sssd  2.6.1
confdb.h
1 /*
2  SSSD
3 
4  SSSD Configuration DB
5 
6  Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
7 
8  This program is free software; you can redistribute it and/or modify
9  it under the terms of the GNU General Public License as published by
10  the Free Software Foundation; either version 3 of the License, or
11  (at your option) any later version.
12 
13  This program is distributed in the hope that it will be useful,
14  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  GNU General Public License for more details.
17 
18  You should have received a copy of the GNU General Public License
19  along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21 
22 #ifndef _CONF_DB_H
23 #define _CONF_DB_H
24 
25 #include <stdbool.h>
26 #include <talloc.h>
27 #include <tevent.h>
28 #include <ldb.h>
29 #include <ldb_errors.h>
30 
31 #include "config.h"
32 
41 #define CONFDB_DEFAULT_CFG_FILE_VER 2
42 #define CONFDB_FILE "config.ldb"
43 #define SSSD_CONFIG_FILE_NAME "sssd.conf"
44 #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
45 #define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
46 #define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
47 #define SSSD_MIN_ID 1
48 #define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
49 #define CONFDB_FALLBACK_CONFIG \
50  "[sssd]\n" \
51  "services = nss\n"
52 
53 
54 /* Configuration options */
55 
56 /* Services */
57 #define CONFDB_SERVICE_PATH_TMPL "config/%s"
58 #define CONFDB_SERVICE_COMMAND "command"
59 #define CONFDB_SERVICE_DEBUG_LEVEL "debug_level"
60 #define CONFDB_SERVICE_DEBUG_LEVEL_ALIAS "debug"
61 #define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
62 #define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds"
63 #define CONFDB_SERVICE_DEBUG_BACKTRACE_ENABLED "debug_backtrace_enabled"
64 #define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries"
65 #define CONFDB_SERVICE_FD_LIMIT "fd_limit"
66 #define CONFDB_SERVICE_ALLOWED_UIDS "allowed_uids"
67 
68 /* Monitor */
69 #define CONFDB_MONITOR_CONF_ENTRY "config/sssd"
70 #define CONFDB_MONITOR_ACTIVE_SERVICES "services"
71 #define CONFDB_MONITOR_ACTIVE_DOMAINS "domains"
72 #define CONFDB_MONITOR_RESOLV_CONF "monitor_resolv_conf"
73 #define CONFDB_MONITOR_TRY_INOTIFY "try_inotify"
74 #define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir"
75 #define CONFDB_MONITOR_DEFAULT_DOMAIN "default_domain_suffix"
76 #define CONFDB_MONITOR_OVERRIDE_SPACE "override_space"
77 #define CONFDB_MONITOR_USER_RUNAS "user"
78 #define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification"
79 #define CONFDB_MONITOR_DISABLE_NETLINK "disable_netlink"
80 #define CONFDB_MONITOR_ENABLE_FILES_DOM "enable_files_domain"
81 #define CONFDB_MONITOR_DOMAIN_RESOLUTION_ORDER "domain_resolution_order"
82 
83 /* Both monitor and domains */
84 #define CONFDB_NAME_REGEX "re_expression"
85 #define CONFDB_FULL_NAME_FORMAT "full_name_format"
86 #define CONFDB_DEFAULT_FULL_NAME_FORMAT_INTERNAL "%1$s@%2$s%3$s"
87 #define CONFDB_DEFAULT_FULL_NAME_FORMAT "%1$s@%2$s"
88 
89 /* Responders */
90 #define CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT "get_domains_timeout"
91 #define CONFDB_RESPONDER_CLI_IDLE_TIMEOUT "client_idle_timeout"
92 #define CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT 60
93 #define CONFDB_RESPONDER_LOCAL_NEG_TIMEOUT "local_negative_timeout"
94 #define CONFDB_RESPONDER_LOCAL_NEG_TIMEOUT_DEFAULT 14400
95 #define CONFDB_RESPONDER_IDLE_TIMEOUT "responder_idle_timeout"
96 #define CONFDB_RESPONDER_IDLE_DEFAULT_TIMEOUT 300
97 #define CONFDB_RESPONDER_CACHE_FIRST "cache_first"
98 
99 /* NSS */
100 #define CONFDB_NSS_CONF_ENTRY "config/nss"
101 #define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout"
102 #define CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE "entry_cache_nowait_percentage"
103 #define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout"
104 #define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups"
105 #define CONFDB_NSS_FILTER_USERS "filter_users"
106 #define CONFDB_NSS_FILTER_GROUPS "filter_groups"
107 #define CONFDB_NSS_PWFIELD "pwfield"
108 #define CONFDB_NSS_OVERRIDE_HOMEDIR "override_homedir"
109 #define CONFDB_NSS_FALLBACK_HOMEDIR "fallback_homedir"
110 #define CONFDB_NSS_OVERRIDE_SHELL "override_shell"
111 #define CONFDB_NSS_VETOED_SHELL "vetoed_shells"
112 #define CONFDB_NSS_ALLOWED_SHELL "allowed_shells"
113 #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
114 #define CONFDB_NSS_DEFAULT_SHELL "default_shell"
115 #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
116 #define CONFDB_NSS_MEMCACHE_SIZE_PASSWD "memcache_size_passwd"
117 #define CONFDB_NSS_MEMCACHE_SIZE_GROUP "memcache_size_group"
118 #define CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS "memcache_size_initgroups"
119 #define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
120 #define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
121 
122 /* PAM */
123 #define CONFDB_PAM_CONF_ENTRY "config/pam"
124 #define CONFDB_PAM_CRED_TIMEOUT "offline_credentials_expiration"
125 #define CONFDB_PAM_FAILED_LOGIN_ATTEMPTS "offline_failed_login_attempts"
126 #define CONFDB_DEFAULT_PAM_FAILED_LOGIN_ATTEMPTS 0
127 #define CONFDB_PAM_FAILED_LOGIN_DELAY "offline_failed_login_delay"
128 #define CONFDB_DEFAULT_PAM_FAILED_LOGIN_DELAY 5
129 #define CONFDB_PAM_VERBOSITY "pam_verbosity"
130 #define CONFDB_PAM_RESPONSE_FILTER "pam_response_filter"
131 #define CONFDB_PAM_ID_TIMEOUT "pam_id_timeout"
132 #define CONFDB_PAM_PWD_EXPIRATION_WARNING "pam_pwd_expiration_warning"
133 #define CONFDB_PAM_TRUSTED_USERS "pam_trusted_users"
134 #define CONFDB_PAM_PUBLIC_DOMAINS "pam_public_domains"
135 #define CONFDB_PAM_ACCOUNT_EXPIRED_MESSAGE "pam_account_expired_message"
136 #define CONFDB_PAM_ACCOUNT_LOCKED_MESSAGE "pam_account_locked_message"
137 #define CONFDB_PAM_CERT_AUTH "pam_cert_auth"
138 #define CONFDB_PAM_CERT_DB_PATH "pam_cert_db_path"
139 #define CONFDB_PAM_CERT_VERIFICATION "pam_cert_verification"
140 #define CONFDB_PAM_P11_CHILD_TIMEOUT "p11_child_timeout"
141 #define CONFDB_PAM_WAIT_FOR_CARD_TIMEOUT "p11_wait_for_card_timeout"
142 #define CONFDB_PAM_APP_SERVICES "pam_app_services"
143 #define CONFDB_PAM_P11_ALLOWED_SERVICES "pam_p11_allowed_services"
144 #define CONFDB_PAM_P11_URI "p11_uri"
145 #define CONFDB_PAM_INITGROUPS_SCHEME "pam_initgroups_scheme"
146 #define CONFDB_PAM_GSSAPI_SERVICES "pam_gssapi_services"
147 #define CONFDB_PAM_GSSAPI_CHECK_UPN "pam_gssapi_check_upn"
148 #define CONFDB_PAM_GSSAPI_INDICATORS_MAP "pam_gssapi_indicators_map"
149 
150 /* SUDO */
151 #define CONFDB_SUDO_CONF_ENTRY "config/sudo"
152 #define CONFDB_SUDO_CACHE_TIMEOUT "sudo_cache_timeout"
153 #define CONFDB_DEFAULT_SUDO_CACHE_TIMEOUT 180
154 #define CONFDB_SUDO_TIMED "sudo_timed"
155 #define CONFDB_DEFAULT_SUDO_TIMED false
156 #define CONFDB_SUDO_INVERSE_ORDER "sudo_inverse_order"
157 #define CONFDB_DEFAULT_SUDO_INVERSE_ORDER false
158 #define CONFDB_SUDO_THRESHOLD "sudo_threshold"
159 #define CONFDB_DEFAULT_SUDO_THRESHOLD 50
160 
161 /* autofs */
162 #define CONFDB_AUTOFS_CONF_ENTRY "config/autofs"
163 #define CONFDB_AUTOFS_MAP_NEG_TIMEOUT "autofs_negative_timeout"
164 
165 /* SSH */
166 #define CONFDB_SSH_CONF_ENTRY "config/ssh"
167 #define CONFDB_SSH_HASH_KNOWN_HOSTS "ssh_hash_known_hosts"
168 #define CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS false
169 #define CONFDB_SSH_KNOWN_HOSTS_TIMEOUT "ssh_known_hosts_timeout"
170 #define CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT 180
171 #define CONFDB_SSH_CA_DB "ca_db"
172 #define CONFDB_DEFAULT_SSH_CA_DB SYSCONFDIR"/sssd/pki/sssd_auth_ca_db.pem"
173 #define CONFDB_SSH_USE_CERT_KEYS "ssh_use_certificate_keys"
174 #define CONFDB_DEFAULT_SSH_USE_CERT_KEYS true
175 #define CONFDB_SSH_USE_CERT_RULES "ssh_use_certificate_matching_rules"
176 
177 /* PAC */
178 #define CONFDB_PAC_CONF_ENTRY "config/pac"
179 #define CONFDB_PAC_LIFETIME "pac_lifetime"
180 
181 /* InfoPipe */
182 #define CONFDB_IFP_CONF_ENTRY "config/ifp"
183 #define CONFDB_IFP_USER_ATTR_LIST "user_attributes"
184 #define CONFDB_IFP_WILDCARD_LIMIT "wildcard_limit"
185 
186 /* Session Recording */
187 #define CONFDB_SESSION_RECORDING_CONF_ENTRY "config/session_recording"
188 #define CONFDB_SESSION_RECORDING_SCOPE "scope"
189 #define CONFDB_SESSION_RECORDING_USERS "users"
190 #define CONFDB_SESSION_RECORDING_GROUPS "groups"
191 #define CONFDB_SESSION_RECORDING_EXCLUDE_USERS "exclude_users"
192 #define CONFDB_SESSION_RECORDING_EXCLUDE_GROUPS "exclude_groups"
193 
194 /* Domains */
195 #define CONFDB_DOMAIN_ENABLED "enabled"
196 #define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s"
197 #define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config"
198 #define CONFDB_APP_DOMAIN_BASEDN "cn=application,cn=config"
199 #define CONFDB_DOMAIN_ID_PROVIDER "id_provider"
200 #define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider"
201 #define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider"
202 #define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider"
203 #define CONFDB_DOMAIN_SUDO_PROVIDER "sudo_provider"
204 #define CONFDB_DOMAIN_AUTOFS_PROVIDER "autofs_provider"
205 #define CONFDB_DOMAIN_SELINUX_PROVIDER "selinux_provider"
206 #define CONFDB_DOMAIN_HOSTID_PROVIDER "hostid_provider"
207 #define CONFDB_DOMAIN_SUBDOMAINS_PROVIDER "subdomains_provider"
208 #define CONFDB_DOMAIN_SESSION_PROVIDER "session_provider"
209 #define CONFDB_DOMAIN_RESOLVER_PROVIDER "resolver_provider"
210 #define CONFDB_DOMAIN_COMMAND "command"
211 #define CONFDB_DOMAIN_TIMEOUT "timeout"
212 #define CONFDB_DOMAIN_ATTR "cn"
213 #define CONFDB_DOMAIN_ENUMERATE "enumerate"
214 #define CONFDB_SUBDOMAIN_ENUMERATE "subdomain_enumerate"
215 #define CONFDB_DEFAULT_SUBDOMAIN_ENUMERATE "none"
216 #define CONFDB_DOMAIN_MINID "min_id"
217 #define CONFDB_DOMAIN_MAXID "max_id"
218 #define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials"
219 #define CONFDB_DOMAIN_CACHE_CREDS_MIN_FF_LENGTH \
220  "cache_credentials_minimal_first_factor_length"
221 #define CONFDB_DEFAULT_CACHE_CREDS_MIN_FF_LENGTH 8
222 #define CONFDB_DOMAIN_AUTO_UPG "auto_private_groups"
223 #define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
224 #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
225 #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration"
226 #define CONFDB_DOMAIN_OVERRIDE_GID "override_gid"
227 #define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive"
228 #define CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR "subdomain_homedir"
229 #define CONFDB_DOMAIN_DEFAULT_SUBDOMAIN_HOMEDIR "/home/%d/%u"
230 #define CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS "ignore_group_members"
231 #define CONFDB_DOMAIN_SUBDOMAIN_REFRESH "subdomain_refresh_interval"
232 #define CONFDB_DOMAIN_SUBDOMAIN_REFRESH_DEFAULT_VALUE 14400
233 
234 #define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout"
235 #define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout"
236 #define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout"
237 #define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout"
238 #define CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT "entry_cache_autofs_timeout"
239 #define CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT "entry_cache_sudo_timeout"
240 #define CONFDB_DOMAIN_SSH_HOST_CACHE_TIMEOUT "entry_cache_ssh_host_timeout"
241 #define CONFDB_DOMAIN_COMPUTER_CACHE_TIMEOUT "entry_cache_computer_timeout"
242 #define CONFDB_DOMAIN_RESOLVER_CACHE_TIMEOUT "entry_cache_resolver_timeout"
243 #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"
244 #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval"
245 #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout"
246 #define CONFDB_DOMAIN_OFFLINE_TIMEOUT_MAX "offline_timeout_max"
247 #define CONFDB_DOMAIN_OFFLINE_TIMEOUT_RANDOM_OFFSET "offline_timeout_random_offset"
248 #define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit"
249 #define CONFDB_DOMAIN_CACHED_AUTH_TIMEOUT "cached_auth_timeout"
250 #define CONFDB_DOMAIN_TYPE "domain_type"
251 #define CONFDB_DOMAIN_TYPE_POSIX "posix"
252 #define CONFDB_DOMAIN_TYPE_APP "application"
253 #define CONFDB_DOMAIN_INHERIT_FROM "inherit_from"
254 #define CONFDB_DOMAIN_FALLBACK_TO_NSS "fallback_to_nss"
255 
256 /* Proxy Provider */
257 #define CONFDB_PROXY_LIBNAME "proxy_lib_name"
258 #define CONFDB_PROXY_RESOLVER_LIBNAME "proxy_resolver_lib_name"
259 #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target"
260 #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias"
261 #define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children"
262 
263 /* Files Provider */
264 #define CONFDB_FILES_PASSWD "passwd_files"
265 #define CONFDB_FILES_GROUP "group_files"
266 
267 /* KCM Service */
268 #define CONFDB_KCM_CONF_ENTRY "config/kcm"
269 #define CONFDB_KCM_SOCKET "socket_path"
270 #define CONFDB_KCM_DB "ccache_storage" /* Undocumented on purpose */
271 #define CONFDB_KCM_CONTAINERS_NEST_LEVEL "containers_nest_level"
272 #define CONFDB_KCM_MAX_CCACHES "max_ccaches"
273 #define CONFDB_KCM_MAX_UID_CCACHES "max_uid_ccaches"
274 #define CONFDB_KCM_MAX_CCACHE_SIZE "max_ccache_size"
275 #define CONFDB_KCM_TGT_RENEWAL "tgt_renewal"
276 #define CONFDB_KCM_TGT_RENEWAL_INHERIT "tgt_renewal_inherit"
277 #define CONFDB_KCM_KRB5_LIFETIME "krb5_lifetime"
278 #define CONFDB_KCM_KRB5_RENEWABLE_LIFETIME "krb5_renewable_lifetime"
279 #define CONFDB_KCM_KRB5_RENEW_INTERVAL "krb5_renew_interval"
280 #define CONFDB_KCM_KRB5_VALIDATE "krb5_validate"
281 #define CONFDB_KCM_KRB5_CANONICALIZE "krb5_canonicalize"
282 #define CONFDB_KCM_KRB5_AUTH_TIMEOUT "krb5_auth_timeout"
283 
284 /* Certificate mapping rules */
285 #define CONFDB_CERTMAP_BASEDN "cn=certmap,cn=config"
286 #define CONFDB_CERTMAP_NAME "cn"
287 #define CONFDB_CERTMAP_MAPRULE "maprule"
288 #define CONFDB_CERTMAP_MATCHRULE "matchrule"
289 #define CONFDB_CERTMAP_DOMAINS "domains"
290 #define CONFDB_CERTMAP_PRIORITY "priority"
291 
292 /* Prompting */
293 #define CONFDB_PC_CONF_ENTRY "config/prompting"
294 #define CONFDB_PC_TYPE_PASSWORD "password"
295 #define CONFDB_PC_PASSWORD_PROMPT "password_prompt"
296 #define CONFDB_PC_TYPE_2FA "2fa"
297 #define CONFDB_PC_2FA_SINGLE_PROMPT "single_prompt"
298 #define CONFDB_PC_2FA_1ST_PROMPT "first_prompt"
299 #define CONFDB_PC_2FA_2ND_PROMPT "second_prompt"
300 #define CONFDB_PC_TYPE_CERT_AUTH "cert_auth"
301 
302 struct confdb_ctx;
303 struct config_file_ctx;
304 
324 };
325 
334 };
335 
336 enum sss_domain_mpg_mode {
337  MPG_DISABLED,
338  MPG_ENABLED,
339  MPG_HYBRID,
340  MPG_DEFAULT, /* Use default value for given id mapping. */
341 };
342 
348  enum sss_domain_type type;
349 
350  char *name;
351  char *conn_name;
352  char *provider;
353  int timeout;
354  bool enumerate;
355  char **sd_enumerate;
356  bool fqnames;
357  enum sss_domain_mpg_mode mpg_mode;
358  bool ignore_group_members;
359  uint32_t id_min;
360  uint32_t id_max;
361  const char *pwfield;
362 
363  bool cache_credentials;
364  uint32_t cache_credentials_min_ff_length;
365  bool case_sensitive;
366  bool case_preserve;
367 
368  gid_t override_gid;
369  const char *override_homedir;
370  const char *fallback_homedir;
371  const char *subdomain_homedir;
372  const char *homedir_substr;
373  const char *override_shell;
374  const char *default_shell;
375 
376  uint32_t user_timeout;
377  uint32_t group_timeout;
378  uint32_t netgroup_timeout;
379  uint32_t service_timeout;
380  uint32_t autofsmap_timeout;
381  uint32_t sudo_timeout;
382  uint32_t ssh_host_timeout;
383  uint32_t computer_timeout;
384  uint32_t resolver_timeout;
385 
386  uint32_t refresh_expired_interval;
387  uint32_t subdomain_refresh_interval;
388  uint32_t cached_auth_timeout;
389 
390  int pwd_expiration_warning;
391 
392  struct sysdb_ctx *sysdb;
393  struct sss_names_ctx *names;
394 
395  struct sss_domain_info *parent;
396  struct sss_domain_info *subdomains;
397  char *realm;
398  char *flat_name;
399  char *domain_id;
400  uint32_t trust_direction;
401  struct timeval subdomains_last_checked;
402 
403  bool has_views;
404  const char *view_name;
405 
406  struct sss_domain_info *prev;
407  struct sss_domain_info *next;
408 
409  enum sss_domain_state state;
410  bool fallback_to_nss;
411  char **sd_inherit;
412 
413  /* Do not use the forest pointer directly in new code, but rather the
414  * forest_root pointer. sss_domain_info will be more opaque in the future
415  */
416  char *forest;
417  struct sss_domain_info *forest_root;
418  const char **upn_suffixes;
419 
420  struct certmap_info **certmaps;
421  bool user_name_hint;
422 
423  /* Do not use the _output_fqnames property directly in new code, but rather
424  * use sss_domain_info_{get,set}_output_fqnames(). */
425  bool output_fqnames;
426 
427  /* Hostname associated with this domain. */
428  const char *hostname;
429 
430  /* Keytab used by this domain. */
431  const char *krb5_keytab;
432 
433  /* List of PAM services that are allowed to authenticate with GSSAPI. */
434  char **gssapi_services;
435  char *gssapi_check_upn; /* true | false | NULL */
436  /* List of indicators associated with the specific PAM service */
437  char **gssapi_indicators_map;
438 
439  /* Counts how often the domain was not found during a refresh of the
440  * domain list */
441  size_t not_found_counter;
442 };
443 
456 int confdb_init(TALLOC_CTX *mem_ctx,
457  struct confdb_ctx **cdb_ctx,
458  const char *confdb_location);
459 
472 int confdb_get_domain(struct confdb_ctx *cdb,
473  const char *name,
474  struct sss_domain_info **domain);
475 
486 int confdb_get_domains(struct confdb_ctx *cdb,
487  struct sss_domain_info **domains);
488 
489 int confdb_expand_app_domains(struct confdb_ctx *cdb);
490 
503 int confdb_list_all_domain_names(TALLOC_CTX *mem_ctx,
504  struct confdb_ctx *cdb,
505  char ***_names);
506 
507 
533 int confdb_add_param(struct confdb_ctx *cdb,
534  bool replace,
535  const char *section,
536  const char *attribute,
537  const char **values);
538 
558 int confdb_get_param(struct confdb_ctx *cdb,
559  TALLOC_CTX *mem_ctx,
560  const char *section,
561  const char *attribute,
562  char ***values);
563 
586 int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
587  const char *section, const char *attribute,
588  const char *defstr, char **result);
589 
613 int confdb_get_int(struct confdb_ctx *cdb,
614  const char *section, const char *attribute,
615  int defval, int *result);
616 
641 int confdb_get_bool(struct confdb_ctx *cdb,
642  const char *section, const char *attribute,
643  bool defval, bool *result);
644 
662 int confdb_set_string(struct confdb_ctx *cdb,
663  const char *section,
664  const char *attribute,
665  const char *val);
666 
693 int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
694  const char *section, const char *attribute,
695  char ***result);
696 
717 int confdb_get_sub_sections(TALLOC_CTX *mem_ctx,
718  struct confdb_ctx *cdb,
719  const char *section,
720  char ***sections,
721  int *num_sections);
722 
734 int confdb_certmap_to_sysdb(struct confdb_ctx *cdb,
735  struct sss_domain_info *dom);
736 
740 #endif
sss_domain_state
sss_domain_state
sssd domain state
Definition: confdb.h:306
confdb_get_domains
int confdb_get_domains(struct confdb_ctx *cdb, struct sss_domain_info **domains)
Get a null-terminated linked-list of active domain objects.
confdb_init
int confdb_init(TALLOC_CTX *mem_ctx, struct confdb_ctx **cdb_ctx, const char *confdb_location)
Initialize the connection to the ConfDB.
confdb_certmap_to_sysdb
int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, struct sss_domain_info *dom)
Convenience function to write the certificate mapping and matching rules from the configuration datab...
confdb_get_int
int confdb_get_int(struct confdb_ctx *cdb, const char *section, const char *attribute, int defval, int *result)
Convenience function to retrieve a single-valued attribute as an integer.
confdb_add_param
int confdb_add_param(struct confdb_ctx *cdb, bool replace, const char *section, const char *attribute, const char **values)
Add an arbitrary parameter to the confdb.
confdb_get_string_as_list
int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, char ***result)
Convenience function to retrieve a single-valued attribute as a null-terminated array of strings.
sss_domain_info
Data structure storing all of the basic features of a domain.
Definition: confdb.h:347
confdb_get_bool
int confdb_get_bool(struct confdb_ctx *cdb, const char *section, const char *attribute, bool defval, bool *result)
Convenience function to retrieve a single-valued attribute as a boolean.
sss_domain_type
sss_domain_type
Whether the domain only supports looking up POSIX entries.
Definition: confdb.h:327
DOM_TYPE_APPLICATION
@ DOM_TYPE_APPLICATION
In this mode, entries are typically resolved only by name.
Definition: confdb.h:333
confdb_get_sub_sections
int confdb_get_sub_sections(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *section, char ***sections, int *num_sections)
Convenience function to retrieve a list of subsections given a configuration section name.
DOM_TYPE_POSIX
@ DOM_TYPE_POSIX
This is the default domain type.
Definition: confdb.h:331
confdb_get_domain
int confdb_get_domain(struct confdb_ctx *cdb, const char *name, struct sss_domain_info **domain)
Get a domain object for the named domain.
DOM_DISABLED
@ DOM_DISABLED
Domain was removed, should not be used be neither responders not providers.
Definition: confdb.h:314
DOM_INACTIVE
@ DOM_INACTIVE
Domain cannot be contacted.
Definition: confdb.h:319
confdb_set_string
int confdb_set_string(struct confdb_ctx *cdb, const char *section, const char *attribute, const char *val)
Convenience function to set a single-valued attribute as a string.
confdb_get_string
int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, const char *defstr, char **result)
Convenience function to retrieve a single-valued attribute as a string.
DOM_ACTIVE
@ DOM_ACTIVE
Domain is usable by both responders and providers.
Definition: confdb.h:310
DOM_INCONSISTENT
@ DOM_INCONSISTENT
Domain is being updated.
Definition: confdb.h:323
confdb_get_param
int confdb_get_param(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx, const char *section, const char *attribute, char ***values)
Retrieve all values for an attribute.
confdb_list_all_domain_names
int confdb_list_all_domain_names(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, char ***_names)
Get a null-terminated linked-list of all domain names.