret = server_setup("ssh", true, 0, uid, gid, + ret = server_setup("ssh", true, 0, uid, gid, CONFDB_FILE, CONFDB_SSH_CONF_ENTRY, &main_ctx, true); if (ret != EOK) { return 2; diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 8568e6e9593..8b6cf9f05f9 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -196,8 +196,8 @@ int main(int argc, const char *argv[]) } } - ret = server_setup("sudo", true, 0, uid, gid, CONFDB_SUDO_CONF_ENTRY, - &main_ctx, true); + ret = server_setup("sudo", true, 0, uid, gid, CONFDB_FILE, + CONFDB_SUDO_CONF_ENTRY, &main_ctx, true); if (ret != EOK) { return 2; } diff --git a/src/tests/cwrap/test_server.c b/src/tests/cwrap/test_server.c index 9cabf5905fc..4b6a4bad0f3 100644 --- a/src/tests/cwrap/test_server.c +++ b/src/tests/cwrap/test_server.c @@ -101,7 +101,7 @@ void test_run_as_root_fg(void **state) pid = fork(); if (pid == 0) { - ret = server_setup(__FUNCTION__, false, 0, 0, 0, + ret = server_setup(__FUNCTION__, false, 0, 0, 0, CONFDB_FILE, __FUNCTION__, &main_ctx, true); assert_int_equal(ret, 0); exit(0); @@ -125,7 +125,7 @@ void test_run_as_sssd_fg(void **state) pid = fork(); if (pid == 0) { ret = server_setup(__FUNCTION__, false, 0, sssd->pw_uid, sssd->pw_gid, - __FUNCTION__, &main_ctx, true); + CONFDB_FILE, __FUNCTION__, &main_ctx, true); assert_int_equal(ret, 0); exit(0); } @@ -149,8 +149,8 @@ void test_run_as_root_daemon(void **state) pid = fork(); if (pid == 0) { - ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE, - 0, 0, __FUNCTION__, &main_ctx, true); + ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE, 0, 0, + CONFDB_FILE, __FUNCTION__, &main_ctx, true); assert_int_equal(ret, 0); server_loop(main_ctx); diff --git a/src/util/server.c b/src/util/server.c index 76a558fb512..62a8c086e3e 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -475,6 +475,7 @@ static const char *get_pid_path(void) int server_setup(const char *name, bool is_responder, int flags, uid_t uid, gid_t gid, + const char *db_file, const char *conf_entry, struct main_context **main_ctx, bool allow_sss_loop) @@ -622,8 +623,7 @@ int server_setup(const char *name, bool is_responder, return EIO; } - conf_db = talloc_asprintf(ctx, "%s/%s", - get_db_path(), CONFDB_FILE); + conf_db = talloc_asprintf(ctx, "%s/%s", get_db_path(), db_file); if (conf_db == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory, aborting!\n"); return ENOMEM; diff --git a/src/util/util.h b/src/util/util.h index 72c55b49384..cfd55f05da9 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -216,6 +216,7 @@ int pidfile(const char *file); int server_setup(const char *name, bool is_responder, int flags, uid_t uid, gid_t gid, + const char *db_file, const char *conf_entry, struct main_context **main_ctx, bool allow_sss_loop); From 2e2f571b575e7ed2cfd37aebc387c56c7013f432 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Fri, 29 Sep 2023 21:12:11 +0200 Subject: [PATCH 3/5] CONFDB: Allow loading an empty configuration Function confdb_setup() returns an error if the configuration file(s) is(are) missing. In some cases it can be acceptable to have an empty configuration and use the default values. We are adding a parameter to confdb_setup() to allow empty files. --- src/confdb/confdb_setup.c | 21 +++++++++++++++------ src/confdb/confdb_setup.h | 3 +++ src/monitor/monitor.c | 2 +- src/tools/common/sss_tools.c | 3 +-- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c index 3cf345e86a8..5b459262ea2 100644 --- a/src/confdb/confdb_setup.c +++ b/src/confdb/confdb_setup.c @@ -160,7 +160,8 @@ static int confdb_write_ldif(struct confdb_ctx *cdb, static int confdb_init_db(const char *config_file, const char *config_dir, const char *only_section, - struct confdb_ctx *cdb) + struct confdb_ctx *cdb, + bool allow_missing_file) { TALLOC_CTX *tmp_ctx; int ret; @@ -189,10 +190,16 @@ static int confdb_init_db(const char *config_file, init_data, &config_ldif); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot convert INI to LDIF [%d]: [%s]\n", - ret, sss_strerror(ret)); - goto done; + if (ret == ERR_INI_EMPTY_CONFIG && allow_missing_file) { + DEBUG(SSSDBG_TRACE_FUNC, "Empty configuration. Using the defaults.\n"); + ret = EOK; + goto done; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot convert INI to LDIF [%d]: [%s]\n", + ret, sss_strerror(ret)); + goto done; + } } DEBUG(SSSDBG_CONF_SETTINGS, "LDIF file to import: \n%s\n", config_ldif); @@ -251,6 +258,7 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx, const char *config_file, const char *config_dir, const char *only_section, + bool allow_missing_file, struct confdb_ctx **_cdb) { TALLOC_CTX *tmp_ctx; @@ -295,7 +303,8 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx, } /* Initialize the CDB from the configuration file */ - ret = confdb_init_db(config_file, config_dir, only_section, cdb); + ret = confdb_init_db(config_file, config_dir, only_section, cdb, + allow_missing_file); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "ConfDB initialization has failed " "[%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/confdb/confdb_setup.h b/src/confdb/confdb_setup.h index d12441165c4..84b29b01fe9 100644 --- a/src/confdb/confdb_setup.h +++ b/src/confdb/confdb_setup.h @@ -22,6 +22,8 @@ #ifndef CONFDB_SETUP_H_ #define CONFDB_SETUP_H_ +#include + #define CONFDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ "cn: CASE_INSENSITIVE\n" \ @@ -42,6 +44,7 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx, const char *config_file, const char *config_dir, const char *only_section, + bool allow_missing_file, struct confdb_ctx **_cdb); #endif /* CONFDB_SETUP_H_ */ diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 68d36b91c2c..14978396105 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1502,7 +1502,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, } ret = confdb_setup(ctx, cdb_file, config_file, config_dir, only_section, - &ctx->cdb); + false, &ctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c index e67de3a66ab..fd8075421fc 100644 --- a/src/tools/common/sss_tools.c +++ b/src/tools/common/sss_tools.c @@ -102,8 +102,7 @@ static errno_t sss_tool_confdb_init(TALLOC_CTX *mem_ctx, ret = confdb_setup(mem_ctx, path, SSSD_CONFIG_FILE, CONFDB_DEFAULT_CONFIG_DIR, - NULL, - &confdb); + NULL, false, &confdb); talloc_zfree(path); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", From 80435e620abaebeeccb659e5fb128d3e219f6293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 20 Sep 2023 13:19:00 +0200 Subject: [PATCH 4/5] CONFDB: Fixed some missing dependencies in a header file confdb_setup.h did not include all the header files it requires. So far those files happened to be included before this file, so no compilation error occurred, but the problem was hiding in the shadows. --- src/confdb/confdb_setup.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/confdb/confdb_setup.h b/src/confdb/confdb_setup.h index 84b29b01fe9..d816c7ea0a7 100644 --- a/src/confdb/confdb_setup.h +++ b/src/confdb/confdb_setup.h @@ -23,6 +23,9 @@ #define CONFDB_SETUP_H_ #include +#include + +#include "util/util_errors.h" #define CONFDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ @@ -39,6 +42,8 @@ "@LIST: server_sort\n" \ "\n" +struct confdb_ctx; + errno_t confdb_setup(TALLOC_CTX *mem_ctx, const char *cdb_file, const char *config_file, From 68440c62a5c7e281b42c250e7f221cd72e810117 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Thu, 21 Sep 2023 14:14:25 +0200 Subject: [PATCH 5/5] KCM: Handle its own configuration KCM now uses the ${SSS_STATEDIR}/db/config_kcm.ldb database to store its configuration. config.ldb is no longer used by KCM. The configuration text file remains the same. Resolves: https://github.com/SSSD/sssd/issues/6926 --- Makefile.am | 1 + src/confdb/confdb.h | 1 + src/responder/kcm/kcm.c | 72 +++++++++++++++++++++++++++- src/sysv/gentoo/sssd-kcm.in | 5 -- src/sysv/systemd/sssd-kcm.service.in | 1 - src/tests/intg/test_kcm.py | 3 -- 6 files changed, 73 insertions(+), 10 deletions(-) diff --git a/Makefile.am b/Makefile.am index f53aaa11618..28d18b2f381 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1792,6 +1792,7 @@ sssd_kcm_SOURCES = \ src/util/sss_sockets.c \ src/util/sss_krb5.c \ src/util/sss_iobuf.c \ + src/confdb/confdb_setup.c \ $(SSSD_RESPONDER_OBJ) \ $(NULL) sssd_kcm_CFLAGS = \ diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 9b11de59b85..0ade5f88ed6 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -40,6 +40,7 @@ #define CONFDB_DEFAULT_CFG_FILE_VER 2 #define CONFDB_FILE "config.ldb" +#define CONFDB_KCM_FILE "config_kcm.ldb" #define SSSD_CONFIG_FILE_NAME "sssd.conf" #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME #define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d" diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index 12ab5ce3e56..74a60e4993a 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -23,6 +23,7 @@ #include +#include "confdb/confdb_setup.h" #include "responder/kcm/kcmsrv_ccache.h" #include "responder/kcm/kcmsrv_pvt.h" #include "responder/kcm/kcm_renew.h" @@ -311,21 +312,63 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx, return ret; } +static errno_t load_configuration(const char *config_file, + const char *config_dir, + const char *only_section) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + struct confdb_ctx *cdb; + char *cdb_file; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate the initial context\n"); + return ENOMEM; + } + + cdb_file = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_KCM_FILE); + if (cdb_file == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate memory for the filename\n"); + ret = ENOMEM; + goto done; + } + + ret = confdb_setup(tmp_ctx, cdb_file, config_file, config_dir, only_section, + true, &cdb); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + int main(int argc, const char *argv[]) { + TALLOC_CTX *tmp_ctx; int opt; poptContext pc; char *opt_logger = NULL; + char *opt_config_file = NULL; + const char *config_file = NULL; struct main_context *main_ctx; int ret; uid_t uid = 0; gid_t gid = 0; + int flags = 0; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_LOGGER_OPTS SSSD_SERVER_OPTS(uid, gid) + SSSD_CONFIG_OPTS(opt_config_file) POPT_TABLEEND }; @@ -347,14 +390,39 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return 3; + } + /* set up things like debug, signals, daemonization, etc. */ debug_log_file = "sssd_kcm"; DEBUG_INIT(debug_level, opt_logger); - ret = server_setup("kcm", true, 0, uid, gid, CONFDB_FILE, + if (opt_config_file == NULL) { + config_file = SSSD_CONFIG_FILE; + } else { + config_file = opt_config_file; + } + + /* Parse config file, fail if cannot be done */ + ret = load_configuration(config_file, CONFDB_DEFAULT_CONFIG_DIR, "kcm"); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "KCM couldn't load the configuration [%d]: %s\n", + ret, sss_strerror(ret)); + sss_log(SSS_LOG_CRIT, + "KCM couldn't load the configuration [%d]: %s\n", + ret, sss_strerror(ret)); + return 4; + } + + ret = server_setup("kcm", true, flags, uid, gid, CONFDB_KCM_FILE, CONFDB_KCM_CONF_ENTRY, &main_ctx, true); if (ret != EOK) return 2; + DEBUG(SSSDBG_TRACE_FUNC, "CONFIG: %s\n", config_file); + ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ @@ -370,5 +438,7 @@ int main(int argc, const char *argv[]) /* loop on main */ server_loop(main_ctx); + free(opt_config_file); + return 0; } diff --git a/src/sysv/gentoo/sssd-kcm.in b/src/sysv/gentoo/sssd-kcm.in index c9242bf9fb9..2268bc692d4 100644 --- a/src/sysv/gentoo/sssd-kcm.in +++ b/src/sysv/gentoo/sssd-kcm.in @@ -8,11 +8,6 @@ command_background="true" command_args="--uid=0 --gid=0 --logger=files ${SSSD_KCM_OPTIONS}" pidfile="@pidpath@/sssd_kcm.pid" -start_pre() -{ - "@sbindir@/sssd" --genconf-section=kcm || return $? -} - depend() { need localmount clock diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in index a8af4eadcff..853d19f7b9d 100644 --- a/src/sysv/systemd/sssd-kcm.service.in +++ b/src/sysv/systemd/sssd-kcm.service.in @@ -9,7 +9,6 @@ Also=sssd-kcm.socket [Service] Environment=DEBUG_LOGGER=--logger=files -ExecStartPre=-@sbindir@/sssd --genconf-section=kcm ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER} # Currently SSSD KCM server ('sssd_kcm') always runs under 'root' # ('User=' and 'Group=' defaults to 'root' for system services) diff --git a/src/tests/intg/test_kcm.py b/src/tests/intg/test_kcm.py index 370e2a9174c..0d2638f211f 100644 --- a/src/tests/intg/test_kcm.py +++ b/src/tests/intg/test_kcm.py @@ -79,9 +79,6 @@ def create_conf_fixture(request, contents): def create_sssd_kcm_fixture(sock_path, krb5_conf_path, request): - if subprocess.call(['sssd', "--genconf"]) != 0: - raise Exception("failed to regenerate confdb") - resp_path = os.path.join(config.LIBEXEC_PATH, "sssd", "sssd_kcm") if not os.access(resp_path, os.X_OK): # It would be cleaner to use pytest.mark.skipif on the package level