dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 0686ce29cadb7875638d5f782199ea4bb186dee3 Mon Sep 17 00:00:00 2001
From: Petr Cech <pcech@redhat.com>
Date: Tue, 12 Jul 2016 16:14:04 +0200
Subject: [PATCH 16/18] PROVIDERS: Setting right {u,g}id if unprivileged
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

be_ctx had talloc_zero() initialized uid and gid which was used
in function dp_init(). Therefore back-end was every time started as root
and therefore non-root responders could not communicate with back-end
due to wrong permission of unix sockets.

This patch sets right uid and gid to data-providers if sssd runs
as non-root user.

Resolves:
https://fedorahosted.org/sssd/ticket/3077

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 75dead699a19dda7d8dfca89e2f97efbf0c264a2)
---
 src/providers/data_provider_be.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 78efed851b2bf053ba890caa05e655431996892a..2ae713054429e789c1ba79c1f5e7a3889af3b291 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -386,6 +386,8 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,
 
     be_ctx->ev = ev;
     be_ctx->cdb = cdb;
+    be_ctx->uid = uid;
+    be_ctx->gid = gid;
     be_ctx->identity = talloc_asprintf(be_ctx, "%%BE_%s", be_domain);
     be_ctx->conf_path = talloc_asprintf(be_ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain);
     if (be_ctx->identity == NULL || be_ctx->conf_path == NULL) {
-- 
2.4.11