diff options
-rw-r--r-- | Makefile.am | 7 | ||||
-rw-r--r-- | src/monitor/monitor.c | 3 | ||||
-rw-r--r-- | src/providers/data_provider_be.c | 5 | ||||
-rw-r--r-- | src/providers/proxy/proxy_child.c | 5 | ||||
-rw-r--r-- | src/responder/autofs/autofssrv.c | 6 | ||||
-rw-r--r-- | src/responder/ifp/ifpsrv.c | 6 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.c | 5 | ||||
-rw-r--r-- | src/responder/pac/pacsrv.c | 5 | ||||
-rw-r--r-- | src/responder/pam/pamsrv.c | 5 | ||||
-rw-r--r-- | src/responder/ssh/sshsrv.c | 5 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.c | 6 | ||||
-rw-r--r-- | src/util/server.c | 8 | ||||
-rw-r--r-- | src/util/util.h | 7 |
13 files changed, 61 insertions, 12 deletions
diff --git a/Makefile.am b/Makefile.am index 49acdb107..b949c9c24 100644 --- a/Makefile.am +++ b/Makefile.am @@ -706,14 +706,17 @@ libsss_util_la_SOURCES = \ src/util/util_sss_idmap.c \ src/util/well_known_sids.c \ src/util/string_utils.c \ + src/util/become_user.c \ $(NULL) libsss_util_la_CFLAGS = \ $(AM_CFLAGS) \ - $(SYSTEMD_LOGIN_CFLAGS) + $(SYSTEMD_LOGIN_CFLAGS) \ + $(NULL) libsss_util_la_LIBADD = \ $(SSSD_LIBS) \ $(SYSTEMD_LOGIN_LIBS) \ - $(UNICODE_LIBS) + $(UNICODE_LIBS) \ + $(NULL) if BUILD_SUDO libsss_util_la_SOURCES += src/db/sysdb_sudo.c endif diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 624e45026..edd1c2dfc 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -2855,7 +2855,8 @@ int main(int argc, const char *argv[]) ret = close(STDIN_FILENO); if (ret != EOK) return 6; - ret = server_setup(MONITOR_NAME, flags, monitor->conf_path, &main_ctx); + ret = server_setup(MONITOR_NAME, flags, 0, 0, + monitor->conf_path, &main_ctx); if (ret != EOK) return 2; monitor->is_daemon = !opt_interactive; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index e7f345f92..18b50214b 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2804,10 +2804,13 @@ int main(int argc, const char *argv[]) struct main_context *main_ctx; char *confdb_path; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) {"domain", 0, POPT_ARG_STRING, &be_domain, 0, _("Domain of the information provider (mandatory)"), NULL }, POPT_TABLEEND @@ -2847,7 +2850,7 @@ int main(int argc, const char *argv[]) confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!confdb_path) return 2; - ret = server_setup(srv_name, 0, confdb_path, &main_ctx); + ret = server_setup(srv_name, 0, 0, 0, confdb_path, &main_ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index 6bee1c7f6..e261b2f58 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -504,10 +504,13 @@ int main(int argc, const char *argv[]) int ret; long id; char *pam_target = NULL; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) {"domain", 0, POPT_ARG_STRING, &domain, 0, _("Domain of the information provider (mandatory)"), NULL }, {"id", 0, POPT_ARG_LONG, &id, 0, @@ -557,7 +560,7 @@ int main(int argc, const char *argv[]) conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain); if (!conf_entry) return 2; - ret = server_setup(srv_name, 0, conf_entry, &main_ctx); + ret = server_setup(srv_name, 0, 0, 0, conf_entry, &main_ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret); return 2; diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index bd5aa135a..931cf018b 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -207,10 +207,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -235,7 +238,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_autofs"; - ret = server_setup("sssd[autofs]", 0, CONFDB_AUTOFS_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[autofs]", 0, 0, 0, + CONFDB_AUTOFS_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index 4af836543..8d8fe885a 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -441,10 +441,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -469,7 +472,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_ifp"; - ret = server_setup("sssd[ifp]", 0, CONFDB_IFP_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[ifp]", 0, 0, 0, + CONFDB_IFP_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 84a6b7fed..420fd3d31 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -537,10 +537,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -565,7 +568,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_nss"; - ret = server_setup("sssd[nss]", 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[nss]", 0, 0, 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 47a9d1a68..b76691de8 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -216,10 +216,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -244,7 +247,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_pac"; - ret = server_setup("sssd[pac]", 0, CONFDB_PAC_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[pac]", 0, 0, 0, CONFDB_PAC_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 428b252ac..91b395080 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -316,10 +316,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -344,7 +347,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_pam"; - ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[pam]", 0, 0, 0, CONFDB_PAM_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 8aa603d79..1328d1746 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -184,10 +184,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -212,7 +215,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_ssh"; - ret = server_setup("sssd[ssh]", 0, CONFDB_SSH_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[ssh]", 0, 0, 0, CONFDB_SSH_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 8a197159b..30752c9da 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -164,10 +164,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -192,7 +195,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_sudo"; - ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[sudo]", 0, 0, 0, CONFDB_SUDO_CONF_ENTRY, + &main_ctx); if (ret != EOK) { return 2; } diff --git a/src/util/server.c b/src/util/server.c index 51934f8ba..3a84dee0c 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -412,6 +412,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb, } int server_setup(const char *name, int flags, + uid_t uid, gid_t gid, const char *conf_entry, struct main_context **main_ctx) { @@ -426,6 +427,13 @@ int server_setup(const char *name, int flags, struct tevent_signal *tes; struct logrotate_ctx *lctx; + ret = become_user(uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_FUNC_DATA, + "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid); + return ret; + } + debug_prg_name = strdup(name); if (!debug_prg_name) { return ENOMEM; diff --git a/src/util/util.h b/src/util/util.h index 0af4db3fe..cc5588c18 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -175,6 +175,12 @@ errno_t set_debug_file_from_fd(const int fd); #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS +#define SSSD_SERVER_OPTS(uid, gid) \ + {"uid", 0, POPT_ARG_INT, &uid, 0, \ + _("The user ID to run the server as"), NULL}, \ + {"gid", 0, POPT_ARG_INT, &gid, 0, \ + _("The group ID to run the server as"), NULL}, + #define FLAGS_NONE 0x0000 #define FLAGS_DAEMON 0x0001 #define FLAGS_INTERACTIVE 0x0002 @@ -242,6 +248,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb, int die_if_parent_died(void); int pidfile(const char *path, const char *name); int server_setup(const char *name, int flags, + uid_t uid, gid_t gid, const char *conf_entry, struct main_context **main_ctx); void server_loop(struct main_context *main_ctx); |