summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile.am7
-rw-r--r--src/monitor/monitor.c3
-rw-r--r--src/providers/data_provider_be.c5
-rw-r--r--src/providers/proxy/proxy_child.c5
-rw-r--r--src/responder/autofs/autofssrv.c6
-rw-r--r--src/responder/ifp/ifpsrv.c6
-rw-r--r--src/responder/nss/nsssrv.c5
-rw-r--r--src/responder/pac/pacsrv.c5
-rw-r--r--src/responder/pam/pamsrv.c5
-rw-r--r--src/responder/ssh/sshsrv.c5
-rw-r--r--src/responder/sudo/sudosrv.c6
-rw-r--r--src/util/server.c8
-rw-r--r--src/util/util.h7
13 files changed, 61 insertions, 12 deletions
diff --git a/Makefile.am b/Makefile.am
index 49acdb107..b949c9c24 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -706,14 +706,17 @@ libsss_util_la_SOURCES = \
src/util/util_sss_idmap.c \
src/util/well_known_sids.c \
src/util/string_utils.c \
+ src/util/become_user.c \
$(NULL)
libsss_util_la_CFLAGS = \
$(AM_CFLAGS) \
- $(SYSTEMD_LOGIN_CFLAGS)
+ $(SYSTEMD_LOGIN_CFLAGS) \
+ $(NULL)
libsss_util_la_LIBADD = \
$(SSSD_LIBS) \
$(SYSTEMD_LOGIN_LIBS) \
- $(UNICODE_LIBS)
+ $(UNICODE_LIBS) \
+ $(NULL)
if BUILD_SUDO
libsss_util_la_SOURCES += src/db/sysdb_sudo.c
endif
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 624e45026..edd1c2dfc 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2855,7 +2855,8 @@ int main(int argc, const char *argv[])
ret = close(STDIN_FILENO);
if (ret != EOK) return 6;
- ret = server_setup(MONITOR_NAME, flags, monitor->conf_path, &main_ctx);
+ ret = server_setup(MONITOR_NAME, flags, 0, 0,
+ monitor->conf_path, &main_ctx);
if (ret != EOK) return 2;
monitor->is_daemon = !opt_interactive;
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index e7f345f92..18b50214b 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -2804,10 +2804,13 @@ int main(int argc, const char *argv[])
struct main_context *main_ctx;
char *confdb_path;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
{"domain", 0, POPT_ARG_STRING, &be_domain, 0,
_("Domain of the information provider (mandatory)"), NULL },
POPT_TABLEEND
@@ -2847,7 +2850,7 @@ int main(int argc, const char *argv[])
confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (!confdb_path) return 2;
- ret = server_setup(srv_name, 0, confdb_path, &main_ctx);
+ ret = server_setup(srv_name, 0, 0, 0, confdb_path, &main_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c
index 6bee1c7f6..e261b2f58 100644
--- a/src/providers/proxy/proxy_child.c
+++ b/src/providers/proxy/proxy_child.c
@@ -504,10 +504,13 @@ int main(int argc, const char *argv[])
int ret;
long id;
char *pam_target = NULL;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
{"domain", 0, POPT_ARG_STRING, &domain, 0,
_("Domain of the information provider (mandatory)"), NULL },
{"id", 0, POPT_ARG_LONG, &id, 0,
@@ -557,7 +560,7 @@ int main(int argc, const char *argv[])
conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain);
if (!conf_entry) return 2;
- ret = server_setup(srv_name, 0, conf_entry, &main_ctx);
+ ret = server_setup(srv_name, 0, 0, 0, conf_entry, &main_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up mainloop [%d]\n", ret);
return 2;
diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c
index bd5aa135a..931cf018b 100644
--- a/src/responder/autofs/autofssrv.c
+++ b/src/responder/autofs/autofssrv.c
@@ -207,10 +207,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -235,7 +238,8 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_autofs";
- ret = server_setup("sssd[autofs]", 0, CONFDB_AUTOFS_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[autofs]", 0, 0, 0,
+ CONFDB_AUTOFS_CONF_ENTRY, &main_ctx);
if (ret != EOK) {
return 2;
}
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index 4af836543..8d8fe885a 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -441,10 +441,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -469,7 +472,8 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_ifp";
- ret = server_setup("sssd[ifp]", 0, CONFDB_IFP_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[ifp]", 0, 0, 0,
+ CONFDB_IFP_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 84a6b7fed..420fd3d31 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -537,10 +537,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -565,7 +568,7 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_nss";
- ret = server_setup("sssd[nss]", 0, CONFDB_NSS_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[nss]", 0, 0, 0, CONFDB_NSS_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
index 47a9d1a68..b76691de8 100644
--- a/src/responder/pac/pacsrv.c
+++ b/src/responder/pac/pacsrv.c
@@ -216,10 +216,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -244,7 +247,7 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_pac";
- ret = server_setup("sssd[pac]", 0, CONFDB_PAC_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[pac]", 0, 0, 0, CONFDB_PAC_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 428b252ac..91b395080 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -316,10 +316,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -344,7 +347,7 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_pam";
- ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[pam]", 0, 0, 0, CONFDB_PAM_CONF_ENTRY, &main_ctx);
if (ret != EOK) return 2;
ret = die_if_parent_died();
diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
index 8aa603d79..1328d1746 100644
--- a/src/responder/ssh/sshsrv.c
+++ b/src/responder/ssh/sshsrv.c
@@ -184,10 +184,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -212,7 +215,7 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_ssh";
- ret = server_setup("sssd[ssh]", 0, CONFDB_SSH_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[ssh]", 0, 0, 0, CONFDB_SSH_CONF_ENTRY, &main_ctx);
if (ret != EOK) {
return 2;
}
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index 8a197159b..30752c9da 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -164,10 +164,13 @@ int main(int argc, const char *argv[])
poptContext pc;
struct main_context *main_ctx;
int ret;
+ uid_t uid;
+ gid_t gid;
struct poptOption long_options[] = {
POPT_AUTOHELP
SSSD_MAIN_OPTS
+ SSSD_SERVER_OPTS(uid, gid)
POPT_TABLEEND
};
@@ -192,7 +195,8 @@ int main(int argc, const char *argv[])
/* set up things like debug, signals, daemonization, etc... */
debug_log_file = "sssd_sudo";
- ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx);
+ ret = server_setup("sssd[sudo]", 0, 0, 0, CONFDB_SUDO_CONF_ENTRY,
+ &main_ctx);
if (ret != EOK) {
return 2;
}
diff --git a/src/util/server.c b/src/util/server.c
index 51934f8ba..3a84dee0c 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -412,6 +412,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
}
int server_setup(const char *name, int flags,
+ uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx)
{
@@ -426,6 +427,13 @@ int server_setup(const char *name, int flags,
struct tevent_signal *tes;
struct logrotate_ctx *lctx;
+ ret = become_user(uid, gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid);
+ return ret;
+ }
+
debug_prg_name = strdup(name);
if (!debug_prg_name) {
return ENOMEM;
diff --git a/src/util/util.h b/src/util/util.h
index 0af4db3fe..cc5588c18 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -175,6 +175,12 @@ errno_t set_debug_file_from_fd(const int fd);
#define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS
+#define SSSD_SERVER_OPTS(uid, gid) \
+ {"uid", 0, POPT_ARG_INT, &uid, 0, \
+ _("The user ID to run the server as"), NULL}, \
+ {"gid", 0, POPT_ARG_INT, &gid, 0, \
+ _("The group ID to run the server as"), NULL},
+
#define FLAGS_NONE 0x0000
#define FLAGS_DAEMON 0x0001
#define FLAGS_INTERACTIVE 0x0002
@@ -242,6 +248,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
int die_if_parent_died(void);
int pidfile(const char *path, const char *name);
int server_setup(const char *name, int flags,
+ uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx);
void server_loop(struct main_context *main_ctx);