From 2b8bb71a6f17dd0348ae07f0488d3de76b791c7f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 7 Oct 2014 11:30:01 +0200
Subject: [PATCH 27/46] SBUS: Chown the sbus socket if needed
When setting up the sbus server, we might need to chown the sbus socket
to make sure non-root peers, running as the SSSD user are able to access
the file.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit 5960687483a5d3d99093c9d6ab64e11c9bde7f7b)
---
src/monitor/monitor.c | 6 +++++-
src/providers/data_provider_be.c | 2 +-
src/providers/proxy/proxy_init.c | 2 +-
src/sbus/sbus_client.c | 15 +++++++++++++--
src/sbus/sssd_dbus.h | 1 +
src/sbus/sssd_dbus_server.c | 18 ++++++++++++++++--
src/tests/common_dbus.c | 4 ++--
7 files changed, 39 insertions(+), 9 deletions(-)
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index df1cd5ca14c759f7aab98094a2b8ad35731c35e6..b6777784cd289e85c865fc16490d0287a63192a5 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -515,7 +515,11 @@ static int monitor_dbus_init(struct mt_ctx *ctx)
return ret;
}
- ret = sbus_new_server(ctx, ctx->ev, monitor_address,
+ /* If a service is running as unprivileged user, we need to make sure this
+ * user can access the monitor sbus server. root is still king, so we don't
+ * lose any access.
+ */
+ ret = sbus_new_server(ctx, ctx->ev, monitor_address, ctx->uid, ctx->gid,
false, &ctx->sbus_srv, monitor_service_init, ctx);
talloc_free(monitor_address);
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 18b50214b0795709d583d5891bf4f6fd220bcb11..122c5b091751b641f815ddff5c56ac99ace69939 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -2263,7 +2263,7 @@ static int be_srv_init(struct be_ctx *ctx)
return ret;
}
- ret = sbus_new_server(ctx, ctx->ev, sbus_address,
+ ret = sbus_new_server(ctx, ctx->ev, sbus_address, 0, 0,
true, &ctx->sbus_srv, be_client_init, ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index dd1b75826fbfc384dd37ba659a8653547cc35bcf..1e734511766f2c0f58cffc7d726a26ecfd6c9a27 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -522,7 +522,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
goto done;
}
- ret = sbus_new_server(ctx, bectx->ev, sbus_address,
+ ret = sbus_new_server(ctx, bectx->ev, sbus_address, 0, 0,
false, &ctx->sbus_srv, proxy_client_init, ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c
index 6cf5002dc2b8f3b85a3110298db8255b82172ddd..8ad4c0f36a929e341793cca61fe12808e14f6bc6 100644
--- a/src/sbus/sbus_client.c
+++ b/src/sbus/sbus_client.c
@@ -32,6 +32,8 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
struct sbus_connection *conn = NULL;
int ret;
char *filename;
+ uid_t check_uid;
+ gid_t check_gid;
/* Validate input */
if (server_address == NULL) {
@@ -45,8 +47,17 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
return EIO;
}
- ret = check_file(filename,
- 0, 0, S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true);
+ check_uid = geteuid();
+ check_gid = getegid();
+
+ /* Ignore ownership checks when the server runs as root. This is the
+ * case when privileged monitor is setting up sockets for unprivileged
+ * responders */
+ if (check_uid == 0) check_uid = -1;
+ if (check_gid == 0) check_gid = -1;
+
+ ret = check_file(filename, check_uid, check_gid,
+ S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename);
return EIO;
diff --git a/src/sbus/sssd_dbus.h b/src/sbus/sssd_dbus.h
index 372521a3575f967b751c9e13a7d830d9c3b43584..d01926368ce0ae5312d8ea0057a89d9a7176836b 100644
--- a/src/sbus/sssd_dbus.h
+++ b/src/sbus/sssd_dbus.h
@@ -132,6 +132,7 @@ sbus_new_interface(TALLOC_CTX *mem_ctx,
int sbus_new_server(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const char *address,
+ uid_t uid, gid_t gid,
bool use_symlink,
struct sbus_connection **server,
sbus_server_conn_init_fn init_fn, void *init_pvt_data);
diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c
index 3a7de8ff019160b2305516945740dfb6453d578b..18fb98df61f1740898f725cb0ae9924f5e2f7716 100644
--- a/src/sbus/sssd_dbus_server.c
+++ b/src/sbus/sssd_dbus_server.c
@@ -181,6 +181,7 @@ remove_socket_symlink(const char *symlink_name)
int sbus_new_server(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const char *address,
+ uid_t uid, gid_t gid,
bool use_symlink,
struct sbus_connection **_server,
sbus_server_conn_init_fn init_fn,
@@ -260,9 +261,22 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
if ((stat_buf.st_mode & ~S_IFMT) != (S_IRUSR|S_IWUSR)) {
ret = chmod(filename, (S_IRUSR|S_IWUSR));
if (ret != EOK) {
+ ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE,
- "chmod failed for [%s]: [%d][%s].\n", filename, errno,
- strerror(errno));
+ "chmod failed for [%s]: [%d][%s].\n", filename, ret,
+ sss_strerror(ret));
+ ret = EIO;
+ goto done;
+ }
+ }
+
+ if (stat_buf.st_uid != uid || stat_buf.st_gid != gid) {
+ ret = chown(filename, uid, gid);
+ if (ret != EOK) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "chown failed for [%s]: [%d][%s].\n", filename, ret,
+ sss_strerror(ret));
ret = EIO;
goto done;
}
diff --git a/src/tests/common_dbus.c b/src/tests/common_dbus.c
index 3117c080dc3106517bee933a458583f35b04fa63..1b0ae88dc05a1514938218e97a50e9ef7b54b193 100644
--- a/src/tests/common_dbus.c
+++ b/src/tests/common_dbus.c
@@ -112,8 +112,8 @@ mock_server_child(void *data)
ctx = talloc_new(NULL);
loop = tevent_context_init(ctx);
- verify_eq (sbus_new_server(ctx, loop, mock->dbus_address, false,
- &server, on_accept_connection, mock), EOK);
+ verify_eq (sbus_new_server(ctx, loop, mock->dbus_address, geteuid(), getegid(),
+ false, &server, on_accept_connection, mock), EOK);
tevent_add_fd(loop, ctx, mock->sync_fds[1], TEVENT_FD_READ,
on_sync_fd_written, &stop_server);
--
1.9.3