MONITOR: validate value of 'user' option.

alexey-tikhonov · pbrezina · commit 8b94af6eff56 · 2023-05-03T19:00:21.000+02:00
Only 'root' and SSSD_USER are valid values.

Reviewed-by: Iker Pedrosa &lt;ipedrosa@redhat.com&gt;
Reviewed-by: Pavel Březina &lt;pbrezina@redhat.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -115,6 +115,7 @@ test-authtok
 .pytest_cache
 __pycache__
 .venv
+src/man/sssd_user_name.include
 
 # multihost tests
 !src/tests/multihost/sssd
diff --git a/src/man/Makefile.am b/src/man/Makefile.am
@@ -127,8 +127,10 @@ SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8
 	$(XSLTPROC) -o $@  $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $<
 
 .5.xml.5:
+	@echo -n $(SSSD_USER) > $(dir $<)/sssd_user_name.include
 	$(XMLLINT) $(XMLLINT_FLAGS) $<
 	$(XSLTPROC) -o $@  $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $<
+	@rm -f $(dir $<)/sssd_user_name.include
 
 .8.xml.8:
 	$(XMLLINT) $(XMLLINT_FLAGS) $<
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
-"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"
+[
+<!ENTITY sssd_user_name SYSTEM "sssd_user_name.include">
+]>
 <reference>
 <title>SSSD Manual pages</title>
 <refentry>
@@ -409,20 +412,23 @@
                                 The user to drop the privileges to where
                                 appropriate to avoid running as the
                                 root user.
-                                <phrase condition="have_systemd">
-                                    This option does not work when running socket-activated
-                                    services, as the user set up to run the processes is
-                                    set up during compilation time.
+                                Currently the only supported value is '&sssd_user_name;'.
+                            </para>
 
-                                    The way to override the systemd unit files is by creating
-                                    the appropriate files in /etc/systemd/system/.
+                            <para condition="have_systemd">
+                                This option does not work when running socket-activated
+                                services, as the user set up to run the processes is
+                                set up during compilation time.
 
-                                    Keep in mind that any change in the socket user, group or
-                                    permissions may result in a non-usable SSSD. The same may
-                                    occur in case of changes of the user running the NSS
-                                    responder.
-                                </phrase>
+                                The way to override the systemd unit files is by creating
+                                the appropriate files in /etc/systemd/system/.
+
+                                Keep in mind that any change in the socket user, group or
+                                permissions may result in a non-usable SSSD. The same may
+                                occur in case of changes of the user running the NSS
+                                responder.
                             </para>
+
                             <para>
                                 Default: not set, process will run as root
                             </para>
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
@@ -825,9 +825,13 @@ static char *check_services(char **services)
 
 static int get_service_user(struct mt_ctx *ctx)
 {
+    errno_t ret = EOK;
+
+    ctx->uid = 0;
+    ctx->gid = 0;
+
 #ifdef SSSD_NON_ROOT_USER
-    errno_t ret;
-    char *user_str;
+    char *user_str = NULL;
 
     ret = confdb_get_string(ctx->cdb, ctx, CONFDB_MONITOR_CONF_ENTRY,
                             CONFDB_MONITOR_USER_RUNAS,
@@ -837,18 +841,22 @@ static int get_service_user(struct mt_ctx *ctx)
         return ret;
     }
 
-    ret = sss_user_by_name_or_uid(user_str, &ctx->uid, &ctx->gid);
-    talloc_free(user_str);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n");
-        return ret;
+    if (strcmp(user_str, SSSD_USER) == 0) {
+        sss_sssd_user_uid_and_gid(&ctx->uid, &ctx->gid);
+    } else if (strcmp(user_str, "root") != 0) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Unsupported value '%s' of config option '%s'! Only 'root' or '"
+              SSSD_USER"' are supported.\n",
+              user_str, CONFDB_MONITOR_USER_RUNAS);
+        sss_log(SSS_LOG_CRIT, "Unsupported value of config option '%s'!",
+                CONFDB_MONITOR_USER_RUNAS);
+        ret = ERR_INVALID_CONFIG;
     }
-#else
-    ctx->uid = 0;
-    ctx->gid = 0;
+
+    talloc_free(user_str);
 #endif
 
-    return EOK;
+    return ret;
 }
 
 static int get_monitor_config(struct mt_ctx *ctx)
