diff options
| -rw-r--r-- | Makefile.am | 12 | ||||
| -rw-r--r-- | contrib/sssd.spec.in | 3 | ||||
| -rw-r--r-- | src/confdb/confdb.h | 1 | ||||
| -rw-r--r-- | src/confdb/confdb_setup.c | 40 | ||||
| -rw-r--r-- | src/examples/sssd-shadowutils | 6 | ||||
| -rw-r--r-- | src/examples/sssd.conf | 17 |
6 files changed, 74 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index 7161bef3c..d23913b0f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -33,6 +33,7 @@ endif sssdlibexecdir = $(libexecdir)/sssd sssdlibdir = $(libdir)/sssd +sssddefaultconfdir = $(sssdlibdir)/conf ldblibdir = @ldblibdir@ if BUILD_KRB5_LOCATOR_PLUGIN krb5plugindir = @krb5pluginpath@ @@ -77,6 +78,7 @@ pkgconfigdir = $(libdir)/pkgconfig krb5rcachedir = @krb5rcachedir@ sudolibdir = @sudolibpath@ polkitdir = @polkitdir@ +pamconfdir = $(sysconfdir)/pam.d UNICODE_LIBS=@UNICODE_LIBS@ @@ -434,6 +436,7 @@ AM_CPPFLAGS = \ -DSHLIBEXT=\"$(SHLIBEXT)\" \ -DSSSD_LIBEXEC_PATH=\"$(sssdlibexecdir)\" \ -DSSSD_CONF_DIR=\"$(sssdconfdir)\" \ + -DSSSD_DEFAULT_CONF_DIR=\"$(sssddefaultconfdir)\" \ -DSSS_NSS_MCACHE_DIR=\"$(mcpath)\" \ -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \ -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \ @@ -1104,8 +1107,8 @@ sssd_SOURCES = \ src/monitor/monitor.c \ src/monitor/monitor_netlink.c \ src/confdb/confdb_setup.c \ - src/util/nscd.c \ src/monitor/monitor_iface_generated.c \ + $(SSSD_TOOLS_OBJ) \ $(NULL) sssd_LDADD = \ $(SSSD_LIBS) \ @@ -1268,6 +1271,12 @@ dist_noinst_DATA += \ src/sss_client/COPYING.LESSER \ src/m4 +dist_sssddefaultconf_DATA = \ + src/examples/sssd.conf + +dist_pamconf_DATA = \ + src/examples/sssd-shadowutils + ###################### # Command-line Tools # ###################### @@ -3567,6 +3576,7 @@ SSSD_USER_DIRS = \ $(DESTDIR)$(pubconfpath)/krb5.include.d \ $(DESTDIR)$(gpocachepath) \ $(DESTDIR)$(sssdconfdir) \ + $(DESTDIR)$(sssddefaultconfdir) \ $(DESTDIR)$(logpath) \ $(NULL) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 2ba6a4d4c..355b95109 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -766,6 +766,9 @@ done %dir %{_sysconfdir}/rwtab.d %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %dir %{_datadir}/sssd +%{_sysconfdir}/pam.d/sssd-shadowutils +%{_libdir}/%{name}/conf/sssd.conf + %{_datadir}/sssd/sssd.api.conf %{_datadir}/sssd/sssd.api.d %{_mandir}/man1/sss_ssh_authorizedkeys.1* diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index b90ced2bb..a9b1c4362 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -40,6 +40,7 @@ #define CONFDB_DEFAULT_CFG_FILE_VER 2 #define CONFDB_FILE "config.ldb" +#define SSSD_DEFAULT_CONFIG_FILE SSSD_DEFAULT_CONF_DIR"/sssd.conf" #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf" #define SSSD_MIN_ID 1 #define SSSD_LOCAL_MINID 1000 diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c index 694a7f016..dfdcae566 100644 --- a/src/confdb/confdb_setup.c +++ b/src/confdb/confdb_setup.c @@ -21,12 +21,14 @@ #include "config.h" #include <sys/stat.h> +#include <unistd.h> #include "util/util.h" #include "db/sysdb.h" #include "confdb.h" #include "confdb_private.h" #include "confdb_setup.h" #include "util/sss_ini.h" +#include "tools/tools_util.h" int confdb_test(struct confdb_ctx *cdb) @@ -159,11 +161,41 @@ int confdb_init_db(const char *config_file, struct confdb_ctx *cdb) DEBUG(SSSDBG_TRACE_FUNC, "sss_ini_config_file_open failed: %s [%d]\n", strerror(ret), ret); - if (ret == ENOENT) { - /* sss specific error denoting missing configuration file */ - ret = ERR_MISSING_CONF; + if (ret != ENOENT) { + /* Anything other than ENOENT is unrecoverable */ + goto done; + } else { + /* Copy the default configuration file to the standard location + * and then retry + */ + ret = copy_file_secure(SSSD_DEFAULT_CONFIG_FILE, + SSSD_CONFIG_FILE, + 0600, + getuid(), + getgid(), + false); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not copy default configuration: %s", + sss_strerror(ret)); + /* sss specific error denoting missing configuration file */ + ret = ERR_MISSING_CONF; + goto done; + } + + /* Try again */ + ret = sss_ini_config_file_open(init_data, config_file); + if (ret != EOK) { + DEBUG(SSSDBG_TRACE_FUNC, + "sss_ini_config_file_open(default) failed: %s [%d]\n", + strerror(ret), ret); + if (ret == ENOENT) { + /* sss specific error denoting missing configuration file */ + ret = ERR_MISSING_CONF; + } + goto done; + } } - goto done; } ret = sss_ini_config_access_check(init_data); diff --git a/src/examples/sssd-shadowutils b/src/examples/sssd-shadowutils new file mode 100644 index 000000000..626c7d075 --- /dev/null +++ b/src/examples/sssd-shadowutils @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass +auth required pam_deny.so + +account required pam_unix.so +account required pam_permit.so diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf new file mode 100644 index 000000000..a851dbb7e --- /dev/null +++ b/src/examples/sssd.conf @@ -0,0 +1,17 @@ +[sssd] +config_file_version = 2 +services = nss, pam +domains = shadowutils + +[nss] + +[pam] + +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files + +auth_provider = proxy +proxy_pam_target = sssd-shadowutils + +proxy_fast_alias = True |