Skip to content

Commit

Permalink
Get rid of --genconf and --genconf-section monitor options.
Browse files Browse the repository at this point in the history
The only usage was 'sssd-kcm.service', but it was wrong since 'sssd_kcm'
should be usable without other SSSD packages being installed (see SSSD#6926)
  • Loading branch information
alexey-tikhonov committed Feb 19, 2024
1 parent eae4475 commit 3d67a73
Show file tree
Hide file tree
Showing 8 changed files with 69 additions and 482 deletions.
1 change: 0 additions & 1 deletion Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -5695,7 +5695,6 @@ dist_noinst_DATA += \
src/tests/multihost/conftest.py \
src/tests/multihost/basic/mhc.yaml \
src/tests/multihost/basic/test_basic.py \
src/tests/multihost/basic/test_config.py \
src/tests/multihost/basic/test_files.py \
src/tests/multihost/basic/test_ifp.py \
src/tests/multihost/basic/test_kcm.py \
Expand Down
49 changes: 24 additions & 25 deletions src/confdb/confdb_setup.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,22 @@
#include "confdb_setup.h"
#include "util/sss_ini.h"

#define CONFDB_BASE_LDIF \
"dn: @ATTRIBUTES\n" \
"cn: CASE_INSENSITIVE\n" \
"dc: CASE_INSENSITIVE\n" \
"dn: CASE_INSENSITIVE\n" \
"name: CASE_INSENSITIVE\n" \
"objectclass: CASE_INSENSITIVE\n" \
"\n" \
"dn: @INDEXLIST\n" \
"@IDXATTR: cn\n" \
"\n" \
"dn: @MODULES\n" \
"@LIST: server_sort\n" \
"\n"


static int confdb_purge(struct confdb_ctx *cdb)
{
int ret;
Expand Down Expand Up @@ -116,9 +132,7 @@ static int confdb_ldif_from_ini_file(TALLOC_CTX *mem_ctx,
return EOK;
}

static int confdb_write_ldif(struct confdb_ctx *cdb,
const char *config_ldif,
bool replace_whole_db)
static int confdb_write_ldif(struct confdb_ctx *cdb, const char *config_ldif)
{
int ret;
struct ldb_ldif *ldif;
Expand All @@ -133,21 +147,11 @@ static int confdb_write_ldif(struct confdb_ctx *cdb,
}
} else {
ret = ldb_add(cdb->ldb, ldif->msg);
if (ret != LDB_SUCCESS && replace_whole_db == false) {
/* This section already existed, remove and re-add it. We
* really want to replace the whole thing instead of messing
* around with changetypes and flags on individual elements
*/
ret = ldb_delete(cdb->ldb, ldif->msg->dn);
if (ret == LDB_SUCCESS) {
ret = ldb_add(cdb->ldb, ldif->msg);
}
}
}

if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to initialize DB (%d,[%s]), aborting!\n",
"Failed to update DB (%d,[%s]), aborting!\n",
ret, ldb_errstring(cdb->ldb));
return EIO;
}
Expand Down Expand Up @@ -215,19 +219,14 @@ static int confdb_init_db(const char *config_file,
}
in_transaction = true;

/* Purge existing database, if we are reinitializing the confdb completely */
if (only_section == NULL) {
ret = confdb_purge(cdb);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Could not purge existing configuration\n");
goto done;
}
ret = confdb_purge(cdb);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Could not purge existing configuration\n");
goto done;
}

ret = confdb_write_ldif(cdb,
config_ldif,
only_section == NULL ? true : false);
ret = confdb_write_ldif(cdb, config_ldif);
if (ret != EOK) {
goto done;
}
Expand Down
15 changes: 0 additions & 15 deletions src/confdb/confdb_setup.h
Original file line number Diff line number Diff line change
Expand Up @@ -27,21 +27,6 @@

#include "util/util_errors.h"

#define CONFDB_BASE_LDIF \
"dn: @ATTRIBUTES\n" \
"cn: CASE_INSENSITIVE\n" \
"dc: CASE_INSENSITIVE\n" \
"dn: CASE_INSENSITIVE\n" \
"name: CASE_INSENSITIVE\n" \
"objectclass: CASE_INSENSITIVE\n" \
"\n" \
"dn: @INDEXLIST\n" \
"@IDXATTR: cn\n" \
"\n" \
"dn: @MODULES\n" \
"@LIST: server_sort\n" \
"\n"

struct confdb_ctx;

errno_t confdb_setup(TALLOC_CTX *mem_ctx,
Expand Down
27 changes: 0 additions & 27 deletions src/man/sssd.8.xml
Original file line number Diff line number Diff line change
Expand Up @@ -145,33 +145,6 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>,<option>--genconf</option>
</term>
<listitem>
<para>
Do not start the SSSD, but refresh the configuration
database from the contents of
<filename>/etc/sssd/sssd.conf</filename> and exit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>,<option>--genconf-section</option>
</term>
<listitem>
<para>
Similar to <quote>--genconf</quote>, but only refresh
a single section from the configuration file. This
option is useful mainly to be called from systemd
unit files to allow socket-activated responders
to refresh their configuration without requiring
the administrator to restart the whole SSSD.
</para>
</listitem>
</varlistentry>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" />
<varlistentry>
<term>
Expand Down
127 changes: 45 additions & 82 deletions src/monitor/monitor.c
Original file line number Diff line number Diff line change
Expand Up @@ -1457,7 +1457,6 @@ static int monitor_ctx_destructor(void *mem)
errno_t load_configuration(TALLOC_CTX *mem_ctx,
const char *config_file,
const char *config_dir,
const char *only_section,
struct mt_ctx **monitor)
{
errno_t ret;
Expand All @@ -1481,21 +1480,15 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx,
goto done;
}

ret = confdb_setup(ctx, cdb_file, config_file, config_dir, only_section,
false, &ctx->cdb);

ret = confdb_setup(ctx, cdb_file, config_file, config_dir, NULL, false,
&ctx->cdb);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n",
ret, sss_strerror(ret));
goto done;
}

/* return EOK for genconf-section to exit 0 when no
* sssd configuration exists (KCM use case) */
if (only_section != NULL) {
*monitor = NULL;
goto done;
}

/* Validate the configuration in the database */
/* Read in the monitor's configuration */
ret = get_monitor_config(ctx);
Expand All @@ -1521,7 +1514,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx,

done:
talloc_free(cdb_file);
if (ret != EOK || only_section != NULL) {
if (ret != EOK) {
talloc_free(ctx);
}
return ret;
Expand Down Expand Up @@ -1982,12 +1975,10 @@ int main(int argc, const char *argv[])
poptContext pc;
int opt_daemon = 0;
int opt_interactive = 0;
int opt_genconf = 0;
int opt_version = 0;
char *opt_config_file = NULL;
const char *opt_logger = NULL;
char *config_file = NULL;
char *opt_genconf_section = NULL;
int flags = FLAGS_NO_WATCHDOG;
struct main_context *main_ctx;
TALLOC_CTX *tmp_ctx;
Expand All @@ -2009,10 +2000,6 @@ int main(int argc, const char *argv[])
_("Become a daemon (default)"), NULL },
{"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0,
_("Run interactive (not a daemon)"), NULL},
{"genconf", 'g', POPT_ARG_NONE, &opt_genconf, 0,
_("Refresh the configuration database, then exit"), NULL},
{"genconf-section", 's', POPT_ARG_STRING, &opt_genconf_section, 0,
_("Similar to --genconf, but only refreshes the given section"), NULL},
{"version", '\0', POPT_ARG_NONE, &opt_version, 0,
_("Print version number and exit"), NULL },
POPT_TABLEEND
Expand Down Expand Up @@ -2044,28 +2031,13 @@ int main(int argc, const char *argv[])
cmdline_debug_timestamps = debug_timestamps;
cmdline_debug_microseconds = debug_microseconds;

if (opt_genconf_section) {
/* --genconf-section implies genconf, just limited to a single section */
opt_genconf = 1;
}
if (opt_genconf && (opt_daemon || opt_interactive)) {
ERROR("Option -g is incompatible with -D or -i\n");
poptPrintUsage(pc, stderr, 0);
return 1;
}
if (opt_genconf) {
if (!opt_logger) {
opt_logger = sss_logger_str[STDERR_LOGGER];
}
}

if (opt_daemon && opt_interactive) {
ERROR("Option -i|--interactive is not allowed together with -D|--daemon\n");
poptPrintUsage(pc, stderr, 0);
return 1;
}

if (!opt_daemon && !opt_interactive && !opt_genconf) {
if (!opt_daemon && !opt_interactive) {
opt_daemon = 1;
}
if (opt_daemon) {
Expand Down Expand Up @@ -2129,58 +2101,53 @@ int main(int argc, const char *argv[])
}
#endif

/* Check if the SSSD is already running and for nscd conflicts unless we're
* only interested in re-reading the configuration
*/
if (opt_genconf == 0) {
ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false);
if (ret == EOK) {
ret = check_pidfile(SSSD_PIDFILE);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"pidfile exists at %s\n", SSSD_PIDFILE);
ERROR("SSSD is already running\n");
return 5;
}
/* Check if the SSSD is already running and for nscd conflicts */
ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false);
if (ret == EOK) {
ret = check_pidfile(SSSD_PIDFILE);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"pidfile exists at %s\n", SSSD_PIDFILE);
ERROR("SSSD is already running\n");
return 5;
}
}

/* Warn if nscd seems to be running */
ret = check_file(NSCD_SOCKET_PATH,
-1, -1, S_IFSOCK, S_IFMT, NULL, false);
if (ret == EOK) {
ret = sss_nscd_parse_conf(NSCD_CONF_PATH);

switch (ret) {
case ENOENT:
sss_log(SSS_LOG_NOTICE,
"NSCD socket was detected. NSCD caching capabilities "
"may conflict with SSSD for users and groups. It is "
"recommended not to run NSCD in parallel with SSSD, "
"unless NSCD is configured not to cache the passwd, "
"group, netgroup and services nsswitch maps.");
break;

case EEXIST:
sss_log(SSS_LOG_NOTICE,
"NSCD socket was detected and seems to be configured "
"to cache some of the databases controlled by "
"SSSD [passwd,group,netgroup,services]. It is "
"recommended not to run NSCD in parallel with SSSD, "
"unless NSCD is configured not to cache these.");
break;

case EOK:
DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it "
"seems to be configured not to interfere with "
"SSSD's caching capabilities\n");
}
}
/* Warn if nscd seems to be running */
ret = check_file(NSCD_SOCKET_PATH,
-1, -1, S_IFSOCK, S_IFMT, NULL, false);
if (ret == EOK) {
ret = sss_nscd_parse_conf(NSCD_CONF_PATH);

switch (ret) {
case ENOENT:
sss_log(SSS_LOG_NOTICE,
"NSCD socket was detected. NSCD caching capabilities "
"may conflict with SSSD for users and groups. It is "
"recommended not to run NSCD in parallel with SSSD, "
"unless NSCD is configured not to cache the passwd, "
"group, netgroup and services nsswitch maps.");
break;

case EEXIST:
sss_log(SSS_LOG_NOTICE,
"NSCD socket was detected and seems to be configured "
"to cache some of the databases controlled by "
"SSSD [passwd,group,netgroup,services]. It is "
"recommended not to run NSCD in parallel with SSSD, "
"unless NSCD is configured not to cache these.");
break;

case EOK:
DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it "
"seems to be configured not to interfere with "
"SSSD's caching capabilities\n");
}
}

/* Parse config file, fail if cannot be done */
ret = load_configuration(tmp_ctx, config_file, CONFDB_DEFAULT_CONFIG_DIR,
opt_genconf_section, &monitor);
&monitor);
if (ret != EOK) {
switch (ret) {
case EPERM:
Expand All @@ -2201,10 +2168,6 @@ int main(int argc, const char *argv[])
return 5;
}

/* at this point we are done generating the config file, we may exit
* if that's all we were asked to do */
if (opt_genconf) return 0;

/* set up things like debug, signals, daemonization, etc. */
monitor->conf_path = CONFDB_MONITOR_CONF_ENTRY;
ret = close(STDIN_FILENO);
Expand Down
Loading

0 comments on commit 3d67a73

Please sign in to comment.