diff options
author | Arun Scaria <arunscaria91@gmail.com> | 2011-08-16 20:47:17 +0530 |
---|---|---|
committer | Arun Scaria <arunscaria91@gmail.com> | 2011-08-16 20:47:17 +0530 |
commit | 1ceb369fc0ea5ae99cc68e649069ae49054288f1 (patch) | |
tree | d78b7509e2a803116757560bfb05949d80411b70 | |
parent | 7c9d4fb2e9df392f84893eb064c5c6c7af31e7ce (diff) | |
download | sssd_unused-1ceb369fc0ea5ae99cc68e649069ae49054288f1.tar.gz sssd_unused-1ceb369fc0ea5ae99cc68e649069ae49054288f1.tar.xz sssd_unused-1ceb369fc0ea5ae99cc68e649069ae49054288f1.zip |
Added host elimination and indentation improvised
-rw-r--r-- | src/conf_macros.m4~ | 352 | ||||
-rw-r--r-- | src/db/sysdb_search.c | 18 | ||||
-rw-r--r-- | src/list_sss/list_sss.c | 52 | ||||
-rw-r--r-- | src/list_sss/list_sss.h | 17 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.c | 141 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.c~ | 846 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.h | 50 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.h~ | 59 | ||||
-rw-r--r-- | src/sss_client/sudo_plugin/sss_sudo_cli.h | 84 | ||||
-rw-r--r-- | src/sss_client/sudo_plugin/sss_sudoplugin.c | 1526 |
10 files changed, 995 insertions, 2150 deletions
diff --git a/src/conf_macros.m4~ b/src/conf_macros.m4~ deleted file mode 100644 index b626c89f..00000000 --- a/src/conf_macros.m4~ +++ /dev/null @@ -1,352 +0,0 @@ -AC_DEFUN([WITH_DB_PATH], - [ AC_ARG_WITH([db-path], - [AC_HELP_STRING([--with-db-path=PATH], - [Path to the SSSD databases [/var/lib/sss/db]] - ) - ] - ) - config_dbpath="\"VARDIR\"/lib/sss/db" - dbpath="${localstatedir}/lib/sss/db" - if test x"$with_db_path" != x; then - config_dbpath=$with_db_path - dbpath=$with_db_path - fi - AC_SUBST(dbpath) - AC_DEFINE_UNQUOTED(DB_PATH, "$config_dbpath", [Path to the SSSD databases]) - ]) - -AC_DEFUN([WITH_PLUGIN_PATH], - [ AC_ARG_WITH([plugin-path], - [AC_HELP_STRING([--with-plugin-path=PATH], - [Path to the SSSD data provider plugins [/usr/lib/sssd]] - ) - ] - ) - pluginpath="${libdir}/sssd" - config_pluginpath="\"LIBDIR\"/sssd" - if test x"$with_plugin_path" != x; then - pluginpath=$with_plugin_path - config_pluginpath=$with_plugin_path - fi - AC_SUBST(pluginpath) - AC_DEFINE_UNQUOTED(DATA_PROVIDER_PLUGINS_PATH, "$config_pluginpath", [Path to the SSSD sudo plugins]) - ]) - -AC_DEFUN([WITH_SUDO_PLUGIN_PATH], - [ AC_ARG_WITH([sudo-plugin-path], - [AC_HELP_STRING([--with-sudo-plugin-path=PATH], - [Path to the SSSD sudo plugins [/usr/lib/sudo]] - ) - ] - ) - sudo_pluginpath="${libdir}/sudo" - sudo_config_pluginpath="\"LIBDIR\"/sudo" - if test x"$with_sudo_plugin_path" != x; then - sudo_pluginpath=$with_sudo_plugin_path - sudo_config_pluginpath=$with_sudo_plugin_path - fi - AC_SUBST(sudo_pluginpath) - AC_DEFINE_UNQUOTED(SUDO_PLUGINS_PATH, "$sudo_config_pluginpath", [Path to the SSSD data provider plugins]) - ]) - - - -AC_DEFUN([WITH_PID_PATH], - [ AC_ARG_WITH([pid-path], - [AC_HELP_STRING([--with-pid-path=PATH], - [Where to store pid files for the SSSD [/var/run]] - ) - ] - ) - config_pidpath="\"VARDIR\"/run" - pidpath="${localstatedir}/run" - if test x"$with_pid_path" != x; then - config_pidpath=$with_pid_path - pidpath=$with_pid_path - fi - AC_SUBST(pidpath) - AC_DEFINE_UNQUOTED(PID_PATH, "$config_pidpath", [Where to store pid files for the SSSD]) - ]) - -AC_DEFUN([WITH_LOG_PATH], - [ AC_ARG_WITH([log-path], - [AC_HELP_STRING([--with-log-path=PATH], - [Where to store log files for the SSSD [/var/log/sssd]] - ) - ] - ) - config_logpath="\"VARDIR\"/log/sssd" - logpath="${localstatedir}/log/sssd" - if test x"$with_log_path" != x; then - config_logpath=$with_log_path - logpath=$with_log_path - fi - AC_SUBST(logpath) - AC_DEFINE_UNQUOTED(LOG_PATH, "$config_logpath", [Where to store log files for the SSSD]) - ]) - -AC_DEFUN([WITH_PUBCONF_PATH], - [ AC_ARG_WITH([pubconf-path], - [AC_HELP_STRING([--with-pubconf-path=PATH], - [Where to store pubconf files for the SSSD [/var/lib/sss/pubconf]] - ) - ] - ) - config_pubconfpath="\"VARDIR\"/lib/sss/pubconf" - pubconfpath="${localstatedir}/lib/sss/pubconf" - if test x"$with_pubconf_path" != x; then - config_pubconfpath=$with_pubconf_path - pubconfpath=$with_pubconf_path - fi - AC_SUBST(pubconfpath) - AC_DEFINE_UNQUOTED(PUBCONF_PATH, "$config_pubconfpath", [Where to store pubconf files for the SSSD]) - ]) - -AC_DEFUN([WITH_PIPE_PATH], - [ AC_ARG_WITH([pipe-path], - [AC_HELP_STRING([--with-pipe-path=PATH], - [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]] - ) - ] - ) - config_pipepath="\"VARDIR\"/lib/sss/pipes" - pipepath="${localstatedir}/lib/sss/pipes" - if test x"$with_pipe_path" != x; then - config_pipepath=$with_pipe_path - pipepath=$with_pipe_path - fi - AC_SUBST(pipepath) - AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects]) - ]) - -AC_DEFUN([WITH_INITSCRIPT], - [ AC_ARG_WITH([initscript], - [AC_HELP_STRING([--with-initscript=INITSCRIPT_TYPE], - [Type of your init script (sysv|systemd). [sysv]] - ) - ] - ) - default_initscript=sysv - if test x"$with_initscript" = x; then - with_initscript=$default_initscript - fi - - if test x"$with_initscript" = xsysv || \ - test x"$with_initscript" = xsystemd; then - initscript=$with_initscript - else - AC_MSG_ERROR([Illegal value -$with_initscript- for option --with-initscript]) - fi - - AM_CONDITIONAL([HAVE_SYSV], [test x"$initscript" = xsysv]) - AM_CONDITIONAL([HAVE_SYSTEMD_UNIT], [test x"$initscript" = xsystemd]) - AC_MSG_NOTICE([Will use init script type: $initscript]) - ]) - -AC_DEFUN([WITH_INIT_DIR], - [ AC_ARG_WITH([init-dir], - [AC_HELP_STRING([--with-init-dir=DIR], - [Where to store init script for sssd [/etc/rc.d/init.d]] - ) - ] - ) - initdir="${sysconfdir}/rc.d/init.d" - if test x$osname == xgentoo; then - initdir="${sysconfdir}/init.d" - fi - if test x"$with_init_dir" != x; then - initdir=$with_init_dir - fi - AC_SUBST(initdir) - ]) - -dnl A macro to configure the directory to install the systemd unit files to -AC_DEFUN([WITH_SYSTEMD_UNIT_DIR], - [ AC_ARG_WITH([systemdunitdir], - [ AC_HELP_STRING([--with-systemdunitdir=DIR], - [Directory for systemd service files [Auto]] - ), - ], - ) - if test x"$with_systemdunitdir" != x; then - systemdunitdir=$with_systemdunitdir - else - systemdunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) - if test x"$systemdunitdir" = x; then - AC_MSG_ERROR([Could not detect systemd unit directory]) - fi - fi - AC_SUBST(systemdunitdir) - ]) - -AC_DEFUN([WITH_MANPAGES], - [ AC_ARG_WITH([manpages], - [AC_HELP_STRING([--with-manpages], - [Whether to regenerate man pages from DocBook sources [yes]] - ) - ], - [], - with_manpages=yes - ) - if test x"$with_manpages" = xyes; then - HAVE_MANPAGES=1 - AC_SUBST(HAVE_MANPAGES) - fi - ]) -AM_CONDITIONAL([BUILD_MANPAGES], [test x$with_manpages = xyes]) - -AC_DEFUN([WITH_XML_CATALOG], - [ AC_ARG_WITH([xml-catalog-path], - [AC_HELP_STRING([--with-xml-catalog-path=PATH], - [Where to look for XML catalog [/etc/xml/catalog]] - ) - ] - ) - SGML_CATALOG_FILES="/etc/xml/catalog" - if test x"$with_xml_catalog_path" != x; then - SGML_CATALOG_FILES="$with_xml_catalog_path" - fi - AC_SUBST([SGML_CATALOG_FILES]) - ]) - -AC_DEFUN([WITH_KRB5_PLUGIN_PATH], - [ AC_ARG_WITH([krb5-plugin-path], - [AC_HELP_STRING([--with-krb5-plugin-path=PATH], - [Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5]] - ) - ] - ) - krb5pluginpath="${libdir}/krb5/plugins/libkrb5" - if test x"$with_krb5_plugin_path" != x; then - krb5pluginpath=$with_krb5_plugin_path - fi - AC_SUBST(krb5pluginpath) - ]) - -AC_DEFUN([WITH_PYTHON_BINDINGS], - [ AC_ARG_WITH([python-bindings], - [AC_HELP_STRING([--with-python-bindings], - [Whether to build python bindings [yes]] - ) - ], - [], - with_python_bindings=yes - ) - if test x"$with_python_bindings" = xyes; then - HAVE_PYTHON_BINDINGS=1 - AC_SUBST(HAVE_PYTHON_BINDINGS) - fi - AM_CONDITIONAL([BUILD_PYTHON_BINDINGS], [test x"$with_python_bindings" = xyes]) - ]) - -AC_DEFUN([WITH_SELINUX], - [ AC_ARG_WITH([selinux], - [AC_HELP_STRING([--with-selinux], - [Whether to build with SELinux support [yes]] - ) - ], - [], - with_selinux=yes - ) - if test x"$with_selinux" = xyes; then - HAVE_SELINUX=1 - AC_SUBST(HAVE_SELINUX) - AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1, [Build with SELinux support]) - fi - AM_CONDITIONAL([BUILD_SELINUX], [test x"$with_selinux" = xyes]) - ]) - -AC_DEFUN([WITH_TEST_DIR], - [ AC_ARG_WITH([test-dir], - [AC_HELP_STRING([--with-test-dir=PATH], - [Directory used for make check temporary files [$builddir]] - ) - ] - ) - TEST_DIR=$with_test_dir - AC_SUBST(TEST_DIR) - AC_DEFINE_UNQUOTED(TEST_DIR, "$with_test_dir", [Directory used for 'make check' temporary files]) - ]) - -AC_DEFUN([WITH_NSCD], - [ AC_ARG_WITH([nscd], - [AC_HELP_STRING([--with-nscd], - [Whether to attempt to flush nscd cache after local domain operations [yes]] - ) - ], - [], - with_nscd=yes - ) - if test x"$with_nscd" = xyes; then - AC_DEFINE_UNQUOTED(HAVE_NSCD, 1, [flush nscd cache after local domain operations]) - fi - ]) - -AC_DEFUN([WITH_SEMANAGE], - [ AC_ARG_WITH([semanage], - [AC_HELP_STRING([--with-semanage], - [Whether to build with SELinux user management support [yes]] - ) - ], - [], - with_semanage=yes - ) - if test x"$with_semanage" = xyes; then - HAVE_SEMANAGE=1 - AC_SUBST(HAVE_SEMANAGE) - AC_DEFINE_UNQUOTED(HAVE_SEMANAGE, 1, [Build with SELinux support]) - fi - AM_CONDITIONAL([BUILD_SEMANAGE], [test x"$with_semanage" = xyes]) - ]) - -AC_DEFUN([WITH_LIBNL], - [ AC_ARG_WITH([libnl], - [AC_HELP_STRING([--with-libnl], - [Whether to build with libnetlink support [AUTO]] - ) - ], - [], - with_libnl=yes - ) - if test x"$with_libnl" = xyes; then - BUILD_LIBNL=1 - AC_SUBST(BUILD_LIBNL) - fi - ]) - -AC_DEFUN([WITH_CRYPTO], - [ AC_ARG_WITH([crypto], - [AC_HELP_STRING([--with-crypto=CRYPTO_LIB], - [The cryptographic library to use (nss|libcrypto). The default is nss.] - ) - ], - [], - with_crypto=nss - ) - - cryptolib="" - if test x"$with_crypto" != x; then - if test x"$with_crypto" = xnss || \ - test x"$with_crypto" = xlibcrypto; then - cryptolib="$with_crypto"; - else - AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto]) - fi - fi - AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss]) - AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto]) - ]) - -AC_DEFUN([WITH_NOLOGIN_SHELL], - [ AC_ARG_WITH([nologin-shell], - [AC_HELP_STRING([--with-nologin-shell=PATH], - [The shell used to deny access to users [/sbin/nologin]] - ) - ] - ) - nologin_shell="/sbin/nologin" - if test x"$with_nologin_shell" != x; then - nologin_shell=$with_nologin_shell - fi - AC_DEFINE_UNQUOTED(NOLOGIN_SHELL, "$nologin_shell", [The shell used to deny access to users]) - ]) diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index e9a126e0..0be7a538 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -825,7 +825,7 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, } tmp_entry[c] = talloc_zero(tmp_entry, - struct sysdb_netgroup_ctx); + struct sysdb_netgroup_ctx); if (!tmp_entry[c]) { ret = ENOMEM; goto done; @@ -833,10 +833,10 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, tmp_entry[c]->type = SYSDB_NETGROUP_TRIPLE_VAL; ret = sysdb_netgr_split_triple(tmp_entry[c], - triple_str, - &tmp_entry[c]->value.triple.hostname, - &tmp_entry[c]->value.triple.username, - &tmp_entry[c]->value.triple.domainname); + triple_str, + &tmp_entry[c]->value.triple.hostname, + &tmp_entry[c]->value.triple.username, + &tmp_entry[c]->value.triple.domainname); if (ret != EOK) { goto done; } @@ -848,7 +848,7 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, if (el != NULL) { for(j = 0; j < el->num_values; j++) { tmp_entry[c] = talloc_zero(tmp_entry, - struct sysdb_netgroup_ctx); + struct sysdb_netgroup_ctx); if (!tmp_entry[c]) { ret = ENOMEM; goto done; @@ -856,8 +856,8 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, tmp_entry[c]->type = SYSDB_NETGROUP_GROUP_VAL; tmp_entry[c]->value.groupname = talloc_strndup(tmp_entry[c], - (const char *)el->values[j].data, - el->values[j].length); + (const char *)el->values[j].data, + el->values[j].length); if (tmp_entry[c]->value.groupname == NULL) { ret = ENOMEM; goto done; @@ -875,7 +875,7 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, *entries = talloc_steal(mem_ctx, tmp_entry); ret = EOK; -done: + done: talloc_free(tmp_ctx); return ret; } diff --git a/src/list_sss/list_sss.c b/src/list_sss/list_sss.c index dff2d5ff..9519f798 100644 --- a/src/list_sss/list_sss.c +++ b/src/list_sss/list_sss.c @@ -9,10 +9,10 @@ /* -** initList() -** initialize a list -** -*/ + ** initList() + ** initialize a list + ** + */ void initList(list_sss **list) { (*list)=NULL; @@ -20,10 +20,10 @@ void initList(list_sss **list) /* -** allocateNode() -** allocate a new node. -** -*/ + ** allocateNode() + ** allocate a new node. + ** + */ list_sss *allocateNode(TALLOC_CTX *ctx,void *data) { @@ -43,9 +43,9 @@ list_sss *allocateNode(TALLOC_CTX *ctx,void *data) } /* -** appendNode() -** appends a node to the end of a list -*/ + ** appendNode() + ** appends a node to the end of a list + */ void appendNode(TALLOC_CTX * ctx,list_sss **head,void * data) { @@ -64,10 +64,10 @@ void appendNode(TALLOC_CTX * ctx,list_sss **head,void * data) /* -** is_empty_list() -** check if a list variable is NULL -** -*/ + ** is_empty_list() + ** check if a list variable is NULL + ** + */ Bool is_empty_list(list_sss *list) { @@ -75,10 +75,10 @@ Bool is_empty_list(list_sss *list) } /* -** delNode() -** remove a node from a list -** -*/ + ** delNode() + ** remove a node from a list + ** + */ int delNode(list_sss **head,list_sss *node) { if (is_empty_list(*head) == TRUE) @@ -102,9 +102,9 @@ int delNode(list_sss **head,list_sss *node) /* -** getNthNode() -** get nth node in a list -*/ + ** getNthNode() + ** get nth node in a list + */ list_sss *getNthNode(list_sss *list,int n) { @@ -125,10 +125,10 @@ list_sss *getNthNode(list_sss *list,int n) /* -** numNodes() -** returns number of nodes in the list -** -*/ + ** numNodes() + ** returns number of nodes in the list + ** + */ size_t numNodes(list_sss **head) { diff --git a/src/list_sss/list_sss.h b/src/list_sss/list_sss.h index 40b76271..a8f0f92e 100644 --- a/src/list_sss/list_sss.h +++ b/src/list_sss/list_sss.h @@ -32,26 +32,23 @@ #endif typedef int Bool; -typedef void (*Vfunc)(void **); -typedef int (*Ifunc)(void *,void *); + /* -** the linked list structure -*/ + ** the linked list structure + */ typedef struct _list_sss { - void - *data; /* void pointer for user data */ + void *data; - struct _list_sss - *next; /* pointer to next node */ + struct _list_sss *next; } list_sss; /* -** function prototypes -*/ + ** function prototypes + */ void initList (list_sss **list); list_sss *allocateNode (TALLOC_CTX *ctx,void *data); void appendNode (TALLOC_CTX *ctx,list_sss **list,void * data); diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 5f11ea33..8e7aaf6a 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -30,6 +30,8 @@ #include <sys/time.h> #include <errno.h> #include <fnmatch.h> +#include <netdb.h> + #include <popt.h> #include "dhash.h" @@ -63,10 +65,36 @@ static int sudo_client_destructor(void *ctx) return 0; } -int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *res){ +char * get_host_name(TALLOC_CTX* ctx){ + return "arun.scaria.com"; + struct addrinfo hints, *info, *p; + int gai_result; + + char hostname[1024]; + hostname[1024]='\0'; + gethostname(hostname, 1023); + + memset(&hints, 0, sizeof hints); + hints.ai_family = AF_UNSPEC; /*either IPV4 or IPV6*/ + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_CANONNAME; + + if ((gai_result = getaddrinfo(hostname, "http", &hints, &info)) != 0) { + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(gai_result)); + exit(1); + } + + + return talloc_asprintf(ctx,"%s", p->ai_canonname); + +} + +errno_t prepare_filter(char ** filter_in,uid_t user_id,char * host, struct ldb_result *res){ int i,ret=EOK; - filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id); + char *filter; + + filter = talloc_asprintf_append(*filter_in,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id); if (!filter) { DEBUG(0, ("Failed to build filter - %s\n",filter)); ret = ENOMEM; @@ -107,6 +135,7 @@ int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *r goto done; } done: + *filter_in = filter; if(ret!=ENOMEM) return EOK; else return ret; @@ -123,12 +152,12 @@ int compare_sudo_order(const struct ldb_message **msg1, const struct ldb_message } -int search_sudo_rules(struct sudo_client *sudocli, - struct sysdb_ctx *sysdb, - struct sss_domain_info * domain, - char * user_name, - uid_t user_id, - struct sss_sudo_msg_contents *sudo_msg) { +errno_t search_sudo_rules(struct sudo_client *sudocli, + struct sysdb_ctx *sysdb, + struct sss_domain_info * domain, + const char * user_name, + uid_t user_id, + struct sss_sudo_msg_contents *sudo_msg) { TALLOC_CTX *tmpctx; const char *attrs[] = { SYSDB_SUDO_CONTAINER_ATTR, SYSDB_SUDO_USER_ATTR, @@ -147,19 +176,24 @@ int search_sudo_rules(struct sudo_client *sudocli, struct ldb_result *res; int ret; size_t count; - int i,j,flag=0; - double order; + int i,flag=0; TALLOC_CTX *listctx; list_sss *list, *current, *tmp; struct sudo_cmd_ctx * sudo_cmnd; - char * host = "arun.scaria.com"; - + char * host,*tmphost,*domain_name ; fprintf(stdout,"in Sudo rule\n"); tmpctx = talloc_new(sudocli); if (!tmpctx) { return ENOMEM; } + host = get_host_name(tmpctx); + if (!host) { + DEBUG(0, ("Failed to build hostname - %s\n",filter)); + ret = ENOMEM; + goto done; + } + DEBUG(0, ("Host - %s\n",host)); ret = sysdb_get_groups_by_user(tmpctx, sysdb, @@ -178,14 +212,14 @@ int search_sudo_rules(struct sudo_client *sudocli, ret = ENOMEM; goto done; } - ret = prepare_filter(filter,user_id,host, res); + ret = prepare_filter(&filter,user_id,host, res); if (ret==ENOMEM) { DEBUG(0, ("Failed to build filter - %s\n",filter)); goto done; } - DEBUG(0,(stdout,"Filter - %s\n",filter)); + DEBUG(0,("Filter - %s\n",filter)); ret = sysdb_search_sudo_rules(tmpctx, sysdb, domain, @@ -245,12 +279,18 @@ int search_sudo_rules(struct sudo_client *sudocli, } flag = 0; /* see if this is a user */ - for (j = 0; j < el->num_values; j++) { - DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[j].data))); + for (i = 0; i < el->num_values; i++) { + DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[i].data))); /* Do command elimination here */ tmpcmd = talloc_asprintf(listctx, "%s", - (const char *) (el->values[j].data)); + (const char *) (el->values[i].data)); + + if(fstrcmp(tmpcmd,"ALL") == 0){ + current=current->next; + flag=1; + break; + } space = strchr(tmpcmd,' '); if(space != NULL) { *space = '\0'; @@ -282,7 +322,72 @@ int search_sudo_rules(struct sudo_client *sudocli, current = tmp; } + /// + ret = unsetenv("_SSS_LOOPS"); + if (ret != EOK) { + DEBUG(0, ("Failed to unset _SSS_LOOPS, " + "sudo rule elimination might not work as expected.\n")); + } + + current = list; + domain_name = sysdb->domain->name; + while(current!=NULL) { + + + + DEBUG(0, ("\n\n\n\n--sudoOrder: %f\n", + ldb_msg_find_attr_as_double((struct ldb_message *)current->data, + SYSDB_SUDO_ORDER_ATTR, + 0.0))); + DEBUG(0, ("--dn: %s----\n", + ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); + el = ldb_msg_find_element((struct ldb_message *)current->data, + SYSDB_SUDO_HOST_ATTR); + + if (!el) { + DEBUG(0, ("Failed to get sudo hosts for sudorule [%s]\n", + ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); + current = current->next; + continue; + } + flag = 0; + + for (i = 0; i < el->num_values; i++) { + + DEBUG(0, ("sudoHost: %s\n" ,(const char *) (el->values[i].data))); + tmphost = ( char *) (el->values[i].data); + if(strcmp(tmphost,"ALL")==0){ + current=current->next; + flag=1; + break; + } + else if(tmphost[0] == '+'){ + ++tmphost; + if(innetgr(tmphost,host,NULL,domain_name) == 1){ + current=current->next; + flag=1; + break; + + } + } + else { + if(strcmp(tmphost,host)==0){ + current=current->next; + flag=1; + break; + } + } + + } + if(flag==1) { + continue; + } + tmp = current->next; + delNode(&list,current); + current = tmp; + } + setenv("_SSS_LOOPS", "NO", 0); talloc_free(listctx); @@ -480,7 +585,7 @@ static int sudo_query_validation(DBusMessage *message, struct sbus_connection *c } user_name = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_NAME, NULL); - user_id = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_UIDNUM, NULL); + user_id = ldb_msg_find_attr_as_uint64(ldb_msg, SYSDB_UIDNUM, 0); ret = search_sudo_rules(sudocli, sysdblist[i],sysdblist[i]->domain, "tom",user_id,msg); if(ret != EOK){ DEBUG(0, ("Error in rule")); diff --git a/src/responder/sudo/sudosrv.c~ b/src/responder/sudo/sudosrv.c~ deleted file mode 100644 index 762cea9b..00000000 --- a/src/responder/sudo/sudosrv.c~ +++ /dev/null @@ -1,846 +0,0 @@ -/* - SSSD - - SUDO Responder - - Copyright (C) Arun Scaria <arunscaria91@gmail.com> (2011) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include <stdio.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> -#include <string.h> -#include <sys/time.h> -#include <errno.h> -#include <fnmatch.h> - -#include <popt.h> -#include "dhash.h" -#include "util/util.h" -#include "db/sysdb.h" -#include "db/sysdb_private.h" -#include "sbus/sbus_client.h" -#include "sbus/sssd_dbus_messages_helpers.h" -#include "responder/common/responder.h" -#include "responder/common/negcache.h" -#include "responder/common/responder_packet.h" - -#include "responder/sudo/sudosrv.h" -#include "sss_client/sudo_plugin/sss_sudo_cli.h" -#include "sbus/sbus_client.h" -#include "responder/common/responder_packet.h" -#include "providers/data_provider.h" -#include "monitor/monitor_interfaces.h" -#include "list_sss/list_sss.h" - - - - -static int sudo_client_destructor(void *ctx) -{ - struct sudo_client *sudocli = talloc_get_type(ctx, struct sudo_client); - if (sudocli) { - talloc_zfree(sudocli); - DEBUG(4, ("Removed Sudo client\n")); - } - return 0; -} - -int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *res){ - - int i,ret=EOK; - filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=+*)"); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - - - for(i=0;i< res->count;i++){ - filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=%s)",ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL)); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - } - filter = talloc_asprintf_append(filter,")("SYSDB_SUDO_HOST_ATTR"=+*)"); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=ALL)"); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=%s)",host); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - done: - if(ret!=ENOMEM) return EOK; - else return ret; - -} - - -int compare_sudo_order(const struct ldb_message **msg1, const struct ldb_message **msg2) -{ - double order_msg1 = ldb_msg_find_attr_as_double(*msg1, SYSDB_SUDO_ORDER_ATTR, 0.0); - double order_msg2 = ldb_msg_find_attr_as_double(*msg2, SYSDB_SUDO_ORDER_ATTR, 0.0); - if(order_msg1>order_msg2) return 1; - else if (order_msg1==order_msg1) return 0; - else return -1; -} - - -int search_sudo_rules(struct sudo_client *sudocli, - struct sysdb_ctx *sysdb, - struct sss_domain_info * domain, - char * user_name, - uid_t user_id, - struct sss_sudo_msg_contents *sudo_msg) { - TALLOC_CTX *tmpctx; - const char *attrs[] = { SYSDB_SUDO_CONTAINER_ATTR, - SYSDB_SUDO_USER_ATTR, - SYSDB_SUDO_HOST_ATTR, - SYSDB_SUDO_OPTION_ATTR, - SYSDB_SUDO_COMMAND_ATTR, - SYSDB_SUDO_RUNAS_USER_ATTR, - SYSDB_SUDO_RUNAS_GROUP_ATTR, - SYSDB_SUDO_NOT_BEFORE_ATTR, - SYSDB_SUDO_NOT_AFTER_ATTR, - SYSDB_SUDO_ORDER_ATTR, - NULL }; - char *filter = NULL, *tmpcmd,*space; - struct ldb_message **sudo_rules_msgs; - struct ldb_message_element *el; - struct ldb_result *res; - int ret; - size_t count; - int i,j,flag=0; - double order; - TALLOC_CTX *listctx; - list_sss *list, *current, *tmp; - struct sudo_cmd_ctx * sudo_cmnd; - char * host = "arun.scaria.com"; - - - fprintf(stdout,"in Sudo rule\n"); - tmpctx = talloc_new(sudocli); - if (!tmpctx) { - return ENOMEM; - } - - ret = sysdb_get_groups_by_user(tmpctx, - sysdb, - domain, - user_name, - &res); - if (ret) { - if (ret == ENOENT) { - ret = EOK; - } - goto done; - } - filter = talloc_asprintf(tmpctx,"|(|("SYSDB_SUDO_USER_ATTR"=%s)",user_name); - if (!filter) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - ret = ENOMEM; - goto done; - } - ret = prepare_filter(filter,user_id,host, res); - if (ret==ENOMEM) { - DEBUG(0, ("Failed to build filter - %s\n",filter)); - goto done; - } - - - DEBUG(0,(stdout,"Filter - %s\n",filter)); - ret = sysdb_search_sudo_rules(tmpctx, - sysdb, - domain, - filter, - attrs, - &count, - &sudo_rules_msgs); - - if (ret) { - if (ret == ENOENT) { - ret = EOK; - } - goto done; - } - - DEBUG(0, ("Found %d sudo rule entries!\n\n", count)); - - if (count == 0) { - ret = EOK; - goto done; - } - - qsort(sudo_rules_msgs,count,sizeof(struct ldb_message *), (__compar_fn_t)compare_sudo_order); - - listctx = talloc_new(NULL); - if (!listctx) { - return ENOMEM; - } - initList(&list); - - for(i=0; i< count ; i++) { - appendNode(listctx, &list, sudo_rules_msgs[i]); - } - current = list; - sudo_cmnd = talloc(listctx,struct sudo_cmd_ctx); - - while(current!=NULL) { - - - - DEBUG(0, ("--sudoOrder: %f\n", - ldb_msg_find_attr_as_double((struct ldb_message *)current->data, - SYSDB_SUDO_ORDER_ATTR, - 0.0))); - DEBUG(0, ("--dn: %s----\n", - ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); - - el = ldb_msg_find_element((struct ldb_message *)current->data, - SYSDB_SUDO_COMMAND_ATTR); - if (!el) { - DEBUG(0, ("Failed to get sudo commands for sudorule [%s]\n", - ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); - tmp = current->next; - delNode(&list,current); - current = tmp; - continue; - } - flag = 0; - /* see if this is a user */ - for (j = 0; j < el->num_values; j++) { - DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[j].data))); - /* Do command elimination here */ - tmpcmd = talloc_asprintf(listctx, - "%s", - (const char *) (el->values[j].data)); - space = strchr(tmpcmd,' '); - if(space != NULL) { - *space = '\0'; - sudo_cmnd->arg= (space +1); - } - else - sudo_cmnd->arg= NULL; - - if(tmpcmd[0]=='!') { - sudo_cmnd->fqcomnd=tmpcmd+1; - } - else { - sudo_cmnd->fqcomnd=tmpcmd; - } - - if(fnmatch(sudo_cmnd->fqcomnd,sudo_msg->fq_command,FNM_PATHNAME) == 0){ - current=current->next; - flag=1; - break; - } - } - - if(flag==1) { - continue; - } - - tmp = current->next; - delNode(&list,current); - current = tmp; - - } - /// - current = list; - while(current!=NULL) { - - - - DEBUG(0, ("\n\n\n\n--sudoOrder: %f\n", - ldb_msg_find_attr_as_double((struct ldb_message *)current->data, - SYSDB_SUDO_ORDER_ATTR, - 0.0))); - DEBUG(0, ("--dn: %s----\n", - ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); - - el = ldb_msg_find_element((struct ldb_message *)current->data, - SYSDB_SUDO_COMMAND_ATTR); - if (!el) { - DEBUG(0, ("Failed to get sudo commands for sudorule [%s]\n", - ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn))); - - - } - current = current->next; - } - - /*el = ldb_msg_find_element((struct ldb_message *)current->data, SYSDB_SUDO_USER_ATTR); - if (!el) { - DEBUG(0, ("Failed to get sudo Users for sudorule [%s]\n", - ldb_dn_get_linearized(msgs[i]->dn))); - continue; - }*/ - - talloc_free(listctx); - - done: - talloc_zfree(tmpctx); - return ret; -} - - -static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn) -{ - - dbus_uint32_t header = SSS_SUDO_RESPONDER_HEADER,command_size; - struct sudo_client *sudocli; - DBusMessage *reply; - DBusError dbus_error; - DBusMessageIter msg_iter; - DBusMessageIter subItem; - char **ui; - char **command_array; - int ret = -1; - dbus_bool_t dbret; - void *data; - int count = 0, i = 0; - hash_table_t *settings_table; - hash_table_t *env_table; - char * result; - struct sss_sudo_msg_contents * msg; - struct sysdb_ctx **sysdblist; - TALLOC_CTX * tmpctx; - struct ldb_message *ldb_msg; - size_t no_ldbs = 0; - const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL}; - const char * user_name; - uid_t user_id; - - result = strdup("PASS"); - - data = sbus_conn_get_private_data(conn); - sudocli = talloc_get_type(data, struct sudo_client); - if (!sudocli) { - DEBUG(0, ("Connection holds no valid init data\n")); - return SSS_SUDO_RESPONDER_CONNECTION_ERR; - } - - msg = talloc((TALLOC_CTX *)sudocli,struct sss_sudo_msg_contents); - - /* First thing, cancel the timeout */ - DEBUG(4, ("Cancel SUDO client timeout [%p]\n", sudocli->timeout)); - talloc_zfree(sudocli->timeout); - - dbus_error_init(&dbus_error); - - if (!dbus_message_iter_init(message, &msg_iter)) { - fprintf(stderr, "Message received as empty!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - - if(DBUS_TYPE_STRUCT != dbus_message_iter_get_arg_type(&msg_iter)) { - fprintf(stderr, "Argument is not struct!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else{ - dbus_message_iter_recurse(&msg_iter,&subItem); - } - - if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"UID failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->userid); - dbus_message_iter_next (&subItem); - } - - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"CWD failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->cwd); - dbus_message_iter_next (&subItem); - } - - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"TTY failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->tty); - dbus_message_iter_next (&subItem); - } - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - fprintf(stderr,"FQ Command failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&subItem, &msg->fq_command); - } - - fprintf(stdout,"-----------Message---------\n" - "uid : %d\ncwd : %s\ntty : %s\nFQ Command: %s\n",msg->userid,msg->cwd,msg->tty,msg->fq_command); - - dbus_message_iter_next (&msg_iter); - - if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&msg_iter)) { - fprintf(stderr,"array size failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else { - dbus_message_iter_get_basic(&msg_iter, &msg->command_count); - fprintf(stdout,"Command array size: %d\n",msg->command_count); - } - dbus_message_iter_next (&msg_iter); - - command_array = (char**)malloc(msg->command_count*sizeof(char *)); - fprintf(stdout,"command : "); - - if( DBUS_TYPE_ARRAY != dbus_message_iter_get_arg_type(&msg_iter)) { - fprintf(stderr, "Command array failed!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - else{ - dbus_message_iter_recurse(&msg_iter,&subItem); - } - - for(ui = command_array,count = msg->command_count; count--; ui++) - { - if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) { - printf("string array content failed"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - - } - else { - dbus_message_iter_get_basic(&subItem, ui); - fprintf(stdout,"%s ",*ui); - if(!dbus_message_iter_next (&subItem)) { - /*"Array ended. */ - break; - } - } - } - fprintf(stdout,"\n"); - - msg->command = command_array; - dbus_message_iter_next(&msg_iter); - - if( dbus_msg_iter_to_dhash(&msg_iter, &settings_table)!= SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr, "settings table corrupted!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - - dbus_message_iter_next(&msg_iter); - - if( dbus_msg_iter_to_dhash(&msg_iter, &env_table)!= SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr, "environment table corrupted!\n"); - return SSS_SUDO_RESPONDER_MESSAGE_ERR; - } - - DEBUG(0, ("-----------Message END---------\n")); - ////////////////// - - tmpctx = talloc_new(NULL); - if (!tmpctx) { - return ENOMEM; - } - i=0; - sysdblist = sudocli->sudoctx->rctx->db_list->dbs; - no_ldbs = sudocli->sudoctx->rctx->db_list->num_dbs; - i=0; - while(i < no_ldbs) { - - ret = sysdb_search_user_by_uid(tmpctx, - sysdblist[i], - sysdblist[i]->domain, - msg->userid, - attrs, - &ldb_msg); - if (ret != EOK) { - i++; - DEBUG(0, ("No User matched\n")); - if (ret == ENOENT) { - - continue; - } - DEBUG(0, ("sysdb_search_user_by_uid Returned something other that ENOENT\n")); - continue; - } - break; - - } - if(ldb_msg == NULL) { - DEBUG(0, ("NoUserEntryFound Error. Exit with error message.\n")); - goto free_ctx; - } - - user_name = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_NAME, NULL); - user_id = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_UIDNUM, NULL); - ret = search_sudo_rules(sudocli, sysdblist[i],sysdblist[i]->domain, "tom",user_id,msg); - if(ret != EOK){ - DEBUG(0, ("Error in rule")); - } - - free_ctx: - talloc_zfree(tmpctx); - ///////////////////// - - - talloc_set_destructor((TALLOC_CTX *)sudocli, sudo_client_destructor); - - DEBUG(4, ("Got string [%s]\n", msg->cwd)); - - /* reply that all is ok */ - reply = dbus_message_new_method_return(message); - if (!reply) { - DEBUG(0, ("Dbus Out of memory!\n")); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - command_size = msg->command_count; - dbret = dbus_message_append_args(reply, - DBUS_TYPE_UINT32, &header, - DBUS_TYPE_STRING,&result, - DBUS_TYPE_INVALID); - if (!dbret) { - DEBUG(0, ("Failed to build sudo dbus reply\n")); - dbus_message_unref(reply); - sbus_disconnect(conn); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - dbus_message_iter_init_append(reply, &msg_iter); - - if(!dbus_message_iter_open_container(&msg_iter, - DBUS_TYPE_ARRAY, - "s", - &subItem)) { - fprintf(stderr, "Out Of Memory!\n"); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - for(command_array = msg->command ; command_size-- ; command_array++) { - - if (!dbus_message_iter_append_basic(&subItem, - DBUS_TYPE_STRING, - command_array)) { - fprintf(stderr, "Out Of Memory!\n"); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - } - - if (!dbus_message_iter_close_container(&msg_iter,&subItem)) { - fprintf(stderr, "Out Of Memory!\n"); - return SSS_SUDO_RESPONDER_REPLY_ERR; - } - - if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr,"fatal: env message framing failed."); - return SSS_SUDO_RESPONDER_DHASH_ERR; - } - - /* send reply back */ - sbus_conn_send_reply(conn, reply); - dbus_message_unref(reply); - - sudocli->initialized = true; - free(result); - return EOK; -} - -static void init_timeout(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval t, void *ptr) -{ - struct sudo_client *sudocli; - - DEBUG(2, ("Client timed out [%p]!\n", te)); - - sudocli = talloc_get_type(ptr, struct sudo_client); - - sbus_disconnect(sudocli->conn); - talloc_zfree(sudocli); -} - -static int sudo_client_init(struct sbus_connection *conn, void *data) -{ - struct sudo_ctx *sudoctx; - struct sudo_client *sudocli; - struct timeval tv; - - sudoctx = talloc_get_type(data, struct sudo_ctx); - - /* hang off this memory to the connection so that when the connection - * is freed we can potentially call a destructor */ - - sudocli = talloc(conn, struct sudo_client); - if (!sudocli) { - DEBUG(0,("Out of memory?!\n")); - talloc_zfree(conn); - return ENOMEM; - } - sudocli->sudoctx = sudoctx; - sudocli->conn = conn; - sudocli->initialized = false; - - /* 5 seconds should be plenty */ - tv = tevent_timeval_current_ofs(5, 0); - - sudocli->timeout = tevent_add_timer(sudoctx->rctx->ev, sudocli, tv, init_timeout, sudocli); - if (!sudocli->timeout) { - DEBUG(0,("Out of memory?!\n")); - talloc_zfree(conn); - return ENOMEM; - } - DEBUG(4, ("Set-up Sudo client timeout [%p]\n", sudocli->timeout)); - - /* Attach the client context to the connection context, so that it is - * always available when we need to manage the connection. */ - sbus_conn_set_private_data(conn, sudocli); - - return EOK; -} -static void sudo_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) -{ - struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); - int ret; - - /* Did we reconnect successfully? */ - if (status == SBUS_RECONNECT_SUCCESS) { - DEBUG(1, ("Reconnected to the Data Provider.\n")); - - /* Identify ourselves to the data provider */ - ret = dp_common_send_id(be_conn->conn, - DATA_PROVIDER_VERSION, - "PAM"); - /* all fine */ - if (ret == EOK) return; - } - - /* Handle failure */ - DEBUG(0, ("Could not reconnect to %s provider.\n", - be_conn->domain->name)); - - -} - -int sudo_server_init(TALLOC_CTX *mem_ctx, - struct sudo_ctx *_ctx) -{ - - int ret; - struct sbus_connection *serv; - - - DEBUG(1, ("Setting up the sudo server.\n")); - - - - ret = sbus_new_server(mem_ctx, - _ctx->rctx->ev, - SSS_SUDO_SERVICE_PIPE, - &sudo_monitor_interface, - &serv, - sudo_client_init, - _ctx); - if (ret != EOK) { - DEBUG(0, ("Could not set up sudo sbus server.\n")); - return ret; - } - - return EOK; - -} - -struct cli_protocol_version *register_cli_protocol_version(void) -{ - static struct cli_protocol_version sudo_cli_protocol_version[] = { - {0, NULL, NULL} - }; - - return sudo_cli_protocol_version; -} - -struct sss_cmd_table *get_sudo_cmds(void) -{ - static struct sss_cmd_table sss_cmds[] = { - {SSS_SUDO_AUTHENTICATE, NULL}, - {SSS_SUDO_INVALIDATE, NULL}, - {SSS_SUDO_VALIDATE, NULL}, - {SSS_SUDO_LIST, NULL}, - {SSS_CLI_NULL, NULL} - }; - - return sss_cmds; -} - -int sudo_process_init(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct confdb_ctx *cdb) -{ - struct sss_cmd_table *sudo_cmds; - struct be_conn *iter; - struct sudo_ctx *ctx; - int ret, max_retries; - int id_timeout; - - - ctx = talloc_zero(mem_ctx, struct sudo_ctx); - if (!ctx) { - DEBUG(0, ("fatal error initializing sudo_ctx\n")); - return ENOMEM; - } - sudo_cmds = get_sudo_cmds(); - ret = sss_process_init(ctx, - ev, - cdb, - sudo_cmds, - SSS_SUDO_SOCKET_NAME, - SSS_SUDO_PRIV_SOCKET_NAME, - CONFDB_SUDO_CONF_ENTRY, - SSS_SUDO_SBUS_SERVICE_NAME, - SSS_SUDO_SBUS_SERVICE_VERSION, - &sudo_monitor_interface, - "SUDO", &sudo_dp_interface, - &ctx->rctx); - if (ret != EOK) { - goto done; - } - - - ctx->rctx->pvt_ctx = ctx; - - - - ret = confdb_get_int(ctx->rctx->cdb, ctx->rctx, CONFDB_SUDO_CONF_ENTRY, - CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); - if (ret != EOK) { - DEBUG(0, ("Failed to set up automatic reconnection\n")); - goto done; - } - - for (iter = ctx->rctx->be_conns; iter; iter = iter->next) { - sbus_reconnect_init(iter->conn, max_retries, - sudo_dp_reconnect_init, iter); - } - - /* Set up the negative cache */ - ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY, - CONFDB_SUDO_ENTRY_NEG_TIMEOUT, 15, - &ctx->neg_timeout); - if (ret != EOK) goto done; - - /* Set up the PAM identity timeout */ - ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY, - CONFDB_SUDO_ID_TIMEOUT, 5, - &id_timeout); - if (ret != EOK) goto done; - - ctx->id_timeout = (size_t)id_timeout; - - ret = sss_ncache_init(ctx, &ctx->ncache); - if (ret != EOK) { - DEBUG(0, ("fatal error initializing negative cache\n")); - goto done; - } - - ret = sss_ncache_prepopulate(ctx->ncache, cdb, ctx->rctx->names, - ctx->rctx->domains); - if (ret != EOK) { - goto done; - } - - ret = sudo_server_init(mem_ctx, ctx); - DEBUG(0, ("sudo server returned %d.\n",ret)); - - return EOK; - done: - if (ret != EOK) { - talloc_free(ctx); - } - return ret; -} - -int main(int argc, const char *argv[]) -{ - int opt; - poptContext pc; - struct main_context *main_ctx; - int ret; - - struct poptOption long_options[] = { - POPT_AUTOHELP - SSSD_MAIN_OPTS - POPT_TABLEEND - }; - - pc = poptGetContext(argv[0], argc, argv, long_options, 0); - while((opt = poptGetNextOpt(pc)) != -1) { - switch(opt) { - default: - fprintf(stderr, "\nInvalid option %s: %s\n\n", - poptBadOption(pc, 0), poptStrerror(opt)); - poptPrintUsage(pc, stderr, 0); - return 1; - } - } - - poptFreeContext(pc); - - /* set up things like debug, signals, daemonization, etc... */ - debug_log_file = "sssd_sudo"; - - ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx); - if (ret != EOK) return 2; - - ret = die_if_parent_died(); - if (ret != EOK) { - /* This is not fatal, don't return */ - DEBUG(2, ("Could not set up to exit when parent process does\n")); - } - - ret = sudo_process_init(main_ctx, - main_ctx->event_ctx, - main_ctx->confdb_ctx); - if (ret != EOK) return 3; - - /* loop on main */ - server_loop(main_ctx); - - return 0; -} - diff --git a/src/responder/sudo/sudosrv.h b/src/responder/sudo/sudosrv.h index a24ead8c..539bd0c1 100644 --- a/src/responder/sudo/sudosrv.h +++ b/src/responder/sudo/sudosrv.h @@ -17,7 +17,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ + */ #ifndef _SUDOSRV_PRIVATE_H_ #define _SUDOSRV_PRIVATE_H_ @@ -56,25 +56,25 @@ static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn); struct sbus_method sudo_methods[] = { - - { SUDO_METHOD_QUERY, sudo_query_validation }, - { NULL, NULL } + + { SUDO_METHOD_QUERY, sudo_query_validation }, + { NULL, NULL } }; struct sbus_interface sudo_monitor_interface = { - SUDO_SERVER_INTERFACE, - SUDO_SERVER_PATH, - SBUS_DEFAULT_VTABLE, - sudo_methods, - NULL + SUDO_SERVER_INTERFACE, + SUDO_SERVER_PATH, + SBUS_DEFAULT_VTABLE, + sudo_methods, + NULL }; struct sbus_interface sudo_dp_interface = { - SUDO_DP_INTERFACE, - SUDO_DP_PATH, - SBUS_DEFAULT_VTABLE, - NULL/*sudo_dp_methods*/, - NULL + SUDO_DP_INTERFACE, + SUDO_DP_PATH, + SBUS_DEFAULT_VTABLE, + NULL/*sudo_dp_methods*/, + NULL }; struct sudo_ctx { @@ -100,17 +100,17 @@ struct sudo_client { enum error_types_sudo_responder{ - SSS_SUDO_RESPONDER_SUCCESS = 0x01, - SSS_SUDO_RESPONDER_FAILED, - SSS_SUDO_RESPONDER_BUF_ERR, - SSS_SUDO_RESPONDER_CONNECTION_ERR, - SSS_SUDO_RESPONDER_SYSTEM_ERR, - SSS_SUDO_RESPONDER_LOG_ERR, - SSS_SUDO_RESPONDER_MESSAGE_ERR, - SSS_SUDO_RESPONDER_REPLY_ERR, - SSS_SUDO_RESPONDER_DHASH_ERR, - SUDO_LDB_CONNECT_ERR, - SUDO_LDB_SEARCH_ERR + SSS_SUDO_RESPONDER_SUCCESS = 0x01, + SSS_SUDO_RESPONDER_FAILED, + SSS_SUDO_RESPONDER_BUF_ERR, + SSS_SUDO_RESPONDER_CONNECTION_ERR, + SSS_SUDO_RESPONDER_SYSTEM_ERR, + SSS_SUDO_RESPONDER_LOG_ERR, + SSS_SUDO_RESPONDER_MESSAGE_ERR, + SSS_SUDO_RESPONDER_REPLY_ERR, + SSS_SUDO_RESPONDER_DHASH_ERR, + SUDO_LDB_CONNECT_ERR, + SUDO_LDB_SEARCH_ERR }; #endif diff --git a/src/responder/sudo/sudosrv.h~ b/src/responder/sudo/sudosrv.h~ deleted file mode 100644 index 0b933ea4..00000000 --- a/src/responder/sudo/sudosrv.h~ +++ /dev/null @@ -1,59 +0,0 @@ -/* - SSSD - - SUDO Responder - - Copyright (C) Arun Scaria <arunscaria91@gmail.com> (2011) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - - -#define CONFDB_SUDO_CONF_ENTRY "config/sudo" - -#define SUDO_INTERFACE "org.freedesktop.sssd.sudo" -#define SUDO_PATH "/org/freedesktop/sssd/sudo" -#define SUDO_METHOD_QUERY "queryService" - -static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn); -struct sbus_method sudo_methods[] = { - - { SUDO_METHOD_QUERY, sudo_query_validation }, - { NULL, NULL } -}; - -struct sbus_interface sudo_interface = { - SUDO_INTERFACE, - SUDO_PATH, - SBUS_DEFAULT_VTABLE, - sudo_methods, - NULL -}; - -struct sudo_ctx { - struct tevent_context *ev; - struct confdb_ctx *cdb; - - struct sbus_connection *mon_conn; - struct sbus_connection *sbus_srv; - - size_t check_online_ref_count; -}; - -struct sudo_client { - struct sudo_ctx *sudoctx; - struct sbus_connection *conn; - struct tevent_timer *timeout; - bool initialized; -};
\ No newline at end of file diff --git a/src/sss_client/sudo_plugin/sss_sudo_cli.h b/src/sss_client/sudo_plugin/sss_sudo_cli.h index 65c1f582..4c6c1342 100644 --- a/src/sss_client/sudo_plugin/sss_sudo_cli.h +++ b/src/sss_client/sudo_plugin/sss_sudo_cli.h @@ -20,7 +20,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/> -*/ + */ #ifndef _SSS_SUDO_CLI_H_ #define _SSS_SUDO_CLI_H_ @@ -55,7 +55,7 @@ #ifndef _SSSCLI_H - /* If sss_cli.h is not included */ +/* If sss_cli.h is not included */ struct sss_cli_req_data { size_t len; const void *data; @@ -75,15 +75,15 @@ enum sss_status { enum error_types_sudo{ - SSS_SUDO_SUCCESS = 0x01, - SSS_SUDO_FAILED, - SSS_SUDO_BUF_ERR, - SSS_SUDO_CONNECTION_ERR, - SSS_SUDO_SYSTEM_ERR, - SSS_SUDO_LOG_ERR, - SSS_SUDO_LOG_NOTICE, - SSS_SUDO_MESSAGE_ERR, - SSS_SUDO_REPLY_ERR + SSS_SUDO_SUCCESS = 0x01, + SSS_SUDO_FAILED, + SSS_SUDO_BUF_ERR, + SSS_SUDO_CONNECTION_ERR, + SSS_SUDO_SYSTEM_ERR, + SSS_SUDO_LOG_ERR, + SSS_SUDO_LOG_NOTICE, + SSS_SUDO_MESSAGE_ERR, + SSS_SUDO_REPLY_ERR }; @@ -96,37 +96,37 @@ enum sss_sudo_validation_status { struct sss_sudo_msg_contents { - /* from user_info */ - uid_t userid; - char *cwd; - char *tty; - - /* from settings */ - char * runas_user; - char * runas_group; - char * prompt; - char * network_addrs; - int use_sudoedit; - int use_set_home; - int use_preserve_environment; - int use_implied_shell; - int use_login_shell; - int use_run_shell; - int use_preserve_groups; - int use_ignore_ticket; - int use_noninteractive; - int debug_level; - - /*from user_env*/ - char * const * user_env; - - /* command with arguments */ - char * fq_command; - char ** command; - int command_count; - - /* Clients pid */ - int cli_pid; + /* from user_info */ + uid_t userid; + char *cwd; + char *tty; + + /* from settings */ + char * runas_user; + char * runas_group; + char * prompt; + char * network_addrs; + int use_sudoedit; + int use_set_home; + int use_preserve_environment; + int use_implied_shell; + int use_login_shell; + int use_run_shell; + int use_preserve_groups; + int use_ignore_ticket; + int use_noninteractive; + int debug_level; + + /*from user_env*/ + char * const * user_env; + + /* command with arguments */ + char * fq_command; + char ** command; + int command_count; + + /* Clients pid */ + int cli_pid; }; #define SSS_SUDO_ITEM_RUSER "runas_user" diff --git a/src/sss_client/sudo_plugin/sss_sudoplugin.c b/src/sss_client/sudo_plugin/sss_sudoplugin.c index 2b058e6a..12fa4ec5 100644 --- a/src/sss_client/sudo_plugin/sss_sudoplugin.c +++ b/src/sss_client/sudo_plugin/sss_sudoplugin.c @@ -12,7 +12,7 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + The coding of some of the components in this programe is based on the code adapted from the sudo project at www.sudo.ws @@ -25,15 +25,15 @@ along with this program. If not, see <http://www.gnu.org/licenses/> -*/ + */ - /* - * Define to the version of sudo package - * This declaration is to be removed and - * it is to be imported from config.h - */ +/* + * Define to the version of sudo package + * This declaration is to be removed and + * it is to be imported from config.h + */ #define SUDO_PACKAGE_STRING "sudo 1.8.1" #ifndef _PATH_VI @@ -143,9 +143,9 @@ static int debug_level; struct user_info_struct { - char *username; - int lines; - int cols; + char *username; + int lines; + int cols; }user_information; @@ -156,8 +156,8 @@ struct user_info_struct struct sss_sudo_msg_contents msg; static struct pam_conv conv = { - misc_conv, - NULL + misc_conv, + NULL }; @@ -193,23 +193,23 @@ void print_sudo_items(void) /* initialise size of message contents as zero and boolean values as FALSE */ void init_size_of_msg_contents( void ) { - msg.userid=-1; + msg.userid=-1; - msg.use_sudoedit = FALSE; - msg.use_set_home = FALSE; - msg.use_preserve_environment = FALSE; - msg.use_implied_shell = FALSE; - msg.use_login_shell = FALSE; - msg.use_run_shell = FALSE; - msg.use_preserve_groups = FALSE; - msg.use_ignore_ticket = FALSE; - msg.use_noninteractive = FALSE; + msg.use_sudoedit = FALSE; + msg.use_set_home = FALSE; + msg.use_preserve_environment = FALSE; + msg.use_implied_shell = FALSE; + msg.use_login_shell = FALSE; + msg.use_run_shell = FALSE; + msg.use_preserve_groups = FALSE; + msg.use_ignore_ticket = FALSE; + msg.use_noninteractive = FALSE; - msg.debug_level=0; + msg.debug_level=0; - msg.command_count=0; + msg.command_count=0; - msg.cli_pid = getpid(); + msg.cli_pid = getpid(); } /* @@ -224,221 +224,221 @@ int policy_open(unsigned int version, char * const user_info[], char * const user_env[]) { - char * const *ui; - struct passwd *pw; - const char *runas_user = NULL; - struct group *gr; - const char *runas_group = NULL; - - - if (sudo_conv == NULL) sudo_conv = conversation; - if (sudo_log == NULL) sudo_log = sudo_printf; - + char * const *ui; + struct passwd *pw; + const char *runas_user = NULL; + struct group *gr; + const char *runas_group = NULL; + + + if (sudo_conv == NULL) sudo_conv = conversation; + if (sudo_log == NULL) sudo_log = sudo_printf; + /* Check the version of sudo plugin api */ - if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) { - sudo_log(SUDO_CONV_ERROR_MSG, - "The sss sudo plugin requires API version %d.x\n", - SUDO_API_VERSION_MAJOR); - return ERROR; + if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) { + sudo_log(SUDO_CONV_ERROR_MSG, + "The sss sudo plugin requires API version %d.x\n", + SUDO_API_VERSION_MAJOR); + return ERROR; } - init_size_of_msg_contents(); + init_size_of_msg_contents(); + - for (ui = settings; *ui != NULL; ui++) { - /* get the debug level */ - if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) { - debug_level = atoi(*ui + sizeof("debug_level=") - 1); - msg.debug_level = debug_level; - } - - /* - *check if the user specified the -E flag, indicating that - *the user wishes to preserve the environment. - * - */ - - else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0) - msg.use_preserve_environment = TRUE; - } - - /* - * check if the user specified the -H flag. If true, set the - * HOME environment variable to the target user's home directory. - */ - - else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0) - msg.use_set_home = TRUE; - } - - /* - * check if the user specified the -s flag, indicating that the - * user wishes to run a shell. - */ - - else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0) - msg.use_run_shell = TRUE; - } - - /* - * Check if the user specified the -i flag, indicating that the - * user wishes to run a login shell. - */ - - else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0) - msg.use_login_shell = TRUE; - } - - /* - * check to see whether user specified the -k flag along with a - * command, indicating that the user wishes to ignore any cached - * authentication credentials. - */ - - else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0) - msg.use_ignore_ticket = TRUE; - } - - /* - * The prompt to use when requesting a password, if specified - * via the -p flag. - */ - - else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) { - msg.prompt = strdup(*ui + sizeof("prompt=") - 1); - } - - /* Find the user to be run as */ - - else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) { - msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1); - runas_user = msg.runas_user; - } - - /* Find the group to be run as */ - - else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) { - msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1); - runas_group = msg.runas_group; - } - - /* - * To get thhe command name that sudo was run as, typically - * "sudo" or "sudoedit". setprogname() is only supported in BSD - * No need to include it now. - * - * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) { - * setprogname(*ui + sizeof("progname=") - 1); - * } - * - */ - - /* Check to see if sudo was called as sudoedit or with -e flag. */ - - else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) - use_sudoedit = TRUE; - msg.use_sudoedit = use_sudoedit; - } - - /* This plugin doesn't support running sudo with no arguments. */ - - else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0) - return -2; - /* usage error */ - } - - /* - *check to see whether user specified the -P flag, indicating - *that the user wishes to preserve the group vector instead of - *setting it based on the runas user. - */ - - else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0) - msg.use_preserve_groups = TRUE; - } - - /* - * check to see whether user specified the -n flag, indicating that - * sudo should operate in non-interactive mode. The plugin may reject - * a command run in non-interactive mode if user interaction is required. - */ - - else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0) - msg.use_noninteractive = TRUE; - } - - /* to get network_addrs */ - - else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) { - msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1); - } - - /* settings are over */ - } - - - /* Build the user info */ - - for (ui = user_info; *ui != NULL; ui++) { - - /* get user name */ - - if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) { - user_information.username = strdup(*ui + sizeof("user=") - 1); - } - - /* get user id */ - else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) { - msg.userid = atoi(*ui + sizeof("uid=") - 1); - } - - - /* get cwd */ - else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) { - msg.cwd = strdup(*ui + sizeof("cwd=") - 1); - } - - /* get tty */ - else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) { - msg.tty = strdup( *ui + sizeof("tty=") - 1); - } - - /* get lines - to be removed at final code if no use */ - else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) { - user_information.lines = atoi(*ui + sizeof("lines=") - 1); - } - - /* get cols - to be removed at final code if no use */ - else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) { - user_information.cols = atoi(*ui + sizeof("cols=") - 1); - } - } + /* get the debug level */ + if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) { + debug_level = atoi(*ui + sizeof("debug_level=") - 1); + msg.debug_level = debug_level; + } + + /* + *check if the user specified the -E flag, indicating that + *the user wishes to preserve the environment. + * + */ + + else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0) + msg.use_preserve_environment = TRUE; + } + + /* + * check if the user specified the -H flag. If true, set the + * HOME environment variable to the target user's home directory. + */ + + else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0) + msg.use_set_home = TRUE; + } + + /* + * check if the user specified the -s flag, indicating that the + * user wishes to run a shell. + */ + + else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0) + msg.use_run_shell = TRUE; + } + + /* + * Check if the user specified the -i flag, indicating that the + * user wishes to run a login shell. + */ + + else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0) + msg.use_login_shell = TRUE; + } + + /* + * check to see whether user specified the -k flag along with a + * command, indicating that the user wishes to ignore any cached + * authentication credentials. + */ + + else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0) + msg.use_ignore_ticket = TRUE; + } + + /* + * The prompt to use when requesting a password, if specified + * via the -p flag. + */ + + else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) { + msg.prompt = strdup(*ui + sizeof("prompt=") - 1); + } + + /* Find the user to be run as */ + + else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) { + msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1); + runas_user = msg.runas_user; + } + + /* Find the group to be run as */ + + else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) { + msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1); + runas_group = msg.runas_group; + } + + /* + * To get thhe command name that sudo was run as, typically + * "sudo" or "sudoedit". setprogname() is only supported in BSD + * No need to include it now. + * + * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) { + * setprogname(*ui + sizeof("progname=") - 1); + * } + * + */ + + /* Check to see if sudo was called as sudoedit or with -e flag. */ + + else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) + use_sudoedit = TRUE; + msg.use_sudoedit = use_sudoedit; + } + + /* This plugin doesn't support running sudo with no arguments. */ + + else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0) + return -2; + /* usage error */ + } + + /* + *check to see whether user specified the -P flag, indicating + *that the user wishes to preserve the group vector instead of + *setting it based on the runas user. + */ + + else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0) + msg.use_preserve_groups = TRUE; + } + + /* + * check to see whether user specified the -n flag, indicating that + * sudo should operate in non-interactive mode. The plugin may reject + * a command run in non-interactive mode if user interaction is required. + */ + + else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0) + msg.use_noninteractive = TRUE; + } + + /* to get network_addrs */ + + else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) { + msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1); + } + + /* settings are over */ + } + + + /* Build the user info */ + + for (ui = user_info; *ui != NULL; ui++) { + + /* get user name */ + + if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) { + user_information.username = strdup(*ui + sizeof("user=") - 1); + } + + /* get user id */ + else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) { + msg.userid = atoi(*ui + sizeof("uid=") - 1); + } + + + /* get cwd */ + else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) { + msg.cwd = strdup(*ui + sizeof("cwd=") - 1); + } + + /* get tty */ + else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) { + msg.tty = strdup( *ui + sizeof("tty=") - 1); + } + + /* get lines - to be removed at final code if no use */ + else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) { + user_information.lines = atoi(*ui + sizeof("lines=") - 1); + } + + /* get cols - to be removed at final code if no use */ + else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) { + user_information.cols = atoi(*ui + sizeof("cols=") - 1); + } + } if (runas_user != NULL) { - if ((pw = getpwnam(runas_user)) == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user); - return 0; - } - runas_uid = pw->pw_uid; + if ((pw = getpwnam(runas_user)) == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user); + return 0; + } + runas_uid = pw->pw_uid; } if (runas_group != NULL) { - if ((gr = getgrnam(runas_group)) == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group); - return 0; - } - runas_gid = gr->gr_gid; + if ((gr = getgrnam(runas_group)) == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group); + return 0; + } + runas_gid = gr->gr_gid; } /* fill Plugin state. */ @@ -463,45 +463,45 @@ char * find_in_path(char *command, char **envp) char *qualified = NULL; if (strchr(command, '/') != NULL) - return command; + return command; path = getenv("PATH"); for (ep = plugin_state.envp; *ep != NULL; ep++) { - if (strncmp(*ep, "PATH=", 5) == 0) { - path = *ep + 5; - break; - } + if (strncmp(*ep, "PATH=", 5) == 0) { + path = *ep + 5; + break; + } } path = strdup(path); path0 = path; - + do { - if ((cp = strchr(path, ':'))) - *cp = '\0'; - - snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command); - - if (stat(pathbuf, &sb) == 0) { - if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) { - qualified = pathbuf; - break; - } - } - path = cp + 1; + if ((cp = strchr(path, ':'))) + *cp = '\0'; + + snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command); + + if (stat(pathbuf, &sb) == 0) { + if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) { + qualified = pathbuf; + break; + } + } + path = cp + 1; } while (cp != NULL); - + free(path0); return ((qualified != NULL) ? strdup(qualified) : NULL); } - /* - * Information about the command being run in the form - * of "name=value" strings. These values are used by - * sudo to set the execution environment when running a - * command. The plugin is responsible for creating and - * populating the vector, which must be terminated with a NULL pointer. - * - */ +/* + * Information about the command being run in the form + * of "name=value" strings. These values are used by + * sudo to set the execution environment when running a + * command. The plugin is responsible for creating and + * populating the vector, which must be terminated with a NULL pointer. + * + */ char ** build_command_info(char *command) { static char **command_info; @@ -509,39 +509,39 @@ char ** build_command_info(char *command) /* Setup command info. */ command_info = calloc(32, sizeof(char *)); - + if (command_info == NULL) - return NULL; - + return NULL; + if (asprintf(&command_info[i++],"%s=%s","command", command) == -1 || - asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 || - asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) { - return NULL; + asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 || + asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) { + return NULL; } - + if (runas_gid != -1) { - if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 || - asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) { - return NULL; - } + if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 || + asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) { + return NULL; + } } - + if (use_sudoedit) { - command_info[i] = strdup("sudoedit=true"); - if (command_info[i++] == NULL){ - return NULL; - } + command_info[i] = strdup("sudoedit=true"); + if (command_info[i++] == NULL){ + return NULL; + } } - + #ifdef USE_TIMEOUT command_info[i++] = "timeout=30"; #endif - + return command_info; } - /* finds a valid editor for sudo edit or "sudo vi" */ +/* finds a valid editor for sudo edit or "sudo vi" */ char * find_editor(int nfiles, char * const files[], char **argv_out[]) { char *cp; @@ -557,16 +557,16 @@ char * find_editor(int nfiles, char * const files[], char **argv_out[]) /* Lookup EDITOR in user's environment. */ editor = _PATH_VI; for (ep = plugin_state.envp; *ep != NULL; ep++) { - if (strncmp(*ep, "EDITOR=", 7) == 0) { - editor = *ep + 7; - break; - } + if (strncmp(*ep, "EDITOR=", 7) == 0) { + editor = *ep + 7; + break; + } } - + editor = strdup(editor); if (editor == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); - return NULL; + sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); + return NULL; } /* @@ -576,36 +576,36 @@ char * find_editor(int nfiles, char * const files[], char **argv_out[]) */ nargc = 1; for (wasblank = 0, cp = editor; *cp != '\0'; cp++) { - - if (isblank((unsigned char) *cp)) { - wasblank = 1; - } - else if (wasblank) { - wasblank = 0; - nargc++; - } - } - + + if (isblank((unsigned char) *cp)) { + wasblank = 1; + } + else if (wasblank) { + wasblank = 0; + nargc++; + } + } + /* If we can't find the editor in the user's PATH, give up. */ cp = strtok(editor, " \t"); if (cp == NULL || - (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { - return NULL; + (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { + return NULL; } - + nargv = (char **) malloc((nargc + 1 + nfiles + 1) * sizeof(char *)); if (nargv == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); - return NULL; + sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); + return NULL; } - + for (ac = 0; cp != NULL && ac < nargc; ac++) { - nargv[ac] = cp; - cp = strtok(NULL, " \t"); + nargv[ac] = cp; + cp = strtok(NULL, " \t"); } nargv[ac++] = "--"; for (i = 0; i < nfiles; ) - nargv[ac++] = files[i++]; + nargv[ac++] = files[i++]; nargv[ac] = NULL; *argv_out = nargv; @@ -636,23 +636,23 @@ int create_env_hash_table(char ** env, hash_table_t ** table_out) { delete_callback, NULL); if (err_h != HASH_SUCCESS) { - fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); - return err_h; + fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); + return err_h; } for(ui = (char **) msg.user_env; *ui!=NULL; ui++) { tmp = strchr(*ui,'='); *tmp = '\0'; - key.type = HASH_KEY_STRING; - key.str = strdup(*ui); - value.type = HASH_VALUE_PTR; - value.ptr = tmp+1; - - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - *tmp = '=' ; + key.type = HASH_KEY_STRING; + key.str = strdup(*ui); + value.type = HASH_VALUE_PTR; + value.ptr = tmp+1; + + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + *tmp = '=' ; } *table_out = local_table; @@ -676,144 +676,144 @@ int create_settings_hash_table(hash_table_t ** table_out) { delete_callback, NULL); if (err_h != HASH_SUCCESS) { - fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); + fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); + return err_h; + } + key.type = HASH_KEY_STRING; + value.type = HASH_VALUE_PTR; + if(msg.runas_user && *msg.runas_user ){ + key.str = strdup(SSS_SUDO_ITEM_RUSER); + value.ptr = msg.runas_user; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); return err_h; + } + free(key.str); } - key.type = HASH_KEY_STRING; - value.type = HASH_VALUE_PTR; - if(msg.runas_user && *msg.runas_user ){ - key.str = strdup(SSS_SUDO_ITEM_RUSER); - value.ptr = msg.runas_user; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } - if(msg.runas_group && *msg.runas_group ){ - key.str = strdup(SSS_SUDO_ITEM_RGROUP); - value.ptr = msg.runas_group; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } + if(msg.runas_group && *msg.runas_group ){ + key.str = strdup(SSS_SUDO_ITEM_RGROUP); + value.ptr = msg.runas_group; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + } - if(msg.prompt && *msg.prompt ){ - key.str = strdup(SSS_SUDO_ITEM_PROMPT); - value.ptr = msg.prompt; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } + if(msg.prompt && *msg.prompt ){ + key.str = strdup(SSS_SUDO_ITEM_PROMPT); + value.ptr = msg.prompt; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + } - if(msg.network_addrs && *msg.network_addrs ){ - key.str = strdup(SSS_SUDO_ITEM_NETADDR); - value.ptr = msg.network_addrs; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } + if(msg.network_addrs && *msg.network_addrs ){ + key.str = strdup(SSS_SUDO_ITEM_NETADDR); + value.ptr = msg.network_addrs; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + } + + key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT); + value.ptr = GET_BOOL_STRING(msg.use_sudoedit); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME); + value.ptr = GET_BOOL_STRING(msg.use_set_home); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV); + value.ptr = GET_BOOL_STRING(msg.use_preserve_environment); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL); + value.ptr = GET_BOOL_STRING(msg.use_implied_shell); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL); + value.ptr = GET_BOOL_STRING(msg.use_login_shell); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL); + value.ptr = GET_BOOL_STRING(msg.use_run_shell); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS); + value.i = GET_BOOL_STRING(msg.use_preserve_groups); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET); + value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE); + value.ptr =GET_BOOL_STRING(msg.use_noninteractive); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL); + value.ptr = GET_BOOL_STRING(msg.debug_level); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_CLI_PID); + asprintf(&value.ptr,"%u",msg.cli_pid); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); - key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT); - value.ptr = GET_BOOL_STRING(msg.use_sudoedit); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME); - value.ptr = GET_BOOL_STRING(msg.use_set_home); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV); - value.ptr = GET_BOOL_STRING(msg.use_preserve_environment); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL); - value.ptr = GET_BOOL_STRING(msg.use_implied_shell); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL); - value.ptr = GET_BOOL_STRING(msg.use_login_shell); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL); - value.ptr = GET_BOOL_STRING(msg.use_run_shell); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS); - value.i = GET_BOOL_STRING(msg.use_preserve_groups); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET); - value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE); - value.ptr =GET_BOOL_STRING(msg.use_noninteractive); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL); - value.ptr = GET_BOOL_STRING(msg.debug_level); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_CLI_PID); - asprintf(&value.ptr,"%u",msg.cli_pid); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - *table_out = local_table; @@ -851,20 +851,20 @@ void free_connection(DBusConnection *conn, DBusMessage *msg, DBusMessage *reply ){ - if(msg != NULL) - dbus_message_unref(msg); + if(msg != NULL) + dbus_message_unref(msg); - if(reply != NULL) - dbus_message_unref(reply); + if(reply != NULL) + dbus_message_unref(reply); - if (err != NULL && dbus_error_is_set(err)) - dbus_error_free(err); + if (err != NULL && dbus_error_is_set(err)) + dbus_error_free(err); - if(settings_table != NULL) - hash_destroy(settings_table); + if(settings_table != NULL) + hash_destroy(settings_table); - if(conn != NULL) - dbus_connection_close(conn); + if(conn != NULL) + dbus_connection_close(conn); } @@ -876,255 +876,255 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, { - char ** command_array,**ui; - char * result_str; - int err_status,count; - dbus_uint32_t status,command_array_out_size; - - DBusConnection* conn; - DBusError err; - - DBusMessage* dbus_msg; - DBusMessage* dbus_reply; - DBusMessageIter msg_iter; - DBusMessageIter sub_iter; - - dbus_bool_t ret=FALSE; - - hash_table_t *env_table = NULL; - hash_table_t *settings_table = NULL; - hash_table_t *env_table_out = NULL; - - fprintf(stdout,"Calling remote method to pack message\n"); - - if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) { - return SSS_SUDO_VALIDATION_ERR; - } - - - err_status = create_env_hash_table(msg.user_env,&env_table); - if(err_status != HASH_SUCCESS) { - fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); - return SSS_SUDO_MESSAGE_ERR; - } - - - err_status = create_settings_hash_table(&settings_table); - if(err_status != HASH_SUCCESS) { - fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); - return SSS_SUDO_MESSAGE_ERR; - } - - /* initialise the errors */ - dbus_error_init(&err); - - /* connect to the system bus and check for errors */ - conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err); - - if (dbus_error_is_set(&err)) { - fprintf(stderr, "Connection Error (%s)\n", err.message); - dbus_error_free(&err); - return SSS_SUDO_CONNECTION_ERR; - } - if (NULL == conn) { - return SSS_SUDO_CONNECTION_ERR; - } - - - /* create a new method call and check for errors */ - dbus_msg = dbus_message_new_method_call( NULL, /* target */ - SUDO_SERVER_PATH, /* object */ - SUDO_SERVER_INTERFACE, /* interface */ - SUDO_METHOD_QUERY); /* method name */ - if (NULL == dbus_msg) { - fprintf(stderr, "Message Null\n"); - free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - /* append arguments */ - - - dbus_message_iter_init_append(dbus_msg, &msg_iter); - if(dbus_error_is_set(&err)){ - fprintf(stderr, "Failed to initialize the iterator.\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - - if(!dbus_message_iter_open_container(&msg_iter, - DBUS_TYPE_STRUCT, - NULL, - &sub_iter)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_UINT32, - &msg.userid)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - &msg.cwd)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - - - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - &msg.tty)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - &msg.fq_command)) { - fprintf(stderr, "Out Of Memory! - at FQ command\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - if (!dbus_message_iter_append_basic(&msg_iter, - DBUS_TYPE_UINT32, - &msg.command_count)) { + char ** command_array,**ui; + char * result_str; + int err_status,count; + dbus_uint32_t status,command_array_out_size; + + DBusConnection* conn; + DBusError err; + + DBusMessage* dbus_msg; + DBusMessage* dbus_reply; + DBusMessageIter msg_iter; + DBusMessageIter sub_iter; + + dbus_bool_t ret=FALSE; + + hash_table_t *env_table = NULL; + hash_table_t *settings_table = NULL; + hash_table_t *env_table_out = NULL; + + fprintf(stdout,"Calling remote method to pack message\n"); + + if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) { + return SSS_SUDO_VALIDATION_ERR; + } + + + err_status = create_env_hash_table(msg.user_env,&env_table); + if(err_status != HASH_SUCCESS) { + fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); + return SSS_SUDO_MESSAGE_ERR; + } + + + err_status = create_settings_hash_table(&settings_table); + if(err_status != HASH_SUCCESS) { + fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); + return SSS_SUDO_MESSAGE_ERR; + } + + /* initialise the errors */ + dbus_error_init(&err); + + /* connect to the system bus and check for errors */ + conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err); + + if (dbus_error_is_set(&err)) { + fprintf(stderr, "Connection Error (%s)\n", err.message); + dbus_error_free(&err); + return SSS_SUDO_CONNECTION_ERR; + } + if (NULL == conn) { + return SSS_SUDO_CONNECTION_ERR; + } + + + /* create a new method call and check for errors */ + dbus_msg = dbus_message_new_method_call( NULL, /* target */ + SUDO_SERVER_PATH, /* object */ + SUDO_SERVER_INTERFACE, /* interface */ + SUDO_METHOD_QUERY); /* method name */ + if (NULL == dbus_msg) { + fprintf(stderr, "Message Null\n"); + free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + /* append arguments */ + + + dbus_message_iter_init_append(dbus_msg, &msg_iter); + if(dbus_error_is_set(&err)){ + fprintf(stderr, "Failed to initialize the iterator.\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + + if(!dbus_message_iter_open_container(&msg_iter, + DBUS_TYPE_STRUCT, + NULL, + &sub_iter)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_UINT32, + &msg.userid)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.cwd)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + + + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.tty)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.fq_command)) { + fprintf(stderr, "Out Of Memory! - at FQ command\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if (!dbus_message_iter_append_basic(&msg_iter, + DBUS_TYPE_UINT32, + &msg.command_count)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if(!dbus_message_iter_open_container(&msg_iter, + DBUS_TYPE_ARRAY, + "s", + &sub_iter)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + for(command_array = msg.command ; *command_array != NULL ; command_array++) { + + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + command_array)) { fprintf(stderr, "Out Of Memory!\n"); free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } - if(!dbus_message_iter_open_container(&msg_iter, - DBUS_TYPE_ARRAY, - "s", - &sub_iter)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - for(command_array = msg.command ; *command_array != NULL ; command_array++) { - - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - command_array)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - } - + } + if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { fprintf(stderr, "Out Of Memory!\n"); free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } - //////// + //////// if(dbus_dhash_to_msg_iter(&settings_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ fprintf(stderr,"fatal: message framing failed."); free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } - + if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr,"fatal: message framing failed."); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; + fprintf(stderr,"fatal: message framing failed."); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; } hash_destroy(settings_table); - - /* send message and get a handle for a reply */ - dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg, - -1, - &err); - fprintf(stdout,"Request Sent\n"); - if (dbus_error_is_set(&err)) { - fprintf(stderr, "Connection send-reply Error (%s)\n", err.message); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_REPLY_ERR; - } - if (NULL == dbus_reply) { - fprintf(stderr, "reply failed\n"); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_REPLY_ERR; - } - - ret = dbus_message_get_args(dbus_reply, - &err, - DBUS_TYPE_UINT32,&status, - DBUS_TYPE_STRING,&result_str, - DBUS_TYPE_ARRAY,DBUS_TYPE_STRING,&command_array, - &command_array_out_size, - DBUS_TYPE_INVALID); + + /* send message and get a handle for a reply */ + dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg, + -1, + &err); + fprintf(stdout,"Request Sent\n"); + if (dbus_error_is_set(&err)) { + fprintf(stderr, "Connection send-reply Error (%s)\n", err.message); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_REPLY_ERR; + } + if (NULL == dbus_reply) { + fprintf(stderr, "reply failed\n"); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_REPLY_ERR; + } + + ret = dbus_message_get_args(dbus_reply, + &err, + DBUS_TYPE_UINT32,&status, + DBUS_TYPE_STRING,&result_str, + DBUS_TYPE_ARRAY,DBUS_TYPE_STRING,&command_array, + &command_array_out_size, + DBUS_TYPE_INVALID); if (!ret) { fprintf (stderr,"Failed to parse reply, killing connection\n"); free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); return SSS_SUDO_REPLY_ERR; } - + fprintf(stdout,"----------Reply--------:\n" "Header : %d \nResult status : %s\n" "Command : ", status,result_str); - for(count =0;count< command_array_out_size;count++){ - printf("%s ", command_array[count]); - } - if (!dbus_message_iter_init(dbus_reply, &msg_iter)) { - fprintf(stderr, "Reply iterator failed!\n"); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); - return SSS_SUDO_REPLY_ERR; - } + for(count =0;count< command_array_out_size;count++){ + printf("%s ", command_array[count]); + } + if (!dbus_message_iter_init(dbus_reply, &msg_iter)) { + fprintf(stderr, "Reply iterator failed!\n"); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); + return SSS_SUDO_REPLY_ERR; + } - printf("\n"); - dbus_message_iter_next(&msg_iter); - dbus_message_iter_next(&msg_iter); - dbus_message_iter_next(&msg_iter); + printf("\n"); + dbus_message_iter_next(&msg_iter); + dbus_message_iter_next(&msg_iter); + dbus_message_iter_next(&msg_iter); - if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr, "env message iterator corrupted!\n"); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); - return SSS_SUDO_REPLY_ERR; - } - printf("---------Reply End----------\n"); + if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){ + fprintf(stderr, "env message iterator corrupted!\n"); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); + return SSS_SUDO_REPLY_ERR; + } + printf("---------Reply End----------\n"); - /* free connection now */ - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); + /* free connection now */ + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); - if(strncmp(result_str,"PASS",4)==0) - return SSS_STATUS_SUCCESS; - else - return SSS_STATUS_FAILED; + if(strncmp(result_str,"PASS",4)==0) + return SSS_STATUS_SUCCESS; + else + return SSS_STATUS_FAILED; } void free_all( void ) { - free(msg.cwd); - free(msg.tty); - free(msg.prompt); - free(msg.runas_user); - free(msg.runas_group); - //free(msg.network_addrs); - free(user_information.username); - + free(msg.cwd); + free(msg.tty); + free(msg.prompt); + free(msg.runas_user); + free(msg.runas_group); + //free(msg.network_addrs); + free(user_information.username); + } @@ -1151,7 +1151,7 @@ int send_and_receive() goto done; } -/* check the reply signature */ + /* check the reply signature */ if (replen < (2*sizeof(int32_t))) { //D(("response not in expected format.")); _status = SSS_SUDO_SYSTEM_ERR; @@ -1160,13 +1160,13 @@ int send_and_receive() -done: + done: _status = SSS_SUDO_SUCCESS; if (_status == SSS_SUDO_SUCCESS) - return _status; + return _status; else - return SSS_SUDO_FAILED; + return SSS_SUDO_FAILED; } @@ -1177,8 +1177,8 @@ done: * whether the user is allowed to run the specified commands. */ int policy_check(int argc, char * const argv[], - char *env_add[], char **command_info_out[], - char **argv_out[], char **user_env_out[]) + char *env_add[], char **command_info_out[], + char **argv_out[], char **user_env_out[]) { char *command; pam_handle_t *pamh; @@ -1187,45 +1187,45 @@ int policy_check(int argc, char * const argv[], int pam_ret; if (!argc || argv[0] == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); - return FALSE; + sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); + return FALSE; } command = find_in_path(argv[0], plugin_state.envp); if (command == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); - return FALSE; + sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); + return FALSE; } /* If "sudo vi" is run, auto-convert to sudoedit. */ if (strcmp(command, _PATH_VI) == 0) - use_sudoedit = TRUE; + use_sudoedit = TRUE; if (use_sudoedit) { - /* Rebuild argv using editor */ - command = find_editor(argc - 1, argv + 1, argv_out); - if (command == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); - return ERROR; - } - use_sudoedit = TRUE; + /* Rebuild argv using editor */ + command = find_editor(argc - 1, argv + 1, argv_out); + if (command == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); + return ERROR; + } + use_sudoedit = TRUE; } else { - /* No changes needd to argv */ - *argv_out = (char **)argv; + /* No changes needd to argv */ + *argv_out = (char **)argv; } /* No changes to envp */ *user_env_out = plugin_state.envp; /* Space for authentication */ - + pam_action = strdup("auth"); pam_user = user_information.username; - + sudo_log(SUDO_CONV_INFO_MSG, "\nCalling PAM with action: %s\nuser: %s\n", pam_action,pam_user); pam_ret = pam_start(SSS_SUDO_PAM_SERVICE, pam_user, &conv, &pamh); - + if (pam_ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, pam_ret)); return 0; @@ -1233,70 +1233,70 @@ int policy_check(int argc, char * const argv[], pam_ret = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK); switch(pam_ret) { - case PAM_ABORT: - fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_AUTH_ERR: - fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_SUCCESS: - fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret)); - break; - - case PAM_CRED_INSUFFICIENT: - fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_AUTHINFO_UNAVAIL: - fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_USER_UNKNOWN: - fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_MAXTRIES: - fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - default: - fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - } - - /* pam is success :) */ - pam_end(pamh, pam_ret); - - msg.fq_command = command; - msg.command = (char **) argv; - msg.command_count = argc; - - if(pam_ret==PAM_SUCCESS) { - pam_ret = send_and_receive(); - } - - free(pam_action); - free_all(); + case PAM_ABORT: + fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_AUTH_ERR: + fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_SUCCESS: + fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret)); + break; + + case PAM_CRED_INSUFFICIENT: + fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_AUTHINFO_UNAVAIL: + fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_USER_UNKNOWN: + fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_MAXTRIES: + fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + default: + fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + } + + /* pam is success :) */ + pam_end(pamh, pam_ret); + + msg.fq_command = command; + msg.command = (char **) argv; + msg.command_count = argc; + + if(pam_ret==PAM_SUCCESS) { + pam_ret = send_and_receive(); + } + + free(pam_action); + free_all(); /* Setup command info. */ *command_info_out = build_command_info(command); - if (*command_info_out == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); - return ERROR; + if (*command_info_out == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); + return ERROR; } - if(pam_ret==SSS_SUDO_SUCCESS) - return TRUE; + if(pam_ret==SSS_SUDO_SUCCESS) + return TRUE; - return FALSE; + return FALSE; } int policy_list(int argc, char * const argv[], int verbose, const char *list_user) @@ -1323,32 +1323,32 @@ void policy_close(int exit_status, int error) * The close function is called when the command being run by sudo finishes. */ if (error) { - sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error)); + sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error)); } else { if (WIFEXITED(exit_status)) { - sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n", - WEXITSTATUS(exit_status)); + sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n", + WEXITSTATUS(exit_status)); } else if (WIFSIGNALED(exit_status)) { - sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n", - WTERMSIG(exit_status)); - } - } + sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n", + WTERMSIG(exit_status)); + } + } } /* SUDO Plugin structure */ struct policy_plugin sss_sudo_policy = { -SUDO_POLICY_PLUGIN, -SUDO_API_VERSION, -policy_open, -policy_close, -policy_version, -policy_check, -policy_list, -NULL, /* validate */ -NULL /* invalidate */ + SUDO_POLICY_PLUGIN, + SUDO_API_VERSION, + policy_open, + policy_close, + policy_version, + policy_check, + policy_list, + NULL, /* validate */ + NULL /* invalidate */ }; /* IO_PLUGIN is not needed */ |