rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0005-SSSD-Chown-the-log-files.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   6070bf104c72c97f6da7578de30b099b6d3e9153
  2.   SOURCES
  3.   0005-SSSD-Chown-the-log-files.patch
Blob History Raw
905b4d 
From 9f4f7549998e4047063fc12561068893b2100d59 Mon Sep 17 00:00:00 2001
905b4d 
From: Jakub Hrozek <jhrozek@redhat.com>
905b4d 
Date: Mon, 20 Oct 2014 13:59:49 +0200
905b4d 
Subject: [PATCH 05/22] SSSD: Chown the log files
905b4d
905b4d 
We need to chown the log files before dropping root to make sure they
905b4d 
are usable by the SSSD user. Unfortunately, we can't just rely on
905b4d 
passing the fd opened by root, because we need to be also able to rotate
905b4d 
the log files.
905b4d
905b4d 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
905b4d 
---
905b4d 
 src/util/debug.c  | 33 +++++++++++++++++++++++++++++++++
905b4d 
 src/util/server.c |  6 ++++++
905b4d 
 src/util/util.h   |  1 +
905b4d 
 3 files changed, 40 insertions(+)
905b4d
905b4d 
diff --git a/src/util/debug.c b/src/util/debug.c
905b4d 
index a99d5403a238f125010b9b309355b30f9f528c44..41375709170abe33b0c7fd90e3b1244299ed0241 100644
905b4d 
--- a/src/util/debug.c
905b4d 
+++ b/src/util/debug.c
905b4d 
@@ -297,6 +297,39 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level,
905b4d 
     free(message);
905b4d 
 }
905b4d
905b4d 
+/* In cases SSSD used to run as the root user, but runs as the SSSD user now,
905b4d 
+ * we need to chown the log files
905b4d 
+ */
905b4d 
+int chown_debug_file(const char *filename,
905b4d 
+                     uid_t uid, gid_t gid)
905b4d 
+{
905b4d 
+    char *logpath;
905b4d 
+    const char *log_file;
905b4d 
+    errno_t ret;
905b4d 
+
905b4d 
+    if (filename == NULL) {
905b4d 
+        log_file = debug_log_file;
905b4d 
+    } else {
905b4d 
+        log_file = filename;
905b4d 
+    }
905b4d 
+
905b4d 
+    ret = asprintf(&logpath, "%s/%s.log", LOG_PATH, log_file);
905b4d 
+    if (ret == -1) {
905b4d 
+        return ENOMEM;
905b4d 
+    }
905b4d 
+
905b4d 
+    ret = chown(logpath, uid, gid);
905b4d 
+    free(logpath);
905b4d 
+    if (ret != 0) {
905b4d 
+        ret = errno;
905b4d 
+        DEBUG(SSSDBG_FATAL_FAILURE, "chown failed for [%s]: [%d]\n",
905b4d 
+              log_file, ret);
905b4d 
+        return ret;
905b4d 
+    }
905b4d 
+
905b4d 
+    return EOK;
905b4d 
+}
905b4d 
+
905b4d 
 int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec)
905b4d 
 {
905b4d 
     FILE *f = NULL;
905b4d 
diff --git a/src/util/server.c b/src/util/server.c
905b4d 
index 3a84dee0cee06cb98c94a1d57209c2bcf7c4340a..a908470cdcf2cb85a6742e44905ae12d136c83d5 100644
905b4d 
--- a/src/util/server.c
905b4d 
+++ b/src/util/server.c
905b4d 
@@ -427,6 +427,12 @@ int server_setup(const char *name, int flags,
905b4d 
     struct tevent_signal *tes;
905b4d 
     struct logrotate_ctx *lctx;
905b4d
905b4d 
+    ret = chown_debug_file(NULL, uid, gid);
905b4d 
+    if (ret != EOK) {
905b4d 
+        DEBUG(SSSDBG_MINOR_FAILURE,
905b4d 
+              "Cannot chown the debug files, debugging might not work!\n");
905b4d 
+    }
905b4d 
+
905b4d 
     ret = become_user(uid, gid);
905b4d 
     if (ret != EOK) {
905b4d 
         DEBUG(SSSDBG_FUNC_DATA,
905b4d 
diff --git a/src/util/util.h b/src/util/util.h
905b4d 
index cc5588c183006a03525e0540524c28bd9eb4dc57..df83aac7d53ccadb806e8a1be90f0e45abb829ae 100644
905b4d 
--- a/src/util/util.h
905b4d 
+++ b/src/util/util.h
905b4d 
@@ -218,6 +218,7 @@ errno_t set_debug_file_from_fd(const int fd);
905b4d 
 /* From debug.c */
905b4d 
 void ldb_debug_messages(void *context, enum ldb_debug_level level,
905b4d 
                         const char *fmt, va_list ap);
905b4d 
+int chown_debug_file(const char *filename, uid_t uid, gid_t gid);
905b4d 
 int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec);
905b4d 
 int open_debug_file(void);
905b4d 
 int rotate_debug_files(void);
905b4d 
--
905b4d 
1.9.3
905b4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation