[SSSD] [sssd PR#5882][synchronized] CONFDB: check the return values

[thalman]

   URL: https://github.com/SSSD/sssd/pull/5882
Author: thalman
 Title: #5882: CONFDB: check the return values
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5882/head:pr5882
git checkout pr5882

From 0db7c401ee40a1351da7d915a7e3d6a5539522dc Mon Sep 17 00:00:00 2001
From: Tomas Halman <thal...@redhat.com>
Date: Thu, 18 Nov 2021 17:43:19 +0100
Subject: [PATCH] CONFDB: check the return values

Covscan pointed out that return value of chown and sete[ug]id is
not checked in some cases. There is not much we can do
in case of failure so only minor failure is logged.

Resolves: https://github.com/SSSD/sssd/issues/5876
---
 src/confdb/confdb.c  |  6 +++++-
 src/util/usertools.c | 25 +++++++++++++++++++++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 6a6fac916e..e557b469cb 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -685,7 +685,11 @@ int confdb_init(TALLOC_CTX *mem_ctx,
     old_umask = umask(SSS_DFL_UMASK);
     /* file may exists and could be owned by root from previous version */
     sss_sssd_user_uid_and_gid(&sssd_uid, &sssd_gid);
-    chown(confdb_location, sssd_uid, sssd_gid);
+    ret = chown(confdb_location, sssd_uid, sssd_gid);
+    if (ret != EOK && errno != ENOENT) {
+        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to chown config database [%s]: %s\n",
+              confdb_location, sss_strerror(errno));
+    }
     sss_set_sssd_user_eid();
 
     ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL);
diff --git a/src/util/usertools.c b/src/util/usertools.c
index 370a98b417..72deceeee6 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -863,17 +863,34 @@ void sss_set_sssd_user_eid(void)
     uid_t uid;
     gid_t gid;
 
+
     if (geteuid() == 0) {
         sss_sssd_user_uid_and_gid(&uid, &gid);
-        seteuid(uid);
-        setegid(gid);
+        if (seteuid(uid) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to set euid to %"SPRIuid": %s\n",
+                  uid, sss_strerror(errno));
+        }
+        if (setegid(gid) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to set egid to %"SPRIgid": %s\n",
+                  gid, sss_strerror(errno));
+        }
     }
 }
 
 void sss_restore_sssd_user_eid(void)
 {
     if (getuid() == 0) {
-        seteuid(getuid());
-        setegid(getgid());
+        if (seteuid(getuid()) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to restore euid: %s\n",
+                  sss_strerror(errno));
+        }
+        if (setegid(getgid()) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to restore egid: %s\n",
+                  sss_strerror(errno));
+        }
     }
 }

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure