URL: https://github.com/SSSD/sssd/pull/5407 Author: ikerexxe Title: #5407: kcm: check socket path loaded from configuration Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5407/head:pr5407 git checkout pr5407
From d5f47e1f1ba2279907c98ce7ff0595443730509a Mon Sep 17 00:00:00 2001 From: ikerexxe <ipedr...@redhat.com> Date: Tue, 26 Jan 2021 12:37:15 +0100 Subject: [PATCH 1/2] RESPONDER: check that configured sockets match Check if the sockets defined in systemd unit and sssd.conf match. If they don't, then print a warning message. Moreover, change man page regarding socket_path option to indicate that it will be overwritten by systemd's unit file. Resolves: https://github.com/SSSD/sssd/issues/5406 --- src/man/sssd-kcm.8.xml | 7 +++ src/responder/common/responder_common.c | 84 ++++++++++++++++++++++++- 2 files changed, 90 insertions(+), 1 deletion(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 022a74ba09..14ba122a5c 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -203,6 +203,13 @@ systemctl restart sssd-kcm.service <para> Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable> </para> + <para> + <phrase condition="have_systemd"> + Note: on platforms where systemd is supported, the + socket path is overwritten by the one defined in + the sssd-kcm.socket unit file. + </phrase> + </para> </listitem> </varlistentry> <varlistentry> diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 7061d018a6..00f1b3858f 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -895,6 +895,68 @@ int create_pipe_fd(const char *sock_name, int *_fd, mode_t umaskval) return ret; } +static int +get_socket_path_in_use(TALLOC_CTX *mem_ctx, int fd, char **socket_path_in_use) +{ + TALLOC_CTX *tmp_ctx; + struct stat statbuf; + char *path_name = NULL; + char *inode = NULL; + char *line = NULL; + char *socket_line = NULL; + char *inode_pos = NULL; + errno_t ret; + FILE *fp; + size_t len = 0; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + path_name = talloc_asprintf_append(path_name, "%s%d", "/proc/self/fd/", fd); + + ret = stat(path_name, &statbuf); + if (ret != EOK) { + goto done; + } + + fp = fopen("/proc/net/unix", "r"); + if (fp == NULL) { + ret = ENOENT; + goto done; + } + + inode = talloc_asprintf_append(inode, "%lu", statbuf.st_ino); + + while ((getline(&line, &len, fp) != -1) && (socket_line == NULL)) { + inode_pos = strstr(line, inode); + + if (inode_pos != NULL) { + /* copy the string except for the inode number at the beginning + * and the breaking line at the end */ + socket_line = talloc_strndup(tmp_ctx, + inode_pos + strlen(inode) + 1, + strlen(inode_pos) - strlen(inode) - 2); + } + } + + if (socket_line == NULL) { + ret = ENOENT; + goto done; + } + + *socket_path_in_use = talloc_steal(mem_ctx, socket_line); + ret = EOK; + +done: + fclose(fp); + talloc_free(tmp_ctx); + + return ret; +} + /* create a unix socket and listen to it */ static int set_unix_socket(struct resp_ctx *rctx, connection_setup_t conn_setup) @@ -1000,7 +1062,15 @@ static int set_unix_socket(struct resp_ctx *rctx, int activate_unix_sockets(struct resp_ctx *rctx, connection_setup_t conn_setup) { + TALLOC_CTX *tmp_ctx; int ret; + char *socket_path_in_use = NULL; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } #ifdef HAVE_SYSTEMD if (rctx->lfd == -1 && rctx->priv_lfd == -1) { @@ -1024,12 +1094,22 @@ int activate_unix_sockets(struct resp_ctx *rctx, if (ret == numfds) { rctx->lfd = SD_LISTEN_FDS_START; - ret = sd_is_socket_unix(rctx->lfd, SOCK_STREAM, 1, NULL, 0); + + ret = get_socket_path_in_use(tmp_ctx, rctx->lfd, &socket_path_in_use); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to obtain socket path\n"); + } + + ret = sd_is_socket_unix(rctx->lfd, SOCK_STREAM, 1, socket_path_in_use, 0); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Activated socket is not a UNIX listening socket\n"); ret = EIO; goto done; + } else if (ret > 0){ + DEBUG(SSSDBG_CONF_SETTINGS, + "Warning: socket path defined in systemd unit (%s) and sssd.conf (%s) don't match\n", + socket_path_in_use, rctx->sock_name); } ret = sss_fd_nonblocking(rctx->lfd); @@ -1058,6 +1138,8 @@ int activate_unix_sockets(struct resp_ctx *rctx, } done: + talloc_free(tmp_ctx); + return ret; } From 97ed5467836e08c70fdced9ae84fde6422c94b26 Mon Sep 17 00:00:00 2001 From: ikerexxe <ipedr...@redhat.com> Date: Tue, 26 Jan 2021 16:01:48 +0100 Subject: [PATCH 2/2] TESTS: test socket path when systemd activation Test socket path when sssd-kcm is activated by systemd. If socket in systemd unit and sssd.conf is defined in different locations then print a warning. Verifies: https://github.com/SSSD/sssd/issues/5406 --- src/tests/multihost/alltests/test_kcm.py | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index db08dbd8c4..e7182f5d58 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -52,3 +52,36 @@ def test_client_timeout(self, multihost, backupsssdconf): " /var/log/sssd/" "sssd_kcm.log") assert 'Terminated client' in grep_cmd.stdout_text + + def test_kcm_check_socket_path(self, multihost, enable_kcm): + """ + @Title: kcm: Test socket path when sssd-kcm is activated by systemd + #https://github.com/SSSD/sssd/issues/5406 + """ + # Start from a known-good state after removing log file and adding a + # new socket path + multihost.master[0].service_sssd('stop') + self._stop_kcm(multihost) + self._remove_kcm_log_file(multihost) + server = sssdTools(multihost.master[0]) + server.backup_sssd_conf() + socket_path = "/some_path/kcm.socket" + domain_section = "kcm" + sssd_params = {'socket_path': '%s' % (socket_path)} + server.sssd_conf(domain_section, sssd_params) + multihost.master[0].service_sssd('start') + self._start_kcm(multihost) + # Give sssd some time to load + time.sleep(2) + + # Check log file for the expected warning message + domain_log = '/var/log/sssd/sssd_kcm.log' + log = multihost.master[0].get_file_contents(domain_log).decode('utf-8') + msg = "Warning: socket path defined in systemd unit "\ + "\(/run/.heim_org.h5l.kcm-socket\) and sssd.conf \(%s\) don't "\ + "match" % (socket_path) + find = re.compile(r'%s' % msg) + + server.restore_sssd_conf() + + assert find.search(log)
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
