From a40215878688cf10e35e6ba27893201c686395b3 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Fri, 14 Jul 2017 16:08:37 -0400 Subject: [PATCH] CONFDB: Add passwd_files and group_files options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add new options to the files provider allowing an administrator to configure the files provider to read and monitor multiple or non-standard passwd and group file sources. These options default to /etc/passwd and /etc/group when unset. Reviewed-by: Pavel Březina Reviewed-by: Jakub Hrozek (cherry picked from commit c1208b485924964a7a4fcf19562964acb47fc214) --- Makefile.am | 3 ++- src/confdb/confdb.h | 4 ++++ src/config/SSSDConfig/__init__.py.in | 6 +++++- src/config/cfg_rules.ini | 4 ++++ src/config/etc/sssd.api.d/sssd-files.conf | 3 +++ src/man/sssd-files.5.xml | 36 +++++++++++++++++++++++++++++-- src/providers/files/files_init.c | 1 + 7 files changed, 53 insertions(+), 4 deletions(-) create mode 100644 src/config/etc/sssd.api.d/sssd-files.conf diff --git a/Makefile.am b/Makefile.am index 25e996d2d..d52fe0670 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4577,7 +4577,8 @@ dist_sssdapiplugin_DATA = \ src/config/etc/sssd.api.d/sssd-ldap.conf \ src/config/etc/sssd.api.d/sssd-local.conf \ src/config/etc/sssd.api.d/sssd-proxy.conf \ - src/config/etc/sssd.api.d/sssd-simple.conf + src/config/etc/sssd.api.d/sssd-simple.conf \ + src/config/etc/sssd.api.d/sssd-files.conf edit_cmd = $(SED) \ -e 's|@sbindir[@]|$(sbindir)|g' \ diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index c97a9b804..1d322aaac 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -242,6 +242,10 @@ #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias" #define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children" +/* Files Provider */ +#define CONFDB_FILES_PASSWD "passwd_files" +#define CONFDB_FILES_GROUP "group_files" + /* Secrets Service */ #define CONFDB_SEC_CONF_ENTRY "config/secrets" #define CONFDB_SEC_CONTAINERS_NEST_LEVEL "containers_nest_level" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 857d56cb5..32b74e4c7 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -473,7 +473,11 @@ option_strings = { 'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'), # [provider/proxy/auth] - 'proxy_pam_target' : _('PAM stack to use') + 'proxy_pam_target' : _('PAM stack to use'), + + # [provider/files] + 'passwd_files' : _('Path of passwd file sources.'), + 'group_files' : _('Path of group file sources.') } def striplist(l): diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 4e70bf7b6..551322780 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -404,6 +404,10 @@ option = dyndns_force_tcp option = dyndns_auth option = dyndns_server +# files provider specific options +option = passwd_files +option = group_files + # local provider specific options option = create_homedir option = remove_homedir diff --git a/src/config/etc/sssd.api.d/sssd-files.conf b/src/config/etc/sssd.api.d/sssd-files.conf new file mode 100644 index 000000000..2444d4924 --- /dev/null +++ b/src/config/etc/sssd.api.d/sssd-files.conf @@ -0,0 +1,3 @@ +[provider/files] +passwd_files = str, None, false +group_files = str, None, false diff --git a/src/man/sssd-files.5.xml b/src/man/sssd-files.5.xml index d44fffc03..59e1b6523 100644 --- a/src/man/sssd-files.5.xml +++ b/src/man/sssd-files.5.xml @@ -56,14 +56,46 @@ CONFIGURATION OPTIONS - The files provider has no specific options of its own, however, - generic SSSD domain options can be set where applicable. + In addition to the options listed below, generic SSSD domain options + can be set where applicable. Refer to the section DOMAIN SECTIONS of the sssd.conf 5 manual page for details on the configuration of an SSSD domain. + + + passwd_files (string) + + + Comma-separated list of one or multiple password + filenames to be read and enumerated by the files + provider, inotify monitor watches will be set on + each file to detect changes dynamically. + + + Default: /etc/passwd + + + + + + group_files (string) + + + Comma-separated list of one or multiple group + filenames to be read and enumerated by the files + provider, inotify monitor watches will be set on + each file to detect changes dynamically. + + + Default: /etc/group + + + + + diff --git a/src/providers/files/files_init.c b/src/providers/files/files_init.c index 8e5cd4cf9..b8a051c34 100644 --- a/src/providers/files/files_init.c +++ b/src/providers/files/files_init.c @@ -21,6 +21,7 @@ #include "providers/data_provider/dp.h" #include "providers/files/files_private.h" +#include "util/util.h" int sssm_files_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, -- 2.14.3