File UsrEtc.patch of Package sssd
From 7e5cae0dc1ea66bb5bf2215f9d4dc663bff61864 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.com>
Date: Fri, 6 Mar 2026 13:57:05 +0100
Subject: [PATCH 1/3] sssctl: Add missing new line
Signed-off-by: Samuel Cabrero <scabrero@suse.com>
---
src/tools/sssctl/sssctl_config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
index b29cef2a5..3fe228b18 100644
--- a/src/tools/sssctl/sssctl_config.c
+++ b/src/tools/sssctl/sssctl_config.c
@@ -126,7 +126,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
SSSDDATADIR"/cfg_rules.ini",
&strs, &num_errors);
if (ret) {
- PRINT("Failed to run validators");
+ PRINT("Failed to run validators\n");
goto done;
}
--
2.53.0
From 49cb12b8e32fc0ad125ecaad8a7d9fdda6fb5567 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.com>
Date: Fri, 6 Mar 2026 13:58:07 +0100
Subject: [PATCH 2/3] sssctl: Use CONFDB_DEFAULT_CONFIG_DIR
Use same logic as the main daemon.
Signed-off-by: Samuel Cabrero <scabrero@suse.com>
---
src/tools/sssctl/sssctl_config.c | 30 +-----------------------------
1 file changed, 1 insertion(+), 29 deletions(-)
diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
index 3fe228b18..f792d5a47 100644
--- a/src/tools/sssctl/sssctl_config.c
+++ b/src/tools/sssctl/sssctl_config.c
@@ -31,29 +31,6 @@
#include "confdb/confdb.h"
-
-static char *sssctl_config_snippet_path(TALLOC_CTX *ctx, const char *path)
-{
- char *tmp = NULL;
- const char delimiter = '/';
- char *dpos = NULL;
-
- tmp = talloc_strdup(ctx, path);
- if (!tmp) {
- return NULL;
- }
-
- dpos = strrchr(tmp, delimiter);
- if (dpos != NULL) {
- ++dpos;
- *dpos = '\0';
- } else {
- *tmp = '\0';
- }
-
- return talloc_strdup_append(tmp, CONFDB_DEFAULT_CONFIG_DIR_NAME);
-}
-
errno_t sssctl_config_check(struct sss_cmdline *cmdline,
struct sss_tool_ctx *tool_ctx)
{
@@ -97,12 +74,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
}
if (config_snippet_path == NULL) {
- config_snippet_path = sssctl_config_snippet_path(tmp_ctx, config_path);
- if (config_snippet_path == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create snippet path\n");
- ret = ENOMEM;
- goto done;
- }
+ config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
}
ret = sss_ini_read_sssd_conf(init_data,
--
2.53.0
From 247eaa516342244a1ee3d577b154cb844a2a1456 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.com>
Date: Fri, 6 Mar 2026 13:53:47 +0100
Subject: [PATCH 3/3] confdb: Add UsrEtc support
Signed-off-by: Samuel Cabrero <scabrero@suse.com>
---
Makefile.am | 3 +++
configure.ac | 24 ++++++++++++++++++++++++
src/confdb/confdb.h | 1 +
src/monitor/monitor.c | 12 ++++++++++++
src/responder/kcm/kcm.c | 12 ++++++++++++
src/tools/sssctl/sssctl_config.c | 8 ++++++++
6 files changed, 60 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index 05e0baba9..16b4afd41 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -58,6 +58,7 @@ if BUILD_SAMBA
winbindplugindir = @winbindpluginpath@
endif
sssdconfdir = $(sysconfdir)/sssd
+sssdvendordir = $(vendordir)/sssd
sssddatadir = $(datadir)/sssd
sssdapiplugindir = $(sssddatadir)/sssd.api.d
sssdtapscriptdir = $(sssddatadir)/systemtap
@@ -558,6 +559,7 @@ AM_CPPFLAGS = \
-DSSSDDATADIR=\"$(sssddatadir)\" \
-DSSSD_LIBEXEC_PATH=\"$(sssdlibexecdir)\" \
-DSSSD_CONF_DIR=\"$(sssdconfdir)\" \
+ -DSSSD_VENDOR_DIR=\"$(sssdvendordir)\" \
-DSSS_NSS_MCACHE_DIR=\"$(mcpath)\" \
-DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \
-DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \
@@ -5296,6 +5298,7 @@ edit_cmd = $(SED) \
-e 's|@nss_socket_user_group[@]|$(nss_socket_user_group)|g' \
-e 's|@supplementary_groups[@]|$(supplementary_groups)|g' \
-e 's|@sssdconfdir[@]|$(sssdconfdir)|g' \
+ -e 's|@sssdvendordir[@]|$(sssdvendordir)|g' \
-e 's|@secdbpath[@]|$(secdbpath)|g' \
-e 's|@dbpath[@]|$(dbpath)|g' \
-e 's|@gpocachepath[@]|$(gpocachepath)|g'
diff --git a/configure.ac b/configure.ac
index 2b20174a2..b3cfaafd7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -542,6 +542,30 @@ AS_IF([test x$SETCAP == xfalse], [
AC_MSG_WARN([setcap missing, capabilities cannot be set during make install])
])
+AC_ARG_WITH([vendordir],
+ AS_HELP_STRING([--with-vendordir=DIR], [Directory for distribution provided configuration files]),
+ [
+ case $with_vendordir in
+ /*)
+ ;;
+ *)
+ AC_MSG_ERROR(You must specify an absolute path to --with-vendordir=DIR)
+ ;;
+ esac
+ vendordir="$with_vendordir"
+ ],
+ [ vendordir="/usr/etc" ])
+AC_DEFINE_UNQUOTED(VENDORDIR, ["$vendordir"], [Location of vendor configuration files])
+AC_SUBST(vendordir)
+
+AC_ARG_ENABLE([vendordir],
+ [AS_HELP_STRING([--enable-vendordir], [Enable support for distribution provided configuration files])],
+ [], [enable_vendordir=no])
+if test "$enable_vendordir" != no; then
+ AC_DEFINE(USE_VENDORDIR, 1, [Define if distribution provided configuration files should be used.])
+ AC_MSG_NOTICE([Used vendor dir: $VENDORDIR])
+fi
+
AC_PATH_PROG([DOXYGEN], [doxygen], [false])
AM_CONDITIONAL([HAVE_DOXYGEN], [test x$DOXYGEN != xfalse ])
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 15046a367..292643e0d 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -43,6 +43,7 @@
#define CONFDB_KCM_FILE "config_kcm.ldb"
#define SSSD_CONFIG_FILE_NAME "sssd.conf"
#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
+#define SSSD_VENDOR_CONFIG_FILE SSSD_VENDOR_DIR"/"SSSD_CONFIG_FILE_NAME
#define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
#define SSSD_MIN_ID 1
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 5f0a76e99..cd81686b0 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -46,6 +46,10 @@
#include <systemd/sd-daemon.h>
#endif
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
+
#define MONITOR_VERSION 0x0001
/* TODO: get the restart related values from config */
@@ -1812,7 +1816,15 @@ int main(int argc, const char *argv[])
if (opt_config_file) {
config_file = talloc_strdup(tmp_ctx, opt_config_file);
} else {
+#ifdef USE_VENDORDIR
+ struct stat stats = { 0 } ;
+#endif /* USE_VENDORDIR */
config_file = talloc_strdup(tmp_ctx, SSSD_CONFIG_FILE);
+#ifdef USE_VENDORDIR
+ if (stat(config_file, &stats) < 0 && errno == ENOENT) {
+ config_file = talloc_strdup(tmp_ctx, SSSD_VENDOR_CONFIG_FILE);
+ }
+#endif /* USE_VENDORDIR */
}
if (config_file == NULL) {
ret = 2;
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
index 8fd1af59c..eba0ee947 100644
--- a/src/responder/kcm/kcm.c
+++ b/src/responder/kcm/kcm.c
@@ -32,6 +32,10 @@
#include "util/util.h"
#include "util/sss_krb5.h"
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
+
#define DEFAULT_KCM_FD_LIMIT 2048
#define DEFAULT_KCM_CLI_IDLE_TIMEOUT 300
@@ -396,7 +400,15 @@ int main(int argc, const char *argv[])
DEBUG_INIT(debug_level, opt_logger);
if (opt_config_file == NULL) {
+#ifdef USE_VENDORDIR
+ struct stat stats = { 0 } ;
+#endif /* USE_VENDORDIR */
config_file = SSSD_CONFIG_FILE;
+#ifdef USE_VENDORDIR
+ if (stat(config_file, &stats) < 0 && errno == ENOENT) {
+ config_file = SSSD_VENDOR_CONFIG_FILE;
+ }
+#endif /* USE_VENDORDIR */
} else {
config_file = opt_config_file;
}
diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
index f792d5a47..22affaccf 100644
--- a/src/tools/sssctl/sssctl_config.c
+++ b/src/tools/sssctl/sssctl_config.c
@@ -70,7 +70,15 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
}
if (config_path == NULL) {
+#ifdef USE_VENDORDIR
+ struct stat stats = { 0 } ;
+#endif /* USE_VENDORDIR */
config_path = SSSD_CONFIG_FILE;
+#ifdef USE_VENDORDIR
+ if (stat(config_path, &stats) < 0 && errno == ENOENT) {
+ config_path = SSSD_VENDOR_CONFIG_FILE;
+ }
+#endif /* USE_VENDORDIR */
}
if (config_snippet_path == NULL) {
--
2.53.0
