projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5dc944e)
Add error logs when translating group names to gids 54/187454/2
authorTomasz Swierczek <t.swierczek@samsung.com>
Thu, 23 Aug 2018 08:59:13 +0000 (10:59 +0200)
committerDariusz Michaluk <d.michaluk@samsung.com>
Thu, 23 Aug 2018 11:16:49 +0000 (11:16 +0000)
Daemon or client failure is probably the best way to fail-early
in case of bad system config; however, system logs should have clear information
on what has failed in such case.

Change-Id: Ia119bac5795b5a38e4004b7d66c8a64f3a45ac69

src/client/client-security-manager.cpp patch | blob | history
src/common/privilege-gids.cpp patch | blob | history

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index a0dae819b0c08b79575966dc665fafe2edcc63a5..49a742ff36ee3a367fa3449a1a56e3fc17a04170 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -1344,8 +1344,10 @@ static void loadGroups(std::vector<gid_t> &vgroups)
             if (result == nullptr && ret == 0)
                 ret = ENOENT;
 
-            if (ret != 0)
+            if (ret != 0) {
+                LogError("Cannot map group " + groupName + " to gid");
                 throw std::system_error(ret, std::system_category(), "getgrnam_r() failed");
+            }
             break;
         }
         vgroups.push_back(result->gr_gid);
diff --git a/src/common/privilege-gids.cpp b/src/common/privilege-gids.cpp
index 6a2c170d82ff91fa85a3a943aae74b55a1522ab9..6dfc0d47861cf1606cc3685354df9fba53abaf98 100644 (file)
--- a/src/common/privilege-gids.cpp
+++ b/src/common/privilege-gids.cpp
@@ -37,11 +37,18 @@ void PrivilegeGids::init(const GroupPrivileges &group_privs)
 
     // create privilege -> gids mapping & gather all privilege related gids
     for (auto &group_priv : group_privs) {
-        gid_t g = g2g.get(group_priv.first);
-        LogDebug("group " << group_priv.first << "(" << g << ") privilege " << group_priv.second);
-        m_gids.push_back(g);
-        m_privileges.push_back(group_priv.second);
-        m_priv2gids[group_priv.second].push_back(g);
+        try {
+            gid_t g = g2g.get(group_priv.first);
+            LogDebug("group " << group_priv.first << "(" << g << ") privilege " << group_priv.second);
+            m_gids.push_back(g);
+            m_privileges.push_back(group_priv.second);
+            m_priv2gids[group_priv.second].push_back(g);
+        } catch (...) {
+            LogError("Cannot map required group " + group_priv.first
+                     + " for privilege " + group_priv.second
+                     + " ; check if the group is configured in your system");
+            throw;
+        }
     }
 
     // remove duplicates
Domain: Security / Access Control;