From 66c318d212d56e26f303fc52d5fecbde4a6b9589 Mon Sep 17 00:00:00 2001

From: Alexey Tikhonov <atikhono@redhat.com>

Date: Thu, 10 Nov 2022 22:18:06 +0100

Subject: [PATCH 16/16] SSSCTL: don't require 'root' for "analyze" cmd

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

:relnote: `sssctl analyze` tool doesn't require anymore to be run under root.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

(cherry picked from commit 99791400bec1054cf0081884e013a3cbed75fe8a)

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>

---

 src/tools/common/sss_tools.c | 16 +++++++++-------

 src/tools/common/sss_tools.h |  3 ++-

 src/tools/sssctl/sssctl.c    |  2 +-

 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c

index 38ae88306..d16de7c4d 100644

--- a/src/tools/common/sss_tools.c

+++ b/src/tools/common/sss_tools.c

@@ -267,6 +267,15 @@ static int tool_cmd_init(struct sss_tool_ctx *tool_ctx,

                          struct sss_route_cmd *command)

 {

     int ret;

+    uid_t uid;

+

+    if (!(command->flags & SSS_TOOL_FLAG_SKIP_ROOT_CHECK)) {

+        uid = getuid();

+        if (uid != 0) {

+            ERROR("'%s' must be run as root\n", command->command);

+            return EXIT_FAILURE;

+        }

+    }

     if (command->flags & SSS_TOOL_FLAG_SKIP_CMD_INIT) {

         return EOK;

@@ -515,15 +524,8 @@ int sss_tool_main(int argc, const char **argv,

                   void *pvt)

 {

     struct sss_tool_ctx *tool_ctx;

-    uid_t uid;

     errno_t ret;

-    uid = getuid();

-    if (uid != 0) {

-        ERROR("%1$s must be run as root\n", argv[0]);

-        return EXIT_FAILURE;

-    }

-

     ret = sss_tool_init(NULL, &argc, argv, &tool_ctx);

     if (ret != EOK) {

         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tool context\n");

diff --git a/src/tools/common/sss_tools.h b/src/tools/common/sss_tools.h

index 75dc15391..24dd4b559 100644

--- a/src/tools/common/sss_tools.h

+++ b/src/tools/common/sss_tools.h

@@ -54,7 +54,8 @@ typedef errno_t

 #define SSS_TOOL_DELIMITER(message) {"", _(message), 0, NULL, 0}

 #define SSS_TOOL_LAST {NULL, NULL, 0, NULL, 0}

-#define SSS_TOOL_FLAG_SKIP_CMD_INIT 0x01

+#define SSS_TOOL_FLAG_SKIP_CMD_INIT   0x01

+#define SSS_TOOL_FLAG_SKIP_ROOT_CHECK 0x02

 struct sss_route_cmd {

     const char *command;

diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c

index f18689f9f..b73d19ffe 100644

--- a/src/tools/sssctl/sssctl.c

+++ b/src/tools/sssctl/sssctl.c

@@ -296,7 +296,7 @@ int main(int argc, const char **argv)

         SSS_TOOL_COMMAND("logs-remove", "Remove existing SSSD log files", 0, sssctl_logs_remove),

         SSS_TOOL_COMMAND("logs-fetch", "Archive SSSD log files in tarball", 0, sssctl_logs_fetch),

         SSS_TOOL_COMMAND("debug-level", "Change SSSD debug level", 0, sssctl_debug_level),

-        SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT),

+        SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),

 #ifdef HAVE_LIBINI_CONFIG_V1_3

         SSS_TOOL_DELIMITER("Configuration files tools:"),

         SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),

-- 

2.37.3