diff options
author | Arun Scaria <arunscaria91@gmail.com> | 2011-08-16 01:40:34 +0530 |
---|---|---|
committer | Arun Scaria <arunscaria91@gmail.com> | 2011-08-16 01:40:34 +0530 |
commit | 0b03f0598f9c7f9beaed245ad4efcbd40f382b8f (patch) | |
tree | cdf5af14cb5260c2ad21590ed8a3352d0766e0a9 | |
parent | 8cf3904b627c32945680c80c1635c587730316a4 (diff) | |
download | sssd_unused-0b03f0598f9c7f9beaed245ad4efcbd40f382b8f.tar.gz sssd_unused-0b03f0598f9c7f9beaed245ad4efcbd40f382b8f.tar.xz sssd_unused-0b03f0598f9c7f9beaed245ad4efcbd40f382b8f.zip |
eliminated rules based on commands and modified filter
-rw-r--r-- | src/db/sysdb.h | 14 | ||||
-rw-r--r-- | src/db/sysdb_search.c | 101 | ||||
-rw-r--r-- | src/list_sss/list_sss.c | 146 | ||||
-rw-r--r-- | src/list_sss/list_sss.h | 63 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.c | 792 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.h | 5 | ||||
-rw-r--r-- | src/sss_client/sudo_plugin/sss_sudo_cli.h | 1 | ||||
-rw-r--r-- | src/sss_client/sudo_plugin/sss_sudoplugin.c | 50 |
8 files changed, 849 insertions, 323 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index d8c0c78c..0c36375a 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -49,6 +49,7 @@ #define SYSDB_GROUP_CLASS "group" #define SYSDB_NETGROUP_CLASS "netgroup" +#define SYSDB_SUDO_CONTAINER_ATTR "cn" #define SYSDB_SUDO_USER_ATTR "sudoUser" #define SYSDB_SUDO_HOST_ATTR "sudoHost" #define SYSDB_SUDO_OPTION_ATTR "sudoOption" @@ -59,6 +60,8 @@ #define SYSDB_SUDO_NOT_AFTER_ATTR "sudoNotAfter" #define SYSDB_SUDO_ORDER_ATTR "sudoOrder" +#define SYSDB_SUDO_USER_MATCH_ATTR "("SYSDB_SUDO_USER_ATTR"=%s)" + #define SYSDB_NAME "name" #define SYSDB_OBJECTCLASS "objectClass" @@ -134,6 +137,7 @@ #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")" #define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))" +#define SYSDB_INITGR_ALL_FILTER "(&("SYSDB_GC")(|(&("SYSDB_NAME"=*)("SYSDB_POSIX"=FALSE))("SYSDB_GIDNUM"=*)))" #define SYSDB_GETCACHED_FILTER "(&"SYSDB_UC")("SYSDB_LAST_LOGIN">=%lu))" @@ -173,6 +177,10 @@ SYSDB_DEFAULT_ATTRS, \ NULL} +#define SYSDB_INITGR_ALL_ATTRS {SYSDB_GIDNUM, SYSDB_NAME, SYSDB_POSIX, \ + SYSDB_DEFAULT_ATTRS, \ + NULL} + #define SYSDB_TMPL_USER SYSDB_NAME"=%s,"SYSDB_TMPL_USER_BASE #define SYSDB_TMPL_GROUP SYSDB_NAME"=%s,"SYSDB_TMPL_GROUP_BASE #define SYSDB_TMPL_NETGROUP SYSDB_NAME"=%s,"SYSDB_TMPL_NETGROUP_BASE @@ -375,6 +383,12 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx, const char *name, struct ldb_result **res); +int sysdb_get_groups_by_user(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *ctx, + struct sss_domain_info *domain, + const char *name, + struct ldb_result **_res); + int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, struct sss_domain_info *domain, diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index dfae4ddf..e9a126e0 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -476,6 +476,107 @@ done: return ret; } + +int sysdb_get_groups_by_user(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *ctx, + struct sss_domain_info *domain, + const char *name, + struct ldb_result **_res) +{ + TALLOC_CTX *tmpctx; + struct ldb_result *res; + struct ldb_dn *user_dn; + struct ldb_request *req; + struct ldb_control **ctrl; + struct ldb_asq_control *control; + static const char *attrs[] = SYSDB_INITGR_ALL_ATTRS; + int ret; + + tmpctx = talloc_new(mem_ctx); + if (!tmpctx) { + return ENOMEM; + } + + ret = sysdb_getpwnam(tmpctx, ctx, domain, name, &res); + if (ret != EOK) { + DEBUG(1, ("sysdb_getpwnam failed: [%d][%s]\n", + ret, strerror(ret))); + goto done; + } + + if (res->count == 0) { + /* User is not cached yet */ + *_res = talloc_steal(mem_ctx, res); + ret = EOK; + goto done; + + } else if (res->count != 1) { + ret = EIO; + DEBUG(1, ("sysdb_getpwnam returned count: [%d]\n", res->count)); + goto done; + } + + /* no need to steal the dn, we are not freeing the result */ + user_dn = res->msgs[0]->dn; + + /* note we count on the fact that the default search callback + * will just keep appending values. This is by design and can't + * change so it is ok to already have a result (from the getpwnam) + * even before we call the next search */ + + ctrl = talloc_array(tmpctx, struct ldb_control *, 2); + if (!ctrl) { + ret = ENOMEM; + goto done; + } + ctrl[1] = NULL; + ctrl[0] = talloc(ctrl, struct ldb_control); + if (!ctrl[0]) { + ret = ENOMEM; + goto done; + } + ctrl[0]->oid = LDB_CONTROL_ASQ_OID; + ctrl[0]->critical = 1; + control = talloc(ctrl[0], struct ldb_asq_control); + if (!control) { + ret = ENOMEM; + goto done; + } + control->request = 1; + control->source_attribute = talloc_strdup(control, SYSDB_INITGR_ATTR); + if (!control->source_attribute) { + ret = ENOMEM; + goto done; + } + control->src_attr_len = strlen(control->source_attribute); + ctrl[0]->data = control; + + ret = ldb_build_search_req(&req, ctx->ldb, tmpctx, + user_dn, LDB_SCOPE_BASE, + SYSDB_INITGR_ALL_FILTER, attrs, ctrl, + res, ldb_search_default_callback, + NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_request(ctx->ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + *_res = talloc_steal(mem_ctx, res); + +done: + talloc_zfree(tmpctx); + return ret; +} + int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, struct sss_domain_info *domain, diff --git a/src/list_sss/list_sss.c b/src/list_sss/list_sss.c new file mode 100644 index 00000000..dff2d5ff --- /dev/null +++ b/src/list_sss/list_sss.c @@ -0,0 +1,146 @@ +/* + * list_sss.c + * + * Created on: Aug 14, 2011 + * Author: r00tkit + */ + +#include "list_sss.h" + + +/* +** initList() +** initialize a list +** +*/ +void initList(list_sss **list) +{ + (*list)=NULL; +} + + +/* +** allocateNode() +** allocate a new node. +** +*/ + +list_sss *allocateNode(TALLOC_CTX *ctx,void *data) +{ + list_sss *list; + + list = talloc(ctx, list_sss); + if (list == NULL) + { + DEBUG(0, ("Node allocation failed")); + return NULL; + } + + list->data=data; + list->next=NULL; + + return (list); +} + +/* +** appendNode() +** appends a node to the end of a list +*/ + +void appendNode(TALLOC_CTX * ctx,list_sss **head,void * data) +{ + list_sss *tmp,*new; + new = allocateNode(ctx,data); + if (is_empty_list(*head) == TRUE) + { + (*head)=new; + } + else + { + for (tmp=(*head); tmp->next != NULL; tmp=tmp->next); + tmp->next=new; + } +} + + +/* +** is_empty_list() +** check if a list variable is NULL +** +*/ + +Bool is_empty_list(list_sss *list) +{ + return ((list == NULL) ? TRUE : FALSE); +} + +/* +** delNode() +** remove a node from a list +** +*/ +int delNode(list_sss **head,list_sss *node) +{ + if (is_empty_list(*head) == TRUE) + return LIST_SSS_ERROR; + + if ((*head) == node) + (*head)=(*head)->next; + else + { + list_sss *l; + for (l=(*head); l != NULL && l->next != node; l=l->next); + if (l == NULL) + return LIST_SSS_ERROR; + else + l->next=node->next; + } + talloc_free(node); + + return LIST_SSS_SUCCESS; +} + + +/* +** getNthNode() +** get nth node in a list +*/ + +list_sss *getNthNode(list_sss *list,int n) +{ + list_sss *lp=NULL; + int j=0; + + for (lp=list; lp; lp=lp->next) + { + j++; + if (j == n) + { + return (lp); + } + } + + return ((list_sss *) NULL); +} + + +/* +** numNodes() +** returns number of nodes in the list +** +*/ + +size_t numNodes(list_sss **head) +{ + int n=0; + + list_sss *lp; + + for (lp=(*head); lp; lp=lp->next) + { + n++; + } + + return (n); +} + diff --git a/src/list_sss/list_sss.h b/src/list_sss/list_sss.h new file mode 100644 index 00000000..40b76271 --- /dev/null +++ b/src/list_sss/list_sss.h @@ -0,0 +1,63 @@ + +#ifndef LIST_SSS_H +#define LIST_SSS_H + +#include <stdio.h> + +#if STDC_HEADERS +#include <stdlib.h> +#include <ctype.h> +#include <string.h> +#endif + +#if HAVE_STRING_H +#include <string.h> +#endif + + +#include <talloc.h> +#include "util/util.h" + + + +#define LIST_SSS_SUCCESS 0 +#define LIST_SSS_ERROR -1 + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +typedef int Bool; +typedef void (*Vfunc)(void **); +typedef int (*Ifunc)(void *,void *); + + +/* +** the linked list structure +*/ + +typedef struct _list_sss +{ + void + *data; /* void pointer for user data */ + + struct _list_sss + *next; /* pointer to next node */ +} list_sss; + +/* +** function prototypes +*/ +void initList (list_sss **list); +list_sss *allocateNode (TALLOC_CTX *ctx,void *data); +void appendNode (TALLOC_CTX *ctx,list_sss **list,void * data); +int delNode (list_sss **list,list_sss *node); +Bool is_empty_list (list_sss *list); +list_sss *getNthNode (list_sss *list,int n); +size_t numNodes (list_sss **head); + +#endif /* LIST_SSS_H */ diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 1fc51f98..762cea9b 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -17,7 +17,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ + */ #include <stdio.h> #include <unistd.h> @@ -29,6 +29,7 @@ #include <string.h> #include <sys/time.h> #include <errno.h> +#include <fnmatch.h> #include <popt.h> #include "dhash.h" @@ -47,6 +48,8 @@ #include "responder/common/responder_packet.h" #include "providers/data_provider.h" #include "monitor/monitor_interfaces.h" +#include "list_sss/list_sss.h" + @@ -54,33 +57,81 @@ static int sudo_client_destructor(void *ctx) { struct sudo_client *sudocli = talloc_get_type(ctx, struct sudo_client); if (sudocli) { - talloc_zfree(sudocli); - DEBUG(4, ("Removed Sudo client\n")); + talloc_zfree(sudocli); + DEBUG(4, ("Removed Sudo client\n")); } return 0; } -struct test { - uid_t userid; - char * cwd; - char * tty; -}; +int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *res){ + + int i,ret=EOK; + filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id); + if (!filter) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + ret = ENOMEM; + goto done; + } + filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=+*)"); + if (!filter) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + ret = ENOMEM; + goto done; + } + + + for(i=0;i< res->count;i++){ + filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=%s)",ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL)); + if (!filter) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + ret = ENOMEM; + goto done; + } + } + filter = talloc_asprintf_append(filter,")("SYSDB_SUDO_HOST_ATTR"=+*)"); + if (!filter) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + ret = ENOMEM; + goto done; + } + filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=ALL)"); + if (!filter) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + ret = ENOMEM; + goto done; + } + filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=%s)",host); + if (!filter) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + ret = ENOMEM; + goto done; + } + done: + if(ret!=ENOMEM) return EOK; + else return ret; + +} + int compare_sudo_order(const struct ldb_message **msg1, const struct ldb_message **msg2) { double order_msg1 = ldb_msg_find_attr_as_double(*msg1, SYSDB_SUDO_ORDER_ATTR, 0.0); double order_msg2 = ldb_msg_find_attr_as_double(*msg2, SYSDB_SUDO_ORDER_ATTR, 0.0); - if(order_msg1>order_msg2) return 1; - else if (order_msg1==order_msg1) return 0; - else return -1; + if(order_msg1>order_msg2) return 1; + else if (order_msg1==order_msg1) return 0; + else return -1; } int search_sudo_rules(struct sudo_client *sudocli, struct sysdb_ctx *sysdb, - struct sss_domain_info * domain) { + struct sss_domain_info * domain, + char * user_name, + uid_t user_id, + struct sss_sudo_msg_contents *sudo_msg) { TALLOC_CTX *tmpctx; - const char *attrs[] = { SYSDB_SUDO_USER_ATTR, + const char *attrs[] = { SYSDB_SUDO_CONTAINER_ATTR, + SYSDB_SUDO_USER_ATTR, SYSDB_SUDO_HOST_ATTR, SYSDB_SUDO_OPTION_ATTR, SYSDB_SUDO_COMMAND_ATTR, @@ -90,13 +141,19 @@ int search_sudo_rules(struct sudo_client *sudocli, SYSDB_SUDO_NOT_AFTER_ATTR, SYSDB_SUDO_ORDER_ATTR, NULL }; - char *filter = NULL; - struct ldb_message **msgs; + char *filter = NULL, *tmpcmd,*space; + struct ldb_message **sudo_rules_msgs; struct ldb_message_element *el; + struct ldb_result *res; int ret; size_t count; - int i,j; + int i,j,flag=0; double order; + TALLOC_CTX *listctx; + list_sss *list, *current, *tmp; + struct sudo_cmd_ctx * sudo_cmnd; + char * host = "arun.scaria.com"; + fprintf(stdout,"in Sudo rule\n"); tmpctx = talloc_new(sudocli); @@ -104,20 +161,38 @@ int search_sudo_rules(struct sudo_client *sudocli, return ENOMEM; } - filter = talloc_asprintf(tmpctx,""); + ret = sysdb_get_groups_by_user(tmpctx, + sysdb, + domain, + user_name, + &res); + if (ret) { + if (ret == ENOENT) { + ret = EOK; + } + goto done; + } + filter = talloc_asprintf(tmpctx,"|(|("SYSDB_SUDO_USER_ATTR"=%s)",user_name); if (!filter) { DEBUG(0, ("Failed to build filter - %s\n",filter)); ret = ENOMEM; goto done; } - fprintf(stdout,"Filter - %s\n",filter); + ret = prepare_filter(filter,user_id,host, res); + if (ret==ENOMEM) { + DEBUG(0, ("Failed to build filter - %s\n",filter)); + goto done; + } + + + DEBUG(0,(stdout,"Filter - %s\n",filter)); ret = sysdb_search_sudo_rules(tmpctx, sysdb, domain, filter, attrs, &count, - &msgs); + &sudo_rules_msgs); if (ret) { if (ret == ENOENT) { @@ -133,24 +208,113 @@ int search_sudo_rules(struct sudo_client *sudocli, goto done; } - qsort(msgs,count,sizeof(struct ldb_message *), (__compar_fn_t)compare_sudo_order); + qsort(sudo_rules_msgs,count,sizeof(struct ldb_message *), (__compar_fn_t)compare_sudo_order); + + listctx = talloc_new(NULL); + if (!listctx) { + return ENOMEM; + } + initList(&list); for(i=0; i< count ; i++) { + appendNode(listctx, &list, sudo_rules_msgs[i]); + } + current = list; + sudo_cmnd = talloc(listctx,struct sudo_cmd_ctx); + + while(current!=NULL) { + - order = ldb_msg_find_attr_as_double(msgs[i], SYSDB_SUDO_ORDER_ATTR, 0.0); - DEBUG(0, ("--sudoOrder: %f\n",order)); - DEBUG(0, ("--dn: %s----\n",ldb_dn_get_linearized(msgs[i]->dn))); - el = ldb_msg_find_element(msgs[i], SYSDB_SUDO_COMMAND_ATTR); + DEBUG(0, ("--sudoOrder: %f\n", + ldb_msg_find_attr_as_double((struct ldb_message *)current->data, + SYSDB_SUDO_ORDER_ATTR, + 0.0))); + DEBUG(0, ("--dn: %s----\n", + ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); + + el = ldb_msg_find_element((struct ldb_message *)current->data, + SYSDB_SUDO_COMMAND_ATTR); if (!el) { - return LDB_ERR_OPERATIONS_ERROR; + DEBUG(0, ("Failed to get sudo commands for sudorule [%s]\n", + ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); + tmp = current->next; + delNode(&list,current); + current = tmp; + continue; + } + flag = 0; + /* see if this is a user */ + for (j = 0; j < el->num_values; j++) { + DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[j].data))); + /* Do command elimination here */ + tmpcmd = talloc_asprintf(listctx, + "%s", + (const char *) (el->values[j].data)); + space = strchr(tmpcmd,' '); + if(space != NULL) { + *space = '\0'; + sudo_cmnd->arg= (space +1); + } + else + sudo_cmnd->arg= NULL; + + if(tmpcmd[0]=='!') { + sudo_cmnd->fqcomnd=tmpcmd+1; + } + else { + sudo_cmnd->fqcomnd=tmpcmd; } - /* see if this is a user */ - for (j = 0; j < el->num_values; j++) { - DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[j].data))); + if(fnmatch(sudo_cmnd->fqcomnd,sudo_msg->fq_command,FNM_PATHNAME) == 0){ + current=current->next; + flag=1; + break; } + } + + if(flag==1) { + continue; + } + + tmp = current->next; + delNode(&list,current); + current = tmp; + + } + /// + current = list; + while(current!=NULL) { + + + + DEBUG(0, ("\n\n\n\n--sudoOrder: %f\n", + ldb_msg_find_attr_as_double((struct ldb_message *)current->data, + SYSDB_SUDO_ORDER_ATTR, + 0.0))); + DEBUG(0, ("--dn: %s----\n", + ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); + + el = ldb_msg_find_element((struct ldb_message *)current->data, + SYSDB_SUDO_COMMAND_ATTR); + if (!el) { + DEBUG(0, ("Failed to get sudo commands for sudorule [%s]\n", + ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); + + + } + current = current->next; } + + /*el = ldb_msg_find_element((struct ldb_message *)current->data, SYSDB_SUDO_USER_ATTR); + if (!el) { + DEBUG(0, ("Failed to get sudo Users for sudorule [%s]\n", + ldb_dn_get_linearized(msgs[i]->dn))); + continue; + }*/ + + talloc_free(listctx); + done: talloc_zfree(tmpctx); return ret; @@ -159,7 +323,7 @@ int search_sudo_rules(struct sudo_client *sudocli, static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn) { - + dbus_uint32_t header = SSS_SUDO_RESPONDER_HEADER,command_size; struct sudo_client *sudocli; DBusMessage *reply; @@ -180,6 +344,9 @@ static int sudo_query_validation(DBusMessage *message, struct sbus_connection *c TALLOC_CTX * tmpctx; struct ldb_message *ldb_msg; size_t no_ldbs = 0; + const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL}; + const char * user_name; + uid_t user_id; result = strdup("PASS"); @@ -191,207 +358,228 @@ static int sudo_query_validation(DBusMessage *message, struct sbus_connection *c } msg = talloc((TALLOC_CTX *)sudocli,struct sss_sudo_msg_contents); - + /* First thing, cancel the timeout */ DEBUG(4, ("Cancel SUDO client timeout [%p]\n", sudocli->timeout)); talloc_zfree(sudocli->timeout); dbus_error_init(&dbus_error); - + if (!dbus_message_iter_init(message, &msg_iter)) { - fprintf(stderr, "Message received as empty!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; + fprintf(stderr, "Message received as empty!\n"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + + if(DBUS_TYPE_STRUCT != dbus_message_iter_get_arg_type(&msg_iter)) { + fprintf(stderr, "Argument is not struct!\n"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else{ + dbus_message_iter_recurse(&msg_iter,&subItem); + } + + if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&subItem)) { + fprintf(stderr,"UID failed"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else { + dbus_message_iter_get_basic(&subItem, &msg->userid); + dbus_message_iter_next (&subItem); + } + + if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { + fprintf(stderr,"CWD failed"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else { + dbus_message_iter_get_basic(&subItem, &msg->cwd); + dbus_message_iter_next (&subItem); + } + + if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { + fprintf(stderr,"TTY failed"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else { + dbus_message_iter_get_basic(&subItem, &msg->tty); + dbus_message_iter_next (&subItem); + } + if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { + fprintf(stderr,"FQ Command failed"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else { + dbus_message_iter_get_basic(&subItem, &msg->fq_command); } - if(DBUS_TYPE_STRUCT != dbus_message_iter_get_arg_type(&msg_iter)) { - fprintf(stderr, "Argument is not struct!\n"); + fprintf(stdout,"-----------Message---------\n" + "uid : %d\ncwd : %s\ntty : %s\nFQ Command: %s\n",msg->userid,msg->cwd,msg->tty,msg->fq_command); + + dbus_message_iter_next (&msg_iter); + + if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&msg_iter)) { + fprintf(stderr,"array size failed"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else { + dbus_message_iter_get_basic(&msg_iter, &msg->command_count); + fprintf(stdout,"Command array size: %d\n",msg->command_count); + } + dbus_message_iter_next (&msg_iter); + + command_array = (char**)malloc(msg->command_count*sizeof(char *)); + fprintf(stdout,"command : "); + + if( DBUS_TYPE_ARRAY != dbus_message_iter_get_arg_type(&msg_iter)) { + fprintf(stderr, "Command array failed!\n"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } + else{ + dbus_message_iter_recurse(&msg_iter,&subItem); + } + + for(ui = command_array,count = msg->command_count; count--; ui++) + { + if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { + printf("string array content failed"); return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else{ - dbus_message_iter_recurse(&msg_iter,&subItem); - } - if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"UID failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->userid); - dbus_message_iter_next (&subItem); + } + else { + dbus_message_iter_get_basic(&subItem, ui); + fprintf(stdout,"%s ",*ui); + if(!dbus_message_iter_next (&subItem)) { + /*"Array ended. */ + break; } + } + } + fprintf(stdout,"\n"); - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"CWD failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->cwd); - dbus_message_iter_next (&subItem); - } - - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"TTY failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->tty); - } + msg->command = command_array; + dbus_message_iter_next(&msg_iter); - fprintf(stdout,"-----------Message---------\n" - "uid : %d\ncwd : %s\ntty : %s\n",msg->userid,msg->cwd,msg->tty); + if( dbus_msg_iter_to_dhash(&msg_iter, &settings_table)!= SSS_SBUS_CONV_SUCCESS){ + fprintf(stderr, "settings table corrupted!\n"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } - dbus_message_iter_next (&msg_iter); + dbus_message_iter_next(&msg_iter); - if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&msg_iter)) { - fprintf(stderr,"array size failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&msg_iter, &msg->command_count); - fprintf(stdout,"Command array size: %d\n",msg->command_count); - } - dbus_message_iter_next (&msg_iter); - - command_array = (char**)malloc(msg->command_count*sizeof(char *)); - fprintf(stdout,"command : "); - - if( DBUS_TYPE_ARRAY != dbus_message_iter_get_arg_type(&msg_iter)) { - fprintf(stderr, "Command array failed!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else{ - dbus_message_iter_recurse(&msg_iter,&subItem); - } - - for(ui = command_array,count = msg->command_count; count--; ui++) - { - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - printf("string array content failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - - } - else { - dbus_message_iter_get_basic(&subItem, ui); - fprintf(stdout,"%s ",*ui); - if(!dbus_message_iter_next (&subItem)) { - /*"Array ended. */ - break; - } - } - } - fprintf(stdout,"\n"); - - msg->command = command_array; - dbus_message_iter_next(&msg_iter); - - if( dbus_msg_iter_to_dhash(&msg_iter, &settings_table)!= SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr, "settings table corrupted!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } + if( dbus_msg_iter_to_dhash(&msg_iter, &env_table)!= SSS_SBUS_CONV_SUCCESS){ + fprintf(stderr, "environment table corrupted!\n"); + return SSS_SUDO_RESPONDER_MESSAGE_ERR; + } - dbus_message_iter_next(&msg_iter); + DEBUG(0, ("-----------Message END---------\n")); + ////////////////// - if( dbus_msg_iter_to_dhash(&msg_iter, &env_table)!= SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr, "environment table corrupted!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; + tmpctx = talloc_new(NULL); + if (!tmpctx) { + return ENOMEM; + } + i=0; + sysdblist = sudocli->sudoctx->rctx->db_list->dbs; + no_ldbs = sudocli->sudoctx->rctx->db_list->num_dbs; + i=0; + while(i < no_ldbs) { + + ret = sysdb_search_user_by_uid(tmpctx, + sysdblist[i], + sysdblist[i]->domain, + msg->userid, + attrs, + &ldb_msg); + if (ret != EOK) { + i++; + DEBUG(0, ("No User matched\n")); + if (ret == ENOENT) { + + continue; } - - DEBUG(0, ("-----------Message END---------\n")); -////////////////// + DEBUG(0, ("sysdb_search_user_by_uid Returned something other that ENOENT\n")); + continue; + } + break; - tmpctx = talloc_new(NULL); - if (!tmpctx) { - return ENOMEM; - } - i=0; - sysdblist = sudocli->sudoctx->rctx->db_list->dbs; - no_ldbs = sudocli->sudoctx->rctx->db_list->num_dbs; - for(i=0;i < no_ldbs;i++) { - - ret = sysdb_search_user_by_uid(tmpctx, - sysdblist[i], - sysdblist[i]->domain, - msg->userid, - NULL, - &ldb_msg); - if (ret != EOK) { - DEBUG(0, ("No User matched\n")); - if (ret == ENOENT) { - continue; - } - break; - } + } + if(ldb_msg == NULL) { + DEBUG(0, ("NoUserEntryFound Error. Exit with error message.\n")); + goto free_ctx; + } - ret = search_sudo_rules(sudocli, sysdblist[i],sysdblist[i]->domain); - if(ret != EOK){ - DEBUG(0, ("Error in rule")); - } - } + user_name = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_NAME, NULL); + user_id = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_UIDNUM, NULL); + ret = search_sudo_rules(sudocli, sysdblist[i],sysdblist[i]->domain, "tom",user_id,msg); + if(ret != EOK){ + DEBUG(0, ("Error in rule")); + } - talloc_zfree(tmpctx); -///////////////////// + free_ctx: + talloc_zfree(tmpctx); + ///////////////////// - - talloc_set_destructor((TALLOC_CTX *)sudocli, sudo_client_destructor); - DEBUG(4, ("Got string [%s]\n", msg->cwd)); + talloc_set_destructor((TALLOC_CTX *)sudocli, sudo_client_destructor); - /* reply that all is ok */ - reply = dbus_message_new_method_return(message); - if (!reply) { - DEBUG(0, ("Dbus Out of memory!\n")); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } + DEBUG(4, ("Got string [%s]\n", msg->cwd)); - command_size = msg->command_count; - dbret = dbus_message_append_args(reply, - DBUS_TYPE_UINT32, &header, - DBUS_TYPE_STRING,&result, - DBUS_TYPE_INVALID); - if (!dbret) { - DEBUG(0, ("Failed to build sudo dbus reply\n")); - dbus_message_unref(reply); - sbus_disconnect(conn); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - dbus_message_iter_init_append(reply, &msg_iter); - - if(!dbus_message_iter_open_container(&msg_iter, - DBUS_TYPE_ARRAY, - "s", - &subItem)) { - fprintf(stderr, "Out Of Memory!\n"); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - for(command_array = msg->command ; command_size-- ; command_array++) { - - if (!dbus_message_iter_append_basic(&subItem, - DBUS_TYPE_STRING, - command_array)) { - fprintf(stderr, "Out Of Memory!\n"); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - } - - if (!dbus_message_iter_close_container(&msg_iter,&subItem)) { - fprintf(stderr, "Out Of Memory!\n"); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr,"fatal: env message framing failed."); - return SSS_SUDO_RESPONDER_DHASH_ERR; - } - - /* send reply back */ - sbus_conn_send_reply(conn, reply); + /* reply that all is ok */ + reply = dbus_message_new_method_return(message); + if (!reply) { + DEBUG(0, ("Dbus Out of memory!\n")); + return SSS_SUDO_RESPONDER_REPLY_ERR; + } + + command_size = msg->command_count; + dbret = dbus_message_append_args(reply, + DBUS_TYPE_UINT32, &header, + DBUS_TYPE_STRING,&result, + DBUS_TYPE_INVALID); + if (!dbret) { + DEBUG(0, ("Failed to build sudo dbus reply\n")); dbus_message_unref(reply); + sbus_disconnect(conn); + return SSS_SUDO_RESPONDER_REPLY_ERR; + } + + dbus_message_iter_init_append(reply, &msg_iter); + + if(!dbus_message_iter_open_container(&msg_iter, + DBUS_TYPE_ARRAY, + "s", + &subItem)) { + fprintf(stderr, "Out Of Memory!\n"); + return SSS_SUDO_RESPONDER_REPLY_ERR; + } - sudocli->initialized = true; - free(result); - return EOK; + for(command_array = msg->command ; command_size-- ; command_array++) { + + if (!dbus_message_iter_append_basic(&subItem, + DBUS_TYPE_STRING, + command_array)) { + fprintf(stderr, "Out Of Memory!\n"); + return SSS_SUDO_RESPONDER_REPLY_ERR; + } + } + + if (!dbus_message_iter_close_container(&msg_iter,&subItem)) { + fprintf(stderr, "Out Of Memory!\n"); + return SSS_SUDO_RESPONDER_REPLY_ERR; + } + + if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ + fprintf(stderr,"fatal: env message framing failed."); + return SSS_SUDO_RESPONDER_DHASH_ERR; + } + + /* send reply back */ + sbus_conn_send_reply(conn, reply); + dbus_message_unref(reply); + + sudocli->initialized = true; + free(result); + return EOK; } static void init_timeout(struct tevent_context *ev, @@ -413,7 +601,7 @@ static int sudo_client_init(struct sbus_connection *conn, void *data) struct sudo_ctx *sudoctx; struct sudo_client *sudocli; struct timeval tv; - + sudoctx = talloc_get_type(data, struct sudo_ctx); /* hang off this memory to the connection so that when the connection @@ -465,13 +653,13 @@ static void sudo_dp_reconnect_init(struct sbus_connection *conn, int status, voi /* Handle failure */ DEBUG(0, ("Could not reconnect to %s provider.\n", - be_conn->domain->name)); + be_conn->domain->name)); } int sudo_server_init(TALLOC_CTX *mem_ctx, - struct sudo_ctx *_ctx) + struct sudo_ctx *_ctx) { int ret; @@ -501,7 +689,7 @@ int sudo_server_init(TALLOC_CTX *mem_ctx, struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version sudo_cli_protocol_version[] = { - {0, NULL, NULL} + {0, NULL, NULL} }; return sudo_cli_protocol_version; @@ -510,101 +698,101 @@ struct cli_protocol_version *register_cli_protocol_version(void) struct sss_cmd_table *get_sudo_cmds(void) { static struct sss_cmd_table sss_cmds[] = { - {SSS_SUDO_AUTHENTICATE, NULL}, - {SSS_SUDO_INVALIDATE, NULL}, - {SSS_SUDO_VALIDATE, NULL}, - {SSS_SUDO_LIST, NULL}, - {SSS_CLI_NULL, NULL} + {SSS_SUDO_AUTHENTICATE, NULL}, + {SSS_SUDO_INVALIDATE, NULL}, + {SSS_SUDO_VALIDATE, NULL}, + {SSS_SUDO_LIST, NULL}, + {SSS_CLI_NULL, NULL} }; return sss_cmds; } int sudo_process_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct confdb_ctx *cdb) + struct tevent_context *ev, + struct confdb_ctx *cdb) { - struct sss_cmd_table *sudo_cmds; - struct be_conn *iter; - struct sudo_ctx *ctx; - int ret, max_retries; - int id_timeout; - - - ctx = talloc_zero(mem_ctx, struct sudo_ctx); - if (!ctx) { - DEBUG(0, ("fatal error initializing sudo_ctx\n")); - return ENOMEM; - } - sudo_cmds = get_sudo_cmds(); - ret = sss_process_init(ctx, - ev, - cdb, - sudo_cmds, - SSS_SUDO_SOCKET_NAME, - SSS_SUDO_PRIV_SOCKET_NAME, - CONFDB_SUDO_CONF_ENTRY, - SSS_SUDO_SBUS_SERVICE_NAME, - SSS_SUDO_SBUS_SERVICE_VERSION, - &sudo_monitor_interface, - "SUDO", &sudo_dp_interface, - &ctx->rctx); - if (ret != EOK) { - goto done; - } - - - ctx->rctx->pvt_ctx = ctx; - - - - ret = confdb_get_int(ctx->rctx->cdb, ctx->rctx, CONFDB_SUDO_CONF_ENTRY, - CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); - if (ret != EOK) { - DEBUG(0, ("Failed to set up automatic reconnection\n")); - goto done; - } - - for (iter = ctx->rctx->be_conns; iter; iter = iter->next) { - sbus_reconnect_init(iter->conn, max_retries, - sudo_dp_reconnect_init, iter); - } - - /* Set up the negative cache */ - ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY, - CONFDB_SUDO_ENTRY_NEG_TIMEOUT, 15, - &ctx->neg_timeout); - if (ret != EOK) goto done; - - /* Set up the PAM identity timeout */ - ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY, - CONFDB_SUDO_ID_TIMEOUT, 5, - &id_timeout); - if (ret != EOK) goto done; - - ctx->id_timeout = (size_t)id_timeout; - - ret = sss_ncache_init(ctx, &ctx->ncache); - if (ret != EOK) { - DEBUG(0, ("fatal error initializing negative cache\n")); - goto done; - } - - ret = sss_ncache_prepopulate(ctx->ncache, cdb, ctx->rctx->names, - ctx->rctx->domains); - if (ret != EOK) { - goto done; - } - - ret = sudo_server_init(mem_ctx, ctx); - DEBUG(0, ("sudo server returned %d.\n",ret)); - - return EOK; - done: - if (ret != EOK) { - talloc_free(ctx); - } - return ret; + struct sss_cmd_table *sudo_cmds; + struct be_conn *iter; + struct sudo_ctx *ctx; + int ret, max_retries; + int id_timeout; + + + ctx = talloc_zero(mem_ctx, struct sudo_ctx); + if (!ctx) { + DEBUG(0, ("fatal error initializing sudo_ctx\n")); + return ENOMEM; + } + sudo_cmds = get_sudo_cmds(); + ret = sss_process_init(ctx, + ev, + cdb, + sudo_cmds, + SSS_SUDO_SOCKET_NAME, + SSS_SUDO_PRIV_SOCKET_NAME, + CONFDB_SUDO_CONF_ENTRY, + SSS_SUDO_SBUS_SERVICE_NAME, + SSS_SUDO_SBUS_SERVICE_VERSION, + &sudo_monitor_interface, + "SUDO", &sudo_dp_interface, + &ctx->rctx); + if (ret != EOK) { + goto done; + } + + + ctx->rctx->pvt_ctx = ctx; + + + + ret = confdb_get_int(ctx->rctx->cdb, ctx->rctx, CONFDB_SUDO_CONF_ENTRY, + CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); + if (ret != EOK) { + DEBUG(0, ("Failed to set up automatic reconnection\n")); + goto done; + } + + for (iter = ctx->rctx->be_conns; iter; iter = iter->next) { + sbus_reconnect_init(iter->conn, max_retries, + sudo_dp_reconnect_init, iter); + } + + /* Set up the negative cache */ + ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY, + CONFDB_SUDO_ENTRY_NEG_TIMEOUT, 15, + &ctx->neg_timeout); + if (ret != EOK) goto done; + + /* Set up the PAM identity timeout */ + ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY, + CONFDB_SUDO_ID_TIMEOUT, 5, + &id_timeout); + if (ret != EOK) goto done; + + ctx->id_timeout = (size_t)id_timeout; + + ret = sss_ncache_init(ctx, &ctx->ncache); + if (ret != EOK) { + DEBUG(0, ("fatal error initializing negative cache\n")); + goto done; + } + + ret = sss_ncache_prepopulate(ctx->ncache, cdb, ctx->rctx->names, + ctx->rctx->domains); + if (ret != EOK) { + goto done; + } + + ret = sudo_server_init(mem_ctx, ctx); + DEBUG(0, ("sudo server returned %d.\n",ret)); + + return EOK; + done: + if (ret != EOK) { + talloc_free(ctx); + } + return ret; } int main(int argc, const char *argv[]) @@ -615,9 +803,9 @@ int main(int argc, const char *argv[]) int ret; struct poptOption long_options[] = { - POPT_AUTOHELP - SSSD_MAIN_OPTS - POPT_TABLEEND + POPT_AUTOHELP + SSSD_MAIN_OPTS + POPT_TABLEEND }; pc = poptGetContext(argv[0], argc, argv, long_options, 0); @@ -625,7 +813,7 @@ int main(int argc, const char *argv[]) switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", - poptBadOption(pc, 0), poptStrerror(opt)); + poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } @@ -633,7 +821,7 @@ int main(int argc, const char *argv[]) poptFreeContext(pc); - /* set up things like debug, signals, daemonization, etc... */ + /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_sudo"; ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx); @@ -646,8 +834,8 @@ int main(int argc, const char *argv[]) } ret = sudo_process_init(main_ctx, - main_ctx->event_ctx, - main_ctx->confdb_ctx); + main_ctx->event_ctx, + main_ctx->confdb_ctx); if (ret != EOK) return 3; /* loop on main */ diff --git a/src/responder/sudo/sudosrv.h b/src/responder/sudo/sudosrv.h index 91bc76ae..a24ead8c 100644 --- a/src/responder/sudo/sudosrv.h +++ b/src/responder/sudo/sudosrv.h @@ -85,6 +85,11 @@ struct sudo_ctx { time_t id_timeout; }; +struct sudo_cmd_ctx { + int negated; + char * fqcomnd; + char * arg; +}; struct sudo_client { struct sudo_ctx *sudoctx; struct sbus_connection *conn; diff --git a/src/sss_client/sudo_plugin/sss_sudo_cli.h b/src/sss_client/sudo_plugin/sss_sudo_cli.h index 94488b6f..65c1f582 100644 --- a/src/sss_client/sudo_plugin/sss_sudo_cli.h +++ b/src/sss_client/sudo_plugin/sss_sudo_cli.h @@ -121,6 +121,7 @@ struct sss_sudo_msg_contents char * const * user_env; /* command with arguments */ + char * fq_command; char ** command; int command_count; diff --git a/src/sss_client/sudo_plugin/sss_sudoplugin.c b/src/sss_client/sudo_plugin/sss_sudoplugin.c index 514f56c2..2b058e6a 100644 --- a/src/sss_client/sudo_plugin/sss_sudoplugin.c +++ b/src/sss_client/sudo_plugin/sss_sudoplugin.c @@ -848,8 +848,8 @@ int validate_message_content( void ) void free_connection(DBusConnection *conn, DBusError *err, hash_table_t *settings_table, - DBusMessageIter *msg, - DBusMessageIter *reply ){ + DBusMessage *msg, + DBusMessage *reply ){ if(msg != NULL) dbus_message_unref(msg); @@ -938,7 +938,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, SUDO_METHOD_QUERY); /* method name */ if (NULL == dbus_msg) { fprintf(stderr, "Message Null\n"); - free_connection(conn,&err,settings_table,NULL,NULL); + free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -948,7 +948,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, dbus_message_iter_init_append(dbus_msg, &msg_iter); if(dbus_error_is_set(&err)){ fprintf(stderr, "Failed to initialize the iterator.\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -958,14 +958,14 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, NULL, &sub_iter)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } if (!dbus_message_iter_append_basic(&sub_iter, DBUS_TYPE_UINT32, &msg.userid)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -973,7 +973,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, DBUS_TYPE_STRING, &msg.cwd)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -983,13 +983,20 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, DBUS_TYPE_STRING, &msg.tty)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.fq_command)) { + fprintf(stderr, "Out Of Memory! - at FQ command\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -997,7 +1004,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, DBUS_TYPE_UINT32, &msg.command_count)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -1006,7 +1013,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, "s", &sub_iter)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -1016,7 +1023,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, DBUS_TYPE_STRING, command_array)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -1024,20 +1031,20 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } //////// if(dbus_dhash_to_msg_iter(&settings_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ fprintf(stderr,"fatal: message framing failed."); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ fprintf(stderr,"fatal: message framing failed."); - free_connection(conn,&err,settings_table,dbus_msg,NULL); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } @@ -1050,12 +1057,12 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, fprintf(stdout,"Request Sent\n"); if (dbus_error_is_set(&err)) { fprintf(stderr, "Connection send-reply Error (%s)\n", err.message); - free_connection(conn,&err,NULL,dbus_msg,NULL); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_REPLY_ERR; } if (NULL == dbus_reply) { fprintf(stderr, "reply failed\n"); - free_connection(conn,&err,NULL,dbus_msg,NULL); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_REPLY_ERR; } @@ -1068,7 +1075,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, DBUS_TYPE_INVALID); if (!ret) { fprintf (stderr,"Failed to parse reply, killing connection\n"); - free_connection(conn,&err,NULL,dbus_msg,dbus_reply); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); return SSS_SUDO_REPLY_ERR; } @@ -1081,7 +1088,7 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, } if (!dbus_message_iter_init(dbus_reply, &msg_iter)) { fprintf(stderr, "Reply iterator failed!\n"); - free_connection(conn,&err,NULL,dbus_msg,dbus_reply); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); return SSS_SUDO_REPLY_ERR; } @@ -1092,13 +1099,13 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){ fprintf(stderr, "env message iterator corrupted!\n"); - free_connection(conn,&err,NULL,dbus_msg,dbus_reply); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); return SSS_SUDO_REPLY_ERR; } printf("---------Reply End----------\n"); /* free connection now */ - free_connection(conn,&err,NULL,dbus_msg,dbus_reply); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); if(strncmp(result_str,"PASS",4)==0) @@ -1270,6 +1277,7 @@ int policy_check(int argc, char * const argv[], /* pam is success :) */ pam_end(pamh, pam_ret); + msg.fq_command = command; msg.command = (char **) argv; msg.command_count = argc; |