diff options
author | Petr Cech <pcech@redhat.com> | 2016-07-12 16:14:04 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-07-12 18:15:32 +0200 |
commit | 75dead699a19dda7d8dfca89e2f97efbf0c264a2 (patch) | |
tree | b1d9b6030190d9a5e7d4e1e53d9421026d24d1e4 | |
parent | 2bb9e88328ef44eddd935c250ae12337442c5900 (diff) | |
download | sssd-75dead699a19dda7d8dfca89e2f97efbf0c264a2.tar.gz sssd-75dead699a19dda7d8dfca89e2f97efbf0c264a2.tar.xz sssd-75dead699a19dda7d8dfca89e2f97efbf0c264a2.zip |
PROVIDERS: Setting right {u,g}id if unprivileged
be_ctx had talloc_zero() initialized uid and gid which was used
in function dp_init(). Therefore back-end was every time started as root
and therefore non-root responders could not communicate with back-end
due to wrong permission of unix sockets.
This patch sets right uid and gid to data-providers if sssd runs
as non-root user.
Resolves:
https://fedorahosted.org/sssd/ticket/3077
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r-- | src/providers/data_provider_be.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 78efed851..2ae713054 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -386,6 +386,8 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, be_ctx->ev = ev; be_ctx->cdb = cdb; + be_ctx->uid = uid; + be_ctx->gid = gid; be_ctx->identity = talloc_asprintf(be_ctx, "%%BE_%s", be_domain); be_ctx->conf_path = talloc_asprintf(be_ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (be_ctx->identity == NULL || be_ctx->conf_path == NULL) { |