summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArun Scaria <arunscaria91@gmail.com>2011-08-16 20:47:17 +0530
committerArun Scaria <arunscaria91@gmail.com>2011-08-16 20:47:17 +0530
commit1ceb369fc0ea5ae99cc68e649069ae49054288f1 (patch)
treed78b7509e2a803116757560bfb05949d80411b70
parent7c9d4fb2e9df392f84893eb064c5c6c7af31e7ce (diff)
downloadsssd_unused-1ceb369fc0ea5ae99cc68e649069ae49054288f1.tar.gz
sssd_unused-1ceb369fc0ea5ae99cc68e649069ae49054288f1.tar.xz
sssd_unused-1ceb369fc0ea5ae99cc68e649069ae49054288f1.zip
Added host elimination and indentation improvised
Diffstat
-rw-r--r--src/conf_macros.m4~352
-rw-r--r--src/db/sysdb_search.c18
-rw-r--r--src/list_sss/list_sss.c52
-rw-r--r--src/list_sss/list_sss.h17
-rw-r--r--src/responder/sudo/sudosrv.c141
-rw-r--r--src/responder/sudo/sudosrv.c~846
-rw-r--r--src/responder/sudo/sudosrv.h50
-rw-r--r--src/responder/sudo/sudosrv.h~59
-rw-r--r--src/sss_client/sudo_plugin/sss_sudo_cli.h84
-rw-r--r--src/sss_client/sudo_plugin/sss_sudoplugin.c1526
10 files changed, 995 insertions, 2150 deletions
diff --git a/src/conf_macros.m4~ b/src/conf_macros.m4~
deleted file mode 100644
index b626c89f..00000000
--- a/src/conf_macros.m4~
+++ /dev/null
@@ -1,352 +0,0 @@
-AC_DEFUN([WITH_DB_PATH],
- [ AC_ARG_WITH([db-path],
- [AC_HELP_STRING([--with-db-path=PATH],
- [Path to the SSSD databases [/var/lib/sss/db]]
- )
- ]
- )
- config_dbpath="\"VARDIR\"/lib/sss/db"
- dbpath="${localstatedir}/lib/sss/db"
- if test x"$with_db_path" != x; then
- config_dbpath=$with_db_path
- dbpath=$with_db_path
- fi
- AC_SUBST(dbpath)
- AC_DEFINE_UNQUOTED(DB_PATH, "$config_dbpath", [Path to the SSSD databases])
- ])
-
-AC_DEFUN([WITH_PLUGIN_PATH],
- [ AC_ARG_WITH([plugin-path],
- [AC_HELP_STRING([--with-plugin-path=PATH],
- [Path to the SSSD data provider plugins [/usr/lib/sssd]]
- )
- ]
- )
- pluginpath="${libdir}/sssd"
- config_pluginpath="\"LIBDIR\"/sssd"
- if test x"$with_plugin_path" != x; then
- pluginpath=$with_plugin_path
- config_pluginpath=$with_plugin_path
- fi
- AC_SUBST(pluginpath)
- AC_DEFINE_UNQUOTED(DATA_PROVIDER_PLUGINS_PATH, "$config_pluginpath", [Path to the SSSD sudo plugins])
- ])
-
-AC_DEFUN([WITH_SUDO_PLUGIN_PATH],
- [ AC_ARG_WITH([sudo-plugin-path],
- [AC_HELP_STRING([--with-sudo-plugin-path=PATH],
- [Path to the SSSD sudo plugins [/usr/lib/sudo]]
- )
- ]
- )
- sudo_pluginpath="${libdir}/sudo"
- sudo_config_pluginpath="\"LIBDIR\"/sudo"
- if test x"$with_sudo_plugin_path" != x; then
- sudo_pluginpath=$with_sudo_plugin_path
- sudo_config_pluginpath=$with_sudo_plugin_path
- fi
- AC_SUBST(sudo_pluginpath)
- AC_DEFINE_UNQUOTED(SUDO_PLUGINS_PATH, "$sudo_config_pluginpath", [Path to the SSSD data provider plugins])
- ])
-
-
-
-AC_DEFUN([WITH_PID_PATH],
- [ AC_ARG_WITH([pid-path],
- [AC_HELP_STRING([--with-pid-path=PATH],
- [Where to store pid files for the SSSD [/var/run]]
- )
- ]
- )
- config_pidpath="\"VARDIR\"/run"
- pidpath="${localstatedir}/run"
- if test x"$with_pid_path" != x; then
- config_pidpath=$with_pid_path
- pidpath=$with_pid_path
- fi
- AC_SUBST(pidpath)
- AC_DEFINE_UNQUOTED(PID_PATH, "$config_pidpath", [Where to store pid files for the SSSD])
- ])
-
-AC_DEFUN([WITH_LOG_PATH],
- [ AC_ARG_WITH([log-path],
- [AC_HELP_STRING([--with-log-path=PATH],
- [Where to store log files for the SSSD [/var/log/sssd]]
- )
- ]
- )
- config_logpath="\"VARDIR\"/log/sssd"
- logpath="${localstatedir}/log/sssd"
- if test x"$with_log_path" != x; then
- config_logpath=$with_log_path
- logpath=$with_log_path
- fi
- AC_SUBST(logpath)
- AC_DEFINE_UNQUOTED(LOG_PATH, "$config_logpath", [Where to store log files for the SSSD])
- ])
-
-AC_DEFUN([WITH_PUBCONF_PATH],
- [ AC_ARG_WITH([pubconf-path],
- [AC_HELP_STRING([--with-pubconf-path=PATH],
- [Where to store pubconf files for the SSSD [/var/lib/sss/pubconf]]
- )
- ]
- )
- config_pubconfpath="\"VARDIR\"/lib/sss/pubconf"
- pubconfpath="${localstatedir}/lib/sss/pubconf"
- if test x"$with_pubconf_path" != x; then
- config_pubconfpath=$with_pubconf_path
- pubconfpath=$with_pubconf_path
- fi
- AC_SUBST(pubconfpath)
- AC_DEFINE_UNQUOTED(PUBCONF_PATH, "$config_pubconfpath", [Where to store pubconf files for the SSSD])
- ])
-
-AC_DEFUN([WITH_PIPE_PATH],
- [ AC_ARG_WITH([pipe-path],
- [AC_HELP_STRING([--with-pipe-path=PATH],
- [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]]
- )
- ]
- )
- config_pipepath="\"VARDIR\"/lib/sss/pipes"
- pipepath="${localstatedir}/lib/sss/pipes"
- if test x"$with_pipe_path" != x; then
- config_pipepath=$with_pipe_path
- pipepath=$with_pipe_path
- fi
- AC_SUBST(pipepath)
- AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects])
- ])
-
-AC_DEFUN([WITH_INITSCRIPT],
- [ AC_ARG_WITH([initscript],
- [AC_HELP_STRING([--with-initscript=INITSCRIPT_TYPE],
- [Type of your init script (sysv|systemd). [sysv]]
- )
- ]
- )
- default_initscript=sysv
- if test x"$with_initscript" = x; then
- with_initscript=$default_initscript
- fi
-
- if test x"$with_initscript" = xsysv || \
- test x"$with_initscript" = xsystemd; then
- initscript=$with_initscript
- else
- AC_MSG_ERROR([Illegal value -$with_initscript- for option --with-initscript])
- fi
-
- AM_CONDITIONAL([HAVE_SYSV], [test x"$initscript" = xsysv])
- AM_CONDITIONAL([HAVE_SYSTEMD_UNIT], [test x"$initscript" = xsystemd])
- AC_MSG_NOTICE([Will use init script type: $initscript])
- ])
-
-AC_DEFUN([WITH_INIT_DIR],
- [ AC_ARG_WITH([init-dir],
- [AC_HELP_STRING([--with-init-dir=DIR],
- [Where to store init script for sssd [/etc/rc.d/init.d]]
- )
- ]
- )
- initdir="${sysconfdir}/rc.d/init.d"
- if test x$osname == xgentoo; then
- initdir="${sysconfdir}/init.d"
- fi
- if test x"$with_init_dir" != x; then
- initdir=$with_init_dir
- fi
- AC_SUBST(initdir)
- ])
-
-dnl A macro to configure the directory to install the systemd unit files to
-AC_DEFUN([WITH_SYSTEMD_UNIT_DIR],
- [ AC_ARG_WITH([systemdunitdir],
- [ AC_HELP_STRING([--with-systemdunitdir=DIR],
- [Directory for systemd service files [Auto]]
- ),
- ],
- )
- if test x"$with_systemdunitdir" != x; then
- systemdunitdir=$with_systemdunitdir
- else
- systemdunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)
- if test x"$systemdunitdir" = x; then
- AC_MSG_ERROR([Could not detect systemd unit directory])
- fi
- fi
- AC_SUBST(systemdunitdir)
- ])
-
-AC_DEFUN([WITH_MANPAGES],
- [ AC_ARG_WITH([manpages],
- [AC_HELP_STRING([--with-manpages],
- [Whether to regenerate man pages from DocBook sources [yes]]
- )
- ],
- [],
- with_manpages=yes
- )
- if test x"$with_manpages" = xyes; then
- HAVE_MANPAGES=1
- AC_SUBST(HAVE_MANPAGES)
- fi
- ])
-AM_CONDITIONAL([BUILD_MANPAGES], [test x$with_manpages = xyes])
-
-AC_DEFUN([WITH_XML_CATALOG],
- [ AC_ARG_WITH([xml-catalog-path],
- [AC_HELP_STRING([--with-xml-catalog-path=PATH],
- [Where to look for XML catalog [/etc/xml/catalog]]
- )
- ]
- )
- SGML_CATALOG_FILES="/etc/xml/catalog"
- if test x"$with_xml_catalog_path" != x; then
- SGML_CATALOG_FILES="$with_xml_catalog_path"
- fi
- AC_SUBST([SGML_CATALOG_FILES])
- ])
-
-AC_DEFUN([WITH_KRB5_PLUGIN_PATH],
- [ AC_ARG_WITH([krb5-plugin-path],
- [AC_HELP_STRING([--with-krb5-plugin-path=PATH],
- [Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5]]
- )
- ]
- )
- krb5pluginpath="${libdir}/krb5/plugins/libkrb5"
- if test x"$with_krb5_plugin_path" != x; then
- krb5pluginpath=$with_krb5_plugin_path
- fi
- AC_SUBST(krb5pluginpath)
- ])
-
-AC_DEFUN([WITH_PYTHON_BINDINGS],
- [ AC_ARG_WITH([python-bindings],
- [AC_HELP_STRING([--with-python-bindings],
- [Whether to build python bindings [yes]]
- )
- ],
- [],
- with_python_bindings=yes
- )
- if test x"$with_python_bindings" = xyes; then
- HAVE_PYTHON_BINDINGS=1
- AC_SUBST(HAVE_PYTHON_BINDINGS)
- fi
- AM_CONDITIONAL([BUILD_PYTHON_BINDINGS], [test x"$with_python_bindings" = xyes])
- ])
-
-AC_DEFUN([WITH_SELINUX],
- [ AC_ARG_WITH([selinux],
- [AC_HELP_STRING([--with-selinux],
- [Whether to build with SELinux support [yes]]
- )
- ],
- [],
- with_selinux=yes
- )
- if test x"$with_selinux" = xyes; then
- HAVE_SELINUX=1
- AC_SUBST(HAVE_SELINUX)
- AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1, [Build with SELinux support])
- fi
- AM_CONDITIONAL([BUILD_SELINUX], [test x"$with_selinux" = xyes])
- ])
-
-AC_DEFUN([WITH_TEST_DIR],
- [ AC_ARG_WITH([test-dir],
- [AC_HELP_STRING([--with-test-dir=PATH],
- [Directory used for make check temporary files [$builddir]]
- )
- ]
- )
- TEST_DIR=$with_test_dir
- AC_SUBST(TEST_DIR)
- AC_DEFINE_UNQUOTED(TEST_DIR, "$with_test_dir", [Directory used for 'make check' temporary files])
- ])
-
-AC_DEFUN([WITH_NSCD],
- [ AC_ARG_WITH([nscd],
- [AC_HELP_STRING([--with-nscd],
- [Whether to attempt to flush nscd cache after local domain operations [yes]]
- )
- ],
- [],
- with_nscd=yes
- )
- if test x"$with_nscd" = xyes; then
- AC_DEFINE_UNQUOTED(HAVE_NSCD, 1, [flush nscd cache after local domain operations])
- fi
- ])
-
-AC_DEFUN([WITH_SEMANAGE],
- [ AC_ARG_WITH([semanage],
- [AC_HELP_STRING([--with-semanage],
- [Whether to build with SELinux user management support [yes]]
- )
- ],
- [],
- with_semanage=yes
- )
- if test x"$with_semanage" = xyes; then
- HAVE_SEMANAGE=1
- AC_SUBST(HAVE_SEMANAGE)
- AC_DEFINE_UNQUOTED(HAVE_SEMANAGE, 1, [Build with SELinux support])
- fi
- AM_CONDITIONAL([BUILD_SEMANAGE], [test x"$with_semanage" = xyes])
- ])
-
-AC_DEFUN([WITH_LIBNL],
- [ AC_ARG_WITH([libnl],
- [AC_HELP_STRING([--with-libnl],
- [Whether to build with libnetlink support [AUTO]]
- )
- ],
- [],
- with_libnl=yes
- )
- if test x"$with_libnl" = xyes; then
- BUILD_LIBNL=1
- AC_SUBST(BUILD_LIBNL)
- fi
- ])
-
-AC_DEFUN([WITH_CRYPTO],
- [ AC_ARG_WITH([crypto],
- [AC_HELP_STRING([--with-crypto=CRYPTO_LIB],
- [The cryptographic library to use (nss|libcrypto). The default is nss.]
- )
- ],
- [],
- with_crypto=nss
- )
-
- cryptolib=""
- if test x"$with_crypto" != x; then
- if test x"$with_crypto" = xnss || \
- test x"$with_crypto" = xlibcrypto; then
- cryptolib="$with_crypto";
- else
- AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto])
- fi
- fi
- AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss])
- AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto])
- ])
-
-AC_DEFUN([WITH_NOLOGIN_SHELL],
- [ AC_ARG_WITH([nologin-shell],
- [AC_HELP_STRING([--with-nologin-shell=PATH],
- [The shell used to deny access to users [/sbin/nologin]]
- )
- ]
- )
- nologin_shell="/sbin/nologin"
- if test x"$with_nologin_shell" != x; then
- nologin_shell=$with_nologin_shell
- fi
- AC_DEFINE_UNQUOTED(NOLOGIN_SHELL, "$nologin_shell", [The shell used to deny access to users])
- ])
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index e9a126e0..0be7a538 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -825,7 +825,7 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
}
tmp_entry[c] = talloc_zero(tmp_entry,
- struct sysdb_netgroup_ctx);
+ struct sysdb_netgroup_ctx);
if (!tmp_entry[c]) {
ret = ENOMEM;
goto done;
@@ -833,10 +833,10 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
tmp_entry[c]->type = SYSDB_NETGROUP_TRIPLE_VAL;
ret = sysdb_netgr_split_triple(tmp_entry[c],
- triple_str,
- &tmp_entry[c]->value.triple.hostname,
- &tmp_entry[c]->value.triple.username,
- &tmp_entry[c]->value.triple.domainname);
+ triple_str,
+ &tmp_entry[c]->value.triple.hostname,
+ &tmp_entry[c]->value.triple.username,
+ &tmp_entry[c]->value.triple.domainname);
if (ret != EOK) {
goto done;
}
@@ -848,7 +848,7 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
if (el != NULL) {
for(j = 0; j < el->num_values; j++) {
tmp_entry[c] = talloc_zero(tmp_entry,
- struct sysdb_netgroup_ctx);
+ struct sysdb_netgroup_ctx);
if (!tmp_entry[c]) {
ret = ENOMEM;
goto done;
@@ -856,8 +856,8 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
tmp_entry[c]->type = SYSDB_NETGROUP_GROUP_VAL;
tmp_entry[c]->value.groupname = talloc_strndup(tmp_entry[c],
- (const char *)el->values[j].data,
- el->values[j].length);
+ (const char *)el->values[j].data,
+ el->values[j].length);
if (tmp_entry[c]->value.groupname == NULL) {
ret = ENOMEM;
goto done;
@@ -875,7 +875,7 @@ errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
*entries = talloc_steal(mem_ctx, tmp_entry);
ret = EOK;
-done:
+ done:
talloc_free(tmp_ctx);
return ret;
}
diff --git a/src/list_sss/list_sss.c b/src/list_sss/list_sss.c
index dff2d5ff..9519f798 100644
--- a/src/list_sss/list_sss.c
+++ b/src/list_sss/list_sss.c
@@ -9,10 +9,10 @@
/*
-** initList()
-** initialize a list
-**
-*/
+ ** initList()
+ ** initialize a list
+ **
+ */
void initList(list_sss **list)
{
(*list)=NULL;
@@ -20,10 +20,10 @@ void initList(list_sss **list)
/*
-** allocateNode()
-** allocate a new node.
-**
-*/
+ ** allocateNode()
+ ** allocate a new node.
+ **
+ */
list_sss *allocateNode(TALLOC_CTX *ctx,void *data)
{
@@ -43,9 +43,9 @@ list_sss *allocateNode(TALLOC_CTX *ctx,void *data)
}
/*
-** appendNode()
-** appends a node to the end of a list
-*/
+ ** appendNode()
+ ** appends a node to the end of a list
+ */
void appendNode(TALLOC_CTX * ctx,list_sss **head,void * data)
{
@@ -64,10 +64,10 @@ void appendNode(TALLOC_CTX * ctx,list_sss **head,void * data)
/*
-** is_empty_list()
-** check if a list variable is NULL
-**
-*/
+ ** is_empty_list()
+ ** check if a list variable is NULL
+ **
+ */
Bool is_empty_list(list_sss *list)
{
@@ -75,10 +75,10 @@ Bool is_empty_list(list_sss *list)
}
/*
-** delNode()
-** remove a node from a list
-**
-*/
+ ** delNode()
+ ** remove a node from a list
+ **
+ */
int delNode(list_sss **head,list_sss *node)
{
if (is_empty_list(*head) == TRUE)
@@ -102,9 +102,9 @@ int delNode(list_sss **head,list_sss *node)
/*
-** getNthNode()
-** get nth node in a list
-*/
+ ** getNthNode()
+ ** get nth node in a list
+ */
list_sss *getNthNode(list_sss *list,int n)
{
@@ -125,10 +125,10 @@ list_sss *getNthNode(list_sss *list,int n)
/*
-** numNodes()
-** returns number of nodes in the list
-**
-*/
+ ** numNodes()
+ ** returns number of nodes in the list
+ **
+ */
size_t numNodes(list_sss **head)
{
diff --git a/src/list_sss/list_sss.h b/src/list_sss/list_sss.h
index 40b76271..a8f0f92e 100644
--- a/src/list_sss/list_sss.h
+++ b/src/list_sss/list_sss.h
@@ -32,26 +32,23 @@
#endif
typedef int Bool;
-typedef void (*Vfunc)(void **);
-typedef int (*Ifunc)(void *,void *);
+
/*
-** the linked list structure
-*/
+ ** the linked list structure
+ */
typedef struct _list_sss
{
- void
- *data; /* void pointer for user data */
+ void *data;
- struct _list_sss
- *next; /* pointer to next node */
+ struct _list_sss *next;
} list_sss;
/*
-** function prototypes
-*/
+ ** function prototypes
+ */
void initList (list_sss **list);
list_sss *allocateNode (TALLOC_CTX *ctx,void *data);
void appendNode (TALLOC_CTX *ctx,list_sss **list,void * data);
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index 5f11ea33..8e7aaf6a 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -30,6 +30,8 @@
#include <sys/time.h>
#include <errno.h>
#include <fnmatch.h>
+#include <netdb.h>
+
#include <popt.h>
#include "dhash.h"
@@ -63,10 +65,36 @@ static int sudo_client_destructor(void *ctx)
return 0;
}
-int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *res){
+char * get_host_name(TALLOC_CTX* ctx){
+ return "arun.scaria.com";
+ struct addrinfo hints, *info, *p;
+ int gai_result;
+
+ char hostname[1024];
+ hostname[1024]='\0';
+ gethostname(hostname, 1023);
+
+ memset(&hints, 0, sizeof hints);
+ hints.ai_family = AF_UNSPEC; /*either IPV4 or IPV6*/
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_CANONNAME;
+
+ if ((gai_result = getaddrinfo(hostname, "http", &hints, &info)) != 0) {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(gai_result));
+ exit(1);
+ }
+
+
+ return talloc_asprintf(ctx,"%s", p->ai_canonname);
+
+}
+
+errno_t prepare_filter(char ** filter_in,uid_t user_id,char * host, struct ldb_result *res){
int i,ret=EOK;
- filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id);
+ char *filter;
+
+ filter = talloc_asprintf_append(*filter_in,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id);
if (!filter) {
DEBUG(0, ("Failed to build filter - %s\n",filter));
ret = ENOMEM;
@@ -107,6 +135,7 @@ int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *r
goto done;
}
done:
+ *filter_in = filter;
if(ret!=ENOMEM) return EOK;
else return ret;
@@ -123,12 +152,12 @@ int compare_sudo_order(const struct ldb_message **msg1, const struct ldb_message
}
-int search_sudo_rules(struct sudo_client *sudocli,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info * domain,
- char * user_name,
- uid_t user_id,
- struct sss_sudo_msg_contents *sudo_msg) {
+errno_t search_sudo_rules(struct sudo_client *sudocli,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info * domain,
+ const char * user_name,
+ uid_t user_id,
+ struct sss_sudo_msg_contents *sudo_msg) {
TALLOC_CTX *tmpctx;
const char *attrs[] = { SYSDB_SUDO_CONTAINER_ATTR,
SYSDB_SUDO_USER_ATTR,
@@ -147,19 +176,24 @@ int search_sudo_rules(struct sudo_client *sudocli,
struct ldb_result *res;
int ret;
size_t count;
- int i,j,flag=0;
- double order;
+ int i,flag=0;
TALLOC_CTX *listctx;
list_sss *list, *current, *tmp;
struct sudo_cmd_ctx * sudo_cmnd;
- char * host = "arun.scaria.com";
-
+ char * host,*tmphost,*domain_name ;
fprintf(stdout,"in Sudo rule\n");
tmpctx = talloc_new(sudocli);
if (!tmpctx) {
return ENOMEM;
}
+ host = get_host_name(tmpctx);
+ if (!host) {
+ DEBUG(0, ("Failed to build hostname - %s\n",filter));
+ ret = ENOMEM;
+ goto done;
+ }
+ DEBUG(0, ("Host - %s\n",host));
ret = sysdb_get_groups_by_user(tmpctx,
sysdb,
@@ -178,14 +212,14 @@ int search_sudo_rules(struct sudo_client *sudocli,
ret = ENOMEM;
goto done;
}
- ret = prepare_filter(filter,user_id,host, res);
+ ret = prepare_filter(&filter,user_id,host, res);
if (ret==ENOMEM) {
DEBUG(0, ("Failed to build filter - %s\n",filter));
goto done;
}
- DEBUG(0,(stdout,"Filter - %s\n",filter));
+ DEBUG(0,("Filter - %s\n",filter));
ret = sysdb_search_sudo_rules(tmpctx,
sysdb,
domain,
@@ -245,12 +279,18 @@ int search_sudo_rules(struct sudo_client *sudocli,
}
flag = 0;
/* see if this is a user */
- for (j = 0; j < el->num_values; j++) {
- DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[j].data)));
+ for (i = 0; i < el->num_values; i++) {
+ DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[i].data)));
/* Do command elimination here */
tmpcmd = talloc_asprintf(listctx,
"%s",
- (const char *) (el->values[j].data));
+ (const char *) (el->values[i].data));
+
+ if(fstrcmp(tmpcmd,"ALL") == 0){
+ current=current->next;
+ flag=1;
+ break;
+ }
space = strchr(tmpcmd,' ');
if(space != NULL) {
*space = '\0';
@@ -282,7 +322,72 @@ int search_sudo_rules(struct sudo_client *sudocli,
current = tmp;
}
+ ///
+ ret = unsetenv("_SSS_LOOPS");
+ if (ret != EOK) {
+ DEBUG(0, ("Failed to unset _SSS_LOOPS, "
+ "sudo rule elimination might not work as expected.\n"));
+ }
+
+ current = list;
+ domain_name = sysdb->domain->name;
+ while(current!=NULL) {
+
+
+
+ DEBUG(0, ("\n\n\n\n--sudoOrder: %f\n",
+ ldb_msg_find_attr_as_double((struct ldb_message *)current->data,
+ SYSDB_SUDO_ORDER_ATTR,
+ 0.0)));
+ DEBUG(0, ("--dn: %s----\n",
+ ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
+ el = ldb_msg_find_element((struct ldb_message *)current->data,
+ SYSDB_SUDO_HOST_ATTR);
+
+ if (!el) {
+ DEBUG(0, ("Failed to get sudo hosts for sudorule [%s]\n",
+ ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
+ current = current->next;
+ continue;
+ }
+ flag = 0;
+
+ for (i = 0; i < el->num_values; i++) {
+
+ DEBUG(0, ("sudoHost: %s\n" ,(const char *) (el->values[i].data)));
+ tmphost = ( char *) (el->values[i].data);
+ if(strcmp(tmphost,"ALL")==0){
+ current=current->next;
+ flag=1;
+ break;
+ }
+ else if(tmphost[0] == '+'){
+ ++tmphost;
+ if(innetgr(tmphost,host,NULL,domain_name) == 1){
+ current=current->next;
+ flag=1;
+ break;
+
+ }
+ }
+ else {
+ if(strcmp(tmphost,host)==0){
+ current=current->next;
+ flag=1;
+ break;
+ }
+ }
+
+ }
+ if(flag==1) {
+ continue;
+ }
+ tmp = current->next;
+ delNode(&list,current);
+ current = tmp;
+ }
+ setenv("_SSS_LOOPS", "NO", 0);
talloc_free(listctx);
@@ -480,7 +585,7 @@ static int sudo_query_validation(DBusMessage *message, struct sbus_connection *c
}
user_name = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_NAME, NULL);
- user_id = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_UIDNUM, NULL);
+ user_id = ldb_msg_find_attr_as_uint64(ldb_msg, SYSDB_UIDNUM, 0);
ret = search_sudo_rules(sudocli, sysdblist[i],sysdblist[i]->domain, "tom",user_id,msg);
if(ret != EOK){
DEBUG(0, ("Error in rule"));
diff --git a/src/responder/sudo/sudosrv.c~ b/src/responder/sudo/sudosrv.c~
deleted file mode 100644
index 762cea9b..00000000
--- a/src/responder/sudo/sudosrv.c~
+++ /dev/null
@@ -1,846 +0,0 @@
-/*
- SSSD
-
- SUDO Responder
-
- Copyright (C) Arun Scaria <arunscaria91@gmail.com> (2011)
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <string.h>
-#include <sys/time.h>
-#include <errno.h>
-#include <fnmatch.h>
-
-#include <popt.h>
-#include "dhash.h"
-#include "util/util.h"
-#include "db/sysdb.h"
-#include "db/sysdb_private.h"
-#include "sbus/sbus_client.h"
-#include "sbus/sssd_dbus_messages_helpers.h"
-#include "responder/common/responder.h"
-#include "responder/common/negcache.h"
-#include "responder/common/responder_packet.h"
-
-#include "responder/sudo/sudosrv.h"
-#include "sss_client/sudo_plugin/sss_sudo_cli.h"
-#include "sbus/sbus_client.h"
-#include "responder/common/responder_packet.h"
-#include "providers/data_provider.h"
-#include "monitor/monitor_interfaces.h"
-#include "list_sss/list_sss.h"
-
-
-
-
-static int sudo_client_destructor(void *ctx)
-{
- struct sudo_client *sudocli = talloc_get_type(ctx, struct sudo_client);
- if (sudocli) {
- talloc_zfree(sudocli);
- DEBUG(4, ("Removed Sudo client\n"));
- }
- return 0;
-}
-
-int prepare_filter(char * filter,uid_t user_id,char * host, struct ldb_result *res){
-
- int i,ret=EOK;
- filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=#%d)",user_id);
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
- filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=+*)");
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
-
-
- for(i=0;i< res->count;i++){
- filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=%s)",ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL));
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
- }
- filter = talloc_asprintf_append(filter,")("SYSDB_SUDO_HOST_ATTR"=+*)");
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
- filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=ALL)");
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
- filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=%s)",host);
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
- done:
- if(ret!=ENOMEM) return EOK;
- else return ret;
-
-}
-
-
-int compare_sudo_order(const struct ldb_message **msg1, const struct ldb_message **msg2)
-{
- double order_msg1 = ldb_msg_find_attr_as_double(*msg1, SYSDB_SUDO_ORDER_ATTR, 0.0);
- double order_msg2 = ldb_msg_find_attr_as_double(*msg2, SYSDB_SUDO_ORDER_ATTR, 0.0);
- if(order_msg1>order_msg2) return 1;
- else if (order_msg1==order_msg1) return 0;
- else return -1;
-}
-
-
-int search_sudo_rules(struct sudo_client *sudocli,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info * domain,
- char * user_name,
- uid_t user_id,
- struct sss_sudo_msg_contents *sudo_msg) {
- TALLOC_CTX *tmpctx;
- const char *attrs[] = { SYSDB_SUDO_CONTAINER_ATTR,
- SYSDB_SUDO_USER_ATTR,
- SYSDB_SUDO_HOST_ATTR,
- SYSDB_SUDO_OPTION_ATTR,
- SYSDB_SUDO_COMMAND_ATTR,
- SYSDB_SUDO_RUNAS_USER_ATTR,
- SYSDB_SUDO_RUNAS_GROUP_ATTR,
- SYSDB_SUDO_NOT_BEFORE_ATTR,
- SYSDB_SUDO_NOT_AFTER_ATTR,
- SYSDB_SUDO_ORDER_ATTR,
- NULL };
- char *filter = NULL, *tmpcmd,*space;
- struct ldb_message **sudo_rules_msgs;
- struct ldb_message_element *el;
- struct ldb_result *res;
- int ret;
- size_t count;
- int i,j,flag=0;
- double order;
- TALLOC_CTX *listctx;
- list_sss *list, *current, *tmp;
- struct sudo_cmd_ctx * sudo_cmnd;
- char * host = "arun.scaria.com";
-
-
- fprintf(stdout,"in Sudo rule\n");
- tmpctx = talloc_new(sudocli);
- if (!tmpctx) {
- return ENOMEM;
- }
-
- ret = sysdb_get_groups_by_user(tmpctx,
- sysdb,
- domain,
- user_name,
- &res);
- if (ret) {
- if (ret == ENOENT) {
- ret = EOK;
- }
- goto done;
- }
- filter = talloc_asprintf(tmpctx,"|(|("SYSDB_SUDO_USER_ATTR"=%s)",user_name);
- if (!filter) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- ret = ENOMEM;
- goto done;
- }
- ret = prepare_filter(filter,user_id,host, res);
- if (ret==ENOMEM) {
- DEBUG(0, ("Failed to build filter - %s\n",filter));
- goto done;
- }
-
-
- DEBUG(0,(stdout,"Filter - %s\n",filter));
- ret = sysdb_search_sudo_rules(tmpctx,
- sysdb,
- domain,
- filter,
- attrs,
- &count,
- &sudo_rules_msgs);
-
- if (ret) {
- if (ret == ENOENT) {
- ret = EOK;
- }
- goto done;
- }
-
- DEBUG(0, ("Found %d sudo rule entries!\n\n", count));
-
- if (count == 0) {
- ret = EOK;
- goto done;
- }
-
- qsort(sudo_rules_msgs,count,sizeof(struct ldb_message *), (__compar_fn_t)compare_sudo_order);
-
- listctx = talloc_new(NULL);
- if (!listctx) {
- return ENOMEM;
- }
- initList(&list);
-
- for(i=0; i< count ; i++) {
- appendNode(listctx, &list, sudo_rules_msgs[i]);
- }
- current = list;
- sudo_cmnd = talloc(listctx,struct sudo_cmd_ctx);
-
- while(current!=NULL) {
-
-
-
- DEBUG(0, ("--sudoOrder: %f\n",
- ldb_msg_find_attr_as_double((struct ldb_message *)current->data,
- SYSDB_SUDO_ORDER_ATTR,
- 0.0)));
- DEBUG(0, ("--dn: %s----\n",
- ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
-
- el = ldb_msg_find_element((struct ldb_message *)current->data,
- SYSDB_SUDO_COMMAND_ATTR);
- if (!el) {
- DEBUG(0, ("Failed to get sudo commands for sudorule [%s]\n",
- ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
- tmp = current->next;
- delNode(&list,current);
- current = tmp;
- continue;
- }
- flag = 0;
- /* see if this is a user */
- for (j = 0; j < el->num_values; j++) {
- DEBUG(0, ("sudoCommand: %s\n" ,(const char *) (el->values[j].data)));
- /* Do command elimination here */
- tmpcmd = talloc_asprintf(listctx,
- "%s",
- (const char *) (el->values[j].data));
- space = strchr(tmpcmd,' ');
- if(space != NULL) {
- *space = '\0';
- sudo_cmnd->arg= (space +1);
- }
- else
- sudo_cmnd->arg= NULL;
-
- if(tmpcmd[0]=='!') {
- sudo_cmnd->fqcomnd=tmpcmd+1;
- }
- else {
- sudo_cmnd->fqcomnd=tmpcmd;
- }
-
- if(fnmatch(sudo_cmnd->fqcomnd,sudo_msg->fq_command,FNM_PATHNAME) == 0){
- current=current->next;
- flag=1;
- break;
- }
- }
-
- if(flag==1) {
- continue;
- }
-
- tmp = current->next;
- delNode(&list,current);
- current = tmp;
-
- }
- ///
- current = list;
- while(current!=NULL) {
-
-
-
- DEBUG(0, ("\n\n\n\n--sudoOrder: %f\n",
- ldb_msg_find_attr_as_double((struct ldb_message *)current->data,
- SYSDB_SUDO_ORDER_ATTR,
- 0.0)));
- DEBUG(0, ("--dn: %s----\n",
- ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
-
- el = ldb_msg_find_element((struct ldb_message *)current->data,
- SYSDB_SUDO_COMMAND_ATTR);
- if (!el) {
- DEBUG(0, ("Failed to get sudo commands for sudorule [%s]\n",
- ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
-
-
- }
- current = current->next;
- }
-
- /*el = ldb_msg_find_element((struct ldb_message *)current->data, SYSDB_SUDO_USER_ATTR);
- if (!el) {
- DEBUG(0, ("Failed to get sudo Users for sudorule [%s]\n",
- ldb_dn_get_linearized(msgs[i]->dn)));
- continue;
- }*/
-
- talloc_free(listctx);
-
- done:
- talloc_zfree(tmpctx);
- return ret;
-}
-
-
-static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn)
-{
-
- dbus_uint32_t header = SSS_SUDO_RESPONDER_HEADER,command_size;
- struct sudo_client *sudocli;
- DBusMessage *reply;
- DBusError dbus_error;
- DBusMessageIter msg_iter;
- DBusMessageIter subItem;
- char **ui;
- char **command_array;
- int ret = -1;
- dbus_bool_t dbret;
- void *data;
- int count = 0, i = 0;
- hash_table_t *settings_table;
- hash_table_t *env_table;
- char * result;
- struct sss_sudo_msg_contents * msg;
- struct sysdb_ctx **sysdblist;
- TALLOC_CTX * tmpctx;
- struct ldb_message *ldb_msg;
- size_t no_ldbs = 0;
- const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL};
- const char * user_name;
- uid_t user_id;
-
- result = strdup("PASS");
-
- data = sbus_conn_get_private_data(conn);
- sudocli = talloc_get_type(data, struct sudo_client);
- if (!sudocli) {
- DEBUG(0, ("Connection holds no valid init data\n"));
- return SSS_SUDO_RESPONDER_CONNECTION_ERR;
- }
-
- msg = talloc((TALLOC_CTX *)sudocli,struct sss_sudo_msg_contents);
-
- /* First thing, cancel the timeout */
- DEBUG(4, ("Cancel SUDO client timeout [%p]\n", sudocli->timeout));
- talloc_zfree(sudocli->timeout);
-
- dbus_error_init(&dbus_error);
-
- if (!dbus_message_iter_init(message, &msg_iter)) {
- fprintf(stderr, "Message received as empty!\n");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
-
- if(DBUS_TYPE_STRUCT != dbus_message_iter_get_arg_type(&msg_iter)) {
- fprintf(stderr, "Argument is not struct!\n");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else{
- dbus_message_iter_recurse(&msg_iter,&subItem);
- }
-
- if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&subItem)) {
- fprintf(stderr,"UID failed");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else {
- dbus_message_iter_get_basic(&subItem, &msg->userid);
- dbus_message_iter_next (&subItem);
- }
-
- if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) {
- fprintf(stderr,"CWD failed");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else {
- dbus_message_iter_get_basic(&subItem, &msg->cwd);
- dbus_message_iter_next (&subItem);
- }
-
- if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) {
- fprintf(stderr,"TTY failed");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else {
- dbus_message_iter_get_basic(&subItem, &msg->tty);
- dbus_message_iter_next (&subItem);
- }
- if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) {
- fprintf(stderr,"FQ Command failed");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else {
- dbus_message_iter_get_basic(&subItem, &msg->fq_command);
- }
-
- fprintf(stdout,"-----------Message---------\n"
- "uid : %d\ncwd : %s\ntty : %s\nFQ Command: %s\n",msg->userid,msg->cwd,msg->tty,msg->fq_command);
-
- dbus_message_iter_next (&msg_iter);
-
- if(DBUS_TYPE_UINT32 != dbus_message_iter_get_arg_type(&msg_iter)) {
- fprintf(stderr,"array size failed");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else {
- dbus_message_iter_get_basic(&msg_iter, &msg->command_count);
- fprintf(stdout,"Command array size: %d\n",msg->command_count);
- }
- dbus_message_iter_next (&msg_iter);
-
- command_array = (char**)malloc(msg->command_count*sizeof(char *));
- fprintf(stdout,"command : ");
-
- if( DBUS_TYPE_ARRAY != dbus_message_iter_get_arg_type(&msg_iter)) {
- fprintf(stderr, "Command array failed!\n");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
- else{
- dbus_message_iter_recurse(&msg_iter,&subItem);
- }
-
- for(ui = command_array,count = msg->command_count; count--; ui++)
- {
- if(DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&subItem)) {
- printf("string array content failed");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
-
- }
- else {
- dbus_message_iter_get_basic(&subItem, ui);
- fprintf(stdout,"%s ",*ui);
- if(!dbus_message_iter_next (&subItem)) {
- /*"Array ended. */
- break;
- }
- }
- }
- fprintf(stdout,"\n");
-
- msg->command = command_array;
- dbus_message_iter_next(&msg_iter);
-
- if( dbus_msg_iter_to_dhash(&msg_iter, &settings_table)!= SSS_SBUS_CONV_SUCCESS){
- fprintf(stderr, "settings table corrupted!\n");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
-
- dbus_message_iter_next(&msg_iter);
-
- if( dbus_msg_iter_to_dhash(&msg_iter, &env_table)!= SSS_SBUS_CONV_SUCCESS){
- fprintf(stderr, "environment table corrupted!\n");
- return SSS_SUDO_RESPONDER_MESSAGE_ERR;
- }
-
- DEBUG(0, ("-----------Message END---------\n"));
- //////////////////
-
- tmpctx = talloc_new(NULL);
- if (!tmpctx) {
- return ENOMEM;
- }
- i=0;
- sysdblist = sudocli->sudoctx->rctx->db_list->dbs;
- no_ldbs = sudocli->sudoctx->rctx->db_list->num_dbs;
- i=0;
- while(i < no_ldbs) {
-
- ret = sysdb_search_user_by_uid(tmpctx,
- sysdblist[i],
- sysdblist[i]->domain,
- msg->userid,
- attrs,
- &ldb_msg);
- if (ret != EOK) {
- i++;
- DEBUG(0, ("No User matched\n"));
- if (ret == ENOENT) {
-
- continue;
- }
- DEBUG(0, ("sysdb_search_user_by_uid Returned something other that ENOENT\n"));
- continue;
- }
- break;
-
- }
- if(ldb_msg == NULL) {
- DEBUG(0, ("NoUserEntryFound Error. Exit with error message.\n"));
- goto free_ctx;
- }
-
- user_name = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_NAME, NULL);
- user_id = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_UIDNUM, NULL);
- ret = search_sudo_rules(sudocli, sysdblist[i],sysdblist[i]->domain, "tom",user_id,msg);
- if(ret != EOK){
- DEBUG(0, ("Error in rule"));
- }
-
- free_ctx:
- talloc_zfree(tmpctx);
- /////////////////////
-
-
- talloc_set_destructor((TALLOC_CTX *)sudocli, sudo_client_destructor);
-
- DEBUG(4, ("Got string [%s]\n", msg->cwd));
-
- /* reply that all is ok */
- reply = dbus_message_new_method_return(message);
- if (!reply) {
- DEBUG(0, ("Dbus Out of memory!\n"));
- return SSS_SUDO_RESPONDER_REPLY_ERR;
- }
-
- command_size = msg->command_count;
- dbret = dbus_message_append_args(reply,
- DBUS_TYPE_UINT32, &header,
- DBUS_TYPE_STRING,&result,
- DBUS_TYPE_INVALID);
- if (!dbret) {
- DEBUG(0, ("Failed to build sudo dbus reply\n"));
- dbus_message_unref(reply);
- sbus_disconnect(conn);
- return SSS_SUDO_RESPONDER_REPLY_ERR;
- }
-
- dbus_message_iter_init_append(reply, &msg_iter);
-
- if(!dbus_message_iter_open_container(&msg_iter,
- DBUS_TYPE_ARRAY,
- "s",
- &subItem)) {
- fprintf(stderr, "Out Of Memory!\n");
- return SSS_SUDO_RESPONDER_REPLY_ERR;
- }
-
- for(command_array = msg->command ; command_size-- ; command_array++) {
-
- if (!dbus_message_iter_append_basic(&subItem,
- DBUS_TYPE_STRING,
- command_array)) {
- fprintf(stderr, "Out Of Memory!\n");
- return SSS_SUDO_RESPONDER_REPLY_ERR;
- }
- }
-
- if (!dbus_message_iter_close_container(&msg_iter,&subItem)) {
- fprintf(stderr, "Out Of Memory!\n");
- return SSS_SUDO_RESPONDER_REPLY_ERR;
- }
-
- if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){
- fprintf(stderr,"fatal: env message framing failed.");
- return SSS_SUDO_RESPONDER_DHASH_ERR;
- }
-
- /* send reply back */
- sbus_conn_send_reply(conn, reply);
- dbus_message_unref(reply);
-
- sudocli->initialized = true;
- free(result);
- return EOK;
-}
-
-static void init_timeout(struct tevent_context *ev,
- struct tevent_timer *te,
- struct timeval t, void *ptr)
-{
- struct sudo_client *sudocli;
-
- DEBUG(2, ("Client timed out [%p]!\n", te));
-
- sudocli = talloc_get_type(ptr, struct sudo_client);
-
- sbus_disconnect(sudocli->conn);
- talloc_zfree(sudocli);
-}
-
-static int sudo_client_init(struct sbus_connection *conn, void *data)
-{
- struct sudo_ctx *sudoctx;
- struct sudo_client *sudocli;
- struct timeval tv;
-
- sudoctx = talloc_get_type(data, struct sudo_ctx);
-
- /* hang off this memory to the connection so that when the connection
- * is freed we can potentially call a destructor */
-
- sudocli = talloc(conn, struct sudo_client);
- if (!sudocli) {
- DEBUG(0,("Out of memory?!\n"));
- talloc_zfree(conn);
- return ENOMEM;
- }
- sudocli->sudoctx = sudoctx;
- sudocli->conn = conn;
- sudocli->initialized = false;
-
- /* 5 seconds should be plenty */
- tv = tevent_timeval_current_ofs(5, 0);
-
- sudocli->timeout = tevent_add_timer(sudoctx->rctx->ev, sudocli, tv, init_timeout, sudocli);
- if (!sudocli->timeout) {
- DEBUG(0,("Out of memory?!\n"));
- talloc_zfree(conn);
- return ENOMEM;
- }
- DEBUG(4, ("Set-up Sudo client timeout [%p]\n", sudocli->timeout));
-
- /* Attach the client context to the connection context, so that it is
- * always available when we need to manage the connection. */
- sbus_conn_set_private_data(conn, sudocli);
-
- return EOK;
-}
-static void sudo_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt)
-{
- struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn);
- int ret;
-
- /* Did we reconnect successfully? */
- if (status == SBUS_RECONNECT_SUCCESS) {
- DEBUG(1, ("Reconnected to the Data Provider.\n"));
-
- /* Identify ourselves to the data provider */
- ret = dp_common_send_id(be_conn->conn,
- DATA_PROVIDER_VERSION,
- "PAM");
- /* all fine */
- if (ret == EOK) return;
- }
-
- /* Handle failure */
- DEBUG(0, ("Could not reconnect to %s provider.\n",
- be_conn->domain->name));
-
-
-}
-
-int sudo_server_init(TALLOC_CTX *mem_ctx,
- struct sudo_ctx *_ctx)
-{
-
- int ret;
- struct sbus_connection *serv;
-
-
- DEBUG(1, ("Setting up the sudo server.\n"));
-
-
-
- ret = sbus_new_server(mem_ctx,
- _ctx->rctx->ev,
- SSS_SUDO_SERVICE_PIPE,
- &sudo_monitor_interface,
- &serv,
- sudo_client_init,
- _ctx);
- if (ret != EOK) {
- DEBUG(0, ("Could not set up sudo sbus server.\n"));
- return ret;
- }
-
- return EOK;
-
-}
-
-struct cli_protocol_version *register_cli_protocol_version(void)
-{
- static struct cli_protocol_version sudo_cli_protocol_version[] = {
- {0, NULL, NULL}
- };
-
- return sudo_cli_protocol_version;
-}
-
-struct sss_cmd_table *get_sudo_cmds(void)
-{
- static struct sss_cmd_table sss_cmds[] = {
- {SSS_SUDO_AUTHENTICATE, NULL},
- {SSS_SUDO_INVALIDATE, NULL},
- {SSS_SUDO_VALIDATE, NULL},
- {SSS_SUDO_LIST, NULL},
- {SSS_CLI_NULL, NULL}
- };
-
- return sss_cmds;
-}
-
-int sudo_process_init(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct confdb_ctx *cdb)
-{
- struct sss_cmd_table *sudo_cmds;
- struct be_conn *iter;
- struct sudo_ctx *ctx;
- int ret, max_retries;
- int id_timeout;
-
-
- ctx = talloc_zero(mem_ctx, struct sudo_ctx);
- if (!ctx) {
- DEBUG(0, ("fatal error initializing sudo_ctx\n"));
- return ENOMEM;
- }
- sudo_cmds = get_sudo_cmds();
- ret = sss_process_init(ctx,
- ev,
- cdb,
- sudo_cmds,
- SSS_SUDO_SOCKET_NAME,
- SSS_SUDO_PRIV_SOCKET_NAME,
- CONFDB_SUDO_CONF_ENTRY,
- SSS_SUDO_SBUS_SERVICE_NAME,
- SSS_SUDO_SBUS_SERVICE_VERSION,
- &sudo_monitor_interface,
- "SUDO", &sudo_dp_interface,
- &ctx->rctx);
- if (ret != EOK) {
- goto done;
- }
-
-
- ctx->rctx->pvt_ctx = ctx;
-
-
-
- ret = confdb_get_int(ctx->rctx->cdb, ctx->rctx, CONFDB_SUDO_CONF_ENTRY,
- CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
- if (ret != EOK) {
- DEBUG(0, ("Failed to set up automatic reconnection\n"));
- goto done;
- }
-
- for (iter = ctx->rctx->be_conns; iter; iter = iter->next) {
- sbus_reconnect_init(iter->conn, max_retries,
- sudo_dp_reconnect_init, iter);
- }
-
- /* Set up the negative cache */
- ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY,
- CONFDB_SUDO_ENTRY_NEG_TIMEOUT, 15,
- &ctx->neg_timeout);
- if (ret != EOK) goto done;
-
- /* Set up the PAM identity timeout */
- ret = confdb_get_int(cdb, ctx, CONFDB_SUDO_CONF_ENTRY,
- CONFDB_SUDO_ID_TIMEOUT, 5,
- &id_timeout);
- if (ret != EOK) goto done;
-
- ctx->id_timeout = (size_t)id_timeout;
-
- ret = sss_ncache_init(ctx, &ctx->ncache);
- if (ret != EOK) {
- DEBUG(0, ("fatal error initializing negative cache\n"));
- goto done;
- }
-
- ret = sss_ncache_prepopulate(ctx->ncache, cdb, ctx->rctx->names,
- ctx->rctx->domains);
- if (ret != EOK) {
- goto done;
- }
-
- ret = sudo_server_init(mem_ctx, ctx);
- DEBUG(0, ("sudo server returned %d.\n",ret));
-
- return EOK;
- done:
- if (ret != EOK) {
- talloc_free(ctx);
- }
- return ret;
-}
-
-int main(int argc, const char *argv[])
-{
- int opt;
- poptContext pc;
- struct main_context *main_ctx;
- int ret;
-
- struct poptOption long_options[] = {
- POPT_AUTOHELP
- SSSD_MAIN_OPTS
- POPT_TABLEEND
- };
-
- pc = poptGetContext(argv[0], argc, argv, long_options, 0);
- while((opt = poptGetNextOpt(pc)) != -1) {
- switch(opt) {
- default:
- fprintf(stderr, "\nInvalid option %s: %s\n\n",
- poptBadOption(pc, 0), poptStrerror(opt));
- poptPrintUsage(pc, stderr, 0);
- return 1;
- }
- }
-
- poptFreeContext(pc);
-
- /* set up things like debug, signals, daemonization, etc... */
- debug_log_file = "sssd_sudo";
-
- ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx);
- if (ret != EOK) return 2;
-
- ret = die_if_parent_died();
- if (ret != EOK) {
- /* This is not fatal, don't return */
- DEBUG(2, ("Could not set up to exit when parent process does\n"));
- }
-
- ret = sudo_process_init(main_ctx,
- main_ctx->event_ctx,
- main_ctx->confdb_ctx);
- if (ret != EOK) return 3;
-
- /* loop on main */
- server_loop(main_ctx);
-
- return 0;
-}
-
diff --git a/src/responder/sudo/sudosrv.h b/src/responder/sudo/sudosrv.h
index a24ead8c..539bd0c1 100644
--- a/src/responder/sudo/sudosrv.h
+++ b/src/responder/sudo/sudosrv.h
@@ -17,7 +17,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
+ */
#ifndef _SUDOSRV_PRIVATE_H_
#define _SUDOSRV_PRIVATE_H_
@@ -56,25 +56,25 @@
static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn);
struct sbus_method sudo_methods[] = {
-
- { SUDO_METHOD_QUERY, sudo_query_validation },
- { NULL, NULL }
+
+ { SUDO_METHOD_QUERY, sudo_query_validation },
+ { NULL, NULL }
};
struct sbus_interface sudo_monitor_interface = {
- SUDO_SERVER_INTERFACE,
- SUDO_SERVER_PATH,
- SBUS_DEFAULT_VTABLE,
- sudo_methods,
- NULL
+ SUDO_SERVER_INTERFACE,
+ SUDO_SERVER_PATH,
+ SBUS_DEFAULT_VTABLE,
+ sudo_methods,
+ NULL
};
struct sbus_interface sudo_dp_interface = {
- SUDO_DP_INTERFACE,
- SUDO_DP_PATH,
- SBUS_DEFAULT_VTABLE,
- NULL/*sudo_dp_methods*/,
- NULL
+ SUDO_DP_INTERFACE,
+ SUDO_DP_PATH,
+ SBUS_DEFAULT_VTABLE,
+ NULL/*sudo_dp_methods*/,
+ NULL
};
struct sudo_ctx {
@@ -100,17 +100,17 @@ struct sudo_client {
enum error_types_sudo_responder{
- SSS_SUDO_RESPONDER_SUCCESS = 0x01,
- SSS_SUDO_RESPONDER_FAILED,
- SSS_SUDO_RESPONDER_BUF_ERR,
- SSS_SUDO_RESPONDER_CONNECTION_ERR,
- SSS_SUDO_RESPONDER_SYSTEM_ERR,
- SSS_SUDO_RESPONDER_LOG_ERR,
- SSS_SUDO_RESPONDER_MESSAGE_ERR,
- SSS_SUDO_RESPONDER_REPLY_ERR,
- SSS_SUDO_RESPONDER_DHASH_ERR,
- SUDO_LDB_CONNECT_ERR,
- SUDO_LDB_SEARCH_ERR
+ SSS_SUDO_RESPONDER_SUCCESS = 0x01,
+ SSS_SUDO_RESPONDER_FAILED,
+ SSS_SUDO_RESPONDER_BUF_ERR,
+ SSS_SUDO_RESPONDER_CONNECTION_ERR,
+ SSS_SUDO_RESPONDER_SYSTEM_ERR,
+ SSS_SUDO_RESPONDER_LOG_ERR,
+ SSS_SUDO_RESPONDER_MESSAGE_ERR,
+ SSS_SUDO_RESPONDER_REPLY_ERR,
+ SSS_SUDO_RESPONDER_DHASH_ERR,
+ SUDO_LDB_CONNECT_ERR,
+ SUDO_LDB_SEARCH_ERR
};
#endif
diff --git a/src/responder/sudo/sudosrv.h~ b/src/responder/sudo/sudosrv.h~
deleted file mode 100644
index 0b933ea4..00000000
--- a/src/responder/sudo/sudosrv.h~
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- SSSD
-
- SUDO Responder
-
- Copyright (C) Arun Scaria <arunscaria91@gmail.com> (2011)
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#define CONFDB_SUDO_CONF_ENTRY "config/sudo"
-
-#define SUDO_INTERFACE "org.freedesktop.sssd.sudo"
-#define SUDO_PATH "/org/freedesktop/sssd/sudo"
-#define SUDO_METHOD_QUERY "queryService"
-
-static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn);
-struct sbus_method sudo_methods[] = {
-
- { SUDO_METHOD_QUERY, sudo_query_validation },
- { NULL, NULL }
-};
-
-struct sbus_interface sudo_interface = {
- SUDO_INTERFACE,
- SUDO_PATH,
- SBUS_DEFAULT_VTABLE,
- sudo_methods,
- NULL
-};
-
-struct sudo_ctx {
- struct tevent_context *ev;
- struct confdb_ctx *cdb;
-
- struct sbus_connection *mon_conn;
- struct sbus_connection *sbus_srv;
-
- size_t check_online_ref_count;
-};
-
-struct sudo_client {
- struct sudo_ctx *sudoctx;
- struct sbus_connection *conn;
- struct tevent_timer *timeout;
- bool initialized;
-}; \ No newline at end of file
diff --git a/src/sss_client/sudo_plugin/sss_sudo_cli.h b/src/sss_client/sudo_plugin/sss_sudo_cli.h
index 65c1f582..4c6c1342 100644
--- a/src/sss_client/sudo_plugin/sss_sudo_cli.h
+++ b/src/sss_client/sudo_plugin/sss_sudo_cli.h
@@ -20,7 +20,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>
-*/
+ */
#ifndef _SSS_SUDO_CLI_H_
#define _SSS_SUDO_CLI_H_
@@ -55,7 +55,7 @@
#ifndef _SSSCLI_H
- /* If sss_cli.h is not included */
+/* If sss_cli.h is not included */
struct sss_cli_req_data {
size_t len;
const void *data;
@@ -75,15 +75,15 @@ enum sss_status {
enum error_types_sudo{
- SSS_SUDO_SUCCESS = 0x01,
- SSS_SUDO_FAILED,
- SSS_SUDO_BUF_ERR,
- SSS_SUDO_CONNECTION_ERR,
- SSS_SUDO_SYSTEM_ERR,
- SSS_SUDO_LOG_ERR,
- SSS_SUDO_LOG_NOTICE,
- SSS_SUDO_MESSAGE_ERR,
- SSS_SUDO_REPLY_ERR
+ SSS_SUDO_SUCCESS = 0x01,
+ SSS_SUDO_FAILED,
+ SSS_SUDO_BUF_ERR,
+ SSS_SUDO_CONNECTION_ERR,
+ SSS_SUDO_SYSTEM_ERR,
+ SSS_SUDO_LOG_ERR,
+ SSS_SUDO_LOG_NOTICE,
+ SSS_SUDO_MESSAGE_ERR,
+ SSS_SUDO_REPLY_ERR
};
@@ -96,37 +96,37 @@ enum sss_sudo_validation_status {
struct sss_sudo_msg_contents
{
- /* from user_info */
- uid_t userid;
- char *cwd;
- char *tty;
-
- /* from settings */
- char * runas_user;
- char * runas_group;
- char * prompt;
- char * network_addrs;
- int use_sudoedit;
- int use_set_home;
- int use_preserve_environment;
- int use_implied_shell;
- int use_login_shell;
- int use_run_shell;
- int use_preserve_groups;
- int use_ignore_ticket;
- int use_noninteractive;
- int debug_level;
-
- /*from user_env*/
- char * const * user_env;
-
- /* command with arguments */
- char * fq_command;
- char ** command;
- int command_count;
-
- /* Clients pid */
- int cli_pid;
+ /* from user_info */
+ uid_t userid;
+ char *cwd;
+ char *tty;
+
+ /* from settings */
+ char * runas_user;
+ char * runas_group;
+ char * prompt;
+ char * network_addrs;
+ int use_sudoedit;
+ int use_set_home;
+ int use_preserve_environment;
+ int use_implied_shell;
+ int use_login_shell;
+ int use_run_shell;
+ int use_preserve_groups;
+ int use_ignore_ticket;
+ int use_noninteractive;
+ int debug_level;
+
+ /*from user_env*/
+ char * const * user_env;
+
+ /* command with arguments */
+ char * fq_command;
+ char ** command;
+ int command_count;
+
+ /* Clients pid */
+ int cli_pid;
};
#define SSS_SUDO_ITEM_RUSER "runas_user"
diff --git a/src/sss_client/sudo_plugin/sss_sudoplugin.c b/src/sss_client/sudo_plugin/sss_sudoplugin.c
index 2b058e6a..12fa4ec5 100644
--- a/src/sss_client/sudo_plugin/sss_sudoplugin.c
+++ b/src/sss_client/sudo_plugin/sss_sudoplugin.c
@@ -12,7 +12,7 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
The coding of some of the components in this programe is based on the
code adapted from the sudo project at www.sudo.ws
@@ -25,15 +25,15 @@
along with this program. If not, see <http://www.gnu.org/licenses/>
-*/
+ */
- /*
- * Define to the version of sudo package
- * This declaration is to be removed and
- * it is to be imported from config.h
- */
+/*
+ * Define to the version of sudo package
+ * This declaration is to be removed and
+ * it is to be imported from config.h
+ */
#define SUDO_PACKAGE_STRING "sudo 1.8.1"
#ifndef _PATH_VI
@@ -143,9 +143,9 @@ static int debug_level;
struct user_info_struct
{
- char *username;
- int lines;
- int cols;
+ char *username;
+ int lines;
+ int cols;
}user_information;
@@ -156,8 +156,8 @@ struct user_info_struct
struct sss_sudo_msg_contents msg;
static struct pam_conv conv = {
- misc_conv,
- NULL
+ misc_conv,
+ NULL
};
@@ -193,23 +193,23 @@ void print_sudo_items(void)
/* initialise size of message contents as zero and boolean values as FALSE */
void init_size_of_msg_contents( void )
{
- msg.userid=-1;
+ msg.userid=-1;
- msg.use_sudoedit = FALSE;
- msg.use_set_home = FALSE;
- msg.use_preserve_environment = FALSE;
- msg.use_implied_shell = FALSE;
- msg.use_login_shell = FALSE;
- msg.use_run_shell = FALSE;
- msg.use_preserve_groups = FALSE;
- msg.use_ignore_ticket = FALSE;
- msg.use_noninteractive = FALSE;
+ msg.use_sudoedit = FALSE;
+ msg.use_set_home = FALSE;
+ msg.use_preserve_environment = FALSE;
+ msg.use_implied_shell = FALSE;
+ msg.use_login_shell = FALSE;
+ msg.use_run_shell = FALSE;
+ msg.use_preserve_groups = FALSE;
+ msg.use_ignore_ticket = FALSE;
+ msg.use_noninteractive = FALSE;
- msg.debug_level=0;
+ msg.debug_level=0;
- msg.command_count=0;
+ msg.command_count=0;
- msg.cli_pid = getpid();
+ msg.cli_pid = getpid();
}
/*
@@ -224,221 +224,221 @@ int policy_open(unsigned int version,
char * const user_info[],
char * const user_env[])
{
- char * const *ui;
- struct passwd *pw;
- const char *runas_user = NULL;
- struct group *gr;
- const char *runas_group = NULL;
-
-
- if (sudo_conv == NULL) sudo_conv = conversation;
- if (sudo_log == NULL) sudo_log = sudo_printf;
-
+ char * const *ui;
+ struct passwd *pw;
+ const char *runas_user = NULL;
+ struct group *gr;
+ const char *runas_group = NULL;
+
+
+ if (sudo_conv == NULL) sudo_conv = conversation;
+ if (sudo_log == NULL) sudo_log = sudo_printf;
+
/* Check the version of sudo plugin api */
- if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) {
- sudo_log(SUDO_CONV_ERROR_MSG,
- "The sss sudo plugin requires API version %d.x\n",
- SUDO_API_VERSION_MAJOR);
- return ERROR;
+ if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) {
+ sudo_log(SUDO_CONV_ERROR_MSG,
+ "The sss sudo plugin requires API version %d.x\n",
+ SUDO_API_VERSION_MAJOR);
+ return ERROR;
}
- init_size_of_msg_contents();
+ init_size_of_msg_contents();
+
-
for (ui = settings; *ui != NULL; ui++) {
- /* get the debug level */
- if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) {
- debug_level = atoi(*ui + sizeof("debug_level=") - 1);
- msg.debug_level = debug_level;
- }
-
- /*
- *check if the user specified the -E flag, indicating that
- *the user wishes to preserve the environment.
- *
- */
-
- else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0)
- msg.use_preserve_environment = TRUE;
- }
-
- /*
- * check if the user specified the -H flag. If true, set the
- * HOME environment variable to the target user's home directory.
- */
-
- else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0)
- msg.use_set_home = TRUE;
- }
-
- /*
- * check if the user specified the -s flag, indicating that the
- * user wishes to run a shell.
- */
-
- else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0)
- msg.use_run_shell = TRUE;
- }
-
- /*
- * Check if the user specified the -i flag, indicating that the
- * user wishes to run a login shell.
- */
-
- else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0)
- msg.use_login_shell = TRUE;
- }
-
- /*
- * check to see whether user specified the -k flag along with a
- * command, indicating that the user wishes to ignore any cached
- * authentication credentials.
- */
-
- else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0)
- msg.use_ignore_ticket = TRUE;
- }
-
- /*
- * The prompt to use when requesting a password, if specified
- * via the -p flag.
- */
-
- else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) {
- msg.prompt = strdup(*ui + sizeof("prompt=") - 1);
- }
-
- /* Find the user to be run as */
-
- else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) {
- msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1);
- runas_user = msg.runas_user;
- }
-
- /* Find the group to be run as */
-
- else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) {
- msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1);
- runas_group = msg.runas_group;
- }
-
- /*
- * To get thhe command name that sudo was run as, typically
- * "sudo" or "sudoedit". setprogname() is only supported in BSD
- * No need to include it now.
- *
- * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) {
- * setprogname(*ui + sizeof("progname=") - 1);
- * }
- *
- */
-
- /* Check to see if sudo was called as sudoedit or with -e flag. */
-
- else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0)
- use_sudoedit = TRUE;
- msg.use_sudoedit = use_sudoedit;
- }
-
- /* This plugin doesn't support running sudo with no arguments. */
-
- else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0)
- return -2;
- /* usage error */
- }
-
- /*
- *check to see whether user specified the -P flag, indicating
- *that the user wishes to preserve the group vector instead of
- *setting it based on the runas user.
- */
-
- else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0)
- msg.use_preserve_groups = TRUE;
- }
-
- /*
- * check to see whether user specified the -n flag, indicating that
- * sudo should operate in non-interactive mode. The plugin may reject
- * a command run in non-interactive mode if user interaction is required.
- */
-
- else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) {
- if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0)
- msg.use_noninteractive = TRUE;
- }
-
- /* to get network_addrs */
-
- else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) {
- msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1);
- }
-
- /* settings are over */
- }
-
-
- /* Build the user info */
-
- for (ui = user_info; *ui != NULL; ui++) {
-
- /* get user name */
-
- if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) {
- user_information.username = strdup(*ui + sizeof("user=") - 1);
- }
-
- /* get user id */
- else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) {
- msg.userid = atoi(*ui + sizeof("uid=") - 1);
- }
-
-
- /* get cwd */
- else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) {
- msg.cwd = strdup(*ui + sizeof("cwd=") - 1);
- }
-
- /* get tty */
- else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) {
- msg.tty = strdup( *ui + sizeof("tty=") - 1);
- }
-
- /* get lines - to be removed at final code if no use */
- else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) {
- user_information.lines = atoi(*ui + sizeof("lines=") - 1);
- }
-
- /* get cols - to be removed at final code if no use */
- else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) {
- user_information.cols = atoi(*ui + sizeof("cols=") - 1);
- }
- }
+ /* get the debug level */
+ if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) {
+ debug_level = atoi(*ui + sizeof("debug_level=") - 1);
+ msg.debug_level = debug_level;
+ }
+
+ /*
+ *check if the user specified the -E flag, indicating that
+ *the user wishes to preserve the environment.
+ *
+ */
+
+ else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0)
+ msg.use_preserve_environment = TRUE;
+ }
+
+ /*
+ * check if the user specified the -H flag. If true, set the
+ * HOME environment variable to the target user's home directory.
+ */
+
+ else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0)
+ msg.use_set_home = TRUE;
+ }
+
+ /*
+ * check if the user specified the -s flag, indicating that the
+ * user wishes to run a shell.
+ */
+
+ else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0)
+ msg.use_run_shell = TRUE;
+ }
+
+ /*
+ * Check if the user specified the -i flag, indicating that the
+ * user wishes to run a login shell.
+ */
+
+ else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0)
+ msg.use_login_shell = TRUE;
+ }
+
+ /*
+ * check to see whether user specified the -k flag along with a
+ * command, indicating that the user wishes to ignore any cached
+ * authentication credentials.
+ */
+
+ else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0)
+ msg.use_ignore_ticket = TRUE;
+ }
+
+ /*
+ * The prompt to use when requesting a password, if specified
+ * via the -p flag.
+ */
+
+ else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) {
+ msg.prompt = strdup(*ui + sizeof("prompt=") - 1);
+ }
+
+ /* Find the user to be run as */
+
+ else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) {
+ msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1);
+ runas_user = msg.runas_user;
+ }
+
+ /* Find the group to be run as */
+
+ else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) {
+ msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1);
+ runas_group = msg.runas_group;
+ }
+
+ /*
+ * To get thhe command name that sudo was run as, typically
+ * "sudo" or "sudoedit". setprogname() is only supported in BSD
+ * No need to include it now.
+ *
+ * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) {
+ * setprogname(*ui + sizeof("progname=") - 1);
+ * }
+ *
+ */
+
+ /* Check to see if sudo was called as sudoedit or with -e flag. */
+
+ else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0)
+ use_sudoedit = TRUE;
+ msg.use_sudoedit = use_sudoedit;
+ }
+
+ /* This plugin doesn't support running sudo with no arguments. */
+
+ else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0)
+ return -2;
+ /* usage error */
+ }
+
+ /*
+ *check to see whether user specified the -P flag, indicating
+ *that the user wishes to preserve the group vector instead of
+ *setting it based on the runas user.
+ */
+
+ else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0)
+ msg.use_preserve_groups = TRUE;
+ }
+
+ /*
+ * check to see whether user specified the -n flag, indicating that
+ * sudo should operate in non-interactive mode. The plugin may reject
+ * a command run in non-interactive mode if user interaction is required.
+ */
+
+ else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0)
+ msg.use_noninteractive = TRUE;
+ }
+
+ /* to get network_addrs */
+
+ else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) {
+ msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1);
+ }
+
+ /* settings are over */
+ }
+
+
+ /* Build the user info */
+
+ for (ui = user_info; *ui != NULL; ui++) {
+
+ /* get user name */
+
+ if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) {
+ user_information.username = strdup(*ui + sizeof("user=") - 1);
+ }
+
+ /* get user id */
+ else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) {
+ msg.userid = atoi(*ui + sizeof("uid=") - 1);
+ }
+
+
+ /* get cwd */
+ else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) {
+ msg.cwd = strdup(*ui + sizeof("cwd=") - 1);
+ }
+
+ /* get tty */
+ else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) {
+ msg.tty = strdup( *ui + sizeof("tty=") - 1);
+ }
+
+ /* get lines - to be removed at final code if no use */
+ else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) {
+ user_information.lines = atoi(*ui + sizeof("lines=") - 1);
+ }
+
+ /* get cols - to be removed at final code if no use */
+ else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) {
+ user_information.cols = atoi(*ui + sizeof("cols=") - 1);
+ }
+ }
if (runas_user != NULL) {
- if ((pw = getpwnam(runas_user)) == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user);
- return 0;
- }
- runas_uid = pw->pw_uid;
+ if ((pw = getpwnam(runas_user)) == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user);
+ return 0;
+ }
+ runas_uid = pw->pw_uid;
}
if (runas_group != NULL) {
- if ((gr = getgrnam(runas_group)) == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group);
- return 0;
- }
- runas_gid = gr->gr_gid;
+ if ((gr = getgrnam(runas_group)) == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group);
+ return 0;
+ }
+ runas_gid = gr->gr_gid;
}
/* fill Plugin state. */
@@ -463,45 +463,45 @@ char * find_in_path(char *command, char **envp)
char *qualified = NULL;
if (strchr(command, '/') != NULL)
- return command;
+ return command;
path = getenv("PATH");
for (ep = plugin_state.envp; *ep != NULL; ep++) {
- if (strncmp(*ep, "PATH=", 5) == 0) {
- path = *ep + 5;
- break;
- }
+ if (strncmp(*ep, "PATH=", 5) == 0) {
+ path = *ep + 5;
+ break;
+ }
}
path = strdup(path);
path0 = path;
-
+
do {
- if ((cp = strchr(path, ':')))
- *cp = '\0';
-
- snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command);
-
- if (stat(pathbuf, &sb) == 0) {
- if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) {
- qualified = pathbuf;
- break;
- }
- }
- path = cp + 1;
+ if ((cp = strchr(path, ':')))
+ *cp = '\0';
+
+ snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command);
+
+ if (stat(pathbuf, &sb) == 0) {
+ if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) {
+ qualified = pathbuf;
+ break;
+ }
+ }
+ path = cp + 1;
} while (cp != NULL);
-
+
free(path0);
return ((qualified != NULL) ? strdup(qualified) : NULL);
}
- /*
- * Information about the command being run in the form
- * of "name=value" strings. These values are used by
- * sudo to set the execution environment when running a
- * command. The plugin is responsible for creating and
- * populating the vector, which must be terminated with a NULL pointer.
- *
- */
+/*
+ * Information about the command being run in the form
+ * of "name=value" strings. These values are used by
+ * sudo to set the execution environment when running a
+ * command. The plugin is responsible for creating and
+ * populating the vector, which must be terminated with a NULL pointer.
+ *
+ */
char ** build_command_info(char *command)
{
static char **command_info;
@@ -509,39 +509,39 @@ char ** build_command_info(char *command)
/* Setup command info. */
command_info = calloc(32, sizeof(char *));
-
+
if (command_info == NULL)
- return NULL;
-
+ return NULL;
+
if (asprintf(&command_info[i++],"%s=%s","command", command) == -1 ||
- asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 ||
- asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
- return NULL;
+ asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 ||
+ asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
+ return NULL;
}
-
+
if (runas_gid != -1) {
- if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
- asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
- return NULL;
- }
+ if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
+ asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
+ return NULL;
+ }
}
-
+
if (use_sudoedit) {
- command_info[i] = strdup("sudoedit=true");
- if (command_info[i++] == NULL){
- return NULL;
- }
+ command_info[i] = strdup("sudoedit=true");
+ if (command_info[i++] == NULL){
+ return NULL;
+ }
}
-
+
#ifdef USE_TIMEOUT
command_info[i++] = "timeout=30";
#endif
-
+
return command_info;
}
- /* finds a valid editor for sudo edit or "sudo vi" */
+/* finds a valid editor for sudo edit or "sudo vi" */
char * find_editor(int nfiles, char * const files[], char **argv_out[])
{
char *cp;
@@ -557,16 +557,16 @@ char * find_editor(int nfiles, char * const files[], char **argv_out[])
/* Lookup EDITOR in user's environment. */
editor = _PATH_VI;
for (ep = plugin_state.envp; *ep != NULL; ep++) {
- if (strncmp(*ep, "EDITOR=", 7) == 0) {
- editor = *ep + 7;
- break;
- }
+ if (strncmp(*ep, "EDITOR=", 7) == 0) {
+ editor = *ep + 7;
+ break;
+ }
}
-
+
editor = strdup(editor);
if (editor == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
- return NULL;
+ sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
+ return NULL;
}
/*
@@ -576,36 +576,36 @@ char * find_editor(int nfiles, char * const files[], char **argv_out[])
*/
nargc = 1;
for (wasblank = 0, cp = editor; *cp != '\0'; cp++) {
-
- if (isblank((unsigned char) *cp)) {
- wasblank = 1;
- }
- else if (wasblank) {
- wasblank = 0;
- nargc++;
- }
- }
-
+
+ if (isblank((unsigned char) *cp)) {
+ wasblank = 1;
+ }
+ else if (wasblank) {
+ wasblank = 0;
+ nargc++;
+ }
+ }
+
/* If we can't find the editor in the user's PATH, give up. */
cp = strtok(editor, " \t");
if (cp == NULL ||
- (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {
- return NULL;
+ (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {
+ return NULL;
}
-
+
nargv = (char **) malloc((nargc + 1 + nfiles + 1) * sizeof(char *));
if (nargv == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
- return NULL;
+ sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
+ return NULL;
}
-
+
for (ac = 0; cp != NULL && ac < nargc; ac++) {
- nargv[ac] = cp;
- cp = strtok(NULL, " \t");
+ nargv[ac] = cp;
+ cp = strtok(NULL, " \t");
}
nargv[ac++] = "--";
for (i = 0; i < nfiles; )
- nargv[ac++] = files[i++];
+ nargv[ac++] = files[i++];
nargv[ac] = NULL;
*argv_out = nargv;
@@ -636,23 +636,23 @@ int create_env_hash_table(char ** env, hash_table_t ** table_out) {
delete_callback,
NULL);
if (err_h != HASH_SUCCESS) {
- fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h));
- return err_h;
+ fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h));
+ return err_h;
}
for(ui = (char **) msg.user_env; *ui!=NULL; ui++) {
tmp = strchr(*ui,'=');
*tmp = '\0';
- key.type = HASH_KEY_STRING;
- key.str = strdup(*ui);
- value.type = HASH_VALUE_PTR;
- value.ptr = tmp+1;
-
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- *tmp = '=' ;
+ key.type = HASH_KEY_STRING;
+ key.str = strdup(*ui);
+ value.type = HASH_VALUE_PTR;
+ value.ptr = tmp+1;
+
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ *tmp = '=' ;
}
*table_out = local_table;
@@ -676,144 +676,144 @@ int create_settings_hash_table(hash_table_t ** table_out) {
delete_callback,
NULL);
if (err_h != HASH_SUCCESS) {
- fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h));
+ fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h));
+ return err_h;
+ }
+ key.type = HASH_KEY_STRING;
+ value.type = HASH_VALUE_PTR;
+ if(msg.runas_user && *msg.runas_user ){
+ key.str = strdup(SSS_SUDO_ITEM_RUSER);
+ value.ptr = msg.runas_user;
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
+ }
+ free(key.str);
}
- key.type = HASH_KEY_STRING;
- value.type = HASH_VALUE_PTR;
- if(msg.runas_user && *msg.runas_user ){
- key.str = strdup(SSS_SUDO_ITEM_RUSER);
- value.ptr = msg.runas_user;
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
- }
- if(msg.runas_group && *msg.runas_group ){
- key.str = strdup(SSS_SUDO_ITEM_RGROUP);
- value.ptr = msg.runas_group;
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
- }
+ if(msg.runas_group && *msg.runas_group ){
+ key.str = strdup(SSS_SUDO_ITEM_RGROUP);
+ value.ptr = msg.runas_group;
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+ }
- if(msg.prompt && *msg.prompt ){
- key.str = strdup(SSS_SUDO_ITEM_PROMPT);
- value.ptr = msg.prompt;
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
- }
+ if(msg.prompt && *msg.prompt ){
+ key.str = strdup(SSS_SUDO_ITEM_PROMPT);
+ value.ptr = msg.prompt;
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+ }
- if(msg.network_addrs && *msg.network_addrs ){
- key.str = strdup(SSS_SUDO_ITEM_NETADDR);
- value.ptr = msg.network_addrs;
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
- }
+ if(msg.network_addrs && *msg.network_addrs ){
+ key.str = strdup(SSS_SUDO_ITEM_NETADDR);
+ value.ptr = msg.network_addrs;
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+ }
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT);
+ value.ptr = GET_BOOL_STRING(msg.use_sudoedit);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME);
+ value.ptr = GET_BOOL_STRING(msg.use_set_home);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV);
+ value.ptr = GET_BOOL_STRING(msg.use_preserve_environment);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL);
+ value.ptr = GET_BOOL_STRING(msg.use_implied_shell);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL);
+ value.ptr = GET_BOOL_STRING(msg.use_login_shell);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL);
+ value.ptr = GET_BOOL_STRING(msg.use_run_shell);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS);
+ value.i = GET_BOOL_STRING(msg.use_preserve_groups);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET);
+ value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+
+ key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE);
+ value.ptr =GET_BOOL_STRING(msg.use_noninteractive);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+ key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL);
+ value.ptr = GET_BOOL_STRING(msg.debug_level);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
+
+ key.str = strdup(SSS_SUDO_ITEM_CLI_PID);
+ asprintf(&value.ptr,"%u",msg.cli_pid);
+ if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
+ fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
+ return err_h;
+ }
+ free(key.str);
- key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT);
- value.ptr = GET_BOOL_STRING(msg.use_sudoedit);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
- key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME);
- value.ptr = GET_BOOL_STRING(msg.use_set_home);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
- key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV);
- value.ptr = GET_BOOL_STRING(msg.use_preserve_environment);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
- key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL);
- value.ptr = GET_BOOL_STRING(msg.use_implied_shell);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
-
- key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL);
- value.ptr = GET_BOOL_STRING(msg.use_login_shell);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
-
- key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL);
- value.ptr = GET_BOOL_STRING(msg.use_run_shell);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
-
- key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS);
- value.i = GET_BOOL_STRING(msg.use_preserve_groups);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
-
- key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET);
- value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
-
- key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE);
- value.ptr =GET_BOOL_STRING(msg.use_noninteractive);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
- key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL);
- value.ptr = GET_BOOL_STRING(msg.debug_level);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
- key.str = strdup(SSS_SUDO_ITEM_CLI_PID);
- asprintf(&value.ptr,"%u",msg.cli_pid);
- if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
- fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
- return err_h;
- }
- free(key.str);
-
*table_out = local_table;
@@ -851,20 +851,20 @@ void free_connection(DBusConnection *conn,
DBusMessage *msg,
DBusMessage *reply ){
- if(msg != NULL)
- dbus_message_unref(msg);
+ if(msg != NULL)
+ dbus_message_unref(msg);
- if(reply != NULL)
- dbus_message_unref(reply);
+ if(reply != NULL)
+ dbus_message_unref(reply);
- if (err != NULL && dbus_error_is_set(err))
- dbus_error_free(err);
+ if (err != NULL && dbus_error_is_set(err))
+ dbus_error_free(err);
- if(settings_table != NULL)
- hash_destroy(settings_table);
+ if(settings_table != NULL)
+ hash_destroy(settings_table);
- if(conn != NULL)
- dbus_connection_close(conn);
+ if(conn != NULL)
+ dbus_connection_close(conn);
}
@@ -876,255 +876,255 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd,
{
- char ** command_array,**ui;
- char * result_str;
- int err_status,count;
- dbus_uint32_t status,command_array_out_size;
-
- DBusConnection* conn;
- DBusError err;
-
- DBusMessage* dbus_msg;
- DBusMessage* dbus_reply;
- DBusMessageIter msg_iter;
- DBusMessageIter sub_iter;
-
- dbus_bool_t ret=FALSE;
-
- hash_table_t *env_table = NULL;
- hash_table_t *settings_table = NULL;
- hash_table_t *env_table_out = NULL;
-
- fprintf(stdout,"Calling remote method to pack message\n");
-
- if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) {
- return SSS_SUDO_VALIDATION_ERR;
- }
-
-
- err_status = create_env_hash_table(msg.user_env,&env_table);
- if(err_status != HASH_SUCCESS) {
- fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status));
- return SSS_SUDO_MESSAGE_ERR;
- }
-
-
- err_status = create_settings_hash_table(&settings_table);
- if(err_status != HASH_SUCCESS) {
- fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status));
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- /* initialise the errors */
- dbus_error_init(&err);
-
- /* connect to the system bus and check for errors */
- conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err);
-
- if (dbus_error_is_set(&err)) {
- fprintf(stderr, "Connection Error (%s)\n", err.message);
- dbus_error_free(&err);
- return SSS_SUDO_CONNECTION_ERR;
- }
- if (NULL == conn) {
- return SSS_SUDO_CONNECTION_ERR;
- }
-
-
- /* create a new method call and check for errors */
- dbus_msg = dbus_message_new_method_call( NULL, /* target */
- SUDO_SERVER_PATH, /* object */
- SUDO_SERVER_INTERFACE, /* interface */
- SUDO_METHOD_QUERY); /* method name */
- if (NULL == dbus_msg) {
- fprintf(stderr, "Message Null\n");
- free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- /* append arguments */
-
-
- dbus_message_iter_init_append(dbus_msg, &msg_iter);
- if(dbus_error_is_set(&err)){
- fprintf(stderr, "Failed to initialize the iterator.\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
-
- if(!dbus_message_iter_open_container(&msg_iter,
- DBUS_TYPE_STRUCT,
- NULL,
- &sub_iter)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
- if (!dbus_message_iter_append_basic(&sub_iter,
- DBUS_TYPE_UINT32,
- &msg.userid)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- if (!dbus_message_iter_append_basic(&sub_iter,
- DBUS_TYPE_STRING,
- &msg.cwd)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
-
-
- if (!dbus_message_iter_append_basic(&sub_iter,
- DBUS_TYPE_STRING,
- &msg.tty)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
- if (!dbus_message_iter_append_basic(&sub_iter,
- DBUS_TYPE_STRING,
- &msg.fq_command)) {
- fprintf(stderr, "Out Of Memory! - at FQ command\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- if (!dbus_message_iter_append_basic(&msg_iter,
- DBUS_TYPE_UINT32,
- &msg.command_count)) {
+ char ** command_array,**ui;
+ char * result_str;
+ int err_status,count;
+ dbus_uint32_t status,command_array_out_size;
+
+ DBusConnection* conn;
+ DBusError err;
+
+ DBusMessage* dbus_msg;
+ DBusMessage* dbus_reply;
+ DBusMessageIter msg_iter;
+ DBusMessageIter sub_iter;
+
+ dbus_bool_t ret=FALSE;
+
+ hash_table_t *env_table = NULL;
+ hash_table_t *settings_table = NULL;
+ hash_table_t *env_table_out = NULL;
+
+ fprintf(stdout,"Calling remote method to pack message\n");
+
+ if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) {
+ return SSS_SUDO_VALIDATION_ERR;
+ }
+
+
+ err_status = create_env_hash_table(msg.user_env,&env_table);
+ if(err_status != HASH_SUCCESS) {
+ fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status));
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+
+ err_status = create_settings_hash_table(&settings_table);
+ if(err_status != HASH_SUCCESS) {
+ fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status));
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ /* initialise the errors */
+ dbus_error_init(&err);
+
+ /* connect to the system bus and check for errors */
+ conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err);
+
+ if (dbus_error_is_set(&err)) {
+ fprintf(stderr, "Connection Error (%s)\n", err.message);
+ dbus_error_free(&err);
+ return SSS_SUDO_CONNECTION_ERR;
+ }
+ if (NULL == conn) {
+ return SSS_SUDO_CONNECTION_ERR;
+ }
+
+
+ /* create a new method call and check for errors */
+ dbus_msg = dbus_message_new_method_call( NULL, /* target */
+ SUDO_SERVER_PATH, /* object */
+ SUDO_SERVER_INTERFACE, /* interface */
+ SUDO_METHOD_QUERY); /* method name */
+ if (NULL == dbus_msg) {
+ fprintf(stderr, "Message Null\n");
+ free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ /* append arguments */
+
+
+ dbus_message_iter_init_append(dbus_msg, &msg_iter);
+ if(dbus_error_is_set(&err)){
+ fprintf(stderr, "Failed to initialize the iterator.\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+
+ if(!dbus_message_iter_open_container(&msg_iter,
+ DBUS_TYPE_STRUCT,
+ NULL,
+ &sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_UINT32,
+ &msg.userid)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ &msg.cwd)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+
+
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ &msg.tty)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ &msg.fq_command)) {
+ fprintf(stderr, "Out Of Memory! - at FQ command\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ if (!dbus_message_iter_append_basic(&msg_iter,
+ DBUS_TYPE_UINT32,
+ &msg.command_count)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ if(!dbus_message_iter_open_container(&msg_iter,
+ DBUS_TYPE_ARRAY,
+ "s",
+ &sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
+ }
+
+ for(command_array = msg.command ; *command_array != NULL ; command_array++) {
+
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ command_array)) {
fprintf(stderr, "Out Of Memory!\n");
free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_MESSAGE_ERR;
}
- if(!dbus_message_iter_open_container(&msg_iter,
- DBUS_TYPE_ARRAY,
- "s",
- &sub_iter)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- for(command_array = msg.command ; *command_array != NULL ; command_array++) {
-
- if (!dbus_message_iter_append_basic(&sub_iter,
- DBUS_TYPE_STRING,
- command_array)) {
- fprintf(stderr, "Out Of Memory!\n");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
- }
-
- }
-
+ }
+
if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
fprintf(stderr, "Out Of Memory!\n");
free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_MESSAGE_ERR;
}
- ////////
+ ////////
if(dbus_dhash_to_msg_iter(&settings_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){
fprintf(stderr,"fatal: message framing failed.");
free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_MESSAGE_ERR;
}
-
+
if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){
- fprintf(stderr,"fatal: message framing failed.");
- free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_MESSAGE_ERR;
+ fprintf(stderr,"fatal: message framing failed.");
+ free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_MESSAGE_ERR;
}
hash_destroy(settings_table);
-
- /* send message and get a handle for a reply */
- dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg,
- -1,
- &err);
- fprintf(stdout,"Request Sent\n");
- if (dbus_error_is_set(&err)) {
- fprintf(stderr, "Connection send-reply Error (%s)\n", err.message);
- free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_REPLY_ERR;
- }
- if (NULL == dbus_reply) {
- fprintf(stderr, "reply failed\n");
- free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
- return SSS_SUDO_REPLY_ERR;
- }
-
- ret = dbus_message_get_args(dbus_reply,
- &err,
- DBUS_TYPE_UINT32,&status,
- DBUS_TYPE_STRING,&result_str,
- DBUS_TYPE_ARRAY,DBUS_TYPE_STRING,&command_array,
- &command_array_out_size,
- DBUS_TYPE_INVALID);
+
+ /* send message and get a handle for a reply */
+ dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg,
+ -1,
+ &err);
+ fprintf(stdout,"Request Sent\n");
+ if (dbus_error_is_set(&err)) {
+ fprintf(stderr, "Connection send-reply Error (%s)\n", err.message);
+ free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_REPLY_ERR;
+ }
+ if (NULL == dbus_reply) {
+ fprintf(stderr, "reply failed\n");
+ free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
+ return SSS_SUDO_REPLY_ERR;
+ }
+
+ ret = dbus_message_get_args(dbus_reply,
+ &err,
+ DBUS_TYPE_UINT32,&status,
+ DBUS_TYPE_STRING,&result_str,
+ DBUS_TYPE_ARRAY,DBUS_TYPE_STRING,&command_array,
+ &command_array_out_size,
+ DBUS_TYPE_INVALID);
if (!ret) {
fprintf (stderr,"Failed to parse reply, killing connection\n");
free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
return SSS_SUDO_REPLY_ERR;
}
-
+
fprintf(stdout,"----------Reply--------:\n"
"Header : %d \nResult status : %s\n"
"Command : ", status,result_str);
- for(count =0;count< command_array_out_size;count++){
- printf("%s ", command_array[count]);
- }
- if (!dbus_message_iter_init(dbus_reply, &msg_iter)) {
- fprintf(stderr, "Reply iterator failed!\n");
- free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
- return SSS_SUDO_REPLY_ERR;
- }
+ for(count =0;count< command_array_out_size;count++){
+ printf("%s ", command_array[count]);
+ }
+ if (!dbus_message_iter_init(dbus_reply, &msg_iter)) {
+ fprintf(stderr, "Reply iterator failed!\n");
+ free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
+ return SSS_SUDO_REPLY_ERR;
+ }
- printf("\n");
- dbus_message_iter_next(&msg_iter);
- dbus_message_iter_next(&msg_iter);
- dbus_message_iter_next(&msg_iter);
+ printf("\n");
+ dbus_message_iter_next(&msg_iter);
+ dbus_message_iter_next(&msg_iter);
+ dbus_message_iter_next(&msg_iter);
- if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){
- fprintf(stderr, "env message iterator corrupted!\n");
- free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
- return SSS_SUDO_REPLY_ERR;
- }
- printf("---------Reply End----------\n");
+ if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){
+ fprintf(stderr, "env message iterator corrupted!\n");
+ free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
+ return SSS_SUDO_REPLY_ERR;
+ }
+ printf("---------Reply End----------\n");
- /* free connection now */
- free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
+ /* free connection now */
+ free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
- if(strncmp(result_str,"PASS",4)==0)
- return SSS_STATUS_SUCCESS;
- else
- return SSS_STATUS_FAILED;
+ if(strncmp(result_str,"PASS",4)==0)
+ return SSS_STATUS_SUCCESS;
+ else
+ return SSS_STATUS_FAILED;
}
void free_all( void )
{
- free(msg.cwd);
- free(msg.tty);
- free(msg.prompt);
- free(msg.runas_user);
- free(msg.runas_group);
- //free(msg.network_addrs);
- free(user_information.username);
-
+ free(msg.cwd);
+ free(msg.tty);
+ free(msg.prompt);
+ free(msg.runas_user);
+ free(msg.runas_group);
+ //free(msg.network_addrs);
+ free(user_information.username);
+
}
@@ -1151,7 +1151,7 @@ int send_and_receive()
goto done;
}
-/* check the reply signature */
+ /* check the reply signature */
if (replen < (2*sizeof(int32_t))) {
//D(("response not in expected format."));
_status = SSS_SUDO_SYSTEM_ERR;
@@ -1160,13 +1160,13 @@ int send_and_receive()
-done:
+ done:
_status = SSS_SUDO_SUCCESS;
if (_status == SSS_SUDO_SUCCESS)
- return _status;
+ return _status;
else
- return SSS_SUDO_FAILED;
+ return SSS_SUDO_FAILED;
}
@@ -1177,8 +1177,8 @@ done:
* whether the user is allowed to run the specified commands.
*/
int policy_check(int argc, char * const argv[],
- char *env_add[], char **command_info_out[],
- char **argv_out[], char **user_env_out[])
+ char *env_add[], char **command_info_out[],
+ char **argv_out[], char **user_env_out[])
{
char *command;
pam_handle_t *pamh;
@@ -1187,45 +1187,45 @@ int policy_check(int argc, char * const argv[],
int pam_ret;
if (!argc || argv[0] == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n");
- return FALSE;
+ sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n");
+ return FALSE;
}
command = find_in_path(argv[0], plugin_state.envp);
if (command == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]);
- return FALSE;
+ sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]);
+ return FALSE;
}
/* If "sudo vi" is run, auto-convert to sudoedit. */
if (strcmp(command, _PATH_VI) == 0)
- use_sudoedit = TRUE;
+ use_sudoedit = TRUE;
if (use_sudoedit) {
- /* Rebuild argv using editor */
- command = find_editor(argc - 1, argv + 1, argv_out);
- if (command == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n");
- return ERROR;
- }
- use_sudoedit = TRUE;
+ /* Rebuild argv using editor */
+ command = find_editor(argc - 1, argv + 1, argv_out);
+ if (command == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n");
+ return ERROR;
+ }
+ use_sudoedit = TRUE;
} else {
- /* No changes needd to argv */
- *argv_out = (char **)argv;
+ /* No changes needd to argv */
+ *argv_out = (char **)argv;
}
/* No changes to envp */
*user_env_out = plugin_state.envp;
/* Space for authentication */
-
+
pam_action = strdup("auth");
pam_user = user_information.username;
-
+
sudo_log(SUDO_CONV_INFO_MSG, "\nCalling PAM with action: %s\nuser: %s\n", pam_action,pam_user);
pam_ret = pam_start(SSS_SUDO_PAM_SERVICE, pam_user, &conv, &pamh);
-
+
if (pam_ret != PAM_SUCCESS) {
fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, pam_ret));
return 0;
@@ -1233,70 +1233,70 @@ int policy_check(int argc, char * const argv[],
pam_ret = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
switch(pam_ret) {
- case PAM_ABORT:
- fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- case PAM_AUTH_ERR:
- fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- case PAM_SUCCESS:
- fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret));
- break;
-
- case PAM_CRED_INSUFFICIENT:
- fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- case PAM_AUTHINFO_UNAVAIL:
- fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- case PAM_USER_UNKNOWN:
- fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- case PAM_MAXTRIES:
- fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- default:
- fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret));
- pam_end(pamh, pam_ret);
- return 0;
-
- }
-
- /* pam is success :) */
- pam_end(pamh, pam_ret);
-
- msg.fq_command = command;
- msg.command = (char **) argv;
- msg.command_count = argc;
-
- if(pam_ret==PAM_SUCCESS) {
- pam_ret = send_and_receive();
- }
-
- free(pam_action);
- free_all();
+ case PAM_ABORT:
+ fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_AUTH_ERR:
+ fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_SUCCESS:
+ fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret));
+ break;
+
+ case PAM_CRED_INSUFFICIENT:
+ fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_AUTHINFO_UNAVAIL:
+ fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_USER_UNKNOWN:
+ fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_MAXTRIES:
+ fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ default:
+ fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ }
+
+ /* pam is success :) */
+ pam_end(pamh, pam_ret);
+
+ msg.fq_command = command;
+ msg.command = (char **) argv;
+ msg.command_count = argc;
+
+ if(pam_ret==PAM_SUCCESS) {
+ pam_ret = send_and_receive();
+ }
+
+ free(pam_action);
+ free_all();
/* Setup command info. */
*command_info_out = build_command_info(command);
- if (*command_info_out == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n");
- return ERROR;
+ if (*command_info_out == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n");
+ return ERROR;
}
- if(pam_ret==SSS_SUDO_SUCCESS)
- return TRUE;
+ if(pam_ret==SSS_SUDO_SUCCESS)
+ return TRUE;
- return FALSE;
+ return FALSE;
}
int policy_list(int argc, char * const argv[], int verbose, const char *list_user)
@@ -1323,32 +1323,32 @@ void policy_close(int exit_status, int error)
* The close function is called when the command being run by sudo finishes.
*/
if (error) {
- sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error));
+ sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error));
}
else {
if (WIFEXITED(exit_status)) {
- sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n",
- WEXITSTATUS(exit_status));
+ sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n",
+ WEXITSTATUS(exit_status));
} else if (WIFSIGNALED(exit_status)) {
- sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n",
- WTERMSIG(exit_status));
- }
- }
+ sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n",
+ WTERMSIG(exit_status));
+ }
+ }
}
/* SUDO Plugin structure */
struct policy_plugin sss_sudo_policy = {
-SUDO_POLICY_PLUGIN,
-SUDO_API_VERSION,
-policy_open,
-policy_close,
-policy_version,
-policy_check,
-policy_list,
-NULL, /* validate */
-NULL /* invalidate */
+ SUDO_POLICY_PLUGIN,
+ SUDO_API_VERSION,
+ policy_open,
+ policy_close,
+ policy_version,
+ policy_check,
+ policy_list,
+ NULL, /* validate */
+ NULL /* invalidate */
};
/* IO_PLUGIN is not needed */
generated by cgit (git 2.34.1) at 2024-05-05 01:17:28 +0000