From ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 6 Oct 2014 16:28:13 +0200 Subject: SSSD: Add the options to specify a UID and GID to run as Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl --- src/responder/autofs/autofssrv.c | 6 +++++- src/responder/ifp/ifpsrv.c | 6 +++++- src/responder/nss/nsssrv.c | 5 ++++- src/responder/pac/pacsrv.c | 5 ++++- src/responder/pam/pamsrv.c | 5 ++++- src/responder/ssh/sshsrv.c | 5 ++++- src/responder/sudo/sudosrv.c | 6 +++++- 7 files changed, 31 insertions(+), 7 deletions(-) (limited to 'src/responder') diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index bd5aa135..931cf018 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -207,10 +207,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -235,7 +238,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_autofs"; - ret = server_setup("sssd[autofs]", 0, CONFDB_AUTOFS_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[autofs]", 0, 0, 0, + CONFDB_AUTOFS_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index 4af83654..8d8fe885 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -441,10 +441,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -469,7 +472,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_ifp"; - ret = server_setup("sssd[ifp]", 0, CONFDB_IFP_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[ifp]", 0, 0, 0, + CONFDB_IFP_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 84a6b7fe..420fd3d3 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -537,10 +537,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -565,7 +568,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_nss"; - ret = server_setup("sssd[nss]", 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[nss]", 0, 0, 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 47a9d1a6..b76691de 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -216,10 +216,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -244,7 +247,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_pac"; - ret = server_setup("sssd[pac]", 0, CONFDB_PAC_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[pac]", 0, 0, 0, CONFDB_PAC_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 428b252a..91b39508 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -316,10 +316,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -344,7 +347,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_pam"; - ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[pam]", 0, 0, 0, CONFDB_PAM_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index 8aa603d7..1328d174 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -184,10 +184,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -212,7 +215,7 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_ssh"; - ret = server_setup("sssd[ssh]", 0, CONFDB_SSH_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[ssh]", 0, 0, 0, CONFDB_SSH_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 8a197159..30752c9d 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -164,10 +164,13 @@ int main(int argc, const char *argv[]) poptContext pc; struct main_context *main_ctx; int ret; + uid_t uid; + gid_t gid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS + SSSD_SERVER_OPTS(uid, gid) POPT_TABLEEND }; @@ -192,7 +195,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_sudo"; - ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[sudo]", 0, 0, 0, CONFDB_SUDO_CONF_ENTRY, + &main_ctx); if (ret != EOK) { return 2; } -- cgit