URL: https://github.com/SSSD/sssd/pull/5407 Author: ikerexxe Title: #5407: kcm: check socket path loaded from configuration Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5407/head:pr5407 git checkout pr5407
From 1ad0445e8fd5e03b35ea53353b7b9a07222b4942 Mon Sep 17 00:00:00 2001 From: ikerexxe <[email protected]> Date: Tue, 26 Jan 2021 12:37:15 +0100 Subject: [PATCH 1/2] RESPONDER: check that configured sockets match Check if the sockets defined in systemd unit and sssd.conf match. If they don't, then print a warning message. Moreover, change man page regarding socket_path option to indicate that it will be overwritten by systemd's unit file. Resolves: https://github.com/SSSD/sssd/issues/5406 --- src/man/sssd-kcm.8.xml | 7 +++++++ src/responder/common/responder_common.c | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 022a74ba09..14ba122a5c 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -203,6 +203,13 @@ systemctl restart sssd-kcm.service <para> Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable> </para> + <para> + <phrase condition="have_systemd"> + Note: on platforms where systemd is supported, the + socket path is overwritten by the one defined in + the sssd-kcm.socket unit file. + </phrase> + </para> </listitem> </varlistentry> <varlistentry> diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 7061d018a6..992d85c6d2 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1001,6 +1001,8 @@ int activate_unix_sockets(struct resp_ctx *rctx, connection_setup_t conn_setup) { int ret; + struct sockaddr_un sockaddr; + socklen_t sockaddr_len = sizeof(sockaddr); #ifdef HAVE_SYSTEMD if (rctx->lfd == -1 && rctx->priv_lfd == -1) { @@ -1032,6 +1034,15 @@ int activate_unix_sockets(struct resp_ctx *rctx, goto done; } + ret = getsockname(rctx->lfd, (struct sockaddr *) &sockaddr, &sockaddr_len); + if (ret == EOK) { + if (memcmp(rctx->sock_name, sockaddr.sun_path, strlen(rctx->sock_name)) != 0) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Warning: socket path defined in systemd unit (%s) and sssd.conf (%s) don't match\n", + sockaddr.sun_path, rctx->sock_name); + } + } + ret = sss_fd_nonblocking(rctx->lfd); if (ret != EOK) goto done; if (numfds == 2) { From 11591f76eacf3e98687fd5d264db3ed063d4bded Mon Sep 17 00:00:00 2001 From: ikerexxe <[email protected]> Date: Tue, 26 Jan 2021 16:01:48 +0100 Subject: [PATCH 2/2] TESTS: test socket path when systemd activation Test socket path when sssd-kcm is activated by systemd. If socket in systemd unit and sssd.conf is defined in different locations then print a warning. Verifies: https://github.com/SSSD/sssd/issues/5406 --- src/tests/multihost/alltests/test_kcm.py | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index db08dbd8c4..e7182f5d58 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -52,3 +52,36 @@ def test_client_timeout(self, multihost, backupsssdconf): " /var/log/sssd/" "sssd_kcm.log") assert 'Terminated client' in grep_cmd.stdout_text + + def test_kcm_check_socket_path(self, multihost, enable_kcm): + """ + @Title: kcm: Test socket path when sssd-kcm is activated by systemd + #https://github.com/SSSD/sssd/issues/5406 + """ + # Start from a known-good state after removing log file and adding a + # new socket path + multihost.master[0].service_sssd('stop') + self._stop_kcm(multihost) + self._remove_kcm_log_file(multihost) + server = sssdTools(multihost.master[0]) + server.backup_sssd_conf() + socket_path = "/some_path/kcm.socket" + domain_section = "kcm" + sssd_params = {'socket_path': '%s' % (socket_path)} + server.sssd_conf(domain_section, sssd_params) + multihost.master[0].service_sssd('start') + self._start_kcm(multihost) + # Give sssd some time to load + time.sleep(2) + + # Check log file for the expected warning message + domain_log = '/var/log/sssd/sssd_kcm.log' + log = multihost.master[0].get_file_contents(domain_log).decode('utf-8') + msg = "Warning: socket path defined in systemd unit "\ + "\(/run/.heim_org.h5l.kcm-socket\) and sssd.conf \(%s\) don't "\ + "match" % (socket_path) + find = re.compile(r'%s' % msg) + + server.restore_sssd_conf() + + assert find.search(log)
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
