dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 2b8bb71a6f17dd0348ae07f0488d3de76b791c7f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 7 Oct 2014 11:30:01 +0200
Subject: [PATCH 27/46] SBUS: Chown the sbus socket if needed

When setting up the sbus server, we might need to chown the sbus socket
to make sure non-root peers, running as the SSSD user are able to access
the file.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit 5960687483a5d3d99093c9d6ab64e11c9bde7f7b)
---
 src/monitor/monitor.c            |  6 +++++-
 src/providers/data_provider_be.c |  2 +-
 src/providers/proxy/proxy_init.c |  2 +-
 src/sbus/sbus_client.c           | 15 +++++++++++++--
 src/sbus/sssd_dbus.h             |  1 +
 src/sbus/sssd_dbus_server.c      | 18 ++++++++++++++++--
 src/tests/common_dbus.c          |  4 ++--
 7 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index df1cd5ca14c759f7aab98094a2b8ad35731c35e6..b6777784cd289e85c865fc16490d0287a63192a5 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -515,7 +515,11 @@ static int monitor_dbus_init(struct mt_ctx *ctx)
         return ret;
     }
 
-    ret = sbus_new_server(ctx, ctx->ev, monitor_address,
+    /* If a service is running as unprivileged user, we need to make sure this
+     * user can access the monitor sbus server. root is still king, so we don't
+     * lose any access.
+     */
+    ret = sbus_new_server(ctx, ctx->ev, monitor_address, ctx->uid, ctx->gid,
                           false, &ctx->sbus_srv, monitor_service_init, ctx);
 
     talloc_free(monitor_address);
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 18b50214b0795709d583d5891bf4f6fd220bcb11..122c5b091751b641f815ddff5c56ac99ace69939 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -2263,7 +2263,7 @@ static int be_srv_init(struct be_ctx *ctx)
         return ret;
     }
 
-    ret = sbus_new_server(ctx, ctx->ev, sbus_address,
+    ret = sbus_new_server(ctx, ctx->ev, sbus_address, 0, 0,
                           true, &ctx->sbus_srv, be_client_init, ctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index dd1b75826fbfc384dd37ba659a8653547cc35bcf..1e734511766f2c0f58cffc7d726a26ecfd6c9a27 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -522,7 +522,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
         goto done;
     }
 
-    ret = sbus_new_server(ctx, bectx->ev, sbus_address,
+    ret = sbus_new_server(ctx, bectx->ev, sbus_address, 0, 0,
                           false, &ctx->sbus_srv, proxy_client_init, ctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c
index 6cf5002dc2b8f3b85a3110298db8255b82172ddd..8ad4c0f36a929e341793cca61fe12808e14f6bc6 100644
--- a/src/sbus/sbus_client.c
+++ b/src/sbus/sbus_client.c
@@ -32,6 +32,8 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
     struct sbus_connection *conn = NULL;
     int ret;
     char *filename;
+    uid_t check_uid;
+    gid_t check_gid;
 
     /* Validate input */
     if (server_address == NULL) {
@@ -45,8 +47,17 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
         return EIO;
     }
 
-    ret = check_file(filename,
-                     0, 0, S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true);
+    check_uid = geteuid();
+    check_gid = getegid();
+
+    /* Ignore ownership checks when the server runs as root. This is the
+     * case when privileged monitor is setting up sockets for unprivileged
+     * responders */
+    if (check_uid == 0) check_uid = -1;
+    if (check_gid == 0) check_gid = -1;
+
+    ret = check_file(filename, check_uid, check_gid,
+                     S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename);
         return EIO;
diff --git a/src/sbus/sssd_dbus.h b/src/sbus/sssd_dbus.h
index 372521a3575f967b751c9e13a7d830d9c3b43584..d01926368ce0ae5312d8ea0057a89d9a7176836b 100644
--- a/src/sbus/sssd_dbus.h
+++ b/src/sbus/sssd_dbus.h
@@ -132,6 +132,7 @@ sbus_new_interface(TALLOC_CTX *mem_ctx,
 int sbus_new_server(TALLOC_CTX *mem_ctx,
                     struct tevent_context *ev,
                     const char *address,
+                    uid_t uid, gid_t gid,
                     bool use_symlink,
                     struct sbus_connection **server,
                     sbus_server_conn_init_fn init_fn, void *init_pvt_data);
diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c
index 3a7de8ff019160b2305516945740dfb6453d578b..18fb98df61f1740898f725cb0ae9924f5e2f7716 100644
--- a/src/sbus/sssd_dbus_server.c
+++ b/src/sbus/sssd_dbus_server.c
@@ -181,6 +181,7 @@ remove_socket_symlink(const char *symlink_name)
 int sbus_new_server(TALLOC_CTX *mem_ctx,
                     struct tevent_context *ev,
                     const char *address,
+                    uid_t uid, gid_t gid,
                     bool use_symlink,
                     struct sbus_connection **_server,
                     sbus_server_conn_init_fn init_fn,
@@ -260,9 +261,22 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
     if ((stat_buf.st_mode & ~S_IFMT) != (S_IRUSR|S_IWUSR)) {
         ret = chmod(filename, (S_IRUSR|S_IWUSR));
         if (ret != EOK) {
+            ret = errno;
             DEBUG(SSSDBG_CRIT_FAILURE,
-                  "chmod failed for [%s]: [%d][%s].\n", filename, errno,
-                                                         strerror(errno));
+                  "chmod failed for [%s]: [%d][%s].\n", filename, ret,
+                                                        sss_strerror(ret));
+            ret = EIO;
+            goto done;
+        }
+    }
+
+    if (stat_buf.st_uid != uid || stat_buf.st_gid != gid) {
+        ret = chown(filename, uid, gid);
+        if (ret != EOK) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "chown failed for [%s]: [%d][%s].\n", filename, ret,
+                                                        sss_strerror(ret));
             ret = EIO;
             goto done;
         }
diff --git a/src/tests/common_dbus.c b/src/tests/common_dbus.c
index 3117c080dc3106517bee933a458583f35b04fa63..1b0ae88dc05a1514938218e97a50e9ef7b54b193 100644
--- a/src/tests/common_dbus.c
+++ b/src/tests/common_dbus.c
@@ -112,8 +112,8 @@ mock_server_child(void *data)
     ctx = talloc_new(NULL);
     loop = tevent_context_init(ctx);
 
-    verify_eq (sbus_new_server(ctx, loop, mock->dbus_address, false,
-                               &server, on_accept_connection, mock), EOK);
+    verify_eq (sbus_new_server(ctx, loop, mock->dbus_address, geteuid(), getegid(),
+                               false, &server, on_accept_connection, mock), EOK);
 
     tevent_add_fd(loop, ctx, mock->sync_fds[1], TEVENT_FD_READ,
                   on_sync_fd_written, &stop_server);
-- 
1.9.3