From ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 6 Oct 2014 16:28:13 +0200
Subject: SSSD: Add the options to specify a UID and GID to run as

Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.

So far all code still runs as root.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
---
 src/util/server.c | 8 ++++++++
 src/util/util.h   | 7 +++++++
 2 files changed, 15 insertions(+)

(limited to 'src/util')

diff --git a/src/util/server.c b/src/util/server.c
index 51934f8ba..3a84dee0c 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -412,6 +412,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
 }
 
 int server_setup(const char *name, int flags,
+                 uid_t uid, gid_t gid,
                  const char *conf_entry,
                  struct main_context **main_ctx)
 {
@@ -426,6 +427,13 @@ int server_setup(const char *name, int flags,
     struct tevent_signal *tes;
     struct logrotate_ctx *lctx;
 
+    ret = become_user(uid, gid);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FUNC_DATA,
+              "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid);
+        return ret;
+    }
+
     debug_prg_name = strdup(name);
     if (!debug_prg_name) {
         return ENOMEM;
diff --git a/src/util/util.h b/src/util/util.h
index 0af4db3fe..cc5588c18 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -175,6 +175,12 @@ errno_t set_debug_file_from_fd(const int fd);
 
 #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS
 
+#define SSSD_SERVER_OPTS(uid, gid) \
+        {"uid", 0, POPT_ARG_INT, &uid, 0, \
+          _("The user ID to run the server as"), NULL}, \
+        {"gid", 0, POPT_ARG_INT, &gid, 0, \
+          _("The group ID to run the server as"), NULL},
+
 #define FLAGS_NONE 0x0000
 #define FLAGS_DAEMON 0x0001
 #define FLAGS_INTERACTIVE 0x0002
@@ -242,6 +248,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
 int die_if_parent_died(void);
 int pidfile(const char *path, const char *name);
 int server_setup(const char *name, int flags,
+                 uid_t uid, gid_t gid,
                  const char *conf_entry,
                  struct main_context **main_ctx);
 void server_loop(struct main_context *main_ctx);
-- 
cgit