From: Tomasz Swierczek <t.swierczek@samsung.com>
Date: Thu, 23 Aug 2018 08:59:13 +0000 (+0200)
Subject: Add error logs when translating group names to gids
X-Git-Tag: submit/tizen/20180824.134752~3
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a423559f8845396a10e754c5ed777bbbc7f3d069;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Add error logs when translating group names to gids

Daemon or client failure is probably the best way to fail-early
in case of bad system config; however, system logs should have clear information
on what has failed in such case.

Change-Id: Ia119bac5795b5a38e4004b7d66c8a64f3a45ac69
---

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index a0dae819..49a742ff 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -1344,8 +1344,10 @@ static void loadGroups(std::vector<gid_t> &vgroups)
             if (result == nullptr && ret == 0)
                 ret = ENOENT;
 
-            if (ret != 0)
+            if (ret != 0) {
+                LogError("Cannot map group " + groupName + " to gid");
                 throw std::system_error(ret, std::system_category(), "getgrnam_r() failed");
+            }
             break;
         }
         vgroups.push_back(result->gr_gid);
diff --git a/src/common/privilege-gids.cpp b/src/common/privilege-gids.cpp
index 6a2c170d..6dfc0d47 100644
--- a/src/common/privilege-gids.cpp
+++ b/src/common/privilege-gids.cpp
@@ -37,11 +37,18 @@ void PrivilegeGids::init(const GroupPrivileges &group_privs)
 
     // create privilege -> gids mapping & gather all privilege related gids
     for (auto &group_priv : group_privs) {
-        gid_t g = g2g.get(group_priv.first);
-        LogDebug("group " << group_priv.first << "(" << g << ") privilege " << group_priv.second);
-        m_gids.push_back(g);
-        m_privileges.push_back(group_priv.second);
-        m_priv2gids[group_priv.second].push_back(g);
+        try {
+            gid_t g = g2g.get(group_priv.first);
+            LogDebug("group " << group_priv.first << "(" << g << ") privilege " << group_priv.second);
+            m_gids.push_back(g);
+            m_privileges.push_back(group_priv.second);
+            m_priv2gids[group_priv.second].push_back(g);
+        } catch (...) {
+            LogError("Cannot map required group " + group_priv.first
+                     + " for privilege " + group_priv.second
+                     + " ; check if the group is configured in your system");
+            throw;
+        }
     }
 
     // remove duplicates