From 89c1048cb19440f5a9b6a931c3af04ad23b73246 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 28 Nov 2014 13:30:20 +0100
Subject: KRB5: Pass the sssd_be uid and gid to krb5_child

---
 src/providers/ad/ad_gpo_child.c   |  3 +++
 src/providers/ipa/selinux_child.c |  3 +++
 src/providers/krb5/krb5_child.c   |  9 +++++++++
 src/providers/ldap/ldap_child.c   |  3 +++
 src/util/child_common.c           | 20 ++++++++++++++++----
 5 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c
index 4bb48c047..cf0c5bd7a 100644
--- a/src/providers/ad/ad_gpo_child.c
+++ b/src/providers/ad/ad_gpo_child.c
@@ -664,9 +664,12 @@ main(int argc, const char *argv[])
     struct input_buffer *ibuf = NULL;
     struct response *resp = NULL;
     size_t written;
+    uid_t uid;
+    gid_t gid;
 
     struct poptOption long_options[] = {
         POPT_AUTOHELP
+        SSSD_SERVER_OPTS(uid, gid)
         {"debug-level", 'd', POPT_ARG_INT, &debug_level, 0,
          _("Debug level"), NULL},
         {"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0,
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index a38ffcb26..d44b490f7 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -147,9 +147,12 @@ int main(int argc, const char *argv[])
     struct input_buffer *ibuf = NULL;
     struct response *resp = NULL;
     size_t written;
+    uid_t uid;
+    gid_t gid;
 
     struct poptOption long_options[] = {
         POPT_AUTOHELP
+        SSSD_SERVER_OPTS(uid, gid)
         {"debug-level", 'd', POPT_ARG_INT, &debug_level, 0,
          _("Debug level"), NULL},
         {"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0,
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index c13c0879e..91400bbeb 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -66,6 +66,10 @@ struct krb5_req {
     char *old_ccname;
     bool old_cc_valid;
     bool old_cc_active;
+
+    /* The IDs the backend runs as. Used for creating the fast ccache */
+    uid_t be_uid;
+    gid_t be_gid;
 };
 
 static krb5_context krb5_error_ctx;
@@ -2245,6 +2249,8 @@ int main(int argc, const char *argv[])
     poptContext pc;
     int debug_fd = -1;
     errno_t ret;
+    uid_t be_uid;
+    gid_t be_gid;
 
     struct poptOption long_options[] = {
         POPT_AUTOHELP
@@ -2259,6 +2265,7 @@ int main(int argc, const char *argv[])
         {"debug-to-stderr", 0, POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN,
          &debug_to_stderr, 0,
          _("Send the debug output to stderr directly."), NULL },
+        SSSD_SERVER_OPTS(be_uid, be_gid)
         POPT_TABLEEND
     };
 
@@ -2304,6 +2311,8 @@ int main(int argc, const char *argv[])
         goto done;
     }
     talloc_steal(kr, debug_prg_name);
+    kr->be_uid = be_uid;
+    kr->be_gid = be_gid;
 
     ret = k5c_recv_data(kr, STDIN_FILENO, &offline);
     if (ret != EOK) {
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index e7febdf04..35555a452 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -596,6 +596,8 @@ int main(int argc, const char *argv[])
     struct input_buffer *ibuf = NULL;
     struct response *resp = NULL;
     size_t written;
+    uid_t uid;
+    gid_t gid;
 
     struct poptOption long_options[] = {
         POPT_AUTOHELP
@@ -609,6 +611,7 @@ int main(int argc, const char *argv[])
          _("An open file descriptor for the debug logs"), NULL},
         {"debug-to-stderr", 0, POPT_ARG_NONE | POPT_ARGFLAG_DOC_HIDDEN, &debug_to_stderr, 0, \
          _("Send the debug output to stderr directly."), NULL }, \
+        SSSD_SERVER_OPTS(uid, gid)
         POPT_TABLEEND
     };
 
diff --git a/src/util/child_common.c b/src/util/child_common.c
index cc6a8fa75..4ee3a37e9 100644
--- a/src/util/child_common.c
+++ b/src/util/child_common.c
@@ -626,10 +626,10 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
                                   char ***_argv)
 {
     /*
-     * program name, debug_level, debug_timestamps,
-     * debug_microseconds and NULL
+     * program name, debug_level, debug_to_file, debug_timestamps,
+     * debug_microseconds, uid, gid and NULL
      */
-    uint_t argc = 5;
+    uint_t argc = 7;
     char ** argv;
     errno_t ret = EINVAL;
 
@@ -644,7 +644,7 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
 
     /*
      * program name, debug_level, debug_to_file, debug_timestamps,
-     * debug_microseconds and NULL
+     * debug_microseconds, uid, gid and NULL
      */
     argv  = talloc_array(mem_ctx, char *, argc);
     if (argv == NULL) {
@@ -692,6 +692,18 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
         goto fail;
     }
 
+    argv[--argc] = talloc_asprintf(argv, "--uid=%"SPRIuid, getuid());
+    if (argv[argc] == NULL) {
+        ret = ENOMEM;
+        goto fail;
+    }
+
+    argv[--argc] = talloc_asprintf(argv, "--gid=%"SPRIgid, getgid());
+    if (argv[argc] == NULL) {
+        ret = ENOMEM;
+        goto fail;
+    }
+
     argv[--argc] = talloc_strdup(argv, binary);
     if (argv[argc] == NULL) {
         ret = ENOMEM;
-- 
cgit