summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_child_helpers.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_child_helpers.c')
-rw-r--r--src/providers/ldap/sdap_child_helpers.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c
index 448c5af10..e5d46b9b7 100644
--- a/src/providers/ldap/sdap_child_helpers.c
+++ b/src/providers/ldap/sdap_child_helpers.c
@@ -152,7 +152,7 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- buf->size = 4 * sizeof(uint32_t);
+ buf->size = 6 * sizeof(uint32_t);
if (realm_str) {
buf->size += strlen(realm_str);
}
@@ -201,6 +201,12 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
/* lifetime */
SAFEALIGN_SET_UINT32(&buf->data[rp], lifetime, &rp);
+ /* UID and GID to drop privileges to, if needed. The ldap_child process runs as
+ * setuid if the back end runs unprivileged as it needs to access the keytab
+ */
+ SAFEALIGN_SET_UINT32(&buf->data[rp], geteuid(), &rp);
+ SAFEALIGN_SET_UINT32(&buf->data[rp], getegid(), &rp);
+
*io_buf = buf;
return EOK;
}
generated by cgit (git 2.34.1) at 2024-04-30 15:43:37 +0000