diff options
author | Arun Scaria <arunscaria91@gmail.com> | 2011-07-06 22:02:47 +0530 |
---|---|---|
committer | Arun Scaria <arunscaria91@gmail.com> | 2011-07-06 22:02:47 +0530 |
commit | a0ccc52207cfb59fc62481ce1ef891316ebbd407 (patch) | |
tree | e242c695b4877dffe33f212116d0fee7aece2097 | |
parent | 17f238d9d45a452a3ea6a61d84266ec968d4c0a5 (diff) | |
download | sssd_unused-a0ccc52207cfb59fc62481ce1ef891316ebbd407.tar.gz sssd_unused-a0ccc52207cfb59fc62481ce1ef891316ebbd407.tar.xz sssd_unused-a0ccc52207cfb59fc62481ce1ef891316ebbd407.zip |
moved sss_sudo_msg_contents to header file of plugin.
-rw-r--r-- | src/conf_macros.m4~ | 352 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.c~ | 263 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv.h~ | 59 |
3 files changed, 674 insertions, 0 deletions
diff --git a/src/conf_macros.m4~ b/src/conf_macros.m4~ new file mode 100644 index 00000000..b626c89f --- /dev/null +++ b/src/conf_macros.m4~ @@ -0,0 +1,352 @@ +AC_DEFUN([WITH_DB_PATH], + [ AC_ARG_WITH([db-path], + [AC_HELP_STRING([--with-db-path=PATH], + [Path to the SSSD databases [/var/lib/sss/db]] + ) + ] + ) + config_dbpath="\"VARDIR\"/lib/sss/db" + dbpath="${localstatedir}/lib/sss/db" + if test x"$with_db_path" != x; then + config_dbpath=$with_db_path + dbpath=$with_db_path + fi + AC_SUBST(dbpath) + AC_DEFINE_UNQUOTED(DB_PATH, "$config_dbpath", [Path to the SSSD databases]) + ]) + +AC_DEFUN([WITH_PLUGIN_PATH], + [ AC_ARG_WITH([plugin-path], + [AC_HELP_STRING([--with-plugin-path=PATH], + [Path to the SSSD data provider plugins [/usr/lib/sssd]] + ) + ] + ) + pluginpath="${libdir}/sssd" + config_pluginpath="\"LIBDIR\"/sssd" + if test x"$with_plugin_path" != x; then + pluginpath=$with_plugin_path + config_pluginpath=$with_plugin_path + fi + AC_SUBST(pluginpath) + AC_DEFINE_UNQUOTED(DATA_PROVIDER_PLUGINS_PATH, "$config_pluginpath", [Path to the SSSD sudo plugins]) + ]) + +AC_DEFUN([WITH_SUDO_PLUGIN_PATH], + [ AC_ARG_WITH([sudo-plugin-path], + [AC_HELP_STRING([--with-sudo-plugin-path=PATH], + [Path to the SSSD sudo plugins [/usr/lib/sudo]] + ) + ] + ) + sudo_pluginpath="${libdir}/sudo" + sudo_config_pluginpath="\"LIBDIR\"/sudo" + if test x"$with_sudo_plugin_path" != x; then + sudo_pluginpath=$with_sudo_plugin_path + sudo_config_pluginpath=$with_sudo_plugin_path + fi + AC_SUBST(sudo_pluginpath) + AC_DEFINE_UNQUOTED(SUDO_PLUGINS_PATH, "$sudo_config_pluginpath", [Path to the SSSD data provider plugins]) + ]) + + + +AC_DEFUN([WITH_PID_PATH], + [ AC_ARG_WITH([pid-path], + [AC_HELP_STRING([--with-pid-path=PATH], + [Where to store pid files for the SSSD [/var/run]] + ) + ] + ) + config_pidpath="\"VARDIR\"/run" + pidpath="${localstatedir}/run" + if test x"$with_pid_path" != x; then + config_pidpath=$with_pid_path + pidpath=$with_pid_path + fi + AC_SUBST(pidpath) + AC_DEFINE_UNQUOTED(PID_PATH, "$config_pidpath", [Where to store pid files for the SSSD]) + ]) + +AC_DEFUN([WITH_LOG_PATH], + [ AC_ARG_WITH([log-path], + [AC_HELP_STRING([--with-log-path=PATH], + [Where to store log files for the SSSD [/var/log/sssd]] + ) + ] + ) + config_logpath="\"VARDIR\"/log/sssd" + logpath="${localstatedir}/log/sssd" + if test x"$with_log_path" != x; then + config_logpath=$with_log_path + logpath=$with_log_path + fi + AC_SUBST(logpath) + AC_DEFINE_UNQUOTED(LOG_PATH, "$config_logpath", [Where to store log files for the SSSD]) + ]) + +AC_DEFUN([WITH_PUBCONF_PATH], + [ AC_ARG_WITH([pubconf-path], + [AC_HELP_STRING([--with-pubconf-path=PATH], + [Where to store pubconf files for the SSSD [/var/lib/sss/pubconf]] + ) + ] + ) + config_pubconfpath="\"VARDIR\"/lib/sss/pubconf" + pubconfpath="${localstatedir}/lib/sss/pubconf" + if test x"$with_pubconf_path" != x; then + config_pubconfpath=$with_pubconf_path + pubconfpath=$with_pubconf_path + fi + AC_SUBST(pubconfpath) + AC_DEFINE_UNQUOTED(PUBCONF_PATH, "$config_pubconfpath", [Where to store pubconf files for the SSSD]) + ]) + +AC_DEFUN([WITH_PIPE_PATH], + [ AC_ARG_WITH([pipe-path], + [AC_HELP_STRING([--with-pipe-path=PATH], + [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]] + ) + ] + ) + config_pipepath="\"VARDIR\"/lib/sss/pipes" + pipepath="${localstatedir}/lib/sss/pipes" + if test x"$with_pipe_path" != x; then + config_pipepath=$with_pipe_path + pipepath=$with_pipe_path + fi + AC_SUBST(pipepath) + AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects]) + ]) + +AC_DEFUN([WITH_INITSCRIPT], + [ AC_ARG_WITH([initscript], + [AC_HELP_STRING([--with-initscript=INITSCRIPT_TYPE], + [Type of your init script (sysv|systemd). [sysv]] + ) + ] + ) + default_initscript=sysv + if test x"$with_initscript" = x; then + with_initscript=$default_initscript + fi + + if test x"$with_initscript" = xsysv || \ + test x"$with_initscript" = xsystemd; then + initscript=$with_initscript + else + AC_MSG_ERROR([Illegal value -$with_initscript- for option --with-initscript]) + fi + + AM_CONDITIONAL([HAVE_SYSV], [test x"$initscript" = xsysv]) + AM_CONDITIONAL([HAVE_SYSTEMD_UNIT], [test x"$initscript" = xsystemd]) + AC_MSG_NOTICE([Will use init script type: $initscript]) + ]) + +AC_DEFUN([WITH_INIT_DIR], + [ AC_ARG_WITH([init-dir], + [AC_HELP_STRING([--with-init-dir=DIR], + [Where to store init script for sssd [/etc/rc.d/init.d]] + ) + ] + ) + initdir="${sysconfdir}/rc.d/init.d" + if test x$osname == xgentoo; then + initdir="${sysconfdir}/init.d" + fi + if test x"$with_init_dir" != x; then + initdir=$with_init_dir + fi + AC_SUBST(initdir) + ]) + +dnl A macro to configure the directory to install the systemd unit files to +AC_DEFUN([WITH_SYSTEMD_UNIT_DIR], + [ AC_ARG_WITH([systemdunitdir], + [ AC_HELP_STRING([--with-systemdunitdir=DIR], + [Directory for systemd service files [Auto]] + ), + ], + ) + if test x"$with_systemdunitdir" != x; then + systemdunitdir=$with_systemdunitdir + else + systemdunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) + if test x"$systemdunitdir" = x; then + AC_MSG_ERROR([Could not detect systemd unit directory]) + fi + fi + AC_SUBST(systemdunitdir) + ]) + +AC_DEFUN([WITH_MANPAGES], + [ AC_ARG_WITH([manpages], + [AC_HELP_STRING([--with-manpages], + [Whether to regenerate man pages from DocBook sources [yes]] + ) + ], + [], + with_manpages=yes + ) + if test x"$with_manpages" = xyes; then + HAVE_MANPAGES=1 + AC_SUBST(HAVE_MANPAGES) + fi + ]) +AM_CONDITIONAL([BUILD_MANPAGES], [test x$with_manpages = xyes]) + +AC_DEFUN([WITH_XML_CATALOG], + [ AC_ARG_WITH([xml-catalog-path], + [AC_HELP_STRING([--with-xml-catalog-path=PATH], + [Where to look for XML catalog [/etc/xml/catalog]] + ) + ] + ) + SGML_CATALOG_FILES="/etc/xml/catalog" + if test x"$with_xml_catalog_path" != x; then + SGML_CATALOG_FILES="$with_xml_catalog_path" + fi + AC_SUBST([SGML_CATALOG_FILES]) + ]) + +AC_DEFUN([WITH_KRB5_PLUGIN_PATH], + [ AC_ARG_WITH([krb5-plugin-path], + [AC_HELP_STRING([--with-krb5-plugin-path=PATH], + [Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5]] + ) + ] + ) + krb5pluginpath="${libdir}/krb5/plugins/libkrb5" + if test x"$with_krb5_plugin_path" != x; then + krb5pluginpath=$with_krb5_plugin_path + fi + AC_SUBST(krb5pluginpath) + ]) + +AC_DEFUN([WITH_PYTHON_BINDINGS], + [ AC_ARG_WITH([python-bindings], + [AC_HELP_STRING([--with-python-bindings], + [Whether to build python bindings [yes]] + ) + ], + [], + with_python_bindings=yes + ) + if test x"$with_python_bindings" = xyes; then + HAVE_PYTHON_BINDINGS=1 + AC_SUBST(HAVE_PYTHON_BINDINGS) + fi + AM_CONDITIONAL([BUILD_PYTHON_BINDINGS], [test x"$with_python_bindings" = xyes]) + ]) + +AC_DEFUN([WITH_SELINUX], + [ AC_ARG_WITH([selinux], + [AC_HELP_STRING([--with-selinux], + [Whether to build with SELinux support [yes]] + ) + ], + [], + with_selinux=yes + ) + if test x"$with_selinux" = xyes; then + HAVE_SELINUX=1 + AC_SUBST(HAVE_SELINUX) + AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1, [Build with SELinux support]) + fi + AM_CONDITIONAL([BUILD_SELINUX], [test x"$with_selinux" = xyes]) + ]) + +AC_DEFUN([WITH_TEST_DIR], + [ AC_ARG_WITH([test-dir], + [AC_HELP_STRING([--with-test-dir=PATH], + [Directory used for make check temporary files [$builddir]] + ) + ] + ) + TEST_DIR=$with_test_dir + AC_SUBST(TEST_DIR) + AC_DEFINE_UNQUOTED(TEST_DIR, "$with_test_dir", [Directory used for 'make check' temporary files]) + ]) + +AC_DEFUN([WITH_NSCD], + [ AC_ARG_WITH([nscd], + [AC_HELP_STRING([--with-nscd], + [Whether to attempt to flush nscd cache after local domain operations [yes]] + ) + ], + [], + with_nscd=yes + ) + if test x"$with_nscd" = xyes; then + AC_DEFINE_UNQUOTED(HAVE_NSCD, 1, [flush nscd cache after local domain operations]) + fi + ]) + +AC_DEFUN([WITH_SEMANAGE], + [ AC_ARG_WITH([semanage], + [AC_HELP_STRING([--with-semanage], + [Whether to build with SELinux user management support [yes]] + ) + ], + [], + with_semanage=yes + ) + if test x"$with_semanage" = xyes; then + HAVE_SEMANAGE=1 + AC_SUBST(HAVE_SEMANAGE) + AC_DEFINE_UNQUOTED(HAVE_SEMANAGE, 1, [Build with SELinux support]) + fi + AM_CONDITIONAL([BUILD_SEMANAGE], [test x"$with_semanage" = xyes]) + ]) + +AC_DEFUN([WITH_LIBNL], + [ AC_ARG_WITH([libnl], + [AC_HELP_STRING([--with-libnl], + [Whether to build with libnetlink support [AUTO]] + ) + ], + [], + with_libnl=yes + ) + if test x"$with_libnl" = xyes; then + BUILD_LIBNL=1 + AC_SUBST(BUILD_LIBNL) + fi + ]) + +AC_DEFUN([WITH_CRYPTO], + [ AC_ARG_WITH([crypto], + [AC_HELP_STRING([--with-crypto=CRYPTO_LIB], + [The cryptographic library to use (nss|libcrypto). The default is nss.] + ) + ], + [], + with_crypto=nss + ) + + cryptolib="" + if test x"$with_crypto" != x; then + if test x"$with_crypto" = xnss || \ + test x"$with_crypto" = xlibcrypto; then + cryptolib="$with_crypto"; + else + AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto]) + fi + fi + AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss]) + AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto]) + ]) + +AC_DEFUN([WITH_NOLOGIN_SHELL], + [ AC_ARG_WITH([nologin-shell], + [AC_HELP_STRING([--with-nologin-shell=PATH], + [The shell used to deny access to users [/sbin/nologin]] + ) + ] + ) + nologin_shell="/sbin/nologin" + if test x"$with_nologin_shell" != x; then + nologin_shell=$with_nologin_shell + fi + AC_DEFINE_UNQUOTED(NOLOGIN_SHELL, "$nologin_shell", [The shell used to deny access to users]) + ]) diff --git a/src/responder/sudo/sudosrv.c~ b/src/responder/sudo/sudosrv.c~ new file mode 100644 index 00000000..3da23f5a --- /dev/null +++ b/src/responder/sudo/sudosrv.c~ @@ -0,0 +1,263 @@ +/* + SSSD + + SUDO Responder + + Copyright (C) Arun Scaria <arunscaria91@gmail.com> (2011) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <stdio.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <string.h> +#include <sys/time.h> +#include <errno.h> + +#include <popt.h> +#include "util/util.h" +#include "sbus/sbus_client.h" + +#include "sudosrv.h" + + + +static int sudo_client_destructor(void *ctx) +{ + struct sudo_client *sudocli = talloc_get_type(ctx, struct sudo_client); + if (sudocli->sudoctx) { + //sudocli->sudoctx->sudo_cli = NULL; + DEBUG(4, ("Removed Sudo client\n")); + } + return 0; +} + + +static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn) +{ + + dbus_uint16_t version = 45674; + struct sudo_client *sudocli; + DBusMessage *reply; + DBusError dbus_error; + char *str; + dbus_bool_t dbret; + void *data; + + data = sbus_conn_get_private_data(conn); + sudocli = talloc_get_type(data, struct sudo_client); + if (!sudocli) { + DEBUG(0, ("Connection holds no valid init data\n")); + return EINVAL; + } + + /* First thing, cancel the timeout */ + DEBUG(4, ("Cancel SUDO ID timeout [%p]\n", sudocli->timeout)); + talloc_zfree(sudocli->timeout); + + dbus_error_init(&dbus_error); + + dbret = dbus_message_get_args(message, &dbus_error, + DBUS_TYPE_STRING, &str, + DBUS_TYPE_INVALID); + if (!dbret) { + DEBUG(1, ("Failed to parse message, killing connection\n")); + if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); + sbus_disconnect(conn); + return EIO; + } + + printf(" The string messahe is : %s ",str); + talloc_set_destructor((TALLOC_CTX *)sudocli, sudo_client_destructor); + + DEBUG(4, ("Got string [%s]\n", str)); + + /* reply that all is ok */ + reply = dbus_message_new_method_return(message); + if (!reply) { + DEBUG(0, ("Dbus Out of memory!\n")); + return ENOMEM; + } + + dbret = dbus_message_append_args(reply, + DBUS_TYPE_UINT16, &version, + DBUS_TYPE_INVALID); + if (!dbret) { + DEBUG(0, ("Failed to build dbus reply\n")); + dbus_message_unref(reply); + sbus_disconnect(conn); + return EIO; + } + + /* send reply back */ + sbus_conn_send_reply(conn, reply); + dbus_message_unref(reply); + + sudocli->initialized = true; + return EOK; + + +} + +static void init_timeout(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval t, void *ptr) +{ + struct sudo_client *sudocli; + + DEBUG(2, ("Client timed out before Identification [%p]!\n", te)); + + sudocli = talloc_get_type(ptr, struct sudo_client); + + sbus_disconnect(sudocli->conn); + talloc_zfree(sudocli); +} + +static int sudo_client_init(struct sbus_connection *conn, void *data) +{ + struct sudo_ctx *sudoctx; + struct sudo_client *sudocli; + struct timeval tv; + + sudoctx = talloc_get_type(data, struct sudo_ctx); + + /* hang off this memory to the connection so that when the connection + * is freed we can potentially call a destructor */ + + sudocli = talloc(conn, struct sudo_client); + if (!sudocli) { + DEBUG(0,("Out of memory?!\n")); + talloc_zfree(conn); + return ENOMEM; + } + sudocli->sudoctx = sudoctx; + sudocli->conn = conn; + sudocli->initialized = false; + + /* 5 seconds should be plenty */ + tv = tevent_timeval_current_ofs(5, 0); + + sudocli->timeout = tevent_add_timer(sudoctx->ev, sudocli, tv, init_timeout, sudocli); + if (!sudocli->timeout) { + DEBUG(0,("Out of memory?!\n")); + talloc_zfree(conn); + return ENOMEM; + } + DEBUG(4, ("Set-up Backend ID timeout [%p]\n", sudocli->timeout)); + + /* Attach the client context to the connection context, so that it is + * always available when we need to manage the connection. */ + sbus_conn_set_private_data(conn, sudocli); + + return EOK; +} + + +int sudo_server_connect(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sudo_ctx *_ctx) +{ + + char *sudo_address="unix:path=/tmp/sssd/sudo"; + int ret; + struct sbus_connection *serv; + + + DEBUG(1, ("Setting up the sudo server.\n")); + + + ret = sbus_new_server(mem_ctx,ev, sudo_address, + &sudo_interface, &serv, + sudo_client_init, _ctx); + if (ret != EOK) { + DEBUG(0, ("Could not set up sbus server.\n")); + return ret; + } + + return EOK; + +} + +int sudo_process_init(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct confdb_ctx *cdb) +{ + struct sudo_ctx *ctx; + int ret; + + ctx = talloc_zero(mem_ctx, struct sudo_ctx); + ctx->ev = ev; + ctx->cdb = cdb; + + + ret =sudo_server_connect(mem_ctx,ev,ctx); + DEBUG(0, ("sudo server returned %d.\n",ret)); + + return EOK; +} + +int main(int argc, const char *argv[]) +{ + int opt; + poptContext pc; + struct main_context *main_ctx; + int ret; + + struct poptOption long_options[] = { + POPT_AUTOHELP + SSSD_MAIN_OPTS + POPT_TABLEEND + }; + + pc = poptGetContext(argv[0], argc, argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + return 1; + } + } + + poptFreeContext(pc); + + /* set up things like debug, signals, daemonization, etc... */ + debug_log_file = "sssd_sudo"; + + ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx); + if (ret != EOK) return 2; + + ret = die_if_parent_died(); + if (ret != EOK) { + /* This is not fatal, don't return */ + DEBUG(2, ("Could not set up to exit when parent process does\n")); + } + + ret = sudo_process_init(main_ctx, + main_ctx->event_ctx, + main_ctx->confdb_ctx); + if (ret != EOK) return 3; + + /* loop on main */ + server_loop(main_ctx); + + return 0; +} + diff --git a/src/responder/sudo/sudosrv.h~ b/src/responder/sudo/sudosrv.h~ new file mode 100644 index 00000000..0b933ea4 --- /dev/null +++ b/src/responder/sudo/sudosrv.h~ @@ -0,0 +1,59 @@ +/* + SSSD + + SUDO Responder + + Copyright (C) Arun Scaria <arunscaria91@gmail.com> (2011) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + + +#define CONFDB_SUDO_CONF_ENTRY "config/sudo" + +#define SUDO_INTERFACE "org.freedesktop.sssd.sudo" +#define SUDO_PATH "/org/freedesktop/sssd/sudo" +#define SUDO_METHOD_QUERY "queryService" + +static int sudo_query_validation(DBusMessage *message, struct sbus_connection *conn); +struct sbus_method sudo_methods[] = { + + { SUDO_METHOD_QUERY, sudo_query_validation }, + { NULL, NULL } +}; + +struct sbus_interface sudo_interface = { + SUDO_INTERFACE, + SUDO_PATH, + SBUS_DEFAULT_VTABLE, + sudo_methods, + NULL +}; + +struct sudo_ctx { + struct tevent_context *ev; + struct confdb_ctx *cdb; + + struct sbus_connection *mon_conn; + struct sbus_connection *sbus_srv; + + size_t check_online_ref_count; +}; + +struct sudo_client { + struct sudo_ctx *sudoctx; + struct sbus_connection *conn; + struct tevent_timer *timeout; + bool initialized; +};
\ No newline at end of file |