sssd 2.6.1
confdb.h
1/*
2 SSSD
3
4 SSSD Configuration DB
5
6 Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20*/
21
22#ifndef _CONF_DB_H
23#define _CONF_DB_H
24
25#include <stdbool.h>
26#include <talloc.h>
27#include <tevent.h>
28#include <ldb.h>
29#include <ldb_errors.h>
30
31#include "config.h"
32
41#define CONFDB_DEFAULT_CFG_FILE_VER 2
42#define CONFDB_FILE "config.ldb"
43#define SSSD_CONFIG_FILE_NAME "sssd.conf"
44#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
45#define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
46#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
47#define SSSD_MIN_ID 1
48#define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
49#define CONFDB_FALLBACK_CONFIG \
50 "[sssd]\n" \
51 "services = nss\n"
52
53
54/* Configuration options */
55
56/* Services */
57#define CONFDB_SERVICE_PATH_TMPL "config/%s"
58#define CONFDB_SERVICE_COMMAND "command"
59#define CONFDB_SERVICE_DEBUG_LEVEL "debug_level"
60#define CONFDB_SERVICE_DEBUG_LEVEL_ALIAS "debug"
61#define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
62#define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds"
63#define CONFDB_SERVICE_DEBUG_BACKTRACE_ENABLED "debug_backtrace_enabled"
64#define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries"
65#define CONFDB_SERVICE_FD_LIMIT "fd_limit"
66#define CONFDB_SERVICE_ALLOWED_UIDS "allowed_uids"
67
68/* Monitor */
69#define CONFDB_MONITOR_CONF_ENTRY "config/sssd"
70#define CONFDB_MONITOR_ACTIVE_SERVICES "services"
71#define CONFDB_MONITOR_ACTIVE_DOMAINS "domains"
72#define CONFDB_MONITOR_RESOLV_CONF "monitor_resolv_conf"
73#define CONFDB_MONITOR_TRY_INOTIFY "try_inotify"
74#define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir"
75#define CONFDB_MONITOR_DEFAULT_DOMAIN "default_domain_suffix"
76#define CONFDB_MONITOR_OVERRIDE_SPACE "override_space"
77#define CONFDB_MONITOR_USER_RUNAS "user"
78#define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification"
79#define CONFDB_MONITOR_DISABLE_NETLINK "disable_netlink"
80#define CONFDB_MONITOR_ENABLE_FILES_DOM "enable_files_domain"
81#define CONFDB_MONITOR_DOMAIN_RESOLUTION_ORDER "domain_resolution_order"
82
83/* Both monitor and domains */
84#define CONFDB_NAME_REGEX "re_expression"
85#define CONFDB_FULL_NAME_FORMAT "full_name_format"
86#define CONFDB_DEFAULT_FULL_NAME_FORMAT_INTERNAL "%1$s@%2$s%3$s"
87#define CONFDB_DEFAULT_FULL_NAME_FORMAT "%1$s@%2$s"
88
89/* Responders */
90#define CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT "get_domains_timeout"
91#define CONFDB_RESPONDER_CLI_IDLE_TIMEOUT "client_idle_timeout"
92#define CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT 60
93#define CONFDB_RESPONDER_LOCAL_NEG_TIMEOUT "local_negative_timeout"
94#define CONFDB_RESPONDER_LOCAL_NEG_TIMEOUT_DEFAULT 14400
95#define CONFDB_RESPONDER_IDLE_TIMEOUT "responder_idle_timeout"
96#define CONFDB_RESPONDER_IDLE_DEFAULT_TIMEOUT 300
97#define CONFDB_RESPONDER_CACHE_FIRST "cache_first"
98
99/* NSS */
100#define CONFDB_NSS_CONF_ENTRY "config/nss"
101#define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout"
102#define CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE "entry_cache_nowait_percentage"
103#define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout"
104#define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups"
105#define CONFDB_NSS_FILTER_USERS "filter_users"
106#define CONFDB_NSS_FILTER_GROUPS "filter_groups"
107#define CONFDB_NSS_PWFIELD "pwfield"
108#define CONFDB_NSS_OVERRIDE_HOMEDIR "override_homedir"
109#define CONFDB_NSS_FALLBACK_HOMEDIR "fallback_homedir"
110#define CONFDB_NSS_OVERRIDE_SHELL "override_shell"
111#define CONFDB_NSS_VETOED_SHELL "vetoed_shells"
112#define CONFDB_NSS_ALLOWED_SHELL "allowed_shells"
113#define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
114#define CONFDB_NSS_DEFAULT_SHELL "default_shell"
115#define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
116#define CONFDB_NSS_MEMCACHE_SIZE_PASSWD "memcache_size_passwd"
117#define CONFDB_NSS_MEMCACHE_SIZE_GROUP "memcache_size_group"
118#define CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS "memcache_size_initgroups"
119#define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
120#define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
121
122/* PAM */
123#define CONFDB_PAM_CONF_ENTRY "config/pam"
124#define CONFDB_PAM_CRED_TIMEOUT "offline_credentials_expiration"
125#define CONFDB_PAM_FAILED_LOGIN_ATTEMPTS "offline_failed_login_attempts"
126#define CONFDB_DEFAULT_PAM_FAILED_LOGIN_ATTEMPTS 0
127#define CONFDB_PAM_FAILED_LOGIN_DELAY "offline_failed_login_delay"
128#define CONFDB_DEFAULT_PAM_FAILED_LOGIN_DELAY 5
129#define CONFDB_PAM_VERBOSITY "pam_verbosity"
130#define CONFDB_PAM_RESPONSE_FILTER "pam_response_filter"
131#define CONFDB_PAM_ID_TIMEOUT "pam_id_timeout"
132#define CONFDB_PAM_PWD_EXPIRATION_WARNING "pam_pwd_expiration_warning"
133#define CONFDB_PAM_TRUSTED_USERS "pam_trusted_users"
134#define CONFDB_PAM_PUBLIC_DOMAINS "pam_public_domains"
135#define CONFDB_PAM_ACCOUNT_EXPIRED_MESSAGE "pam_account_expired_message"
136#define CONFDB_PAM_ACCOUNT_LOCKED_MESSAGE "pam_account_locked_message"
137#define CONFDB_PAM_CERT_AUTH "pam_cert_auth"
138#define CONFDB_PAM_CERT_DB_PATH "pam_cert_db_path"
139#define CONFDB_PAM_CERT_VERIFICATION "pam_cert_verification"
140#define CONFDB_PAM_P11_CHILD_TIMEOUT "p11_child_timeout"
141#define CONFDB_PAM_WAIT_FOR_CARD_TIMEOUT "p11_wait_for_card_timeout"
142#define CONFDB_PAM_APP_SERVICES "pam_app_services"
143#define CONFDB_PAM_P11_ALLOWED_SERVICES "pam_p11_allowed_services"
144#define CONFDB_PAM_P11_URI "p11_uri"
145#define CONFDB_PAM_INITGROUPS_SCHEME "pam_initgroups_scheme"
146#define CONFDB_PAM_GSSAPI_SERVICES "pam_gssapi_services"
147#define CONFDB_PAM_GSSAPI_CHECK_UPN "pam_gssapi_check_upn"
148#define CONFDB_PAM_GSSAPI_INDICATORS_MAP "pam_gssapi_indicators_map"
149
150/* SUDO */
151#define CONFDB_SUDO_CONF_ENTRY "config/sudo"
152#define CONFDB_SUDO_CACHE_TIMEOUT "sudo_cache_timeout"
153#define CONFDB_DEFAULT_SUDO_CACHE_TIMEOUT 180
154#define CONFDB_SUDO_TIMED "sudo_timed"
155#define CONFDB_DEFAULT_SUDO_TIMED false
156#define CONFDB_SUDO_INVERSE_ORDER "sudo_inverse_order"
157#define CONFDB_DEFAULT_SUDO_INVERSE_ORDER false
158#define CONFDB_SUDO_THRESHOLD "sudo_threshold"
159#define CONFDB_DEFAULT_SUDO_THRESHOLD 50
160
161/* autofs */
162#define CONFDB_AUTOFS_CONF_ENTRY "config/autofs"
163#define CONFDB_AUTOFS_MAP_NEG_TIMEOUT "autofs_negative_timeout"
164
165/* SSH */
166#define CONFDB_SSH_CONF_ENTRY "config/ssh"
167#define CONFDB_SSH_HASH_KNOWN_HOSTS "ssh_hash_known_hosts"
168#define CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS false
169#define CONFDB_SSH_KNOWN_HOSTS_TIMEOUT "ssh_known_hosts_timeout"
170#define CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT 180
171#define CONFDB_SSH_CA_DB "ca_db"
172#define CONFDB_DEFAULT_SSH_CA_DB SYSCONFDIR"/sssd/pki/sssd_auth_ca_db.pem"
173#define CONFDB_SSH_USE_CERT_KEYS "ssh_use_certificate_keys"
174#define CONFDB_DEFAULT_SSH_USE_CERT_KEYS true
175#define CONFDB_SSH_USE_CERT_RULES "ssh_use_certificate_matching_rules"
176
177/* PAC */
178#define CONFDB_PAC_CONF_ENTRY "config/pac"
179#define CONFDB_PAC_LIFETIME "pac_lifetime"
180
181/* InfoPipe */
182#define CONFDB_IFP_CONF_ENTRY "config/ifp"
183#define CONFDB_IFP_USER_ATTR_LIST "user_attributes"
184#define CONFDB_IFP_WILDCARD_LIMIT "wildcard_limit"
185
186/* Session Recording */
187#define CONFDB_SESSION_RECORDING_CONF_ENTRY "config/session_recording"
188#define CONFDB_SESSION_RECORDING_SCOPE "scope"
189#define CONFDB_SESSION_RECORDING_USERS "users"
190#define CONFDB_SESSION_RECORDING_GROUPS "groups"
191#define CONFDB_SESSION_RECORDING_EXCLUDE_USERS "exclude_users"
192#define CONFDB_SESSION_RECORDING_EXCLUDE_GROUPS "exclude_groups"
193
194/* Domains */
195#define CONFDB_DOMAIN_ENABLED "enabled"
196#define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s"
197#define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config"
198#define CONFDB_APP_DOMAIN_BASEDN "cn=application,cn=config"
199#define CONFDB_DOMAIN_ID_PROVIDER "id_provider"
200#define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider"
201#define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider"
202#define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider"
203#define CONFDB_DOMAIN_SUDO_PROVIDER "sudo_provider"
204#define CONFDB_DOMAIN_AUTOFS_PROVIDER "autofs_provider"
205#define CONFDB_DOMAIN_SELINUX_PROVIDER "selinux_provider"
206#define CONFDB_DOMAIN_HOSTID_PROVIDER "hostid_provider"
207#define CONFDB_DOMAIN_SUBDOMAINS_PROVIDER "subdomains_provider"
208#define CONFDB_DOMAIN_SESSION_PROVIDER "session_provider"
209#define CONFDB_DOMAIN_RESOLVER_PROVIDER "resolver_provider"
210#define CONFDB_DOMAIN_COMMAND "command"
211#define CONFDB_DOMAIN_TIMEOUT "timeout"
212#define CONFDB_DOMAIN_ATTR "cn"
213#define CONFDB_DOMAIN_ENUMERATE "enumerate"
214#define CONFDB_SUBDOMAIN_ENUMERATE "subdomain_enumerate"
215#define CONFDB_DEFAULT_SUBDOMAIN_ENUMERATE "none"
216#define CONFDB_DOMAIN_MINID "min_id"
217#define CONFDB_DOMAIN_MAXID "max_id"
218#define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials"
219#define CONFDB_DOMAIN_CACHE_CREDS_MIN_FF_LENGTH \
220 "cache_credentials_minimal_first_factor_length"
221#define CONFDB_DEFAULT_CACHE_CREDS_MIN_FF_LENGTH 8
222#define CONFDB_DOMAIN_AUTO_UPG "auto_private_groups"
223#define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
224#define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
225#define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration"
226#define CONFDB_DOMAIN_OVERRIDE_GID "override_gid"
227#define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive"
228#define CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR "subdomain_homedir"
229#define CONFDB_DOMAIN_DEFAULT_SUBDOMAIN_HOMEDIR "/home/%d/%u"
230#define CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS "ignore_group_members"
231#define CONFDB_DOMAIN_SUBDOMAIN_REFRESH "subdomain_refresh_interval"
232#define CONFDB_DOMAIN_SUBDOMAIN_REFRESH_DEFAULT_VALUE 14400
233
234#define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout"
235#define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout"
236#define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout"
237#define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout"
238#define CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT "entry_cache_autofs_timeout"
239#define CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT "entry_cache_sudo_timeout"
240#define CONFDB_DOMAIN_SSH_HOST_CACHE_TIMEOUT "entry_cache_ssh_host_timeout"
241#define CONFDB_DOMAIN_COMPUTER_CACHE_TIMEOUT "entry_cache_computer_timeout"
242#define CONFDB_DOMAIN_RESOLVER_CACHE_TIMEOUT "entry_cache_resolver_timeout"
243#define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning"
244#define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval"
245#define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout"
246#define CONFDB_DOMAIN_OFFLINE_TIMEOUT_MAX "offline_timeout_max"
247#define CONFDB_DOMAIN_OFFLINE_TIMEOUT_RANDOM_OFFSET "offline_timeout_random_offset"
248#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit"
249#define CONFDB_DOMAIN_CACHED_AUTH_TIMEOUT "cached_auth_timeout"
250#define CONFDB_DOMAIN_TYPE "domain_type"
251#define CONFDB_DOMAIN_TYPE_POSIX "posix"
252#define CONFDB_DOMAIN_TYPE_APP "application"
253#define CONFDB_DOMAIN_INHERIT_FROM "inherit_from"
254#define CONFDB_DOMAIN_FALLBACK_TO_NSS "fallback_to_nss"
255
256/* Proxy Provider */
257#define CONFDB_PROXY_LIBNAME "proxy_lib_name"
258#define CONFDB_PROXY_RESOLVER_LIBNAME "proxy_resolver_lib_name"
259#define CONFDB_PROXY_PAM_TARGET "proxy_pam_target"
260#define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias"
261#define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children"
262
263/* Files Provider */
264#define CONFDB_FILES_PASSWD "passwd_files"
265#define CONFDB_FILES_GROUP "group_files"
266
267/* KCM Service */
268#define CONFDB_KCM_CONF_ENTRY "config/kcm"
269#define CONFDB_KCM_SOCKET "socket_path"
270#define CONFDB_KCM_DB "ccache_storage" /* Undocumented on purpose */
271#define CONFDB_KCM_CONTAINERS_NEST_LEVEL "containers_nest_level"
272#define CONFDB_KCM_MAX_CCACHES "max_ccaches"
273#define CONFDB_KCM_MAX_UID_CCACHES "max_uid_ccaches"
274#define CONFDB_KCM_MAX_CCACHE_SIZE "max_ccache_size"
275#define CONFDB_KCM_TGT_RENEWAL "tgt_renewal"
276#define CONFDB_KCM_TGT_RENEWAL_INHERIT "tgt_renewal_inherit"
277#define CONFDB_KCM_KRB5_LIFETIME "krb5_lifetime"
278#define CONFDB_KCM_KRB5_RENEWABLE_LIFETIME "krb5_renewable_lifetime"
279#define CONFDB_KCM_KRB5_RENEW_INTERVAL "krb5_renew_interval"
280#define CONFDB_KCM_KRB5_VALIDATE "krb5_validate"
281#define CONFDB_KCM_KRB5_CANONICALIZE "krb5_canonicalize"
282#define CONFDB_KCM_KRB5_AUTH_TIMEOUT "krb5_auth_timeout"
283
284/* Certificate mapping rules */
285#define CONFDB_CERTMAP_BASEDN "cn=certmap,cn=config"
286#define CONFDB_CERTMAP_NAME "cn"
287#define CONFDB_CERTMAP_MAPRULE "maprule"
288#define CONFDB_CERTMAP_MATCHRULE "matchrule"
289#define CONFDB_CERTMAP_DOMAINS "domains"
290#define CONFDB_CERTMAP_PRIORITY "priority"
291
292/* Prompting */
293#define CONFDB_PC_CONF_ENTRY "config/prompting"
294#define CONFDB_PC_TYPE_PASSWORD "password"
295#define CONFDB_PC_PASSWORD_PROMPT "password_prompt"
296#define CONFDB_PC_TYPE_2FA "2fa"
297#define CONFDB_PC_2FA_SINGLE_PROMPT "single_prompt"
298#define CONFDB_PC_2FA_1ST_PROMPT "first_prompt"
299#define CONFDB_PC_2FA_2ND_PROMPT "second_prompt"
300#define CONFDB_PC_TYPE_CERT_AUTH "cert_auth"
301
302struct confdb_ctx;
303struct config_file_ctx;
304
324};
325
334};
335
336enum sss_domain_mpg_mode {
337 MPG_DISABLED,
338 MPG_ENABLED,
339 MPG_HYBRID,
340 MPG_DEFAULT, /* Use default value for given id mapping. */
341};
342
348 enum sss_domain_type type;
349
350 char *name;
351 char *conn_name;
352 char *provider;
353 int timeout;
354 bool enumerate;
355 char **sd_enumerate;
356 bool fqnames;
357 enum sss_domain_mpg_mode mpg_mode;
358 bool ignore_group_members;
359 uint32_t id_min;
360 uint32_t id_max;
361 const char *pwfield;
362
363 bool cache_credentials;
364 uint32_t cache_credentials_min_ff_length;
365 bool case_sensitive;
366 bool case_preserve;
367
368 gid_t override_gid;
369 const char *override_homedir;
370 const char *fallback_homedir;
371 const char *subdomain_homedir;
372 const char *homedir_substr;
373 const char *override_shell;
374 const char *default_shell;
375
376 uint32_t user_timeout;
377 uint32_t group_timeout;
378 uint32_t netgroup_timeout;
379 uint32_t service_timeout;
380 uint32_t autofsmap_timeout;
381 uint32_t sudo_timeout;
382 uint32_t ssh_host_timeout;
383 uint32_t computer_timeout;
384 uint32_t resolver_timeout;
385
386 uint32_t refresh_expired_interval;
387 uint32_t subdomain_refresh_interval;
388 uint32_t cached_auth_timeout;
389
390 int pwd_expiration_warning;
391
392 struct sysdb_ctx *sysdb;
393 struct sss_names_ctx *names;
394
395 struct sss_domain_info *parent;
396 struct sss_domain_info *subdomains;
397 char *realm;
398 char *flat_name;
399 char *domain_id;
400 uint32_t trust_direction;
401 struct timeval subdomains_last_checked;
402
403 bool has_views;
404 const char *view_name;
405
406 struct sss_domain_info *prev;
407 struct sss_domain_info *next;
408
409 enum sss_domain_state state;
410 bool fallback_to_nss;
411 char **sd_inherit;
412
413 /* Do not use the forest pointer directly in new code, but rather the
414 * forest_root pointer. sss_domain_info will be more opaque in the future
415 */
416 char *forest;
417 struct sss_domain_info *forest_root;
418 const char **upn_suffixes;
419
420 struct certmap_info **certmaps;
421 bool user_name_hint;
422
423 /* Do not use the _output_fqnames property directly in new code, but rather
424 * use sss_domain_info_{get,set}_output_fqnames(). */
425 bool output_fqnames;
426
427 /* Hostname associated with this domain. */
428 const char *hostname;
429
430 /* Keytab used by this domain. */
431 const char *krb5_keytab;
432
433 /* List of PAM services that are allowed to authenticate with GSSAPI. */
434 char **gssapi_services;
435 char *gssapi_check_upn; /* true | false | NULL */
436 /* List of indicators associated with the specific PAM service */
437 char **gssapi_indicators_map;
438
439 /* Counts how often the domain was not found during a refresh of the
440 * domain list */
441 size_t not_found_counter;
442};
443
456int confdb_init(TALLOC_CTX *mem_ctx,
457 struct confdb_ctx **cdb_ctx,
458 const char *confdb_location);
459
472int confdb_get_domain(struct confdb_ctx *cdb,
473 const char *name,
474 struct sss_domain_info **domain);
475
486int confdb_get_domains(struct confdb_ctx *cdb,
487 struct sss_domain_info **domains);
488
489int confdb_expand_app_domains(struct confdb_ctx *cdb);
490
503int confdb_list_all_domain_names(TALLOC_CTX *mem_ctx,
504 struct confdb_ctx *cdb,
505 char ***_names);
506
507
533int confdb_add_param(struct confdb_ctx *cdb,
534 bool replace,
535 const char *section,
536 const char *attribute,
537 const char **values);
538
558int confdb_get_param(struct confdb_ctx *cdb,
559 TALLOC_CTX *mem_ctx,
560 const char *section,
561 const char *attribute,
562 char ***values);
563
586int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
587 const char *section, const char *attribute,
588 const char *defstr, char **result);
589
613int confdb_get_int(struct confdb_ctx *cdb,
614 const char *section, const char *attribute,
615 int defval, int *result);
616
641int confdb_get_bool(struct confdb_ctx *cdb,
642 const char *section, const char *attribute,
643 bool defval, bool *result);
644
662int confdb_set_string(struct confdb_ctx *cdb,
663 const char *section,
664 const char *attribute,
665 const char *val);
666
693int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
694 const char *section, const char *attribute,
695 char ***result);
696
717int confdb_get_sub_sections(TALLOC_CTX *mem_ctx,
718 struct confdb_ctx *cdb,
719 const char *section,
720 char ***sections,
721 int *num_sections);
722
734int confdb_certmap_to_sysdb(struct confdb_ctx *cdb,
735 struct sss_domain_info *dom);
736
740#endif
int confdb_get_sub_sections(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *section, char ***sections, int *num_sections)
Convenience function to retrieve a list of subsections given a configuration section name.
int confdb_get_domain(struct confdb_ctx *cdb, const char *name, struct sss_domain_info **domain)
Get a domain object for the named domain.
int confdb_get_param(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx, const char *section, const char *attribute, char ***values)
Retrieve all values for an attribute.
int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, const char *defstr, char **result)
Convenience function to retrieve a single-valued attribute as a string.
int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, char ***result)
Convenience function to retrieve a single-valued attribute as a null-terminated array of strings.
int confdb_init(TALLOC_CTX *mem_ctx, struct confdb_ctx **cdb_ctx, const char *confdb_location)
Initialize the connection to the ConfDB.
int confdb_get_domains(struct confdb_ctx *cdb, struct sss_domain_info **domains)
Get a null-terminated linked-list of active domain objects.
int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, struct sss_domain_info *dom)
Convenience function to write the certificate mapping and matching rules from the configuration datab...
int confdb_set_string(struct confdb_ctx *cdb, const char *section, const char *attribute, const char *val)
Convenience function to set a single-valued attribute as a string.
int confdb_get_int(struct confdb_ctx *cdb, const char *section, const char *attribute, int defval, int *result)
Convenience function to retrieve a single-valued attribute as an integer.
sss_domain_type
Whether the domain only supports looking up POSIX entries.
Definition: confdb.h:327
int confdb_add_param(struct confdb_ctx *cdb, bool replace, const char *section, const char *attribute, const char **values)
Add an arbitrary parameter to the confdb.
int confdb_get_bool(struct confdb_ctx *cdb, const char *section, const char *attribute, bool defval, bool *result)
Convenience function to retrieve a single-valued attribute as a boolean.
sss_domain_state
sssd domain state
Definition: confdb.h:306
int confdb_list_all_domain_names(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, char ***_names)
Get a null-terminated linked-list of all domain names.
@ DOM_TYPE_POSIX
This is the default domain type.
Definition: confdb.h:331
@ DOM_TYPE_APPLICATION
In this mode, entries are typically resolved only by name.
Definition: confdb.h:333
@ DOM_DISABLED
Domain was removed, should not be used be neither responders not providers.
Definition: confdb.h:314
@ DOM_ACTIVE
Domain is usable by both responders and providers.
Definition: confdb.h:310
@ DOM_INCONSISTENT
Domain is being updated.
Definition: confdb.h:323
@ DOM_INACTIVE
Domain cannot be contacted.
Definition: confdb.h:319
Data structure storing all of the basic features of a domain.
Definition: confdb.h:347