From 3f2e9c3592aadbb3750d685633f8fabe39adae2d Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Fri, 16 Dec 2016 16:55:24 -0200 Subject: [PATCH 1/2] [KEYCLOAK-4083] SSSD Federation is only enabled with superuser permissions --- .../java/cx/ath/matthew/unix/UnixSocket.java | 4 ---- .../freedesktop/sssd/infopipe/InfoPipe.java | 4 +++- .../keycloak/federation/sssd/api/Sssd.java | 23 +++++++++++-------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/federation/sssd/src/main/java/cx/ath/matthew/unix/UnixSocket.java b/federation/sssd/src/main/java/cx/ath/matthew/unix/UnixSocket.java index 8851637436..1c59dd7fd3 100644 --- a/federation/sssd/src/main/java/cx/ath/matthew/unix/UnixSocket.java +++ b/federation/sssd/src/main/java/cx/ath/matthew/unix/UnixSocket.java @@ -26,7 +26,6 @@ */ package cx.ath.matthew.unix; -import cx.ath.matthew.LibraryLoader; import cx.ath.matthew.debug.Debug; import java.io.IOException; @@ -37,9 +36,6 @@ import java.io.OutputStream; * Represents a UnixSocket. */ public class UnixSocket { - static { - LibraryLoader.load(); - } private native void native_set_pass_cred(int sock, boolean passcred) throws IOException; diff --git a/federation/sssd/src/main/java/org/freedesktop/sssd/infopipe/InfoPipe.java b/federation/sssd/src/main/java/org/freedesktop/sssd/infopipe/InfoPipe.java index 6152d26a25..9ef979cdd7 100644 --- a/federation/sssd/src/main/java/org/freedesktop/sssd/infopipe/InfoPipe.java +++ b/federation/sssd/src/main/java/org/freedesktop/sssd/infopipe/InfoPipe.java @@ -34,11 +34,13 @@ public interface InfoPipe extends DBusInterface { String OBJECTPATH = "/org/freedesktop/sssd/infopipe"; String BUSNAME = "org.freedesktop.sssd.infopipe"; - @DBusMemberName("GetUserAttr") Map getUserAttributes(String user, List attr); @DBusMemberName("GetUserGroups") List getUserGroups(String user); + @DBusMemberName("Ping") + String ping(String ping); + } \ No newline at end of file diff --git a/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java b/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java index 9551579cf6..308d596122 100644 --- a/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java +++ b/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java @@ -17,15 +17,13 @@ package org.keycloak.federation.sssd.api; +import cx.ath.matthew.LibraryLoader; import org.freedesktop.dbus.DBusConnection; import org.freedesktop.dbus.Variant; import org.freedesktop.dbus.exceptions.DBusException; import org.freedesktop.sssd.infopipe.InfoPipe; import org.jboss.logging.Logger; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; import java.util.Arrays; import java.util.List; import java.util.Map; @@ -52,7 +50,8 @@ public class Sssd { public Sssd(String username) { this.username = username; try { - dBusConnection = DBusConnection.getConnection(DBusConnection.SYSTEM); + if (LibraryLoader.load().succeed()) + dBusConnection = DBusConnection.getConnection(DBusConnection.SYSTEM); } catch (DBusException e) { e.printStackTrace(); } @@ -96,14 +95,20 @@ public class Sssd { public static boolean isAvailable() { boolean sssdAvailable = false; try { - Path path = Paths.get("/etc/sssd"); - if (!Files.exists(path)) { - logger.debugv("SSSD is not available in your system. Federation provider will be disabled."); + if (LibraryLoader.load().succeed()) { + DBusConnection connection = DBusConnection.getConnection(DBusConnection.SYSTEM); + InfoPipe infoPipe = connection.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class); + + if (infoPipe.ping("PING") == null || infoPipe.ping("PING").isEmpty()) { + logger.debugv("SSSD is not available in your system. Federation provider will be disabled."); + } else { + sssdAvailable = true; + } } else { - sssdAvailable = true; + logger.debugv("The RPM libunix-dbus-java is not installed. SSSD Federation provider will be disabled."); } } catch (Exception e) { - logger.error("SSSD check failed", e); + logger.debugv("SSSD is not available in your system. Federation provider will be disabled.", e); } return sssdAvailable; } From 3b3b219a8624ba4e534e8c0a16059cc775baf3ed Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Fri, 16 Dec 2016 13:01:42 -0200 Subject: [PATCH 2/2] [KEYCLOAK-4085] SSSD federation provider should load libunix from alternative paths --- .../sssd/src/main/java/cx/ath/matthew/LibraryLoader.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/federation/sssd/src/main/java/cx/ath/matthew/LibraryLoader.java b/federation/sssd/src/main/java/cx/ath/matthew/LibraryLoader.java index 4088d46ebb..7279a36682 100644 --- a/federation/sssd/src/main/java/cx/ath/matthew/LibraryLoader.java +++ b/federation/sssd/src/main/java/cx/ath/matthew/LibraryLoader.java @@ -21,7 +21,14 @@ package cx.ath.matthew; */ public class LibraryLoader { - private static final String[] PATHS = {"/usr/lib/", "/usr/lib64/", "/usr/local/lib/", "/opt/local/lib/"}; + private static final String[] PATHS = { + "/opt/rh/rh-sso7/root/lib/", + "/opt/rh/rh-sso7/root/lib64/", + "/usr/lib/", + "/usr/lib64/", + "/usr/local/lib/", + "/opt/local/lib/" + }; private static final String LIBRARY_NAME = "libunix_dbus_java"; private static final String VERSION = "0.0.8"; private static boolean loadSucceeded;