diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-03-19 21:28:41 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-03-20 11:14:56 -0400 |
| commit | 7d5bf9a11d60e5330e12d5d94ebba8d6a4606eb0 (patch) | |
| tree | 529b945482192d47f230f9ddc42a4b91ea4c5e0c /server | |
| parent | 3efbdeae89d67fac737ac7500616054b92693685 (diff) | |
| download | sssd-7d5bf9a11d60e5330e12d5d94ebba8d6a4606eb0.tar.gz sssd-7d5bf9a11d60e5330e12d5d94ebba8d6a4606eb0.tar.xz sssd-7d5bf9a11d60e5330e12d5d94ebba8d6a4606eb0.zip | |
Simplify default configuration
Make confdb load a base ldif like sysdb to initialize the db,
makes it simpler to understand at first sight what is the default
configuration.
Make the parameter "command" optional. Derive the default command
from available information.
Make the debug level a global by default so that enabling debug for
all components is as easy as passing just -d X to the sssd binary.
Diffstat (limited to 'server')
| -rw-r--r-- | server/confdb/confdb.c | 146 | ||||
| -rw-r--r-- | server/confdb/confdb.h | 2 | ||||
| -rw-r--r-- | server/confdb/confdb_private.h | 55 | ||||
| -rw-r--r-- | server/monitor/monitor.c | 76 |
4 files changed, 157 insertions, 122 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c index dd5c1bd6d..0154c1407 100644 --- a/server/confdb/confdb.c +++ b/server/confdb/confdb.c @@ -24,12 +24,14 @@ #include "ldb_errors.h" #include "util/util.h" #include "confdb/confdb.h" +#include "confdb/confdb_private.h" #include "util/btreemap.h" #include "db/sysdb.h" #define CONFDB_VERSION "0.1" #define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config" #define CONFDB_DOMAIN_ATTR "cn" #define CONFDB_MPG "magicPrivateGroups" +#define CONFDB_FQ "useFullyQualifiedNames" #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ @@ -522,6 +524,8 @@ static int confdb_test(struct confdb_ctx *cdb) static int confdb_init_db(struct confdb_ctx *cdb) { + const char *base_ldif; + struct ldb_ldif *ldif; const char *val[2]; int ret; TALLOC_CTX *tmp_ctx; @@ -529,88 +533,18 @@ static int confdb_init_db(struct confdb_ctx *cdb) tmp_ctx = talloc_new(cdb); if(tmp_ctx == NULL) return ENOMEM; - val[0] = CONFDB_VERSION; - val[1] = NULL; - - /* Add the confdb version */ - ret = confdb_add_param(cdb, - false, - "config", - "version", - val); - if (ret != EOK) goto done; - - /* Set up default monitored services */ - val[0] = "Local service configuration"; - ret = confdb_add_param(cdb, false, "config/services", "description", val); - if (ret != EOK) goto done; - -/* PAM */ - /* set the sssd_pam description */ - val[0] = "PAM Responder Configuration"; - ret = confdb_add_param(cdb, false, "config/services/pam", "description", val); - if (ret != EOK) goto done; - - /* Set the sssd_pam command path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_pam", SSSD_LIBEXEC_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/pam", "command", val); - if (ret != EOK) goto done; - -#if 0 /* for future use */ - /* Set the sssd_pam socket path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/pam", PIPE_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/pam", "unixSocket", val); - if (ret != EOK) goto done; -#endif /* for future use */ - - /* Add PAM to the list of active services */ - val[0] = "pam"; - ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); - if (ret != EOK) goto done; - -/* NSS */ - /* set the sssd_nss description */ - val[0] = "NSS Responder Configuration"; - ret = confdb_add_param(cdb, false, "config/services/nss", "description", val); - if (ret != EOK) goto done; - - /* Set the sssd_nss command path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", SSSD_LIBEXEC_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/nss", "command", val); - if (ret != EOK) goto done; - -#if 0 /* for future use */ - /* Set the sssd_nss socket path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", PIPE_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/nss", "unixSocket", val); - if (ret != EOK) goto done; -#endif /* for future use */ - - /* Add NSS to the list of active services */ - val[0] = "nss"; - ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); - if (ret != EOK) goto done; - -/* Data Provider */ - /* Set the sssd_dp description */ - val[0] = "Data Provider Configuration"; - ret = confdb_add_param(cdb, false, "config/services/dp", "description", val); - if (ret != EOK) goto done; - - /* Set the sssd_dp command path */ - val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_dp", SSSD_LIBEXEC_PATH); - CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/dp", "command", val); - if (ret != EOK) goto done; - - /* Add the Data Provider to the list of active services */ - val[0] = "dp"; - ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); - if (ret != EOK) goto done; + /* cn=confdb does not exists, means db is empty, populate */ + base_ldif = CONFDB_BASE_LDIF; + while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) { + ret = ldb_add(cdb->ldb, ldif->msg); + if (ret != LDB_SUCCESS) { + DEBUG(0, ("Failed to inizialiaze DB (%d,[%s]), aborting!\n", + ret, ldb_errstring(cdb->ldb))); + ret = EIO; + goto done; + } + ldb_ldif_read_free(cdb->ldb, ldif); + } /* InfoPipe */ #ifdef HAVE_INFOPIPE @@ -635,47 +569,21 @@ static int confdb_init_db(struct confdb_ctx *cdb) #ifdef HAVE_POLICYKIT /* Set the sssd_pk description */ val[0] = "PolicyKit Backend Configuration"; - ret = confdb_add_param(cdb, false, "config/services/spk", "description", val); + ret = confdb_add_param(cdb, false, "config/services/pk", "description", val); if (ret != EOK) goto done; /* Set the sssd_info command path */ val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_pk", SSSD_LIBEXEC_PATH); CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done); - ret = confdb_add_param(cdb, false, "config/services/spk", "command", val); + ret = confdb_add_param(cdb, false, "config/services/pk", "command", val); if (ret != EOK) goto done; /* Add the InfoPipe to the list of active services */ - val[0] = "spk"; + val[0] = "pk"; ret = confdb_add_param(cdb, false, "config/services", "activeServices", val); if (ret != EOK) goto done; #endif -/* Domains */ - val[0] = "Domains served by SSSD"; - ret = confdb_add_param(cdb, false, "config/domains", "description", val); - if (ret != EOK) goto done; - - /* Default LOCAL domain */ - val[0] = "Reserved domain for local configurations"; - ret = confdb_add_param(cdb, false, "config/domains/LOCAL", "description", val); - if (ret != EOK) goto done; - - val[0] = "LOCAL"; - ret = confdb_add_param(cdb, false, "config/domains", "default", val); - if(ret != EOK) goto done; - - /* Set enumeration of LOCAL domain to allow user and groups - * (mask 1: users, 2: groups) - */ - val[0] = "3"; - ret = confdb_add_param(cdb, false, "config/domains/LOCAL", "enumerate", val); - if (ret != EOK) goto done; - - /* LOCAL uses Magic Private Groups by default */ - val[0] = "TRUE"; - ret = confdb_add_param(cdb, false, "config/domains/LOCAL", CONFDB_MPG, val); - if (ret != EOK) goto done; - done: talloc_free(tmp_ctx); return ret; @@ -795,6 +703,15 @@ int confdb_get_domains(struct confdb_ctx *cdb, goto done; } + tmp = ldb_msg_find_attr_as_string(res->msgs[i], "provider", NULL); + if (tmp) { + domain->provider = talloc_strdup(domain, tmp); + if (!domain->provider) { + ret = ENOMEM; + goto done; + } + } + domain->timeout = ldb_msg_find_attr_as_int(res->msgs[i], "timeout", 0); @@ -815,6 +732,13 @@ int confdb_get_domains(struct confdb_ctx *cdb, domain->mpg = true; } + /* Determine if user/group names will be Fully Qualified + * in NSS interfaces */ + if (ldb_msg_find_attr_as_bool(res->msgs[i], CONFDB_FQ, 0)) { + domain->fqnames = true; + } + + domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[i], "minId", SSSD_MIN_ID); domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[i], diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h index 4767a78ee..6d3854439 100644 --- a/server/confdb/confdb.h +++ b/server/confdb/confdb.h @@ -32,8 +32,10 @@ struct sss_domain_info { char *name; + char *provider; int timeout; int enumerate; + bool fqnames; bool legacy; bool mpg; uint32_t id_min; diff --git a/server/confdb/confdb_private.h b/server/confdb/confdb_private.h new file mode 100644 index 000000000..a911e9c4a --- /dev/null +++ b/server/confdb/confdb_private.h @@ -0,0 +1,55 @@ + +#define CONFDB_BASE_LDIF \ + "dn: @ATTRIBUTES\n" \ + "cn: CASE_INSENSITIVE\n" \ + "dc: CASE_INSENSITIVE\n" \ + "dn: CASE_INSENSITIVE\n" \ + "name: CASE_INSENSITIVE\n" \ + "objectclass: CASE_INSENSITIVE\n" \ + "\n" \ + "dn: @INDEXLIST\n" \ + "@IDXATTR: cn\n" \ + "\n" \ + "dn: @MODULES\n" \ + "@LIST: server_sort\n" \ + "\n" \ + "dn: cn=config\n" \ + "cn: config\n" \ + "version: 0.1\n" \ + "description: base object\n" \ + "\n" \ + "dn: cn=services,cn=config\n" \ + "cn: services\n" \ + "description: Local service configuration\n" \ + "activeServices: dp\n" \ + "activeServices: nss\n" \ + "activeServices: pam\n" \ + "activeServices: info\n" \ + "\n" \ + "dn: cn=monitor,cn=services,cn=config\n" \ + "cn: monitor\n" \ + "description: Monitor Configuration\n" \ + "\n" \ + "dn: cn=dp,cn=services,cn=config\n" \ + "cn: dp\n" \ + "description: Data Provider Configuration\n" \ + "\n" \ + "dn: cn=nss,cn=services,cn=config\n" \ + "cn: nss\n" \ + "description: NSS Responder Configuration\n" \ + "\n" \ + "dn: cn=pam,cn=services,cn=config\n" \ + "cn: pam\n" \ + "description: PAM Responder Configuration\n" \ + "\n" \ + "dn: cn=domains,cn=config\n" \ + "cn: domains\n" \ + "description: Domains served by SSSD\n" \ + "default: LOCAL\n" \ + "\n" \ + "dn: cn=LOCAL,cn=domains,cn=config\n" \ + "cn: LOCAL\n" \ + "description: LOCAL domain\n" \ + "enumerate: 3\n" \ + "magicPrivateGroups: TRUE\n" \ + "\n" diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c index d797ae0e2..4a6abdc99 100644 --- a/server/monitor/monitor.c +++ b/server/monitor/monitor.c @@ -50,8 +50,10 @@ struct mt_svc { struct mt_conn *mt_conn; struct mt_ctx *mt_ctx; + char *provider; char *command; char *name; + char *identity; pid_t pid; int ping_time; @@ -59,6 +61,8 @@ struct mt_svc { int restarts; time_t last_restart; time_t last_pong; + + int debug_level; }; struct mt_ctx { @@ -412,22 +416,44 @@ int monitor_process_init(TALLOC_CTX *mem_ctx, talloc_free(ctx); return ENOMEM; } - svc->name = ctx->services[i]; svc->mt_ctx = ctx; + svc->name = talloc_strdup(svc, ctx->services[i]); + if (!svc->name) { + talloc_free(ctx); + return ENOMEM; + } + + svc->identity = talloc_strdup(svc, ctx->services[i]); + if (!svc->identity) { + talloc_free(ctx); + return ENOMEM; + } + path = talloc_asprintf(svc, "config/services/%s", svc->name); if (!path) { talloc_free(ctx); return ENOMEM; } - ret = confdb_get_string(cdb, svc, path, "command", NULL, &svc->command); + ret = confdb_get_string(cdb, svc, path, "command", + NULL, &svc->command); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); talloc_free(svc); continue; } + if (!svc->command) { + svc->command = talloc_asprintf(svc, "%s/sssd_%s -d %d", + SSSD_LIBEXEC_PATH, svc->name, + debug_level); + if (!svc->command) { + talloc_free(ctx); + return ENOMEM; + } + } + ret = confdb_get_int(cdb, svc, path, "timeout", MONITOR_DEF_PING_TIME, &svc->ping_time); if (ret != EOK) { @@ -463,18 +489,38 @@ int monitor_process_init(TALLOC_CTX *mem_ctx, talloc_free(ctx); return ENOMEM; } - svc->name = talloc_asprintf(svc, "%%BE_%s", doms[i]); svc->mt_ctx = ctx; + svc->name = talloc_strdup(svc, doms[i]); + if (!svc->name) { + talloc_free(ctx); + return ENOMEM; + } + + svc->identity = talloc_asprintf(svc, "%%BE_%s", svc->name); + if (!svc->identity) { + talloc_free(ctx); + return ENOMEM; + } + path = talloc_asprintf(svc, "config/domains/%s", doms[i]); if (!path) { talloc_free(ctx); return ENOMEM; } + + ret = confdb_get_string(cdb, svc, path, + "provider", NULL, &svc->provider); + if (ret != EOK) { + DEBUG(0, ("Failed to find provider from [%s] configuration\n", doms[i])); + talloc_free(svc); + continue; + } + ret = confdb_get_string(cdb, svc, path, "command", NULL, &svc->command); if (ret != EOK) { - DEBUG(0, ("Failed to find provider [%s] configuration\n", doms[i])); + DEBUG(0, ("Failed to find command from [%s] configuration\n", doms[i])); talloc_free(svc); continue; } @@ -489,16 +535,24 @@ int monitor_process_init(TALLOC_CTX *mem_ctx, talloc_free(path); - /* if no command is present do not run the domain */ - if (svc->command == NULL) { - /* the LOCAL domain does not need a backend at the moment */ - if (strcasecmp(doms[i], "LOCAL") != 0) { - DEBUG(0, ("Missing command to run provider\n")); - } + /* if no provider is present do not run the domain */ + if (!svc->provider) { talloc_free(svc); continue; } + /* if there are no custom commands, build a default one */ + if (!svc->command) { + svc->command = talloc_asprintf(svc, + "%s/sssd_be -d %d --provider %s --domain %s", + SSSD_LIBEXEC_PATH, debug_level, + svc->provider, svc->name); + if (!svc->command) { + talloc_free(ctx); + return ENOMEM; + } + } + ret = start_service(svc); if (ret != EOK) { DEBUG(0,("Failed to start provider for '%s'\n", doms[i])); @@ -657,7 +711,7 @@ static void identity_check(DBusPendingCall *pending, void *data) /* search this service in the list */ svc = fake_svc->mt_ctx->svc_list; while (svc) { - ret = strcasecmp(svc->name, svc_name); + ret = strcasecmp(svc->identity, svc_name); if (ret == 0) { break; } |