summaryrefslogtreecommitdiffstats
path: root/server/confdb
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-09-22 09:47:41 -0400
committerStephen Gallagher <sgallagh@redhat.com>2009-09-25 09:03:29 -0400
commit8263230a0c543a737ab17a071a0ea964dcab4259 (patch)
tree373caef346d1b73f3dcf6d0d168402f3eecc4d23 /server/confdb
parentc65b34ae1d5794fc4456a25705163f56283047d2 (diff)
downloadsssd-8263230a0c543a737ab17a071a0ea964dcab4259.tar.gz
sssd-8263230a0c543a737ab17a071a0ea964dcab4259.tar.xz
sssd-8263230a0c543a737ab17a071a0ea964dcab4259.zip
Upgrade confdb to version 2
This converts a great many configuration options to the new standard format.
Diffstat (limited to 'server/confdb')
-rw-r--r--server/confdb/confdb.c52
-rw-r--r--server/confdb/confdb.h69
-rw-r--r--server/confdb/confdb_setup.c41
-rw-r--r--server/confdb/confdb_setup.h5
4 files changed, 131 insertions, 36 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index bb1fc2b2f..ca7be4544 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -30,19 +30,6 @@
#include "util/strtonum.h"
#include "db/sysdb.h"
-#define CONFDB_DOMAINS_PATH "config/domains"
-#define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config"
-#define CONFDB_DOMAIN_ATTR "cn"
-#define CONFDB_PROVIDER "provider"
-#define CONFDB_TIMEOUT "timeout"
-#define CONFDB_ENUMERATE "enumerate"
-#define CONFDB_MINID "minId"
-#define CONFDB_MAXID "maxId"
-#define CONFDB_CACHE_CREDS "cache-credentials"
-#define CONFDB_LEGACY_PASS "store-legacy-passwords"
-#define CONFDB_MPG "magicPrivateGroups"
-#define CONFDB_FQ "useFullyQualifiedNames"
-
#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
if (!var) { \
ret = err; \
@@ -728,7 +715,6 @@ static errno_t get_entry_as_bool(struct ldb_message *msg,
bool default_value)
{
const char *tmp = NULL;
- char *endptr;
*return_value = 0;
@@ -808,7 +794,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
goto done;
}
- tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_PROVIDER, NULL);
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_DOMAIN_ID_PROVIDER,
+ NULL);
if (tmp) {
domain->provider = talloc_strdup(domain, tmp);
if (!domain->provider) {
@@ -817,20 +805,20 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
}
else {
- DEBUG(0, ("Domain [%s] does not specify a provider, disabling!\n",
+ DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n",
domain->name));
ret = EINVAL;
goto done;
}
domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
- CONFDB_TIMEOUT, 0);
+ CONFDB_DOMAIN_TIMEOUT, 0);
/* Determine if this domain can be enumerated */
/* TEMP: test if the old bitfield conf value is used and warn it has been
* superceeded. */
- val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_ENUMERATE, 0);
+ val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0);
if (val > 0) { /* ok there was a number in here */
DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! "
"Enumeration is now a boolean and takes true/false values. "
@@ -838,9 +826,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
domain->enumerate = true;
} else { /* assume the new format */
ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,
- CONFDB_ENUMERATE, 0);
+ CONFDB_DOMAIN_ENUMERATE, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_ENUMERATE));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE));
goto done;
}
}
@@ -849,9 +837,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
/* Determine if this is domain uses MPG */
- ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_MPG, 0);
+ ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_DOMAIN_MPG, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_MPG));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_MPG));
goto done;
}
@@ -862,14 +850,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
/* Determine if user/group names will be Fully Qualified
* in NSS interfaces */
- ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_FQ, 0);
+ ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_FQ));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ));
goto done;
}
ret = get_entry_as_uint32(res->msgs[0], &domain->id_min,
- CONFDB_MINID, SSSD_MIN_ID);
+ CONFDB_DOMAIN_MINID, SSSD_MIN_ID);
if (ret != EOK) {
DEBUG(0, ("Invalid value for minId\n"));
ret = EINVAL;
@@ -877,7 +865,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
}
ret = get_entry_as_uint32(res->msgs[0], &domain->id_max,
- CONFDB_MAXID, 0);
+ CONFDB_DOMAIN_MAXID, 0);
if (ret != EOK) {
DEBUG(0, ("Invalid value for maxId\n"));
ret = EINVAL;
@@ -892,16 +880,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
/* Do we allow to cache credentials */
ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials,
- CONFDB_CACHE_CREDS, 0);
+ CONFDB_DOMAIN_CACHE_CREDS, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_CACHE_CREDS));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS));
goto done;
}
ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords,
- CONFDB_LEGACY_PASS, 0);
+ CONFDB_DOMAIN_LEGACY_PASS, 0);
if(ret != EOK) {
- DEBUG(0, ("Invalid value for %s\n", CONFDB_LEGACY_PASS));
+ DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS));
goto done;
}
@@ -930,7 +918,9 @@ int confdb_get_domains(struct confdb_ctx *cdb,
if (!tmp_ctx) return ENOMEM;
ret = confdb_get_string_as_list(cdb, tmp_ctx,
- CONFDB_DOMAINS_PATH, "domains", &domlist);
+ CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_ACTIVE_DOMAINS,
+ &domlist);
if (ret == ENOENT) {
DEBUG(0, ("No domains configured, fatal error!\n"));
goto done;
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index a0da9b4f0..7ca85507c 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -34,7 +34,74 @@
#define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
#define SSSD_MIN_ID 1000
-#define SERVICE_CONF_ENTRY "config/services"
+/* Configuration options */
+
+/* Services */
+#define CONFDB_SERVICE_PATH_TMPL "config/%s"
+#define CONFDB_SERVICE_COMMAND "command"
+#define CONFDB_SERVICE_DEBUG_LEVEL "debug_level"
+#define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
+#define CONFDB_SERVICE_TIMEOUT "timeout"
+#define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries"
+
+/* Monitor */
+#define CONFDB_MONITOR_CONF_ENTRY "config/sssd"
+#define CONFDB_MONITOR_SBUS_TIMEOUT "sbus_timeout"
+#define CONFDB_MONITOR_ACTIVE_SERVICES "services"
+#define CONFDB_MONITOR_ACTIVE_DOMAINS "domains"
+#define CONFDB_MONITOR_NAME_REGEX "re_expression"
+#define CONFDB_MONITOR_FULL_NAME_FORMAT "full_name_format"
+
+/* NSS */
+#define CONFDB_NSS_CONF_ENTRY "config/nss"
+#define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout"
+#define CONFDB_NSS_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
+#define CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT "entry_cache_nowait_timeout"
+#define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout"
+#define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups"
+#define CONFDB_NSS_FILTER_USERS "filter_users"
+#define CONFDB_NSS_FILTER_GROUPS "filter_groups"
+
+/* PAM */
+#define CONFDB_PAM_CONF_ENTRY "config/pam"
+
+/* Data Provider */
+#define CONFDB_DP_CONF_ENTRY "config/dp"
+
+/* Domains */
+#define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s"
+#define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config"
+#define CONFDB_DOMAIN_ID_PROVIDER "id_provider"
+#define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider"
+#define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider"
+#define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider"
+#define CONFDB_DOMAIN_COMMAND "command"
+#define CONFDB_DOMAIN_TIMEOUT "timeout"
+#define CONFDB_DOMAIN_ATTR "cn"
+#define CONFDB_DOMAIN_ENUMERATE "enumerate"
+#define CONFDB_DOMAIN_MINID "min_id"
+#define CONFDB_DOMAIN_MAXID "max_id"
+#define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials"
+#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords"
+#define CONFDB_DOMAIN_MPG "magic_private_groups"
+#define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
+
+/* Local Provider */
+#define CONFDB_LOCAL_DEFAULT_SHELL "default_shell"
+#define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory"
+
+/* Proxy Provider */
+#define CONFDB_PROXY_LIBNAME "proxy_lib_name"
+#define CONFDB_PROXY_PAM_TARGET "proxy_pam_target"
+
+/* KRB5 Provider */
+#define CONFDB_KRB5_KDCIP "krb5_kdcip"
+#define CONFDB_KRB5_REALM "krb5_realm"
+#define CONFDB_KRB5_CCACHEDIR "krb5_ccachedir"
+#define CONFDB_KRB5_CCNAME_TMPL "krb5_ccname_template"
+#define CONFDB_KRB5_TRY_SIMPLE_UPN "krb5_try_simple_upn"
+#define CONFDB_KRB5_CHANGEPW_PRINC "krb5_changepw_principle"
+#define CONFDB_KRB5_AUTH_TIMEOUT "krb5_auth_timeout"
struct confdb_ctx;
struct config_file_ctx;
diff --git a/server/confdb/confdb_setup.c b/server/confdb/confdb_setup.c
index 00bba7f11..9110a5e98 100644
--- a/server/confdb/confdb_setup.c
+++ b/server/confdb/confdb_setup.c
@@ -57,9 +57,15 @@ int confdb_test(struct confdb_ctx *cdb)
}
if (strcmp(values[0], CONFDB_VERSION) != 0) {
- /* bad version get out */
+ /* Existing version does not match executable version */
+ DEBUG(1, ("Upgrading confdb version from %s to %s\n",
+ values[0], CONFDB_VERSION));
+
+ /* This is recoverable, since we purge the confdb file
+ * when we re-initialize it.
+ */
talloc_free(values);
- return EIO;
+ return ENOENT;
}
talloc_free(values);
@@ -266,12 +272,14 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb)
int ret, i;
struct collection_item *sssd_config = NULL;
struct collection_item *error_list = NULL;
+ struct collection_item *item = NULL;
char *config_ldif;
struct ldb_ldif *ldif;
TALLOC_CTX *tmp_ctx;
char *lasttimestr, timestr[21];
const char *vals[2] = { timestr, NULL };
struct stat cstat;
+ int version;
tmp_ctx = talloc_new(cdb);
if (tmp_ctx == NULL) return ENOMEM;
@@ -327,6 +335,35 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb)
goto done;
}
+ /* Make sure that the config file version matches the confdb version */
+ ret = get_config_item("sssd", "config_file_version",
+ sssd_config, &item);
+ if (ret != EOK) {
+ DEBUG(0, ("Internal error determining config_file_version\n"));
+ goto done;
+ }
+ if (item == NULL) {
+ /* No known version. Assumed to be version 1 */
+ DEBUG(0, ("Config file is an old version. "
+ "Please run configuration upgrade script.\n"));
+ ret = EINVAL;
+ goto done;
+ }
+ version = get_int_config_value(item, 1, -1, &ret);
+ if (ret != EOK) {
+ DEBUG(0, ("Config file version could not be determined\n"));
+ goto done;
+ } else if (version < CONFDB_VERSION_INT) {
+ DEBUG(0, ("Config file is an old version. "
+ "Please run configuration upgrade script.\n"));
+ ret = EINVAL;
+ goto done;
+ } else if (version > CONFDB_VERSION_INT) {
+ DEBUG(0, ("Config file version is newer than confdb\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = confdb_create_ldif(tmp_ctx, sssd_config, &config_ldif);
free_ini_config(sssd_config);
if (ret != EOK) {
diff --git a/server/confdb/confdb_setup.h b/server/confdb/confdb_setup.h
index 7cba0b91a..2b8802f6f 100644
--- a/server/confdb/confdb_setup.h
+++ b/server/confdb/confdb_setup.h
@@ -22,7 +22,8 @@
#ifndef CONFDB_SETUP_H_
#define CONFDB_SETUP_H_
-#define CONFDB_VERSION "1"
+#define CONFDB_VERSION "2"
+#define CONFDB_VERSION_INT 2
#define CONFDB_BASE_LDIF \
"dn: @ATTRIBUTES\n" \
@@ -41,7 +42,7 @@
#define CONFDB_INTERNAL_LDIF \
"dn: cn=config\n" \
- "version: 1\n" \
+ "version: "CONFDB_VERSION"\n" \
"\n"
int confdb_create_base(struct confdb_ctx *cdb);
generated by cgit (git 2.34.1) at 2024-04-27 19:53:47 +0000