From 0686ce29cadb7875638d5f782199ea4bb186dee3 Mon Sep 17 00:00:00 2001
From: Petr Cech <pcech@redhat.com>
Date: Tue, 12 Jul 2016 16:14:04 +0200
Subject: [PATCH 16/18] PROVIDERS: Setting right {u,g}id if unprivileged
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
be_ctx had talloc_zero() initialized uid and gid which was used
in function dp_init(). Therefore back-end was every time started as root
and therefore non-root responders could not communicate with back-end
due to wrong permission of unix sockets.
This patch sets right uid and gid to data-providers if sssd runs
as non-root user.
Resolves:
https://fedorahosted.org/sssd/ticket/3077
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 75dead699a19dda7d8dfca89e2f97efbf0c264a2)
---
src/providers/data_provider_be.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 78efed851b2bf053ba890caa05e655431996892a..2ae713054429e789c1ba79c1f5e7a3889af3b291 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -386,6 +386,8 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,
be_ctx->ev = ev;
be_ctx->cdb = cdb;
+ be_ctx->uid = uid;
+ be_ctx->gid = gid;
be_ctx->identity = talloc_asprintf(be_ctx, "%%BE_%s", be_domain);
be_ctx->conf_path = talloc_asprintf(be_ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (be_ctx->identity == NULL || be_ctx->conf_path == NULL) {
--
2.4.11