SBUS: Chown the sbus socket if needed

When setting up the sbus server, we might need to chown the sbus socket
to make sure non-root peers, running as the SSSD user are able to access
the file.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

1 files changed, 13 insertions, 2 deletions

diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c
index 6cf5002dc..8ad4c0f36 100644
--- a/src/sbus/sbus_client.c
+++ b/src/sbus/sbus_client.c
@@ -32,6 +32,8 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
     struct sbus_connection *conn = NULL;
     int ret;
     char *filename;
+    uid_t check_uid;
+    gid_t check_gid;
 
     /* Validate input */
     if (server_address == NULL) {
@@ -45,8 +47,17 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
         return EIO;
     }
 
-    ret = check_file(filename,
-                     0, 0, S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true);
+    check_uid = geteuid();
+    check_gid = getegid();
+
+    /* Ignore ownership checks when the server runs as root. This is the
+     * case when privileged monitor is setting up sockets for unprivileged
+     * responders */
+    if (check_uid == 0) check_uid = -1;
+    if (check_gid == 0) check_gid = -1;
+
+    ret = check_file(filename, check_uid, check_gid,
+                     S_IFSOCK|S_IRUSR|S_IWUSR, 0, NULL, true);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "check_file failed for [%s].\n", filename);
         return EIO;