From 0686ce29cadb7875638d5f782199ea4bb186dee3 Mon Sep 17 00:00:00 2001

From: Petr Cech <pcech@redhat.com>

Date: Tue, 12 Jul 2016 16:14:04 +0200

Subject: [PATCH 16/18] PROVIDERS: Setting right {u,g}id if unprivileged

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

be_ctx had talloc_zero() initialized uid and gid which was used

in function dp_init(). Therefore back-end was every time started as root

and therefore non-root responders could not communicate with back-end

due to wrong permission of unix sockets.

This patch sets right uid and gid to data-providers if sssd runs

as non-root user.

Resolves:

https://fedorahosted.org/sssd/ticket/3077

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

(cherry picked from commit 75dead699a19dda7d8dfca89e2f97efbf0c264a2)

---

 src/providers/data_provider_be.c | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c

index 78efed851b2bf053ba890caa05e655431996892a..2ae713054429e789c1ba79c1f5e7a3889af3b291 100644

--- a/src/providers/data_provider_be.c

+++ b/src/providers/data_provider_be.c

@@ -386,6 +386,8 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,

     be_ctx->ev = ev;

     be_ctx->cdb = cdb;

+    be_ctx->uid = uid;

+    be_ctx->gid = gid;

     be_ctx->identity = talloc_asprintf(be_ctx, "%%BE_%s", be_domain);

     be_ctx->conf_path = talloc_asprintf(be_ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain);

     if (be_ctx->identity == NULL || be_ctx->conf_path == NULL) {

-- 

2.4.11