diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-07 11:30:01 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:17 +0200 |
commit | 5960687483a5d3d99093c9d6ab64e11c9bde7f7b (patch) | |
tree | e5b06570880583f579635b7112eae16dee235ed5 | |
parent | a10ac1d0a7210def232205a48c53a075930e82f6 (diff) | |
download | sssd-5960687483a5d3d99093c9d6ab64e11c9bde7f7b.tar.gz sssd-5960687483a5d3d99093c9d6ab64e11c9bde7f7b.tar.xz sssd-5960687483a5d3d99093c9d6ab64e11c9bde7f7b.zip |
SBUS: Chown the sbus socket if needed
When setting up the sbus server, we might need to chown the sbus socket
to make sure non-root peers, running as the SSSD user are able to access
the file.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | src/monitor/monitor.c | 6 | ||||
-rw-r--r-- | src/providers/data_provider_be.c | 2 | ||||
-rw-r--r-- | src/providers/proxy/proxy_init.c | 2 | ||||
-rw-r--r-- | src/sbus/sbus_client.c | 15 | ||||
-rw-r--r-- | src/sbus/sssd_dbus.h | 1 | ||||
-rw-r--r-- | src/sbus/sssd_dbus_server.c | 18 | ||||
-rw-r--r-- | src/tests/common_dbus.c | 4 |
7 files changed, 39 insertions, 9 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index df1cd5ca1..b6777784c 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -515,7 +515,11 @@ static int monitor_dbus_init(struct mt_ctx *ctx) return ret; } - ret = sbus_new_server(ctx, ctx->ev, monitor_address, + /* If a service is running as unprivileged user, we need to make sure this + * user can access the monitor sbus server. root is still king, so we don't + * lose any access. + */ + ret = sbus_new_server(ctx, ctx->ev, monitor_address, ctx->uid, ctx->gid, false, &ctx->sbus_srv, monitor_service_init, ctx); talloc_free(monitor_address); diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 18b50214b..122c5b091 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2263,7 +2263,7 @@ static int be_srv_init(struct be_ctx *ctx) return ret; } - ret = sbus_new_server(ctx, ctx->ev, sbus_address, + ret = sbus_new_server(ctx, ctx->ev, sbus_address, 0, 0, true, &ctx->sbus_srv, be_client_init, ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index dd1b75826..1e7345117 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -522,7 +522,7 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, goto done; } - ret = sbus_new_server(ctx, bectx->ev, sbus_address, + ret = sbus_new_server(ctx, bectx->ev, sbus_address, 0, 0, false, &ctx->sbus_srv, proxy_client_init, ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c index 6cf5002dc..8ad4c0f36 100644 --- a/src/sbus/sbus_client.c +++ b/src/sbus/sbus_client.c @@ -32,6 +32,8 @@ int sbus_client_init(TALLOC_CTX *mem_ctx, struct sbus_connection *conn = NULL; int ret; char *filename; + uid_t check_uid; + gid_t check_gid; /* Validate input */ if (server_address == NULL) { @@ -45,8 +47,17 @@ int sbus_client_init(TALLOC_CTX *mem_ctx, return EIO; } - ret = check_file(filename, - 0, 0, S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true); + check_uid = geteuid(); + check_gid = getegid(); + + /* Ignore ownership checks when the server runs as root. This is the + * case when privileged monitor is setting up sockets for unprivileged + * responders */ + if (check_uid == 0) check_uid = -1; + if (check_gid == 0) check_gid = -1; + + ret = check_file(filename, check_uid, check_gid, + S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename); return EIO; diff --git a/src/sbus/sssd_dbus.h b/src/sbus/sssd_dbus.h index 372521a35..d01926368 100644 --- a/src/sbus/sssd_dbus.h +++ b/src/sbus/sssd_dbus.h @@ -132,6 +132,7 @@ sbus_new_interface(TALLOC_CTX *mem_ctx, int sbus_new_server(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *address, + uid_t uid, gid_t gid, bool use_symlink, struct sbus_connection **server, sbus_server_conn_init_fn init_fn, void *init_pvt_data); diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c index 3a7de8ff0..18fb98df6 100644 --- a/src/sbus/sssd_dbus_server.c +++ b/src/sbus/sssd_dbus_server.c @@ -181,6 +181,7 @@ remove_socket_symlink(const char *symlink_name) int sbus_new_server(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *address, + uid_t uid, gid_t gid, bool use_symlink, struct sbus_connection **_server, sbus_server_conn_init_fn init_fn, @@ -260,9 +261,22 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, if ((stat_buf.st_mode & ~S_IFMT) != (S_IRUSR|S_IWUSR)) { ret = chmod(filename, (S_IRUSR|S_IWUSR)); if (ret != EOK) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "chmod failed for [%s]: [%d][%s].\n", filename, ret, + sss_strerror(ret)); + ret = EIO; + goto done; + } + } + + if (stat_buf.st_uid != uid || stat_buf.st_gid != gid) { + ret = chown(filename, uid, gid); + if (ret != EOK) { + ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, - "chmod failed for [%s]: [%d][%s].\n", filename, errno, - strerror(errno)); + "chown failed for [%s]: [%d][%s].\n", filename, ret, + sss_strerror(ret)); ret = EIO; goto done; } diff --git a/src/tests/common_dbus.c b/src/tests/common_dbus.c index 3117c080d..1b0ae88dc 100644 --- a/src/tests/common_dbus.c +++ b/src/tests/common_dbus.c @@ -112,8 +112,8 @@ mock_server_child(void *data) ctx = talloc_new(NULL); loop = tevent_context_init(ctx); - verify_eq (sbus_new_server(ctx, loop, mock->dbus_address, false, - &server, on_accept_connection, mock), EOK); + verify_eq (sbus_new_server(ctx, loop, mock->dbus_address, geteuid(), getegid(), + false, &server, on_accept_connection, mock), EOK); tevent_add_fd(loop, ctx, mock->sync_fds[1], TEVENT_FD_READ, on_sync_fd_written, &stop_server); |