166 lines
6.2 KiB
Diff
166 lines
6.2 KiB
Diff
From a40215878688cf10e35e6ba27893201c686395b3 Mon Sep 17 00:00:00 2001
|
|
From: Justin Stephenson <jstephen@redhat.com>
|
|
Date: Fri, 14 Jul 2017 16:08:37 -0400
|
|
Subject: [PATCH] CONFDB: Add passwd_files and group_files options
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Add new options to the files provider allowing an administrator to
|
|
configure the files provider to read and monitor multiple or
|
|
non-standard passwd and group file sources. These options default to
|
|
/etc/passwd and /etc/group when unset.
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit c1208b485924964a7a4fcf19562964acb47fc214)
|
|
---
|
|
Makefile.am | 3 ++-
|
|
src/confdb/confdb.h | 4 ++++
|
|
src/config/SSSDConfig/__init__.py.in | 6 +++++-
|
|
src/config/cfg_rules.ini | 4 ++++
|
|
src/config/etc/sssd.api.d/sssd-files.conf | 3 +++
|
|
src/man/sssd-files.5.xml | 36 +++++++++++++++++++++++++++++--
|
|
src/providers/files/files_init.c | 1 +
|
|
7 files changed, 53 insertions(+), 4 deletions(-)
|
|
create mode 100644 src/config/etc/sssd.api.d/sssd-files.conf
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
|
index 25e996d2d..d52fe0670 100644
|
|
--- a/Makefile.am
|
|
+++ b/Makefile.am
|
|
@@ -4577,7 +4577,8 @@ dist_sssdapiplugin_DATA = \
|
|
src/config/etc/sssd.api.d/sssd-ldap.conf \
|
|
src/config/etc/sssd.api.d/sssd-local.conf \
|
|
src/config/etc/sssd.api.d/sssd-proxy.conf \
|
|
- src/config/etc/sssd.api.d/sssd-simple.conf
|
|
+ src/config/etc/sssd.api.d/sssd-simple.conf \
|
|
+ src/config/etc/sssd.api.d/sssd-files.conf
|
|
|
|
edit_cmd = $(SED) \
|
|
-e 's|@sbindir[@]|$(sbindir)|g' \
|
|
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
|
|
index c97a9b804..1d322aaac 100644
|
|
--- a/src/confdb/confdb.h
|
|
+++ b/src/confdb/confdb.h
|
|
@@ -242,6 +242,10 @@
|
|
#define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias"
|
|
#define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children"
|
|
|
|
+/* Files Provider */
|
|
+#define CONFDB_FILES_PASSWD "passwd_files"
|
|
+#define CONFDB_FILES_GROUP "group_files"
|
|
+
|
|
/* Secrets Service */
|
|
#define CONFDB_SEC_CONF_ENTRY "config/secrets"
|
|
#define CONFDB_SEC_CONTAINERS_NEST_LEVEL "containers_nest_level"
|
|
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
|
|
index 857d56cb5..32b74e4c7 100644
|
|
--- a/src/config/SSSDConfig/__init__.py.in
|
|
+++ b/src/config/SSSDConfig/__init__.py.in
|
|
@@ -473,7 +473,11 @@ option_strings = {
|
|
'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'),
|
|
|
|
# [provider/proxy/auth]
|
|
- 'proxy_pam_target' : _('PAM stack to use')
|
|
+ 'proxy_pam_target' : _('PAM stack to use'),
|
|
+
|
|
+ # [provider/files]
|
|
+ 'passwd_files' : _('Path of passwd file sources.'),
|
|
+ 'group_files' : _('Path of group file sources.')
|
|
}
|
|
|
|
def striplist(l):
|
|
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
|
|
index 4e70bf7b6..551322780 100644
|
|
--- a/src/config/cfg_rules.ini
|
|
+++ b/src/config/cfg_rules.ini
|
|
@@ -404,6 +404,10 @@ option = dyndns_force_tcp
|
|
option = dyndns_auth
|
|
option = dyndns_server
|
|
|
|
+# files provider specific options
|
|
+option = passwd_files
|
|
+option = group_files
|
|
+
|
|
# local provider specific options
|
|
option = create_homedir
|
|
option = remove_homedir
|
|
diff --git a/src/config/etc/sssd.api.d/sssd-files.conf b/src/config/etc/sssd.api.d/sssd-files.conf
|
|
new file mode 100644
|
|
index 000000000..2444d4924
|
|
--- /dev/null
|
|
+++ b/src/config/etc/sssd.api.d/sssd-files.conf
|
|
@@ -0,0 +1,3 @@
|
|
+[provider/files]
|
|
+passwd_files = str, None, false
|
|
+group_files = str, None, false
|
|
diff --git a/src/man/sssd-files.5.xml b/src/man/sssd-files.5.xml
|
|
index d44fffc03..59e1b6523 100644
|
|
--- a/src/man/sssd-files.5.xml
|
|
+++ b/src/man/sssd-files.5.xml
|
|
@@ -56,14 +56,46 @@
|
|
<refsect1 id='configuration-options'>
|
|
<title>CONFIGURATION OPTIONS</title>
|
|
<para>
|
|
- The files provider has no specific options of its own, however,
|
|
- generic SSSD domain options can be set where applicable.
|
|
+ In addition to the options listed below, generic SSSD domain options
|
|
+ can be set where applicable.
|
|
Refer to the section <quote>DOMAIN SECTIONS</quote> of the
|
|
<citerefentry>
|
|
<refentrytitle>sssd.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</citerefentry> manual page for details on the configuration
|
|
of an SSSD domain.
|
|
+ <variablelist>
|
|
+ <varlistentry>
|
|
+ <term>passwd_files (string)</term>
|
|
+ <listitem>
|
|
+ <para>
|
|
+ Comma-separated list of one or multiple password
|
|
+ filenames to be read and enumerated by the files
|
|
+ provider, inotify monitor watches will be set on
|
|
+ each file to detect changes dynamically.
|
|
+ </para>
|
|
+ <para>
|
|
+ Default: /etc/passwd
|
|
+ </para>
|
|
+ </listitem>
|
|
+ </varlistentry>
|
|
+
|
|
+ <varlistentry>
|
|
+ <term>group_files (string)</term>
|
|
+ <listitem>
|
|
+ <para>
|
|
+ Comma-separated list of one or multiple group
|
|
+ filenames to be read and enumerated by the files
|
|
+ provider, inotify monitor watches will be set on
|
|
+ each file to detect changes dynamically.
|
|
+ </para>
|
|
+ <para>
|
|
+ Default: /etc/group
|
|
+ </para>
|
|
+ </listitem>
|
|
+ </varlistentry>
|
|
+
|
|
+ </variablelist>
|
|
</para>
|
|
</refsect1>
|
|
|
|
diff --git a/src/providers/files/files_init.c b/src/providers/files/files_init.c
|
|
index 8e5cd4cf9..b8a051c34 100644
|
|
--- a/src/providers/files/files_init.c
|
|
+++ b/src/providers/files/files_init.c
|
|
@@ -21,6 +21,7 @@
|
|
|
|
#include "providers/data_provider/dp.h"
|
|
#include "providers/files/files_private.h"
|
|
+#include "util/util.h"
|
|
|
|
int sssm_files_init(TALLOC_CTX *mem_ctx,
|
|
struct be_ctx *be_ctx,
|
|
--
|
|
2.14.3
|
|
|