diff options
| -rw-r--r-- | src/monitor/monitor.c | 8 | ||||
| -rw-r--r-- | src/providers/data_provider_be.c | 16 | ||||
| -rw-r--r-- | src/providers/dp_backend.h | 2 |
3 files changed, 22 insertions, 4 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index fc6b2963f..905e66f25 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1306,6 +1306,14 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name, return ENOMEM; } + svc->command = talloc_asprintf_append(svc->command, + " --uid %"SPRIuid" --gid %"SPRIgid, + ctx->uid, ctx->gid); + if (!svc->command) { + talloc_free(svc); + return ENOMEM; + } + if (cmdline_debug_level != SSSDBG_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " -d %#.4x", cmdline_debug_level diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 122c5b091..2716e4a8b 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2226,6 +2226,9 @@ static int be_client_init(struct sbus_connection *conn, void *data) becli->conn = conn; becli->initialized = false; + /* Allow access from the SSSD user */ + sbus_allow_uid(conn, &bectx->uid); + /* 5 seconds should be plenty */ tv = tevent_timeval_current_ofs(5, 0); @@ -2251,7 +2254,8 @@ static int be_client_init(struct sbus_connection *conn, void *data) /* be_srv_init * set up per-domain sbus channel */ -static int be_srv_init(struct be_ctx *ctx) +static int be_srv_init(struct be_ctx *ctx, + uid_t uid, gid_t gid) { char *sbus_address; int ret; @@ -2263,7 +2267,10 @@ static int be_srv_init(struct be_ctx *ctx) return ret; } - ret = sbus_new_server(ctx, ctx->ev, sbus_address, 0, 0, + ctx->uid = uid; + ctx->gid = gid; + + ret = sbus_new_server(ctx, ctx->ev, sbus_address, uid, gid, true, &ctx->sbus_srv, be_client_init, ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n"); @@ -2554,6 +2561,7 @@ done: int be_process_init(TALLOC_CTX *mem_ctx, const char *be_domain, + uid_t uid, gid_t gid, struct tevent_context *ev, struct confdb_ctx *cdb) { @@ -2609,7 +2617,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, goto fail; } - ret = be_srv_init(ctx); + ret = be_srv_init(ctx, uid, gid); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up server bus\n"); goto fail; @@ -2870,7 +2878,7 @@ int main(int argc, const char *argv[]) } ret = be_process_init(main_ctx, - be_domain, + be_domain, uid, gid, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h index 075681ff9..e4213b44b 100644 --- a/src/providers/dp_backend.h +++ b/src/providers/dp_backend.h @@ -116,6 +116,8 @@ struct be_ctx { struct sss_domain_info *domain; const char *identity; const char *conf_path; + uid_t uid; + gid_t gid; struct be_failover_ctx *be_fo; struct be_resolv_ctx *be_res; |