URL: https://github.com/SSSD/sssd/pull/5407 Author: ikerexxe Title: #5407: kcm: check socket path loaded from configuration Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5407/head:pr5407 git checkout pr5407
From 318fd555393058de0e1c2d22f4e2f6b4c7b3b174 Mon Sep 17 00:00:00 2001 From: ikerexxe <ipedr...@redhat.com> Date: Tue, 26 Jan 2021 12:37:15 +0100 Subject: [PATCH 1/2] RESPONDER: check that configured sockets match Check if the sockets defined in systemd unit and sssd.conf match. If they don't, then print a warning message. Moreover, change man page regarding socket_path option to indicate that it will be overwritten by systemd's unit file. Resolves: https://github.com/SSSD/sssd/issues/5406 --- src/man/sssd-kcm.8.xml | 7 ++ src/responder/common/responder_common.c | 103 ++++++++++++++++++++++++ 2 files changed, 110 insertions(+) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 022a74ba09..535af27375 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -203,6 +203,13 @@ systemctl restart sssd-kcm.service <para> Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable> </para> + <para> + <phrase condition="have_systemd"> + Note: on platforms where systemd is supported, the + socket path is overwritten by the one defined in + the unit file. + </phrase> + </para> </listitem> </varlistentry> <varlistentry> diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 7061d018a6..3b98b21149 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -895,12 +895,106 @@ int create_pipe_fd(const char *sock_name, int *_fd, mode_t umaskval) return ret; } +static int +get_socket_path_in_use(struct resp_ctx *rctx, char **socket_path_in_use) +{ + TALLOC_CTX *tmp_ctx; + struct stat statbuf; + char *path_name = NULL; + char *inode = NULL; + char *line = NULL; + char *socket_line = NULL; + char *inode_pos = NULL; + errno_t ret; + FILE *fp; + size_t len = 0; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + path_name = talloc_strdup(tmp_ctx, ""); + path_name = talloc_asprintf_append(path_name, "%s%d", "/proc/self/fd/", + rctx->lfd); + + ret = stat(path_name, &statbuf); + if (ret != EOK) { + goto done; + } + + fp = fopen("/proc/net/unix", "r"); + if (fp == NULL) { + ret = ENOENT; + goto done; + } + + inode = talloc_strdup(tmp_ctx, ""); + inode = talloc_asprintf_append(inode, "%lu", statbuf.st_ino); + + while ((getline(&line, &len, fp) != -1) && (socket_line == NULL)) { + inode_pos = strstr(line, inode); + + if (inode_pos != NULL) { + /* copy the string except for the inode number at the beginning + * and the breaking line at the end */ + socket_line = talloc_strndup(tmp_ctx, + inode_pos + strlen(inode) + 1, + strlen(inode_pos) - strlen(inode) - 2); + } + } + + if (socket_line == NULL) { + ret = ENOENT; + goto done; + } + + *socket_path_in_use = talloc_steal(rctx, socket_line); + ret = EOK; + +done: + fclose(fp); + talloc_free(tmp_ctx); + + return ret; +} + +static bool +compare_files(const char *file_path1, const char *file_path2) +{ + errno_t ret; + struct stat statbuf1; + struct stat statbuf2; + + if (strcmp(file_path1, file_path2) == 0) { + return true; + } + + ret = stat(file_path1, &statbuf1); + if (ret != EOK) { + return false; + } + + ret = stat(file_path2, &statbuf2); + if (ret != EOK) { + return false; + } + + if (statbuf1.st_ino == statbuf2.st_ino) { + return true; + } + + return false; +} + /* create a unix socket and listen to it */ static int set_unix_socket(struct resp_ctx *rctx, connection_setup_t conn_setup) { errno_t ret; struct accept_fd_ctx *accept_ctx = NULL; + char *socket_path_in_use = NULL; /* for future use */ #if 0 @@ -947,6 +1041,15 @@ static int set_unix_socket(struct resp_ctx *rctx, return ret; } } + /* Check if the sockets defined in systemd unit and sssd.conf match */ + else if (rctx->lfd == SD_LISTEN_FDS_START) { + if ((get_socket_path_in_use(rctx, &socket_path_in_use) == EOK) && + (compare_files(rctx->sock_name, socket_path_in_use) == false)) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Beware: socket path defined in systemd unit (%s) and sssd.conf (%s) don't match\n", + socket_path_in_use, rctx->sock_name); + } + } accept_ctx = talloc_zero(rctx, struct accept_fd_ctx); if(!accept_ctx) goto failed; From 6274291da16745c76c515f941e87813e58f2237e Mon Sep 17 00:00:00 2001 From: ikerexxe <ipedr...@redhat.com> Date: Tue, 26 Jan 2021 16:01:48 +0100 Subject: [PATCH 2/2] TESTS: test socket path when systemd activation Test socket path when sssd-kcm is activated by systemd. If socket in systemd unit and sssd.conf is defined in different locations then print a warning. Verifies: https://github.com/SSSD/sssd/issues/5406 --- src/tests/multihost/alltests/test_kcm.py | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index db08dbd8c4..a4933f11b7 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -52,3 +52,36 @@ def test_client_timeout(self, multihost, backupsssdconf): " /var/log/sssd/" "sssd_kcm.log") assert 'Terminated client' in grep_cmd.stdout_text + + def test_kcm_check_socket_path(self, multihost, enable_kcm): + """ + @Title: kcm: Test socket path when sssd-kcm is activated by systemd + #https://github.com/SSSD/sssd/issues/5406 + """ + # Start from a known-good state after removing log file and adding a + # new socket path + multihost.master[0].service_sssd('stop') + self._stop_kcm(multihost) + self._remove_kcm_log_file(multihost) + server = sssdTools(multihost.master[0]) + server.backup_sssd_conf() + socket_path = "/some_path/kcm.socket" + domain_section = "kcm" + sssd_params = {'socket_path' : '%s' % (socket_path) } + server.sssd_conf(domain_section, sssd_params) + multihost.master[0].service_sssd('start') + self._start_kcm(multihost) + # Give sssd some time to load + time.sleep(2) + + # Check log file for the expected warning message + domain_log = '/var/log/sssd/sssd_kcm.log' + log = multihost.master[0].get_file_contents(domain_log).decode('utf-8') + msg = "Beware: socket path defined in systemd unit "\ + "\(/run/.heim_org.h5l.kcm-socket\) and sssd.conf \(%s\) don't "\ + "match" % (socket_path) + find = re.compile(r'%s' % msg) + + server.restore_sssd_conf() + + assert find.search(log) \ No newline at end of file
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
