diff options
author | Michal Židek <mzidek@redhat.com> | 2016-06-27 17:33:14 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-07-07 14:54:02 +0200 |
commit | e088912418fd4db750f2097dfde8ef9b77303f05 (patch) | |
tree | 08f571784985b383d0263974c6731c721b7b70c1 | |
parent | 199984c7972272f8162a356cda139c22f6f08556 (diff) | |
download | sssd-e088912418fd4db750f2097dfde8ef9b77303f05.tar.gz sssd-e088912418fd4db750f2097dfde8ef9b77303f05.tar.xz sssd-e088912418fd4db750f2097dfde8ef9b77303f05.zip |
sssctl: Add config-check command
Fixes:
https://fedorahosted.org/sssd/ticket/2269
sssctl sconfig-check command allows to
call SSSD config file validators on
demand.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | src/tools/sssctl/sssctl.c | 4 | ||||
-rw-r--r-- | src/tools/sssctl/sssctl.h | 4 | ||||
-rw-r--r-- | src/tools/sssctl/sssctl_config.c | 136 | ||||
-rw-r--r-- | src/util/sss_ini.c | 2 |
5 files changed, 145 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index 4089b690b..706b60d6a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1566,6 +1566,7 @@ sssctl_SOURCES = \ src/tools/sssctl/sssctl_logs.c \ src/tools/sssctl/sssctl_domains.c \ src/tools/sssctl/sssctl_sifp.c \ + src/tools/sssctl/sssctl_config.c \ $(SSSD_TOOLS_OBJ) \ $(NULL) sssctl_LDADD = \ diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c index be5f1b470..86656f136 100644 --- a/src/tools/sssctl/sssctl.c +++ b/src/tools/sssctl/sssctl.c @@ -271,6 +271,10 @@ int main(int argc, const char **argv) SSS_TOOL_DELIMITER("Log files tools:"), SSS_TOOL_COMMAND("remove-logs", "Remove existing SSSD log files", 0, sssctl_remove_logs), SSS_TOOL_COMMAND("fetch-logs", "Archive SSSD log files in tarball", 0, sssctl_fetch_logs), +#ifdef HAVE_LIBINI_CONFIG_V1_3 + SSS_TOOL_DELIMITER("Configuration files tools:"), + SSS_TOOL_COMMAND("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check), +#endif {NULL, NULL, 0, NULL} }; diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h index ae6e62c32..be624755d 100644 --- a/src/tools/sssctl/sssctl.h +++ b/src/tools/sssctl/sssctl.h @@ -100,4 +100,8 @@ errno_t sssctl_netgroup(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); +errno_t sssctl_config_check(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); + #endif /* _SSSCTL_H_ */ diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c new file mode 100644 index 000000000..fc13582ac --- /dev/null +++ b/src/tools/sssctl/sssctl_config.c @@ -0,0 +1,136 @@ +/* + Authors: + Michal Židek <mzidek@redhat.com> + + Copyright (C) 2016 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "config.h" + +#include <popt.h> +#include <stdio.h> +#include <ini_configobj.h> + +#include "util/util.h" +#include "util/sss_ini.h" +#include "tools/common/sss_tools.h" +#include "tools/common/sss_process.h" +#include "tools/sssctl/sssctl.h" +#include "confdb/confdb.h" + +#ifdef HAVE_LIBINI_CONFIG_V1_3 +errno_t sssctl_config_check(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt) +{ + errno_t ret; + struct ini_errobj *errobj = NULL; + struct sss_ini_initdata *init_data; + struct ref_array *ra; + char *msg; + uint32_t i = 0; + size_t num_errors; + size_t num_ra_error; + char **strs = NULL; + TALLOC_CTX *tmp_ctx = NULL; + + tmp_ctx = talloc_new(NULL); + init_data = sss_ini_initdata_init(tmp_ctx); + if (!init_data) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n"); + ret = ENOMEM; + goto done; + } + + /* Open config file */ + ret = sss_ini_config_file_open(init_data, SSSD_CONFIG_FILE); + if (ret != EOK) { + DEBUG(SSSDBG_TRACE_FUNC, + "sss_ini_config_file_open failed: %s [%d]\n", + sss_strerror(ret), + ret); + goto done; + } + + /* Check the file permissions */ + ret = sss_ini_config_access_check(init_data); + if (ret != EOK) { + printf(_("Access check on sssd.conf file failed.\n")); + ret = EPERM; + goto done; + } + + ret = sss_ini_get_config(init_data, + SSSD_CONFIG_FILE, + CONFDB_DEFAULT_CONFIG_DIR); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to load configuration\n"); + goto done; + } + + /* Read rules */ + ret = sss_ini_call_validators_strs(tmp_ctx, init_data, + SSSDDATADIR"/cfg_rules.ini", + &strs, &num_errors); + if (ret) { + goto done; + } + + /* Output from validators */ + printf(_("Issues identified by validators: %lu\n"), num_errors); + for (i = 0; i < num_errors; i++) { + printf("%s\n", strs[i]); + } + + /* Merging issues */ + ra = sss_ini_get_ra_error_list(init_data); + num_ra_error = ref_array_len(ra); + + printf("\n"); + printf(_("Messages generated during configuration merging: %zu\n"), + num_ra_error); + + i = 0; + while (ref_array_get(ra, i, &msg) != NULL) { + printf("%s\n", msg); + i++; + } + + /* Used snippet files */ + ra = sss_ini_get_ra_success_list(init_data); + + printf("\n"); + printf(_("Used configuration snippet files: %u\n"), + ref_array_len(ra)); + + i = 0; + while (ref_array_get(ra, i, &msg) != NULL) { + printf("%s\n", msg); + i++; + } + + if (num_errors != 0 || num_ra_error != 0) { + ret = EINVAL; + } else { + ret = EOK; + } + +done: + ini_errobj_destroy(&errobj); + sss_ini_config_destroy(init_data); + return ret; +} +#endif /* HAVE_LIBINI_CONFIG_V1_3 */ diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c index 4b032b03c..d9bc46ad7 100644 --- a/src/util/sss_ini.c +++ b/src/util/sss_ini.c @@ -361,8 +361,6 @@ int sss_ini_get_cfgobj(struct sss_ini_initdata *init_data, INI_GET_FIRST_VALUE, &init_data->obj); } - - /* Check configuration object */ int sss_ini_check_config_obj(struct sss_ini_initdata *init_data) |