summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Cech <pcech@redhat.com>2016-07-12 16:14:04 +0200
committerLukas Slebodnik <lslebodn@redhat.com>2016-07-12 18:15:32 +0200
commit75dead699a19dda7d8dfca89e2f97efbf0c264a2 (patch)
treeb1d9b6030190d9a5e7d4e1e53d9421026d24d1e4
parent2bb9e88328ef44eddd935c250ae12337442c5900 (diff)
downloadsssd-75dead699a19dda7d8dfca89e2f97efbf0c264a2.zip
sssd-75dead699a19dda7d8dfca89e2f97efbf0c264a2.tar.gz
sssd-75dead699a19dda7d8dfca89e2f97efbf0c264a2.tar.xz
PROVIDERS: Setting right {u,g}id if unprivileged
be_ctx had talloc_zero() initialized uid and gid which was used in function dp_init(). Therefore back-end was every time started as root and therefore non-root responders could not communicate with back-end due to wrong permission of unix sockets. This patch sets right uid and gid to data-providers if sssd runs as non-root user. Resolves: https://fedorahosted.org/sssd/ticket/3077 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r--src/providers/data_provider_be.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 78efed8..2ae7130 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -386,6 +386,8 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,
be_ctx->ev = ev;
be_ctx->cdb = cdb;
+ be_ctx->uid = uid;
+ be_ctx->gid = gid;
be_ctx->identity = talloc_asprintf(be_ctx, "%%BE_%s", be_domain);
be_ctx->conf_path = talloc_asprintf(be_ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain);
if (be_ctx->identity == NULL || be_ctx->conf_path == NULL) {