From 46d3d2c731e8c7e138462e5b60a39a279dc77d81 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Mon, 12 Mar 2012 10:07:35 +0100
Subject: sudo api: send uid, username and domainname

https://fedorahosted.org/sssd/ticket/1239

Test client was changed accordingly. The new usage is:

sss_sudo_cli username [uid]

If uid is not set, getpwnam(username) is called. It will retrieve
both default options and rules.
---
 src/responder/sudo/sudosrv_query.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'src/responder/sudo/sudosrv_query.c')

diff --git a/src/responder/sudo/sudosrv_query.c b/src/responder/sudo/sudosrv_query.c
index dd9e1e880..7ba80e2ac 100644
--- a/src/responder/sudo/sudosrv_query.c
+++ b/src/responder/sudo/sudosrv_query.c
@@ -179,7 +179,7 @@ done:
 
 /*
  * Response format:
- * <error_code(uint32_t)><num_entries(uint32_t)><rule1><rule2>...
+ * <error_code(uint32_t)><domain(char*)>\0<num_entries(uint32_t)><rule1><rule2>...
  * <ruleN> = <num_attrs(uint32_t)><attr1><attr2>...
  * <attrN>  = <name(char*)>\0<num_values(uint32_t)><value1(char*)>\0<value2(char*)>\0...
  *
@@ -187,6 +187,7 @@ done:
  */
 errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx,
                                uint32_t error,
+                               const char *domain,
                                int rules_num,
                                struct sysdb_attrs **rules,
                                uint8_t **_response_body,
@@ -215,6 +216,13 @@ errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    /* domain name */
+    ret = sudosrv_response_append_string(tmp_ctx, domain, strlen(domain) + 1,
+                                         &response_body, &response_len);
+    if (ret != EOK) {
+        goto fail;
+    }
+
     /* rules count */
     ret = sudosrv_response_append_uint32(tmp_ctx, (uint32_t)rules_num,
                                          &response_body, &response_len);
@@ -244,12 +252,13 @@ fail:
 
 /*
  * Query format:
- * <username[@domain]>
+ * <uid><username[@domain]>
  */
 errno_t sudosrv_parse_query(TALLOC_CTX *mem_ctx,
                             struct resp_ctx *rctx,
                             uint8_t *query_body,
                             size_t query_len,
+                            uid_t *_uid,
                             char **_username,
                             struct sss_domain_info **_domain)
 {
@@ -260,6 +269,7 @@ errno_t sudosrv_parse_query(TALLOC_CTX *mem_ctx,
     char *rawname = NULL;
     char *domainname = NULL;
     char *username = NULL;
+    uid_t uid;
     errno_t ret;
 
     tmp_ctx = talloc_new(NULL);
@@ -268,6 +278,15 @@ errno_t sudosrv_parse_query(TALLOC_CTX *mem_ctx,
         return ENOMEM;
     }
 
+    /* uid */
+
+    if (query_len < sizeof(uid_t)) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Query is too small\n"));
+        ret = EINVAL;
+        goto done;
+    }
+    safealign_memcpy(&uid, query_body, sizeof(uid_t), &offset);
+
     /* username[@domain] */
 
     rawname = (char*)(query_body + offset);
@@ -310,6 +329,7 @@ errno_t sudosrv_parse_query(TALLOC_CTX *mem_ctx,
         }
     }
 
+    *_uid = uid;
     *_username = talloc_steal(mem_ctx, username);
     *_domain = domain; /* do not steal on mem_ctx */
 
-- 
cgit