confdb: Add UsrEtc support

scabrero · scabrero · commit 36cc0f7eff0f · 2026-03-26T12:36:15.000+01:00
Vendor provided configuration is installed in /usr/etc/sssd/sssd.conf. Users can override it creating /etc/sssd/sssd.conf, or override defaults dropping config snippets to /etc/sssd/conf.d/ Doc: https://en.opensuse.org/openSUSE:Packaging_UsrEtc Doc: https://github.com/uapi-group/specifications/blob/main/specs/configuration_files_specification.md Signed-off-by: Samuel Cabrero <scabrero@suse.com>
diff --git a/Makefile.am b/Makefile.am
@@ -1292,6 +1292,7 @@ libsss_util_la_SOURCES = \
     src/util/sss_chain_id.c \
     src/util/sss_time.c \
     src/util/sss_prctl.c \
+    src/util/sss_config.c \
     $(NULL)
 libsss_util_la_CFLAGS = \
     $(AM_CFLAGS) \
diff --git a/configure.ac b/configure.ac
@@ -201,6 +201,7 @@ WITH_TMPFILES_DIR
 WITH_UDEV_RULES_DIR
 WITH_SYSTEMD_SYSUSERS_DIR
 WITH_LDB_MODULES_PATH
+WITH_VENDOR_DIR
 
 m4_include([src/external/pkg.m4])
 m4_include([src/external/libpopt.m4])
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
@@ -963,3 +963,16 @@ AS_IF([test x$enable_gss_spnego_for_zero_maxssf = xyes],
                          [whether to use GSS-SPNEGO if maxssf is 0 (zero)]))
 
 AC_DEFINE_UNQUOTED(KRB5_KDC_RUNDIR, RUNDIR "/krb5kdc", [Path to KRB5 KDC run directory])
+
+AC_DEFUN([WITH_VENDOR_DIR],
+  [ AC_ARG_WITH([vendordir],
+                  [AS_HELP_STRING([--with-vendordir=DIR],
+                                  [Directory for distribution provided configuration files])],
+                  [vendordir=$withval],
+                  [with_vendordir=no])
+    AS_IF([test x"$with_vendordir" != xno],
+          [
+            AC_DEFINE([USE_VENDORDIR], 1, [whether to use distribution provided configuration files]),
+            AC_DEFINE_UNQUOTED([SSSD_VENDOR_DIR], "$with_vendordir", [Directory for distribution provided configuration files])
+          ])
+  ])
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
@@ -47,6 +47,9 @@
 #define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
 #define SSSD_MIN_ID 1
 #define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
+#if defined(USE_VENDORDIR)
+#define SSSD_VENDOR_CONFIG_FILE SSSD_VENDOR_DIR"/"SSSD_CONFIG_FILE_NAME
+#endif
 
 /* Configuration options */
 
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
@@ -1724,7 +1724,7 @@ int main(int argc, const char *argv[])
     int opt_version = 0;
     char *opt_config_file = NULL;
     const char *opt_logger = NULL;
-    char *config_file = NULL;
+    const char *config_file = NULL;
     int flags = FLAGS_NO_WATCHDOG;
     struct main_context *main_ctx;
     TALLOC_CTX *tmp_ctx;
@@ -1812,7 +1812,7 @@ int main(int argc, const char *argv[])
     if (opt_config_file) {
         config_file = talloc_strdup(tmp_ctx, opt_config_file);
     } else {
-        config_file = talloc_strdup(tmp_ctx, SSSD_CONFIG_FILE);
+        config_file = sss_get_default_config_file(tmp_ctx);
     }
     if (config_file == NULL) {
         ret = 2;
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
@@ -395,10 +395,14 @@ int main(int argc, const char *argv[])
     debug_log_file = "sssd_kcm";
     DEBUG_INIT(debug_level, opt_logger);
 
-     if (opt_config_file == NULL) {
-        config_file = SSSD_CONFIG_FILE;
+    if (opt_config_file) {
+        config_file = talloc_strdup(tmp_ctx, opt_config_file);
     } else {
-        config_file = opt_config_file;
+        config_file = sss_get_default_config_file(tmp_ctx);
+    }
+    if (config_file == NULL) {
+        TALLOC_FREE(tmp_ctx);
+        return 2;
     }
 
    /* Parse config file, fail if cannot be done */
diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
@@ -45,6 +45,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
     TALLOC_CTX *tmp_ctx = NULL;
     const char *config_path = NULL;
     const char *config_snippet_path = NULL;
+    const char *config_file = NULL;
     struct poptOption long_options[] = {
         SSSD_CONFIG_OPTS(config_path)
         {"snippet", 's', POPT_ARG_STRING, &config_snippet_path,
@@ -69,20 +70,26 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
         goto done;
     }
 
-    if (config_path == NULL) {
-        config_path = SSSD_CONFIG_FILE;
+    if (config_path) {
+        config_file = talloc_strdup(tmp_ctx, config_path);
+    } else {
+        config_file = sss_get_default_config_file(tmp_ctx);
+    }
+    if (config_file == NULL) {
+        ret = ENOMEM;
+        goto done;
     }
 
     if (config_snippet_path == NULL) {
         config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
     }
 
     ret = sss_ini_read_sssd_conf(init_data,
-                                 config_path,
+                                 config_file,
                                  config_snippet_path);
 
     if (ret == ERR_INI_EMPTY_CONFIG) {
-        PRINT("File %1$s does not exist.\n", config_path);
+        PRINT("File %1$s does not exist.\n", config_file);
         PRINT("There is no configuration.\n");
         ret = ERR_INI_OPEN_FAILED;
         goto done;
diff --git a/src/util/sss_config.c b/src/util/sss_config.c
@@ -0,0 +1,54 @@
+/*
+    SSSD
+
+    sss_config.c
+
+    Authors:
+        Samuel Cabrero <scabrero@suse.com>
+
+    Copyright (C) 2026 SUSE LINUX GmbH, Nuernberg, Germany.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/util.h"
+
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
+
+const char *sss_get_default_config_file(TALLOC_CTX *mem_ctx) {
+    char *config_file = NULL;
+#if defined(USE_VENDORDIR)
+    struct stat stats = {0};
+#endif /* USE_VENDORDIR */
+
+    config_file = talloc_strdup(mem_ctx, SSSD_CONFIG_FILE);
+    if (config_file == NULL) {
+        return NULL;
+    }
+
+#if defined(USE_VENDORDIR)
+    if (stat(config_file, &stats) < 0 && errno == ENOENT) {
+        TALLOC_FREE(config_file);
+        config_file = talloc_strdup(mem_ctx, SSSD_VENDOR_CONFIG_FILE);
+        if (config_file == NULL) {
+            return NULL;
+        }
+        DEBUG(SSSDBG_CONF_SETTINGS, "Using vendor config file %s\n", config_file);
+    }
+#endif /* USE_VENDORDIR */
+
+    return config_file;
+}
diff --git a/src/util/util.h b/src/util/util.h
@@ -866,4 +866,7 @@ errno_t sss_parse_dns_uri(TALLOC_CTX *ctx,
                           const char *uri,
                           struct sss_parsed_dns_uri **_parsed_uri);
 
+/* from sss_config.c */
+const char *sss_get_default_config_file(TALLOC_CTX *mem_ctx);
+
 #endif /* __SSSD_UTIL_H__ */
