From 8263230a0c543a737ab17a071a0ea964dcab4259 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 22 Sep 2009 09:47:41 -0400 Subject: Upgrade confdb to version 2 This converts a great many configuration options to the new standard format. --- server/confdb/confdb.c | 52 ++++++++++++++------------------- server/confdb/confdb.h | 69 +++++++++++++++++++++++++++++++++++++++++++- server/confdb/confdb_setup.c | 41 ++++++++++++++++++++++++-- server/confdb/confdb_setup.h | 5 ++-- 4 files changed, 131 insertions(+), 36 deletions(-) (limited to 'server/confdb') diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c index bb1fc2b2f..ca7be4544 100644 --- a/server/confdb/confdb.c +++ b/server/confdb/confdb.c @@ -30,19 +30,6 @@ #include "util/strtonum.h" #include "db/sysdb.h" -#define CONFDB_DOMAINS_PATH "config/domains" -#define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config" -#define CONFDB_DOMAIN_ATTR "cn" -#define CONFDB_PROVIDER "provider" -#define CONFDB_TIMEOUT "timeout" -#define CONFDB_ENUMERATE "enumerate" -#define CONFDB_MINID "minId" -#define CONFDB_MAXID "maxId" -#define CONFDB_CACHE_CREDS "cache-credentials" -#define CONFDB_LEGACY_PASS "store-legacy-passwords" -#define CONFDB_MPG "magicPrivateGroups" -#define CONFDB_FQ "useFullyQualifiedNames" - #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ @@ -728,7 +715,6 @@ static errno_t get_entry_as_bool(struct ldb_message *msg, bool default_value) { const char *tmp = NULL; - char *endptr; *return_value = 0; @@ -808,7 +794,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_PROVIDER, NULL); + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_ID_PROVIDER, + NULL); if (tmp) { domain->provider = talloc_strdup(domain, tmp); if (!domain->provider) { @@ -817,20 +805,20 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } else { - DEBUG(0, ("Domain [%s] does not specify a provider, disabling!\n", + DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n", domain->name)); ret = EINVAL; goto done; } domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0], - CONFDB_TIMEOUT, 0); + CONFDB_DOMAIN_TIMEOUT, 0); /* Determine if this domain can be enumerated */ /* TEMP: test if the old bitfield conf value is used and warn it has been * superceeded. */ - val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_ENUMERATE, 0); + val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0); if (val > 0) { /* ok there was a number in here */ DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! " "Enumeration is now a boolean and takes true/false values. " @@ -838,9 +826,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, domain->enumerate = true; } else { /* assume the new format */ ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, - CONFDB_ENUMERATE, 0); + CONFDB_DOMAIN_ENUMERATE, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_ENUMERATE)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE)); goto done; } } @@ -849,9 +837,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } /* Determine if this is domain uses MPG */ - ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_MPG, 0); + ret = get_entry_as_bool(res->msgs[0], &domain->mpg, CONFDB_DOMAIN_MPG, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_MPG)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_MPG)); goto done; } @@ -862,14 +850,14 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, /* Determine if user/group names will be Fully Qualified * in NSS interfaces */ - ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_FQ, 0); + ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_FQ)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ)); goto done; } ret = get_entry_as_uint32(res->msgs[0], &domain->id_min, - CONFDB_MINID, SSSD_MIN_ID); + CONFDB_DOMAIN_MINID, SSSD_MIN_ID); if (ret != EOK) { DEBUG(0, ("Invalid value for minId\n")); ret = EINVAL; @@ -877,7 +865,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } ret = get_entry_as_uint32(res->msgs[0], &domain->id_max, - CONFDB_MAXID, 0); + CONFDB_DOMAIN_MAXID, 0); if (ret != EOK) { DEBUG(0, ("Invalid value for maxId\n")); ret = EINVAL; @@ -892,16 +880,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, /* Do we allow to cache credentials */ ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials, - CONFDB_CACHE_CREDS, 0); + CONFDB_DOMAIN_CACHE_CREDS, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_CACHE_CREDS)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS)); goto done; } ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, - CONFDB_LEGACY_PASS, 0); + CONFDB_DOMAIN_LEGACY_PASS, 0); if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_LEGACY_PASS)); + DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS)); goto done; } @@ -930,7 +918,9 @@ int confdb_get_domains(struct confdb_ctx *cdb, if (!tmp_ctx) return ENOMEM; ret = confdb_get_string_as_list(cdb, tmp_ctx, - CONFDB_DOMAINS_PATH, "domains", &domlist); + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_ACTIVE_DOMAINS, + &domlist); if (ret == ENOENT) { DEBUG(0, ("No domains configured, fatal error!\n")); goto done; diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h index a0da9b4f0..7ca85507c 100644 --- a/server/confdb/confdb.h +++ b/server/confdb/confdb.h @@ -34,7 +34,74 @@ #define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf" #define SSSD_MIN_ID 1000 -#define SERVICE_CONF_ENTRY "config/services" +/* Configuration options */ + +/* Services */ +#define CONFDB_SERVICE_PATH_TMPL "config/%s" +#define CONFDB_SERVICE_COMMAND "command" +#define CONFDB_SERVICE_DEBUG_LEVEL "debug_level" +#define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps" +#define CONFDB_SERVICE_TIMEOUT "timeout" +#define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries" + +/* Monitor */ +#define CONFDB_MONITOR_CONF_ENTRY "config/sssd" +#define CONFDB_MONITOR_SBUS_TIMEOUT "sbus_timeout" +#define CONFDB_MONITOR_ACTIVE_SERVICES "services" +#define CONFDB_MONITOR_ACTIVE_DOMAINS "domains" +#define CONFDB_MONITOR_NAME_REGEX "re_expression" +#define CONFDB_MONITOR_FULL_NAME_FORMAT "full_name_format" + +/* NSS */ +#define CONFDB_NSS_CONF_ENTRY "config/nss" +#define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout" +#define CONFDB_NSS_ENTRY_CACHE_TIMEOUT "entry_cache_timeout" +#define CONFDB_NSS_ENTRY_CACHE_NOWAIT_TIMEOUT "entry_cache_nowait_timeout" +#define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout" +#define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups" +#define CONFDB_NSS_FILTER_USERS "filter_users" +#define CONFDB_NSS_FILTER_GROUPS "filter_groups" + +/* PAM */ +#define CONFDB_PAM_CONF_ENTRY "config/pam" + +/* Data Provider */ +#define CONFDB_DP_CONF_ENTRY "config/dp" + +/* Domains */ +#define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s" +#define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config" +#define CONFDB_DOMAIN_ID_PROVIDER "id_provider" +#define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider" +#define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider" +#define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider" +#define CONFDB_DOMAIN_COMMAND "command" +#define CONFDB_DOMAIN_TIMEOUT "timeout" +#define CONFDB_DOMAIN_ATTR "cn" +#define CONFDB_DOMAIN_ENUMERATE "enumerate" +#define CONFDB_DOMAIN_MINID "min_id" +#define CONFDB_DOMAIN_MAXID "max_id" +#define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials" +#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords" +#define CONFDB_DOMAIN_MPG "magic_private_groups" +#define CONFDB_DOMAIN_FQ "use_fully_qualified_names" + +/* Local Provider */ +#define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" +#define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" + +/* Proxy Provider */ +#define CONFDB_PROXY_LIBNAME "proxy_lib_name" +#define CONFDB_PROXY_PAM_TARGET "proxy_pam_target" + +/* KRB5 Provider */ +#define CONFDB_KRB5_KDCIP "krb5_kdcip" +#define CONFDB_KRB5_REALM "krb5_realm" +#define CONFDB_KRB5_CCACHEDIR "krb5_ccachedir" +#define CONFDB_KRB5_CCNAME_TMPL "krb5_ccname_template" +#define CONFDB_KRB5_TRY_SIMPLE_UPN "krb5_try_simple_upn" +#define CONFDB_KRB5_CHANGEPW_PRINC "krb5_changepw_principle" +#define CONFDB_KRB5_AUTH_TIMEOUT "krb5_auth_timeout" struct confdb_ctx; struct config_file_ctx; diff --git a/server/confdb/confdb_setup.c b/server/confdb/confdb_setup.c index 00bba7f11..9110a5e98 100644 --- a/server/confdb/confdb_setup.c +++ b/server/confdb/confdb_setup.c @@ -57,9 +57,15 @@ int confdb_test(struct confdb_ctx *cdb) } if (strcmp(values[0], CONFDB_VERSION) != 0) { - /* bad version get out */ + /* Existing version does not match executable version */ + DEBUG(1, ("Upgrading confdb version from %s to %s\n", + values[0], CONFDB_VERSION)); + + /* This is recoverable, since we purge the confdb file + * when we re-initialize it. + */ talloc_free(values); - return EIO; + return ENOENT; } talloc_free(values); @@ -266,12 +272,14 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb) int ret, i; struct collection_item *sssd_config = NULL; struct collection_item *error_list = NULL; + struct collection_item *item = NULL; char *config_ldif; struct ldb_ldif *ldif; TALLOC_CTX *tmp_ctx; char *lasttimestr, timestr[21]; const char *vals[2] = { timestr, NULL }; struct stat cstat; + int version; tmp_ctx = talloc_new(cdb); if (tmp_ctx == NULL) return ENOMEM; @@ -327,6 +335,35 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb) goto done; } + /* Make sure that the config file version matches the confdb version */ + ret = get_config_item("sssd", "config_file_version", + sssd_config, &item); + if (ret != EOK) { + DEBUG(0, ("Internal error determining config_file_version\n")); + goto done; + } + if (item == NULL) { + /* No known version. Assumed to be version 1 */ + DEBUG(0, ("Config file is an old version. " + "Please run configuration upgrade script.\n")); + ret = EINVAL; + goto done; + } + version = get_int_config_value(item, 1, -1, &ret); + if (ret != EOK) { + DEBUG(0, ("Config file version could not be determined\n")); + goto done; + } else if (version < CONFDB_VERSION_INT) { + DEBUG(0, ("Config file is an old version. " + "Please run configuration upgrade script.\n")); + ret = EINVAL; + goto done; + } else if (version > CONFDB_VERSION_INT) { + DEBUG(0, ("Config file version is newer than confdb\n")); + ret = EINVAL; + goto done; + } + ret = confdb_create_ldif(tmp_ctx, sssd_config, &config_ldif); free_ini_config(sssd_config); if (ret != EOK) { diff --git a/server/confdb/confdb_setup.h b/server/confdb/confdb_setup.h index 7cba0b91a..2b8802f6f 100644 --- a/server/confdb/confdb_setup.h +++ b/server/confdb/confdb_setup.h @@ -22,7 +22,8 @@ #ifndef CONFDB_SETUP_H_ #define CONFDB_SETUP_H_ -#define CONFDB_VERSION "1" +#define CONFDB_VERSION "2" +#define CONFDB_VERSION_INT 2 #define CONFDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ @@ -41,7 +42,7 @@ #define CONFDB_INTERNAL_LDIF \ "dn: cn=config\n" \ - "version: 1\n" \ + "version: "CONFDB_VERSION"\n" \ "\n" int confdb_create_base(struct confdb_ctx *cdb); -- cgit