From 76d0ab2784d341e5204d63ddebcfec2012f01016 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Wed, 22 Jun 2016 19:11:42 +0200
Subject: [PATCH 1/2] confdb: Check for config file errors on sssd startup

Resolves:
https://fedorahosted.org/sssd/ticket/2028

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
---
 src/confdb/confdb.c       |  2 +-
 src/confdb/confdb.h       |  2 +-
 src/confdb/confdb_setup.c |  9 ++++++++-
 src/util/sss_ini.c        | 49 +++++++++++++++++++++++++++++++++++++++++++++--
 src/util/sss_ini.h        |  4 ++++
 5 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index d409344890c869aa3e7b2dbb49c0f51cd3a20adc..b99c6cf403ffc638b5292036e6111b6579e324fc 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1,7 +1,7 @@
 /*
    SSSD
 
-   NSS Configuratoin DB
+   SSSD Configuration DB
 
    Copyright (C) Simo Sorce <ssorce@redhat.com>	2008
 
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 2cd75b9e8b7d81261774303ad48fcec4112e3ae4..eb5764c2e56f1ad0d22998eaf089ee57d7e83101 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -1,7 +1,7 @@
 /*
    SSSD
 
-   NSS Configuratoin DB
+   SSSD Configuration DB
 
    Copyright (C) Simo Sorce <ssorce@redhat.com>	2008
 
diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c
index b17a34b1213b0ebeeea5719c78ea1db8d5fabfd6..e3d1fc54da4fc8a666b456b88c091309db2bf969 100644
--- a/src/confdb/confdb_setup.c
+++ b/src/confdb/confdb_setup.c
@@ -141,7 +141,6 @@ int confdb_init_db(const char *config_file, const char *config_dir,
     struct ldb_ldif *ldif;
     struct sss_ini_initdata *init_data;
 
-
     tmp_ctx = talloc_new(cdb);
     if (tmp_ctx == NULL) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n");
@@ -217,6 +216,14 @@ int confdb_init_db(const char *config_file, const char *config_dir,
         goto done;
     }
 
+    /* FIXME: Do not hardcode the path */
+    ret = sss_ini_call_validators(init_data,
+                                  "/var/lib/sss/cfg_rules.ini");
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to call validators\n");
+        /* This is not fatal, continue */
+    }
+
     /* Make sure that the config file version matches the confdb version */
     ret = sss_ini_get_cfgobj(init_data, "sssd", "config_file_version");
     if (ret != EOK) {
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
index 2d786df94fe09601bd4b1d3d1fa145739f30ef39..0b6691bece541417e196612f204be091e0c5fa2b 100644
--- a/src/util/sss_ini.c
+++ b/src/util/sss_ini.c
@@ -60,8 +60,6 @@ struct sss_ini_initdata {
 #define sss_ini_get_const_string_config_value  ini_get_const_string_config_value
 #define sss_ini_get_config_obj                 ini_get_config_valueobj
 
-
-
 #else
 
 struct sss_ini_initdata {
@@ -527,3 +525,50 @@ error:
     talloc_free(ldif);
     return ret;
 }
+
+int sss_ini_call_validators(struct sss_ini_initdata *data,
+                            const char *rules_path)
+{
+#ifdef HAVE_LIBINI_CONFIG_V1_3
+    int ret;
+    struct ini_cfgobj *rules_cfgobj = NULL;
+    struct ini_errobj *errobj = NULL;
+
+    ret = ini_errobj_create(&errobj);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to create error list\n");
+        goto done;
+    }
+
+    ret = ini_rules_read_from_file(rules_path, &rules_cfgobj);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Failed to read sssd.conf schema %d [%s]\n", ret, strerror(ret));
+        goto done;
+    }
+
+    ret = ini_rules_check(rules_cfgobj, data->sssd_config, NULL, errobj);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "ini_rules_check failed %d [%s]\n", ret, strerror(ret));
+        goto done;
+    }
+
+    /* Do not error out when validators find some issue */
+    while (!ini_errobj_no_more_msgs(errobj)) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "%s\n", ini_errobj_get_msg(errobj));
+        ini_errobj_next(errobj);
+    }
+
+done:
+    if (rules_cfgobj) ini_config_destroy(rules_cfgobj);
+    ini_errobj_destroy(&errobj);
+
+    return ret;
+#else
+    DEBUG(SSSDBG_TRACE_FUNC,
+          "libini_config does not support configuration file validataion\n");
+    return EOK;
+#endif /* HAVE_LIBINI_CONFIG_V1_3 */
+}
diff --git a/src/util/sss_ini.h b/src/util/sss_ini.h
index f5b36deb9cacfecbd68dd2a4d37a4398ce280c3c..7734bab3ce612fe97864ba17493ee200712884fc 100644
--- a/src/util/sss_ini.h
+++ b/src/util/sss_ini.h
@@ -79,4 +79,8 @@ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx,
                            struct sss_ini_initdata *init_data,
                            const char **config_ldif);
 
+/* Validate sssd.conf if libini_config support it */
+int sss_ini_call_validators(struct sss_ini_initdata *data,
+                            const char *rules_path);
+
 #endif /* __SSS_INI_H__ */
-- 
2.7.4