From 3c97e3ab74309934687e65a768fb843d8b4608fa Mon Sep 17 00:00:00 2001

From: Michal Zidek <mzidek@redhat.com>

Date: Thu, 9 Oct 2014 17:21:30 +0200

Subject: [PATCH 31/46] SYSDB: Allow calling chown on the sysdb file from

 monitor

Sysdb must be accessible for the nonroot sssd

processes.

Reviewed-by: Pavel Reichl <preichl@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 0887c35bdb85adf0a4376dc8963294ea5a9d6da6)

---

 src/db/sysdb.c        | 21 +++++++++++++++++++++

 src/db/sysdb.h        |  9 +++++++++

 src/monitor/monitor.c |  3 ++-

 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/db/sysdb.c b/src/db/sysdb.c

index 8d6f00b52976228bfc9dfdc93503148837677346..1f02585e747dda6aadde772f76f30d3d69c4cfc0 100644

--- a/src/db/sysdb.c

+++ b/src/db/sysdb.c

@@ -1322,6 +1322,16 @@ int sysdb_init(TALLOC_CTX *mem_ctx,

                struct sss_domain_info *domains,

                bool allow_upgrade)

 {

+    return sysdb_init_ext(mem_ctx, domains, allow_upgrade, false, 0, 0);

+}

+

+int sysdb_init_ext(TALLOC_CTX *mem_ctx,

+                   struct sss_domain_info *domains,

+                   bool allow_upgrade,

+                   bool chown_dbfile,

+                   uid_t uid,

+                   gid_t gid)

+{

     struct sss_domain_info *dom;

     struct sysdb_ctx *sysdb;

     int ret;

@@ -1343,6 +1353,17 @@ int sysdb_init(TALLOC_CTX *mem_ctx,

             return ret;

         }

+        if (chown_dbfile) {

+            ret = chown(sysdb->ldb_file, uid, gid);

+            if (ret != 0) {

+                ret = errno;

+                DEBUG(SSSDBG_CRIT_FAILURE,

+                      "Cannot set sysdb ownership to %"SPRIuid":%"SPRIgid"\n",

+                      uid, gid);

+                return ret;

+            }

+        }

+

         dom->sysdb = talloc_move(dom, &sysdb);

     }

diff --git a/src/db/sysdb.h b/src/db/sysdb.h

index 0d0971d98dd684e47ae8ec067447169f41ebba67..ebb1bbedaf2df3030a012f1f0be8c5a069399cc3 100644

--- a/src/db/sysdb.h

+++ b/src/db/sysdb.h

@@ -533,6 +533,15 @@ uint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom,

 int sysdb_init(TALLOC_CTX *mem_ctx,

                struct sss_domain_info *domains,

                bool allow_upgrade);

+

+/* Same as sysdb_init, but additionally allows to change

+ * file ownership of the sysdb databases. */

+int sysdb_init_ext(TALLOC_CTX *mem_ctx,

+                   struct sss_domain_info *domains,

+                   bool allow_upgrade,

+                   bool chown_dbfile,

+                   uid_t uid, gid_t gid);

+

 /* used to initialize only one domain database.

  * Do NOT use if sysdb_init has already been called */

 int sysdb_domain_init(TALLOC_CTX *mem_ctx,

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c

index 37f6e928be3508762e1c3afadbb67762f5cc1d38..04702428c4ed7fd1d77c6f18e491fa69b3700f4f 100644

--- a/src/monitor/monitor.c

+++ b/src/monitor/monitor.c

@@ -2312,7 +2312,8 @@ static int monitor_process_init(struct mt_ctx *ctx,

     if (!tmp_ctx) {

         return ENOMEM;

     }

-    ret = sysdb_init(tmp_ctx, ctx->domains, true);

+    ret = sysdb_init_ext(tmp_ctx, ctx->domains, true,

+                         true, ctx->uid, ctx->gid);

     if (ret != EOK) {

         SYSDB_VERSION_ERROR_DAEMON(ret);

         return ret;

-- 

1.9.3