SSSD · alexey-tikhonov · Oct 9, 2024 · Oct 9, 2024 · Oct 9, 2024 · Oct 9, 2024
diff --git a/Makefile.am b/Makefile.am
@@ -633,7 +633,6 @@ SSSD_TOOLS_OBJ = \
     src/tools/common/sss_tools.c \
     src/tools/common/sss_process.c \
     src/confdb/confdb_setup.c \
-    src/util/nscd.c \
     $(NULL)
 
 SSSD_LCL_TOOLS_OBJ = \
@@ -1519,8 +1518,8 @@ endif
 sssd_SOURCES = \
     src/monitor/monitor.c \
     src/monitor/monitor_bootstrap.c \
+    src/monitor/nscd.c \
     src/confdb/confdb_setup.c \
-    src/util/nscd.c \
     $(NULL)
 sssd_LDADD = \
     $(SSSD_LIBS) \
@@ -2005,6 +2004,7 @@ endif
 if HAVE_SYSTEMD_UNIT
 sssd_check_socket_activated_responders_SOURCES = \
     src/tools/sssd_check_socket_activated_responders.c \
+    src/tools/common/sss_tools.c \
     $(NULL)
 sssd_check_socket_activated_responders_CFLAGS = \
     $(AM_CFLAGS) \

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
@@ -642,6 +642,136 @@ int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
     return ret;
 }
 
+static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx,
+                                     char ***_services)
+{
+    int ret;
+    char **domain_names;
+    TALLOC_CTX *tmp_ctx;
+    size_t c;
+    char *conf_path;
+    char *id_provider;
+    bool add_pac = false;
+    bool implicit_pac_responder = true;
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+        return ENOMEM;
+    }
+
+    ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domain_names);
+    if (ret == ENOENT) {
+        /* confdb_expand_app_domains() wasn't called yet, so this might be ok */
+        ret = EOK;
+        goto done;
+    } else if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "Error retrieving domains list [%d]: %s\n",
+              ret, sss_strerror(ret));
+        goto done;
+    }
+
+    ret = confdb_get_bool(cdb, CONFDB_MONITOR_CONF_ENTRY,
+                          CONFDB_MONITOR_IMPLICIT_PAC_RESPONDER, true,
+                          &implicit_pac_responder);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Failed to read implicit_pac_responder option, "
+              "using default 'true'.\n");
+        implicit_pac_responder = true;
+    }
+
+    for (c = 0; domain_names[c] != NULL; c++) {
+        if (!is_valid_domain_name(domain_names[c])) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Skipping invalid domain name '%s'\n", domain_names[c]);
+            continue;
+        }
+        conf_path = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL,
+                                    domain_names[c]);
+        if (conf_path == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+
+        ret = confdb_get_string(cdb, tmp_ctx, conf_path,
+                                CONFDB_DOMAIN_ID_PROVIDER, NULL, &id_provider);
+        if (ret == EOK) {
+            if (id_provider == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "id_provider is not set for "
+                      "domain [%s], trying next domain.\n", domain_names[c]);
+                continue;
+            }
+
+            if (strcasecmp(id_provider, "IPA") == 0
+                        || strcasecmp(id_provider, "AD") == 0) {
+                if (implicit_pac_responder) {
+                    add_pac = true;
+                } else {
+                    DEBUG(SSSDBG_CONF_SETTINGS,
+                          "PAC responder not enabled for id provider [%s] "
+                          "because implicit_pac_responder is set to 'false'.\n",
+                          id_provider);
+                    add_pac = false;
+                }
+            }
+        } else {
+            DEBUG(SSSDBG_OP_FAILURE, "Failed to get id_provider for " \
+                                      "domain [%s], trying next domain.\n",
+                                      domain_names[c]);
+        }
+    }
+
+    if (BUILD_WITH_PAC_RESPONDER && add_pac &&
+        !string_in_list("pac", *_services, false)) {
+        ret = add_string_to_list(mem_ctx, "pac", _services);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, "add_string_to_list failed.\n");
+            goto done;
+        }
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+
+    return ret;
+}
+
+int confdb_get_services_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
+                                char ***_result)
+{
+    int ret;
+
+    ret = confdb_get_string_as_list(cdb, ctx,
+                                    CONFDB_MONITOR_CONF_ENTRY,
+                                    CONFDB_MONITOR_ACTIVE_SERVICES,
+                                    _result);
+#ifdef HAVE_SYSTEMD
+    if (ret != EOK && ret != ENOENT) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Failed to get the explicitly configured services!\n");
+        return EINVAL;
+    }
+#else
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n");
+        return EINVAL;
+    }
+#endif
+
+    /* `add_implicit_services()` can handle (*_result == NULL) */
+    ret = add_implicit_services(cdb, ctx, _result);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to add implicitly configured services\n");
+        return EINVAL;
+    }
+
+    return EOK;
+}
+
 int confdb_init(TALLOC_CTX *mem_ctx,
                 struct confdb_ctx **cdb_ctx,
                 const char *confdb_location)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
@@ -731,7 +731,7 @@ int confdb_set_string(struct confdb_ctx *cdb,
  * @param[in] attribute The name of the attribute to update
  * @param[out] result A pointer to the retrieved array of strings
  *
- * @return 0 - Successfully retrieved the entry (or used the default)
+ * @return 0 - Successfully retrieved the entry
  * @return ENOMEM - There was insufficient memory to complete the operation
  * @return EINVAL - The section could not be parsed, or the attribute was not
  *                  single-valued.
@@ -742,6 +742,19 @@ int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
                               const char *section, const char *attribute,
                               char ***result);
 
+/**
+ * @brief Convenience function to retrieve a list of configured services,
+ * including implicitly configured, as a null-terminated array of strings.
+ *
+ * @param[in] cdb The connection object to the confdb
+ * @param[in] ctx The parent memory context for the returned string
+ * @param[out] _result A pointer to the retrieved array of strings
+ *
+ * @return 0 on success, error code otherwise
+ */
+int confdb_get_services_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
+                                char ***_result);
+
 /**
  * @brief Convenience function to retrieve a list of subsections given a
  * configuration section name