On 07/01/2016 05:35 PM, Lukas Slebodnik wrote:
On (01/07/16 17:26), Michal Židek wrote:
Hello!
This patch adds new command config-check
for sssctl tool. The output looks like this:
Issues identified by validators: 3
[rule/allowed_sections]: Section [SectionFOO] is not allowed. Check for
typos.
[rule/allowed_sssd_options]: Attribute 'unlknowww' is not allowed in section
'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'unknown_option' is not allowed in
section 'sssd'. Check for typos.
Messages generated during configuration merging: 4
File conf.dd did not match provided patterns. Skipping.
Errors detected while parsing: /etc/sssd/conf.d/snip-bad.conf.
Error (5) on line 5: Equal sign is missing.
Due to errors file /etc/sssd/conf.d/snip-bad.conf is not considered.
Skipping.
Used configuration snippet files: 1
/etc/sssd/conf.d/snip-good.conf
Currently it can only be used by root and checks only
configuration in default path.
Michal
From 864091da5010b75d9c38e87ab3be467b8bc6f8f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Fri, 1 Jul 2016 15:10:30 +0200
Subject: [PATCH 1/4] sss_ini: Small refacoring of sss_ini_call_validators
Separate logic to fill errobj so that
the errors can be printed by the caller.
---
src/util/sss_ini.c | 49 ++++++++++++++++++++++++++++++++++++-------------
src/util/sss_ini.h | 12 ++++++++++++
2 files changed, 48 insertions(+), 13 deletions(-)
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
index b4dbb07..78f5490 100644
--- a/src/util/sss_ini.c
+++ b/src/util/sss_ini.c
@@ -549,7 +549,6 @@ int sss_ini_call_validators(struct sss_ini_initdata *data,
{
#ifdef HAVE_LIBINI_CONFIG_V1_3
int ret;
- struct ini_cfgobj *rules_cfgobj = NULL;
struct ini_errobj *errobj = NULL;
ret = ini_errobj_create(&errobj);
@@ -558,17 +557,12 @@ int sss_ini_call_validators(struct sss_ini_initdata *data,
goto done;
}
- ret = ini_rules_read_from_file(rules_path, &rules_cfgobj);
+ ret = sss_ini_call_validators_errobj(data,
+ rules_path,
+ errobj);
if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "Failed to read sssd.conf schema %d [%s]\n", ret, strerror(ret));
- goto done;
- }
-
- ret = ini_rules_check(rules_cfgobj, data->sssd_config, NULL, errobj);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- "ini_rules_check failed %d [%s]\n", ret, strerror(ret));
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get errors from validators.\n");
goto done;
}
@@ -579,10 +573,10 @@ int sss_ini_call_validators(struct sss_ini_initdata *data,
ini_errobj_next(errobj);
}
+ ret = EOK;
+
done:
- if (rules_cfgobj) ini_config_destroy(rules_cfgobj);
ini_errobj_destroy(&errobj);
-
return ret;
#else
DEBUG(SSSDBG_TRACE_FUNC,
@@ -590,3 +584,32 @@ done:
return EOK;
#endif /* HAVE_LIBINI_CONFIG_V1_3 */
}
+
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+int sss_ini_call_validators_errobj(struct sss_ini_initdata *data,
+ const char *rules_path,
+ struct ini_errobj *errobj)
+{
+ int ret;
+ struct ini_cfgobj *rules_cfgobj = NULL;
+
+ ret = ini_rules_read_from_file(rules_path, &rules_cfgobj);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to read sssd.conf schema %d [%s]\n", ret, strerror(ret));
+ goto done;
+ }
+
+ ret = ini_rules_check(rules_cfgobj, data->sssd_config, NULL, errobj);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "ini_rules_check failed %d [%s]\n", ret, strerror(ret));
+ goto done;
+ }
+
+done:
+ if (rules_cfgobj) ini_config_destroy(rules_cfgobj);
+
+ return ret;
+}
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
diff --git a/src/util/sss_ini.h b/src/util/sss_ini.h
index 7734bab..77943d6 100644
--- a/src/util/sss_ini.h
+++ b/src/util/sss_ini.h
@@ -27,6 +27,10 @@
#ifndef __SSS_INI_H__
#define __SSS_INI_H__
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+#include <ini_configobj.h>
+#endif
+
/* Structure declarations */
/* INI data structure */
@@ -83,4 +87,12 @@ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx,
int sss_ini_call_validators(struct sss_ini_initdata *data,
const char *rules_path);
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+/* Get errors from validators with ini_errobj */
+int sss_ini_call_validators_errobj(struct sss_ini_initdata *data,
+ const char *rules_path,
+ struct ini_errobj *errobj);
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+
NACK
src/util/sss_ini.h must not contain conditional build.
That's the putpose of implementation file.
Header file shoudl contain just a prototypes
becuase there might be missing prototypes if you forgot
include "config.h" before this header file.
LS
Ok,
I did some refactoring so that the errobj is not
used as parameter to the functions to avoid the
conditions in .h file.
See the attached patches.
I also pushed it to CI:
http://sssd-ci.idm.lab.eng.brq.redhat.com:8080/job/ci/4722/
Michal
>From 7d1e419d5ab4c6060dabb21aba22e5888b601068 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Fri, 1 Jul 2016 15:10:30 +0200
Subject: [PATCH 1/2] sss_ini: Small refacoring of sss_ini_call_validators
Separate logic to fill errobj so that
the errors can be printed by the caller.
---
src/util/sss_ini.c | 142 ++++++++++++++++++++++++++++++++++++++++++++++++-----
src/util/sss_ini.h | 15 ++++++
2 files changed, 146 insertions(+), 11 deletions(-)
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
index 4438f8c..4b032b0 100644
--- a/src/util/sss_ini.c
+++ b/src/util/sss_ini.c
@@ -332,7 +332,25 @@ int sss_ini_get_config(struct sss_ini_initdata *init_data,
#endif
}
+struct ref_array *
+sss_ini_get_ra_success_list(struct sss_ini_initdata *init_data)
+{
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+ return init_data->ra_success_list;
+#else
+ return NULL;
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+}
+struct ref_array *
+sss_ini_get_ra_error_list(struct sss_ini_initdata *init_data)
+{
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+ return init_data->ra_error_list;
+#else
+ return NULL;
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+}
/* Get configuration object */
@@ -544,19 +562,13 @@ error:
return ret;
}
-int sss_ini_call_validators(struct sss_ini_initdata *data,
- const char *rules_path)
-{
#ifdef HAVE_LIBINI_CONFIG_V1_3
+static int sss_ini_call_validators_errobj(struct sss_ini_initdata *data,
+ const char *rules_path,
+ struct ini_errobj *errobj)
+{
int ret;
struct ini_cfgobj *rules_cfgobj = NULL;
- struct ini_errobj *errobj = NULL;
-
- ret = ini_errobj_create(&errobj);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to create error list\n");
- goto done;
- }
ret = ini_rules_read_from_file(rules_path, &rules_cfgobj);
if (ret != EOK) {
@@ -572,6 +584,35 @@ int sss_ini_call_validators(struct sss_ini_initdata *data,
goto done;
}
+done:
+ if (rules_cfgobj) ini_config_destroy(rules_cfgobj);
+
+ return ret;
+}
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+
+int sss_ini_call_validators(struct sss_ini_initdata *data,
+ const char *rules_path)
+{
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+ int ret;
+ struct ini_errobj *errobj = NULL;
+
+ ret = ini_errobj_create(&errobj);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to create error list\n");
+ goto done;
+ }
+
+ ret = sss_ini_call_validators_errobj(data,
+ rules_path,
+ errobj);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to get errors from validators.\n");
+ goto done;
+ }
+
/* Do not error out when validators find some issue */
while (!ini_errobj_no_more_msgs(errobj)) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -579,14 +620,93 @@ int sss_ini_call_validators(struct sss_ini_initdata *data,
ini_errobj_next(errobj);
}
+ ret = EOK;
+
done:
- if (rules_cfgobj) ini_config_destroy(rules_cfgobj);
+ ini_errobj_destroy(&errobj);
+ return ret;
+#else
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "libini_config does not support configuration file validataion\n");
+ return EOK;
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+}
+
+int sss_ini_call_validators_strs(TALLOC_CTX *mem_ctx,
+ struct sss_ini_initdata *data,
+ const char *rules_path,
+ char ***_errors,
+ size_t *_num_errors)
+{
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+ TALLOC_CTX *tmp_ctx = NULL;
+ struct ini_errobj *errobj = NULL;
+ int ret;
+ size_t num_errors;
+ char **errors = NULL;
+
+ if (_num_errors == NULL || _errors == NULL) {
+ return EINVAL;
+ }
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ ret = ini_errobj_create(&errobj);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ ret = sss_ini_call_validators_errobj(data,
+ rules_path,
+ errobj);
+ if (ret != EOK) {
+ goto done;
+ }
+ num_errors = ini_errobj_count(errobj);
+ if (num_errors == 0) {
+ *_num_errors = num_errors;
+ goto done;
+ }
+
+ errors = talloc_array(tmp_ctx, char *, num_errors);
+ if (errors == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ for (int i = 0; i < num_errors; i++) {
+ errors[i] = talloc_strdup(errors, ini_errobj_get_msg(errobj));
+ if (errors[i] == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ini_errobj_next(errobj);
+ }
+
+ *_num_errors = num_errors;
+ *_errors = talloc_steal(mem_ctx, errors);
+
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
ini_errobj_destroy(&errobj);
return ret;
+
#else
DEBUG(SSSDBG_TRACE_FUNC,
"libini_config does not support configuration file validataion\n");
+
+ if (_num_errors == NULL || _errors == NULL) {
+ return EINVAL;
+ }
+
+ _num_errors = 0;
return EOK;
#endif /* HAVE_LIBINI_CONFIG_V1_3 */
}
diff --git a/src/util/sss_ini.h b/src/util/sss_ini.h
index 7734bab..77fbddc 100644
--- a/src/util/sss_ini.h
+++ b/src/util/sss_ini.h
@@ -83,4 +83,19 @@ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx,
int sss_ini_call_validators(struct sss_ini_initdata *data,
const char *rules_path);
+/* Get errors from validators in array of strings */
+int sss_ini_call_validators_strs(TALLOC_CTX *mem_ctx,
+ struct sss_ini_initdata *data,
+ const char *rules_path,
+ char ***_strs,
+ size_t *_num_errors);
+
+/* Get pointer to list of snippet parsing errors */
+struct ref_array *
+sss_ini_get_ra_error_list(struct sss_ini_initdata *init_data);
+
+/* Get pointer to list of successfuly merged snippet files */
+struct ref_array *
+sss_ini_get_ra_success_list(struct sss_ini_initdata *init_data);
+
#endif /* __SSS_INI_H__ */
--
2.5.0
>From f4748efdb64bca07ef7112f5486b070e49cf808b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Mon, 27 Jun 2016 17:33:14 +0200
Subject: [PATCH 2/2] sssctl: Add config-check command
Fixes:
https://fedorahosted.org/sssd/ticket/2269
sssctl sconfig-check command allows to
call SSSD config file validators on
demand.
---
Makefile.am | 1 +
src/tools/sssctl/sssctl.c | 2 +
src/tools/sssctl/sssctl.h | 4 ++
src/tools/sssctl/sssctl_config.c | 133 +++++++++++++++++++++++++++++++++++++++
src/util/sss_ini.c | 2 -
5 files changed, 140 insertions(+), 2 deletions(-)
create mode 100644 src/tools/sssctl/sssctl_config.c
diff --git a/Makefile.am b/Makefile.am
index 6224347..f5e6e03 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1566,6 +1566,7 @@ sssctl_SOURCES = \
src/tools/sssctl/sssctl_logs.c \
src/tools/sssctl/sssctl_domains.c \
src/tools/sssctl/sssctl_sifp.c \
+ src/tools/sssctl/sssctl_config.c \
$(SSSD_TOOLS_OBJ) \
$(NULL)
sssctl_LDADD = \
diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 58bbbf2..ce5c685 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -270,6 +270,8 @@ int main(int argc, const char **argv)
SSS_TOOL_DELIMITER("Log files tools:"),
SSS_TOOL_COMMAND("remove-logs", "Remove existing SSSD log files", sssctl_remove_logs),
SSS_TOOL_COMMAND("fetch-logs", "Archive SSSD log files in tarball", sssctl_fetch_logs),
+ SSS_TOOL_DELIMITER("Configuration files tools:"),
+ SSS_TOOL_COMMAND("config-check", "Perform static analysis of SSSD configuration", sssctl_config_check),
{NULL, NULL, NULL}
};
diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h
index 4bcc6de..0e83a5b 100644
--- a/src/tools/sssctl/sssctl.h
+++ b/src/tools/sssctl/sssctl.h
@@ -96,4 +96,8 @@ errno_t sssctl_netgroup(struct sss_cmdline *cmdline,
struct sss_tool_ctx *tool_ctx,
void *pvt);
+errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ struct sss_tool_ctx *tool_ctx,
+ void *pvt);
+
#endif /* _SSSCTL_H_ */
diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
new file mode 100644
index 0000000..06d11d6
--- /dev/null
+++ b/src/tools/sssctl/sssctl_config.c
@@ -0,0 +1,133 @@
+/*
+ Authors:
+ Michal Židek <mzi...@redhat.com>
+
+ Copyright (C) 2016 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+
+#include <popt.h>
+#include <stdio.h>
+#include <ini_configobj.h>
+
+#include "util/util.h"
+#include "util/sss_ini.h"
+#include "tools/common/sss_tools.h"
+#include "tools/common/sss_process.h"
+#include "tools/sssctl/sssctl.h"
+#include "confdb/confdb.h"
+
+errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ struct sss_tool_ctx *tool_ctx,
+ void *pvt)
+{
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+ errno_t ret;
+ struct ini_errobj *errobj = NULL;
+ struct sss_ini_initdata *init_data;
+ struct ref_array *ra;
+ char *msg;
+ uint32_t i = 0;
+ size_t num_errors;
+ char **strs = NULL;
+ TALLOC_CTX *tmp_ctx = NULL;
+
+ tmp_ctx = talloc_new(NULL);
+ init_data = sss_ini_initdata_init(tmp_ctx);
+ if (!init_data) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+
+ /* Open config file */
+ ret = sss_ini_config_file_open(init_data, SSSD_CONFIG_FILE);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "sss_ini_config_file_open failed: %s [%d]\n", strerror(ret),
+ ret);
+ goto done;
+ }
+
+ /* Check the file permissions */
+ ret = sss_ini_config_access_check(init_data);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Permission check on config file failed.\n");
+ ret = EPERM;
+ goto done;
+ }
+
+ ret = sss_ini_get_config(init_data,
+ SSSD_CONFIG_FILE,
+ CONFDB_DEFAULT_CONFIG_DIR);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to load configuration\n");
+ goto done;
+ }
+
+ /* Read rules */
+ ret = sss_ini_call_validators_strs(tmp_ctx, init_data,
+ SSSDDATADIR"/cfg_rules.ini",
+ &strs, &num_errors);
+ if (ret) {
+ goto done;
+ }
+
+ /* Output from validators */
+ printf(_("Issues identified by validators: %lu\n"), num_errors);
+ for (i = 0; i < num_errors; i ++) {
+ printf("%s\n", strs[i]);
+ }
+
+ /* Merging issues */
+ ra = sss_ini_get_ra_error_list(init_data);
+
+ printf("\n");
+ printf(_("Messages generated during configuration merging: %u\n"),
+ ref_array_len(ra));
+
+ i = 0;
+ while (ref_array_get(ra, i, &msg) != NULL) {
+ printf("%s\n", msg);
+ i++;
+ }
+
+ /* Used snippet files */
+ ra = sss_ini_get_ra_success_list(init_data);
+
+ printf("\n");
+ printf(_("Used configuration snippet files: %u\n"),
+ ref_array_len(ra));
+
+ i = 0;
+ while (ref_array_get(ra, i, &msg) != NULL) {
+ printf("%s\n", msg);
+ i++;
+ }
+
+ ret = EOK;
+
+done:
+ ini_errobj_destroy(&errobj);
+ sss_ini_config_destroy(init_data);
+ return ret;
+#else /* !HAVE_LIBINI_CONFIG_V1_3 */
+ ERROR("config-check command is not available\n");
+ return EOK;
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+}
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
index 4b032b0..d9bc46a 100644
--- a/src/util/sss_ini.c
+++ b/src/util/sss_ini.c
@@ -361,8 +361,6 @@ int sss_ini_get_cfgobj(struct sss_ini_initdata *init_data,
INI_GET_FIRST_VALUE, &init_data->obj);
}
-
-
/* Check configuration object */
int sss_ini_check_config_obj(struct sss_ini_initdata *init_data)
--
2.5.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
