From 48db24e8e576c2bde0acdf41c4228fc2a29b4db4 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Fri, 17 Oct 2014 18:14:53 +0200

Subject: [PATCH 41/46] SSH: Run the ssh responder as the SSSD user

Reviewed-by: Pavel Reichl <preichl@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 76c8dafad2a18cf1514635aa766062085c23a5c8)

---

 src/monitor/monitor.c      | 3 ++-

 src/responder/ssh/sshsrv.c | 3 ++-

 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c

index d09aeba9033ff1460f9d4a6c51f35edbf2e67fa6..0dea327213a1ad04b6f69c0ffb0fb87254420796 100644

--- a/src/monitor/monitor.c

+++ b/src/monitor/monitor.c

@@ -1066,7 +1066,8 @@ static bool svc_supported_as_nonroot(const char *svc_name)

         || (strcmp(svc_name, "pam") == 0)

         || (strcmp(svc_name, "autofs") == 0)

         || (strcmp(svc_name, "pac") == 0)

-        || (strcmp(svc_name, "sudo") == 0)) {

+        || (strcmp(svc_name, "sudo") == 0)

+        || (strcmp(svc_name, "ssh") == 0)) {

         return true;

     }

     return false;

diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c

index b154ee1baa16de68f642d2e967b8e7c873c8d4e7..b1969b49de8579f0136c3afa78eb16d68c81ee4e 100644

--- a/src/responder/ssh/sshsrv.c

+++ b/src/responder/ssh/sshsrv.c

@@ -215,7 +215,8 @@ int main(int argc, const char *argv[])

     /* set up things like debug, signals, daemonization, etc... */

     debug_log_file = "sssd_ssh";

-    ret = server_setup("sssd[ssh]", 0, 0, 0, CONFDB_SSH_CONF_ENTRY, &main_ctx);

+    ret = server_setup("sssd[ssh]", 0, uid, gid,

+                       CONFDB_SSH_CONF_ENTRY, &main_ctx);

     if (ret != EOK) {

         return 2;

     }

-- 

1.9.3