KCM uses its own configuration

Makefile.am

@@ -1792,6 +1792,7 @@ sssd_kcm_SOURCES = \
     src/util/sss_sockets.c \
     src/util/sss_krb5.c \
     src/util/sss_iobuf.c \
+    src/confdb/confdb_setup.c \
     $(SSSD_RESPONDER_OBJ) \
     $(NULL)
 sssd_kcm_CFLAGS = \

src/confdb/confdb.h

@@ -40,6 +40,7 @@
 
 #define CONFDB_DEFAULT_CFG_FILE_VER 2
 #define CONFDB_FILE "config.ldb"
+#define CONFDB_KCM_FILE "config_kcm.ldb"
 #define SSSD_CONFIG_FILE_NAME "sssd.conf"
 #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
 #define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"

src/confdb/confdb_setup.c

@@ -160,7 +160,8 @@ static int confdb_write_ldif(struct confdb_ctx *cdb,
 static int confdb_init_db(const char *config_file,
                           const char *config_dir,
                           const char *only_section,
-                          struct confdb_ctx *cdb)
+                          struct confdb_ctx *cdb,
+                          bool allow_missing_file)
 {
     TALLOC_CTX *tmp_ctx;
     int ret;
@@ -189,10 +190,16 @@ static int confdb_init_db(const char *config_file,
                                     init_data,
                                     &config_ldif);
     if (ret != EOK) {
-        DEBUG(SSSDBG_CRIT_FAILURE,
-              "Cannot convert INI to LDIF [%d]: [%s]\n",
-            ret, sss_strerror(ret));
-        goto done;
+        if (ret == ERR_INI_EMPTY_CONFIG && allow_missing_file) {
+            DEBUG(SSSDBG_TRACE_FUNC, "Empty configuration. Using the defaults.\n");
+            ret = EOK;
+            goto done;
+        } else {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Cannot convert INI to LDIF [%d]: [%s]\n",
+                ret, sss_strerror(ret));
+            goto done;
+        }
     }
 
     DEBUG(SSSDBG_CONF_SETTINGS, "LDIF file to import: \n%s\n", config_ldif);
@@ -251,6 +258,7 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx,
                      const char *config_file,
                      const char *config_dir,
                      const char *only_section,
+                     bool allow_missing_file,
                      struct confdb_ctx **_cdb)
 {
     TALLOC_CTX *tmp_ctx;
@@ -295,7 +303,8 @@ errno_t confdb_setup(TALLOC_CTX *mem_ctx,
     }
 
     /* Initialize the CDB from the configuration file */
-    ret = confdb_init_db(config_file, config_dir, only_section, cdb);
+    ret = confdb_init_db(config_file, config_dir, only_section, cdb,
+                         allow_missing_file);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "ConfDB initialization has failed "
               "[%d]: %s\n", ret, sss_strerror(ret));

src/confdb/confdb_setup.h

@@ -22,6 +22,11 @@
 #ifndef CONFDB_SETUP_H_
 #define CONFDB_SETUP_H_
 
+#include <stdbool.h>
+#include <talloc.h>
+
+#include "util/util_errors.h"
+
 #define CONFDB_BASE_LDIF \
      "dn: @ATTRIBUTES\n" \
      "cn: CASE_INSENSITIVE\n" \
@@ -37,11 +42,14 @@
      "@LIST: server_sort\n" \
      "\n"
 
+struct confdb_ctx;
+
 errno_t confdb_setup(TALLOC_CTX *mem_ctx,
                      const char *cdb_file,
                      const char *config_file,
                      const char *config_dir,
                      const char *only_section,
+                     bool allow_missing_file,
                      struct confdb_ctx **_cdb);
 
 #endif /* CONFDB_SETUP_H_ */

src/monitor/monitor.c

@@ -1502,7 +1502,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx,
     }
 
     ret = confdb_setup(ctx, cdb_file, config_file, config_dir, only_section,
-                       &ctx->cdb);
+                       false, &ctx->cdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n",
              ret, sss_strerror(ret));
@@ -2001,15 +2001,14 @@ int main(int argc, const char *argv[])
         POPT_AUTOHELP
         SSSD_MAIN_OPTS
         SSSD_LOGGER_OPTS
+        SSSD_CONFIG_OPTS(opt_config_file)
         {"daemon", 'D', POPT_ARG_NONE, &opt_daemon, 0, \
          _("Become a daemon (default)"), NULL }, \
         {"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0, \
          _("Run interactive (not a daemon)"), NULL}, \
         {"disable-netlink", '\0', POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN,
             &opt_netlinkoff, 0, \
          _("Disable netlink interface"), NULL}, \
-        {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \
-         _("Specify a non-default config file"), NULL}, \
         {"genconf", 'g', POPT_ARG_NONE, &opt_genconf, 0, \
          _("Refresh the configuration database, then exit"), \
          NULL}, \
@@ -2227,7 +2226,7 @@ int main(int argc, const char *argv[])
     ret = close(STDIN_FILENO);
     if (ret != EOK) return 6;
 
-    ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0,
+    ret = server_setup(SSSD_MONITOR_NAME, false, flags, 0, 0, CONFDB_FILE,
                        monitor->conf_path, &main_ctx, false);
     if (ret != EOK) return 2;
 

src/providers/data_provider_be.c

@@ -830,7 +830,8 @@ int main(int argc, const char *argv[])
     confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain);
     if (!confdb_path) return 2;
 
-    ret = server_setup(srv_name, false, 0, 0, 0, confdb_path, &main_ctx, false);
+    ret = server_setup(srv_name, false, 0, 0, 0, CONFDB_FILE,
+                       confdb_path, &main_ctx, false);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
         return 2;

src/providers/proxy/proxy_child.c

@@ -562,7 +562,8 @@ int main(int argc, const char *argv[])
     conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain);
     if (!conf_entry) return 2;
 
-    ret = server_setup(srv_name, false, 0, 0, 0, conf_entry, &main_ctx, true);
+    ret = server_setup(srv_name, false, 0, 0, 0, CONFDB_FILE, conf_entry,
+                       &main_ctx, true);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
         return 2;

src/responder/autofs/autofssrv.c

@@ -215,7 +215,7 @@ int main(int argc, const char *argv[])
     debug_log_file = "sssd_autofs";
     DEBUG_INIT(debug_level, opt_logger);
 
-    ret = server_setup("autofs", true, 0, uid, gid,
+    ret = server_setup("autofs", true, 0, uid, gid, CONFDB_FILE,
                        CONFDB_AUTOFS_CONF_ENTRY, &main_ctx, true);
     if (ret != EOK) {
         return 2;

src/responder/ifp/ifpsrv.c

@@ -341,7 +341,7 @@ int main(int argc, const char *argv[])
     debug_log_file = "sssd_ifp";
     DEBUG_INIT(debug_level, opt_logger);
 
-    ret = server_setup("ifp", true, 0, uid, gid,
+    ret = server_setup("ifp", true, 0, uid, gid, CONFDB_FILE,
                        CONFDB_IFP_CONF_ENTRY, &main_ctx, true);
     if (ret != EOK) return 2;
 

src/responder/kcm/kcm.c

@@ -23,6 +23,7 @@
 
 #include <popt.h>
 
+#include "confdb/confdb_setup.h"
 #include "responder/kcm/kcmsrv_ccache.h"
 #include "responder/kcm/kcmsrv_pvt.h"
 #include "responder/kcm/kcm_renew.h"
@@ -311,21 +312,63 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx,
     return ret;
 }
 
+static errno_t load_configuration(const char *config_file,
+                                  const char *config_dir,
+                                  const char *only_section)
+{
+    errno_t ret;
+    TALLOC_CTX *tmp_ctx;
+    struct confdb_ctx *cdb;
+    char *cdb_file;
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate the initial context\n");
+        return ENOMEM;
+    }
+
+    cdb_file = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_KCM_FILE);
+    if (cdb_file == NULL) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate memory for the filename\n");
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = confdb_setup(tmp_ctx, cdb_file, config_file, config_dir, only_section,
+                       true, &cdb);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n",
+             ret, sss_strerror(ret));
+        goto done;
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 int main(int argc, const char *argv[])
 {
+    TALLOC_CTX *tmp_ctx;
     int opt;
     poptContext pc;
     char *opt_logger = NULL;
+    char *opt_config_file = NULL;
+    const char *config_file = NULL;
     struct main_context *main_ctx;
     int ret;
     uid_t uid = 0;
     gid_t gid = 0;
+    int flags = 0;
 
     struct poptOption long_options[] = {
         POPT_AUTOHELP
         SSSD_MAIN_OPTS
         SSSD_LOGGER_OPTS
         SSSD_SERVER_OPTS(uid, gid)
+        SSSD_CONFIG_OPTS(opt_config_file)
         POPT_TABLEEND
     };
 
@@ -347,14 +390,39 @@ int main(int argc, const char *argv[])
 
     poptFreeContext(pc);
 
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) {
+        return 3;
+    }
+
     /* set up things like debug, signals, daemonization, etc. */
     debug_log_file = "sssd_kcm";
     DEBUG_INIT(debug_level, opt_logger);
 
-    ret = server_setup("kcm", true, 0, uid, gid, CONFDB_KCM_CONF_ENTRY,
-                       &main_ctx, true);
+     if (opt_config_file == NULL) {
+        config_file = SSSD_CONFIG_FILE;
+    } else {
+        config_file = opt_config_file;
+    }
+
+   /* Parse config file, fail if cannot be done */
+    ret = load_configuration(config_file, CONFDB_DEFAULT_CONFIG_DIR, "kcm");
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "KCM couldn't load the configuration [%d]: %s\n",
+              ret, sss_strerror(ret));
+        sss_log(SSS_LOG_CRIT,
+                "KCM couldn't load the configuration [%d]: %s\n",
+                ret, sss_strerror(ret));
+        return 4;
+    }
+
+    ret = server_setup("kcm", true, flags, uid, gid, CONFDB_KCM_FILE,
+                       CONFDB_KCM_CONF_ENTRY, &main_ctx, true);
     if (ret != EOK) return 2;
 
+    DEBUG(SSSDBG_TRACE_FUNC, "CONFIG: %s\n", config_file);
+
     ret = die_if_parent_died();
     if (ret != EOK) {
         /* This is not fatal, don't return */
@@ -370,5 +438,7 @@ int main(int argc, const char *argv[])
     /* loop on main */
     server_loop(main_ctx);
 
+    free(opt_config_file);
+
     return 0;
 }

src/responder/nss/nsssrv.c

@@ -716,8 +716,8 @@ int main(int argc, const char *argv[])
     debug_log_file = "sssd_nss";
     DEBUG_INIT(debug_level, opt_logger);
 
-    ret = server_setup("nss", true, 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
-                       &main_ctx, false);
+    ret = server_setup("nss", true, 0, uid, gid, CONFDB_FILE,
+                       CONFDB_NSS_CONF_ENTRY, &main_ctx, false);
     if (ret != EOK) return 2;
 
     ret = die_if_parent_died();

src/responder/pac/pacsrv.c

@@ -208,7 +208,7 @@ int main(int argc, const char *argv[])
     debug_log_file = "sssd_pac";
     DEBUG_INIT(debug_level, opt_logger);
 
-    ret = server_setup("pac", true, 0, uid, gid,
+    ret = server_setup("pac", true, 0, uid, gid, CONFDB_FILE,
                        CONFDB_PAC_CONF_ENTRY, &main_ctx, true);
     if (ret != EOK) return 2;
 

src/responder/pam/pamsrv.c

@@ -504,8 +504,8 @@ int main(int argc, const char *argv[])
               "debugging might not work!\n");
     }
 
-    ret = server_setup("pam", true, 0, uid, gid, CONFDB_PAM_CONF_ENTRY,
-                       &main_ctx, false);
+    ret = server_setup("pam", true, 0, uid, gid, CONFDB_FILE,
+                       CONFDB_PAM_CONF_ENTRY, &main_ctx, false);
     if (ret != EOK) return 2;
 
     ret = die_if_parent_died();

src/responder/ssh/sshsrv.c

@@ -208,7 +208,7 @@ int main(int argc, const char *argv[])
               "debugging might not work!\n");
     }
 
-    ret = server_setup("ssh", true, 0, uid, gid,
+    ret = server_setup("ssh", true, 0, uid, gid, CONFDB_FILE,
                        CONFDB_SSH_CONF_ENTRY, &main_ctx, true);
     if (ret != EOK) {
         return 2;

src/responder/sudo/sudosrv.c

@@ -196,8 +196,8 @@ int main(int argc, const char *argv[])
         }
     }
 
-    ret = server_setup("sudo", true, 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,
-                       &main_ctx, true);
+    ret = server_setup("sudo", true, 0, uid, gid, CONFDB_FILE,
+                       CONFDB_SUDO_CONF_ENTRY, &main_ctx, true);
     if (ret != EOK) {
         return 2;
     }

src/sysv/gentoo/sssd-kcm.in

@@ -8,11 +8,6 @@ command_background="true"
 command_args="--uid=0 --gid=0 --logger=files ${SSSD_KCM_OPTIONS}"
 pidfile="@pidpath@/sssd_kcm.pid"
 
-start_pre()
-{
-    "@sbindir@/sssd" --genconf-section=kcm || return $?
-}
-
 depend()
 {
     need localmount clock

src/sysv/systemd/sssd-kcm.service.in

@@ -9,7 +9,6 @@ Also=sssd-kcm.socket
 
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
-ExecStartPre=-@sbindir@/sssd --genconf-section=kcm
 ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER}
 # Currently SSSD KCM server ('sssd_kcm') always runs under 'root'
 # ('User=' and 'Group=' defaults to 'root' for system services)

src/tests/cwrap/test_server.c

@@ -101,7 +101,7 @@ void test_run_as_root_fg(void **state)
 
     pid = fork();
     if (pid == 0) {
-        ret = server_setup(__FUNCTION__, false, 0, 0, 0,
+        ret = server_setup(__FUNCTION__, false, 0, 0, 0, CONFDB_FILE,
                            __FUNCTION__, &main_ctx, true);
         assert_int_equal(ret, 0);
         exit(0);
@@ -125,7 +125,7 @@ void test_run_as_sssd_fg(void **state)
     pid = fork();
     if (pid == 0) {
         ret = server_setup(__FUNCTION__, false, 0, sssd->pw_uid, sssd->pw_gid,
-                           __FUNCTION__, &main_ctx, true);
+                           CONFDB_FILE, __FUNCTION__, &main_ctx, true);
         assert_int_equal(ret, 0);
         exit(0);
     }
@@ -149,8 +149,8 @@ void test_run_as_root_daemon(void **state)
 
     pid = fork();
     if (pid == 0) {
-        ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE,
-                           0, 0, __FUNCTION__, &main_ctx, true);
+        ret = server_setup(__FUNCTION__, false, FLAGS_PID_FILE, 0, 0,
+                           CONFDB_FILE, __FUNCTION__, &main_ctx, true);
         assert_int_equal(ret, 0);
 
         server_loop(main_ctx);

src/tests/intg/test_kcm.py

@@ -79,9 +79,6 @@ def create_conf_fixture(request, contents):
 
 
 def create_sssd_kcm_fixture(sock_path, krb5_conf_path, request):
-    if subprocess.call(['sssd', "--genconf"]) != 0:
-        raise Exception("failed to regenerate confdb")
-
     resp_path = os.path.join(config.LIBEXEC_PATH, "sssd", "sssd_kcm")
     if not os.access(resp_path, os.X_OK):
         # It would be cleaner to use pytest.mark.skipif on the package level