summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-11-28 13:30:20 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-11-28 18:48:23 +0100
commit89c1048cb19440f5a9b6a931c3af04ad23b73246 (patch)
treeeb17cf1acc96e15cce88dc83e8805b26b98bfde1
parent019ea9b10ff5a723e7720abf816a8c7dc13b3b32 (diff)
downloadsssd-89c1048cb19440f5a9b6a931c3af04ad23b73246.zip
sssd-89c1048cb19440f5a9b6a931c3af04ad23b73246.tar.gz
sssd-89c1048cb19440f5a9b6a931c3af04ad23b73246.tar.xz
KRB5: Pass the sssd_be uid and gid to krb5_child
-rw-r--r--src/providers/ad/ad_gpo_child.c3
-rw-r--r--src/providers/ipa/selinux_child.c3
-rw-r--r--src/providers/krb5/krb5_child.c9
-rw-r--r--src/providers/ldap/ldap_child.c3
-rw-r--r--src/util/child_common.c20
5 files changed, 34 insertions, 4 deletions
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c
index 4bb48c0..cf0c5bd 100644
--- a/src/providers/ad/ad_gpo_child.c
+++ b/src/providers/ad/ad_gpo_child.c
@@ -664,9 +664,12 @@ main(int argc, const char *argv[])
struct input_buffer *ibuf = NULL;
struct response *resp = NULL;
size_t written;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
+ SSSD_SERVER_OPTS(uid, gid)
{"debug-level", 'd', POPT_ARG_INT, &debug_level, 0,
_("Debug level"), NULL},
{"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0,
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index a38ffcb..d44b490 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -147,9 +147,12 @@ int main(int argc, const char *argv[])
struct input_buffer *ibuf = NULL;
struct response *resp = NULL;
size_t written;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
+ SSSD_SERVER_OPTS(uid, gid)
{"debug-level", 'd', POPT_ARG_INT, &debug_level, 0,
_("Debug level"), NULL},
{"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0,
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index c13c087..91400bb 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -66,6 +66,10 @@ struct krb5_req {
char *old_ccname;
bool old_cc_valid;
bool old_cc_active;
+
+ /* The IDs the backend runs as. Used for creating the fast ccache */
+ uid_t be_uid;
+ gid_t be_gid;
};
static krb5_context krb5_error_ctx;
@@ -2245,6 +2249,8 @@ int main(int argc, const char *argv[])
poptContext pc;
int debug_fd = -1;
errno_t ret;
+ uid_t be_uid;
+ gid_t be_gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
@@ -2259,6 +2265,7 @@ int main(int argc, const char *argv[])
{"debug-to-stderr", 0, POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN,
&debug_to_stderr, 0,
_("Send the debug output to stderr directly."), NULL },
+ SSSD_SERVER_OPTS(be_uid, be_gid)
POPT_TABLEEND
};
@@ -2304,6 +2311,8 @@ int main(int argc, const char *argv[])
goto done;
}
talloc_steal(kr, debug_prg_name);
+ kr->be_uid = be_uid;
+ kr->be_gid = be_gid;
ret = k5c_recv_data(kr, STDIN_FILENO, &offline);
if (ret != EOK) {
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index e7febdf..35555a4 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -596,6 +596,8 @@ int main(int argc, const char *argv[])
struct input_buffer *ibuf = NULL;
struct response *resp = NULL;
size_t written;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
@@ -609,6 +611,7 @@ int main(int argc, const char *argv[])
_("An open file descriptor for the debug logs"), NULL},
{"debug-to-stderr", 0, POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, &debug_to_stderr, 0, \
_("Send the debug output to stderr directly."), NULL }, \
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
diff --git a/src/util/child_common.c b/src/util/child_common.c
index cc6a8fa..4ee3a37 100644
--- a/src/util/child_common.c
+++ b/src/util/child_common.c
@@ -626,10 +626,10 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
char ***_argv)
{
/*
- * program name, debug_level, debug_timestamps,
- * debug_microseconds and NULL
+ * program name, debug_level, debug_to_file, debug_timestamps,
+ * debug_microseconds, uid, gid and NULL
*/
- uint_t argc = 5;
+ uint_t argc = 7;
char ** argv;
errno_t ret = EINVAL;
@@ -644,7 +644,7 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
/*
* program name, debug_level, debug_to_file, debug_timestamps,
- * debug_microseconds and NULL
+ * debug_microseconds, uid, gid and NULL
*/
argv = talloc_array(mem_ctx, char *, argc);
if (argv == NULL) {
@@ -692,6 +692,18 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
goto fail;
}
+ argv[--argc] = talloc_asprintf(argv, "--uid=%"SPRIuid, getuid());
+ if (argv[argc] == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ argv[--argc] = talloc_asprintf(argv, "--gid=%"SPRIgid, getgid());
+ if (argv[argc] == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
argv[--argc] = talloc_strdup(argv, binary);
if (argv[argc] == NULL) {
ret = ENOMEM;