From 157250faaf48514f1580c3de4abb224c190d243b Mon Sep 17 00:00:00 2001

From: Michal Zidek <mzidek@redhat.com>

Date: Thu, 9 Oct 2014 17:25:34 +0200

Subject: [PATCH 37/46] PAM: Run pam responder as nonroot

Reviewed-by: Pavel Reichl <preichl@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 4e1892cdfcc5300d6632200c38ba67f2783d15f2)

---

 src/monitor/monitor.c      | 3 ++-

 src/responder/pam/pamsrv.c | 2 +-

 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c

index 297648a60836cec1bd95c0a2972c8d14be32675a..2f622e571478b2a71ef29ed518ca3b80c077b766 100644

--- a/src/monitor/monitor.c

+++ b/src/monitor/monitor.c

@@ -1062,7 +1062,8 @@ static errno_t get_ping_config(struct mt_ctx *ctx, const char *path,

  */

 static bool svc_supported_as_nonroot(const char *svc_name)

 {

-    if (strcmp(svc_name, "nss") == 0) {

+    if ((strcmp(svc_name, "nss") == 0)

+        || (strcmp(svc_name, "pam") == 0)) {

         return true;

     }

     return false;

diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c

index d3cf0c770ad2978e101f40453137ade8d826b8e1..c7e3c20b2731efb9393bc820ab09486c48e0a9ea 100644

--- a/src/responder/pam/pamsrv.c

+++ b/src/responder/pam/pamsrv.c

@@ -368,7 +368,7 @@ int main(int argc, const char *argv[])

         return 2;

     }

-    ret = server_setup("sssd[pam]", 0, 0, 0, CONFDB_PAM_CONF_ENTRY, &main_ctx);

+    ret = server_setup("sssd[pam]", 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);

     if (ret != EOK) return 2;

     ret = die_if_parent_died();

-- 

1.9.3