From 54dd529d2777edc625e25c5ebd259b396360337c Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Thu, 18 Nov 2021 17:43:19 +0100
Subject: [PATCH] CONFDB: check the return values

Covscan pointed out that return value of chown and sete[ug]id is
not checked in some cases. There is not much we can do
in case of failure so only minor failure is logged.

Resolves: https://github.com/SSSD/sssd/issues/5876

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>

Reference: https://github.com/SSSD/sssd/commit/54dd529d2777edc625e25c5ebd259b396360337c 
Conflict: NA
---
 src/confdb/confdb.c  |  6 +++++-
 src/util/usertools.c | 25 +++++++++++++++++++++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 6a6fac916..e557b469c 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -685,7 +685,11 @@ int confdb_init(TALLOC_CTX *mem_ctx,
     old_umask = umask(SSS_DFL_UMASK);
     /* file may exists and could be owned by root from previous version */
     sss_sssd_user_uid_and_gid(&sssd_uid, &sssd_gid);
-    chown(confdb_location, sssd_uid, sssd_gid);
+    ret = chown(confdb_location, sssd_uid, sssd_gid);
+    if (ret != EOK && errno != ENOENT) {
+        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to chown config database [%s]: %s\n",
+              confdb_location, sss_strerror(errno));
+    }
     sss_set_sssd_user_eid();
 
     ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL);
diff --git a/src/util/usertools.c b/src/util/usertools.c
index 370a98b41..72deceeee 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -863,17 +863,34 @@ void sss_set_sssd_user_eid(void)
     uid_t uid;
     gid_t gid;
 
+
     if (geteuid() == 0) {
         sss_sssd_user_uid_and_gid(&uid, &gid);
-        seteuid(uid);
-        setegid(gid);
+        if (seteuid(uid) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to set euid to %"SPRIuid": %s\n",
+                  uid, sss_strerror(errno));
+        }
+        if (setegid(gid) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to set egid to %"SPRIgid": %s\n",
+                  gid, sss_strerror(errno));
+        }
     }
 }
 
 void sss_restore_sssd_user_eid(void)
 {
     if (getuid() == 0) {
-        seteuid(getuid());
-        setegid(getgid());
+        if (seteuid(getuid()) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to restore euid: %s\n",
+                  sss_strerror(errno));
+        }
+        if (setegid(getgid()) != EOK) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "Failed to restore egid: %s\n",
+                  sss_strerror(errno));
+        }
     }
 }
-- 
2.27.0