summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorArun Scaria <arunscaria91@gmail.com>2011-07-06 19:18:28 +0530
committerArun Scaria <arunscaria91@gmail.com>2011-07-06 19:18:28 +0530
commit7076ce034af8cb8b84f0897d0b127bd43c075adc (patch)
tree86a7796c7d87dca63f18de7b0e3b34c781b460c3 /src
parent911f4c8b71a3f43373c398bbbac3fb70be48b37b (diff)
downloadsssd_unused-7076ce034af8cb8b84f0897d0b127bd43c075adc.tar.gz
sssd_unused-7076ce034af8cb8b84f0897d0b127bd43c075adc.tar.xz
sssd_unused-7076ce034af8cb8b84f0897d0b127bd43c075adc.zip
dbus message is framed at clent side- Need some optinizations
Diffstat (limited to 'src')
-rw-r--r--src/sss_client/sudo_plugin/message/sss_sudo_cli.h134
-rw-r--r--src/sss_client/sudo_plugin/message/sss_sudoplugin.c1539
2 files changed, 1673 insertions, 0 deletions
diff --git a/src/sss_client/sudo_plugin/message/sss_sudo_cli.h b/src/sss_client/sudo_plugin/message/sss_sudo_cli.h
new file mode 100644
index 00000000..3a1e445c
--- /dev/null
+++ b/src/sss_client/sudo_plugin/message/sss_sudo_cli.h
@@ -0,0 +1,134 @@
+/*
+ SSSD
+
+ sss_sudo_cli.h
+
+ Authors:
+ Arun Scaria <arunscaria91@gmail.com>
+
+ Copyright (C) 2011 Arun Scaria <arunscaria91@gmail.com>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+*/
+
+#ifndef _SSS_SUDO_CLI_H_
+#define _SSS_SUDO_CLI_H_
+
+
+#undef SSS_END_OF_SUDO_REQUEST
+#define SSS_END_OF_SUDO_REQUEST 0x405645
+
+#undef SSS_START_OF_SUDO_REQUEST
+#define SSS_START_OF_SUDO_REQUEST 0x436789
+
+#ifndef SSS_SUDO_SERVICE_PIPE
+#define SSS_SUDO_SERVICE_PIPE "unix:path=" PIPE_PATH "/sudo"
+#endif
+
+#undef SSS_SUDO_TIMEOUT
+#define SSS_SUDO_TIMEOUT 60
+
+#ifndef SUDO_SERVER_INTERFACE
+#define SUDO_SERVER_INTERFACE "org.freedesktop.sssd.sudo"
+#endif
+
+#ifndef SUDO_SERVER_PATH
+#define SUDO_SERVER_PATH "/org/freedesktop/sssd/sudo"
+#endif
+
+#ifndef SUDO_METHOD_QUERY
+#define SUDO_METHOD_QUERY "queryService"
+#endif
+
+#ifndef CHECK_AND_RETURN_PI_STRING
+#define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
+#endif
+
+#ifndef _SSSCLI_H
+
+ /* If sss_cli.h is not included */
+struct sss_cli_req_data {
+ size_t len;
+ const void *data;
+};
+
+enum sss_status {
+ SSS_STATUS_TRYAGAIN,
+ SSS_STATUS_UNAVAIL,
+ SSS_STATUS_SUCCESS
+};
+
+#endif
+
+enum error_types_sudo{
+
+ SSS_SUDO_SUCCESS = 0x01,
+ SSS_SUDO_BUF_ERR,
+ SSS_SUDO_SYSTEM_ERR,
+ SSS_SUDO_LOG_ERR,
+ SSS_SUDO_LOG_NOTICE,
+
+};
+
+
+
+enum sudo_nullable_item_type{
+
+ SSS_SUDO_ITEM_CWD = 0x0001,
+ SSS_SUDO_ITEM_TTY = 0x0002,
+ SSS_SUDO_ITEM_RUSER = 0x0004,
+ SSS_SUDO_ITEM_RGROUP = 0x0008,
+ SSS_SUDO_ITEM_PROMPT = 0x0010,
+ SSS_SUDO_ITEM_NETADDR = 0x0020,
+ SSS_SUDO_ITEM_COMMAND = 0x0040,
+ SSS_SUDO_ITEM_USER_ENV = 0x0080,
+
+};
+
+static struct sss_sudo_msg_contents
+{
+
+ /* from user_info */
+ uid_t userid;
+ char *cwd;
+ char *tty;
+
+ /* from settings */
+ char * runas_user;
+ char * runas_group;
+ char * prompt;
+ char * network_addrs;
+ int use_sudoedit;
+ int use_set_home;
+ int use_preserve_environment;
+ int use_implied_shell;
+ int use_login_shell;
+ int use_run_shell;
+ int use_preserve_groups;
+ int use_ignore_ticket;
+ int use_noninteractive;
+ int debug_level;
+
+ /*from user_env*/
+ char * * user_env;
+
+ /* command with arguments */
+ char ** command;
+ int command_count;
+
+ /* Clients pid */
+ int cli_pid;
+};
+
+#endif /* _SSS_SUDO_CLI_H_ */
diff --git a/src/sss_client/sudo_plugin/message/sss_sudoplugin.c b/src/sss_client/sudo_plugin/message/sss_sudoplugin.c
new file mode 100644
index 00000000..86dc2262
--- /dev/null
+++ b/src/sss_client/sudo_plugin/message/sss_sudoplugin.c
@@ -0,0 +1,1539 @@
+/*
+ SSSD
+
+ sss_sudo_plugin.c
+
+ Authors:
+ Arun Scaria <arunscaria91@gmail.com>
+
+ Copyright (C) 2011 Arun Scaria <arunscaria91@gmail.com>.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ The coding of some of the components in this programe is based on the
+ code adapted from the sudo project at www.sudo.ws
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+
+
+*/
+
+
+
+ /*
+ * Define to the version of sudo package
+ * This declaration is to be removed and
+ * it is to be imported from config.h
+ */
+#define SUDO_PACKAGE_STRING "sudo 1.8.1"
+
+#ifndef _PATH_VI
+#define _PATH_VI "/bin/vi"
+#endif
+
+#include "config.h"
+#include<unistd.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <stdint.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+
+
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+
+
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdarg.h>
+
+#include "missing.h"
+#include <sudo_plugin.h>
+
+#define PAM_DEBUG 1
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+#include <dbus/dbus.h>
+
+#include "sss_sudo_cli.h"
+
+
+
+
+#ifdef __TANDEM
+/* If it is a tandem system */
+# define ROOT_UID 65535
+#else
+/* If it is a normal system */
+# define ROOT_UID 0
+#endif
+
+#undef TRUE
+#define TRUE 1
+#undef FALSE
+#define FALSE 0
+#undef ERROR
+#define ERROR -1
+
+#undef SSS_SUDO_PLUGIN_VERSION
+#define SSS_SUDO_PLUGIN_VERSION "1.0.0"
+
+#undef SSS_SUDO_IO_PLUGIN_VERSION
+#define SSS_SUDO_IO_PLUGIN_VERSION "1.0.0"
+
+
+#undef SSS_SUDO_PAM_SERVICE
+#define SSS_SUDO_PAM_SERVICE "sudo"
+
+
+#define CHECK_AND_RETURN_BOOL_STRING(obj) ((obj)?"FALSE":"TRUE")
+
+static struct plugin_state {
+ char **envp;
+ char * const *settings;
+ char * const *user_info;
+} plugin_state;
+static sudo_conv_t sudo_conv;
+static sudo_printf_t sudo_log;
+static uid_t runas_uid = ROOT_UID;
+static gid_t runas_gid = -1;
+static int use_sudoedit;
+static int debug_level;
+
+/*
+ * user_info_struct strucure stores the user info. The lines and cols are
+ * number of columns and lines user terminal supports. Most
+ * probably it can be avoided. But I'm keeping it till the final
+ * code.
+ */
+
+static struct user_info_struct
+{
+ char *username;
+ int lines;
+ int cols;
+}user_information;
+
+
+/* The sss_sudo_msg_contents have the message components to be
+ * passed to SSSD responder.
+ */
+
+struct sss_sudo_msg_contents msg;
+
+
+
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+
+
+
+static void print_sudo_items()
+{
+ if (msg.userid < 0) return;
+ D(("Sending data to sssd:: "));
+ D(("UserID: %d", msg.userid));
+ D(("TTY: %s", CHECK_AND_RETURN_PI_STRING(msg.tty)));
+ D(("CWD: %s", CHECK_AND_RETURN_PI_STRING(msg.cwd)));
+ D(("Run as user: %s", CHECK_AND_RETURN_PI_STRING(msg.runas_user)));
+ D(("Run as group: %s", CHECK_AND_RETURN_PI_STRING(msg.runas_group)));
+ D(("Prompt: %s", CHECK_AND_RETURN_PI_STRING(msg.prompt)));
+ D(("Network Address: %s",CHECK_AND_RETURN_PI_STRING(msg.network_addrs)));
+ D(("Use sudo edit: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_sudoedit)));
+ D(("Use set home: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_set_home)));
+ D(("Use preserve environment: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_preserve_environment)));
+ D(("Use implied shell: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_implied_shell)));
+ D(("Use login shell: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_login_shell)));
+ D(("Use run shell: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_run_shell)));
+ D(("Use preserve groups: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_preserve_groups)));
+ D(("Use ignore ticket: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_ignore_ticket)));
+ D(("Use non interactive mode: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_noninteractive)));
+ D(("Use debug level: %s",CHECK_AND_RETURN_BOOL_STRING(msg.use_sudoedit)));
+ D(("Command: %s", CHECK_AND_RETURN_PI_STRING(*msg.command)));
+ /* add env var list */
+ D(("Cli_PID: %d", msg.cli_pid));
+}
+
+
+
+/* initialise size of message contents as zero and boolean values as FALSE */
+static void init_size_of_msg_contents()
+{
+ msg.userid=-1;
+
+ msg.use_sudoedit = FALSE;
+ msg.use_set_home = FALSE;
+ msg.use_preserve_environment = FALSE;
+ msg.use_implied_shell = FALSE;
+ msg.use_login_shell = FALSE;
+ msg.use_run_shell = FALSE;
+ msg.use_preserve_groups = FALSE;
+ msg.use_ignore_ticket = FALSE;
+ msg.use_noninteractive = FALSE;
+
+ msg.debug_level=0;
+
+ msg.command_count=0;
+
+ msg.cli_pid = getpid();
+}
+
+/*
+ * Plugin policy open function. This is called at opening the
+ * plugin by sudo utility.
+ *
+ */
+static int policy_open(unsigned int version,
+ sudo_conv_t conversation,
+ sudo_printf_t sudo_printf,
+ char * const settings[],
+ char * const user_info[],
+ char * const user_env[])
+{
+ char * const *ui;
+ struct passwd *pw;
+ const char *runas_user = NULL;
+ struct group *gr;
+ const char *runas_group = NULL;
+
+
+ if (sudo_conv == NULL) sudo_conv = conversation;
+ if (sudo_log == NULL) sudo_log = sudo_printf;
+
+ /* Check the version of sudo plugin api */
+ if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) {
+ sudo_log(SUDO_CONV_ERROR_MSG,
+ "The sss sudo plugin requires API version %d.x\n",
+ SUDO_API_VERSION_MAJOR);
+ return ERROR;
+ }
+
+ init_size_of_msg_contents();
+
+
+ for (ui = settings; *ui != NULL; ui++) {
+
+ /* get the debug level */
+ if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) {
+ debug_level = atoi(*ui + sizeof("debug_level=") - 1);
+ msg.debug_level = debug_level;
+ }
+
+ /*
+ *check if the user specified the -E flag, indicating that
+ *the user wishes to preserve the environment.
+ *
+ */
+
+ else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0)
+ msg.use_preserve_environment = TRUE;
+ }
+
+ /*
+ * check if the user specified the -H flag. If true, set the
+ * HOME environment variable to the target user's home directory.
+ */
+
+ else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0)
+ msg.use_set_home = TRUE;
+ }
+
+ /*
+ * check if the user specified the -s flag, indicating that the
+ * user wishes to run a shell.
+ */
+
+ else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0)
+ msg.use_run_shell = TRUE;
+ }
+
+ /*
+ * Check if the user specified the -i flag, indicating that the
+ * user wishes to run a login shell.
+ */
+
+ else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0)
+ msg.use_login_shell = TRUE;
+ }
+
+ /*
+ * check to see whether user specified the -k flag along with a
+ * command, indicating that the user wishes to ignore any cached
+ * authentication credentials.
+ */
+
+ else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0)
+ msg.use_ignore_ticket = TRUE;
+ }
+
+ /*
+ * The prompt to use when requesting a password, if specified
+ * via the -p flag.
+ */
+
+ else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) {
+ msg.prompt = strdup(*ui + sizeof("prompt=") - 1);
+ }
+
+ /* Find the user to be run as */
+
+ else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) {
+ msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1);
+ runas_user = msg.runas_user;
+ }
+
+ /* Find the group to be run as */
+
+ else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) {
+ msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1);
+ runas_group = msg.runas_group;
+ }
+
+ /*
+ * To get thhe command name that sudo was run as, typically
+ * "sudo" or "sudoedit". setprogname() is only supported in BSD
+ * No need to include it now.
+ *
+ * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) {
+ * setprogname(*ui + sizeof("progname=") - 1);
+ * }
+ *
+ */
+
+ /* Check to see if sudo was called as sudoedit or with -e flag. */
+
+ else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0)
+ use_sudoedit = TRUE;
+ msg.use_sudoedit = use_sudoedit;
+ }
+
+ /* This plugin doesn't support running sudo with no arguments. */
+
+ else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0)
+ return -2;
+ /* usage error */
+ }
+
+ /*
+ *check to see whether user specified the -P flag, indicating
+ *that the user wishes to preserve the group vector instead of
+ *setting it based on the runas user.
+ */
+
+ else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0)
+ msg.use_preserve_groups = TRUE;
+ }
+
+ /*
+ * check to see whether user specified the -n flag, indicating that
+ * sudo should operate in non-interactive mode. The plugin may reject
+ * a command run in non-interactive mode if user interaction is required.
+ */
+
+ else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) {
+ if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0)
+ msg.use_noninteractive = TRUE;
+ }
+
+ /* to get network_addrs */
+
+ else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) {
+ msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1);
+ }
+
+ /* settings are over */
+ }
+
+
+ /* Build the user info */
+
+ for (ui = user_info; *ui != NULL; ui++) {
+
+ /* get user name */
+
+ if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) {
+ user_information.username = strdup(*ui + sizeof("user=") - 1);
+ }
+
+ /* get user id */
+ else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) {
+ msg.userid = atoi(*ui + sizeof("uid=") - 1);
+ }
+
+
+ /* get cwd */
+ else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) {
+ msg.cwd = strdup(*ui + sizeof("cwd=") - 1);
+ }
+
+ /* get tty */
+ else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) {
+ msg.tty = strdup( *ui + sizeof("tty=") - 1);
+ }
+
+ /* get lines - to be removed at final code if no use */
+ else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) {
+ user_information.lines = atoi(*ui + sizeof("lines=") - 1);
+ }
+
+ /* get cols - to be removed at final code if no use */
+ else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) {
+ user_information.cols = atoi(*ui + sizeof("cols=") - 1);
+ }
+ }
+
+
+
+ if (runas_user != NULL) {
+ if ((pw = getpwnam(runas_user)) == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user);
+ return 0;
+ }
+ runas_uid = pw->pw_uid;
+ }
+ if (runas_group != NULL) {
+ if ((gr = getgrnam(runas_group)) == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group);
+ return 0;
+ }
+ runas_gid = gr->gr_gid;
+ }
+
+ /* fill Plugin state. */
+ plugin_state.envp = (char **)user_env;
+ msg.user_env = (char **)user_env;
+ /* FIXME: Set a mechanism to handle environment */
+ plugin_state.settings = settings;
+ plugin_state.user_info = user_info;
+
+ return 1;
+}
+
+/* Function to check if the command is available in the PATH */
+static char * find_in_path(char *command, char **envp)
+{
+ struct stat sb;
+ char *path;
+ char *path0;
+ char **ep;
+ char *cp = NULL;
+ char pathbuf[PATH_MAX];
+ char *qualified = NULL;
+
+ if (strchr(command, '/') != NULL)
+ return command;
+
+ path = getenv("PATH");
+ for (ep = plugin_state.envp; *ep != NULL; ep++) {
+ if (strncmp(*ep, "PATH=", 5) == 0) {
+ path = *ep + 5;
+ break;
+ }
+ }
+ path = strdup(path);
+ path0 = path;
+
+ do {
+ if ((cp = strchr(path, ':')))
+ *cp = '\0';
+
+ snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command);
+
+ if (stat(pathbuf, &sb) == 0) {
+ if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) {
+ qualified = pathbuf;
+ break;
+ }
+ }
+ path = cp + 1;
+ } while (cp != NULL);
+
+ free(path0);
+ return ((qualified != NULL) ? strdup(qualified) : NULL);
+}
+
+ /*
+ * Information about the command being run in the form
+ * of "name=value" strings. These values are used by
+ * sudo to set the execution environment when running a
+ * command. The plugin is responsible for creating and
+ * populating the vector, which must be terminated with a NULL pointer.
+ *
+ */
+static char ** build_command_info(char *command)
+{
+ static char **command_info;
+ int i = 0;
+
+ /* Setup command info. */
+ command_info = calloc(32, sizeof(char *));
+
+ if (command_info == NULL)
+ return NULL;
+
+ if (asprintf(&command_info[i++],"%s=%s","command", command) == -1 ||
+ asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 ||
+ asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
+ return NULL;
+ }
+
+ if (runas_gid != -1) {
+ if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
+ asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
+ return NULL;
+ }
+ }
+
+ if (use_sudoedit) {
+ command_info[i] = strdup("sudoedit=true");
+ if (command_info[i++] == NULL){
+ return NULL;
+ }
+ }
+
+#ifdef USE_TIMEOUT
+ command_info[i++] = "timeout=30";
+#endif
+
+ return command_info;
+}
+
+
+ /* finds a valid editor for sudo edit or "sudo vi" */
+static char * find_editor(int nfiles, char * const files[], char **argv_out[])
+{
+ char *cp;
+ char **ep;
+ char **nargv;
+ char *editor;
+ char *editor_path;
+ int ac;
+ int i;
+ int nargc;
+ int wasblank;
+
+ /* Lookup EDITOR in user's environment. */
+ editor = _PATH_VI;
+ for (ep = plugin_state.envp; *ep != NULL; ep++) {
+ if (strncmp(*ep, "EDITOR=", 7) == 0) {
+ editor = *ep + 7;
+ break;
+ }
+ }
+
+ editor = strdup(editor);
+ if (editor == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
+ return NULL;
+ }
+
+ /*
+ * Split editor into an argument vector; editor is reused (do not free).
+ * The EDITOR environment variables may contain command
+ * line args so look for those and alloc space for them too.
+ */
+ nargc = 1;
+ for (wasblank = 0, cp = editor; *cp != '\0'; cp++) {
+
+ if (isblank((unsigned char) *cp)) {
+ wasblank = 1;
+ }
+ else if (wasblank) {
+ wasblank = 0;
+ nargc++;
+ }
+ }
+
+ /* If we can't find the editor in the user's PATH, give up. */
+ cp = strtok(editor, " \t");
+ if (cp == NULL ||
+ (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {
+ return NULL;
+ }
+
+ nargv = (char **) malloc((nargc + 1 + nfiles + 1) * sizeof(char *));
+ if (nargv == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
+ return NULL;
+ }
+
+ for (ac = 0; cp != NULL && ac < nargc; ac++) {
+ nargv[ac] = cp;
+ cp = strtok(NULL, " \t");
+ }
+ nargv[ac++] = "--";
+ for (i = 0; i < nfiles; )
+ nargv[ac++] = files[i++];
+ nargv[ac] = NULL;
+
+ *argv_out = nargv;
+ return editor_path;
+}
+
+void calc_nullable_status(dbus_uint32_t * status)
+{
+ *status = 0x0000;
+ if(msg.cwd)
+ *status |= SSS_SUDO_ITEM_CWD;
+ if(msg.tty)
+ *status |= SSS_SUDO_ITEM_TTY;
+ if(msg.runas_user)
+ *status |= SSS_SUDO_ITEM_RUSER;
+ if(msg.runas_group)
+ *status |= SSS_SUDO_ITEM_RGROUP;
+ if(msg.prompt)
+ *status |= SSS_SUDO_ITEM_PROMPT;
+ if(msg.network_addrs)
+ *status |= SSS_SUDO_ITEM_NETADDR;
+ if(msg.command)
+ *status |= SSS_SUDO_ITEM_COMMAND;
+ if(msg.user_env)
+ *status |= SSS_SUDO_ITEM_USER_ENV;
+
+}
+
+
+
+
+int sss_sudo_make_request(struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop)
+{
+
+ const char * truth = "TRUE";
+ const char * fallacy = "FALSE";
+ char ** command_array;
+ int count;
+ char *tmp;
+ char **ui;
+
+#define GET_BOOL_STRING(x) ((x)? &truth : &fallacy)
+
+ DBusConnection* conn;
+ DBusError err;
+
+ DBusMessage* dbus_msg;
+ DBusMessage* dbus_reply;
+ DBusMessageIter msg_iter;
+ DBusMessageIter sub_iter;
+ DBusMessageIter dict_iter;
+
+ dbus_uint32_t start_header;
+ dbus_uint32_t status=0;
+ dbus_bool_t ret=FALSE;
+ dbus_uint32_t nullable_status= 0x0000;
+
+ calc_nullable_status(&nullable_status);
+
+ fprintf(stdout,"Calling remote method to pack message\n");
+
+ /* initialise the errors */
+ dbus_error_init(&err);
+
+ /* connect to the system bus and check for errors */
+ conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err);
+ if (dbus_error_is_set(&err)) {
+ fprintf(stderr, "Connection Error (%s)\n", err.message);
+ dbus_error_free(&err);
+ }
+ if (NULL == conn) {
+ return SSS_SUDO_SYSTEM_ERR;
+ }
+
+
+ /* create a new method call and check for errors */
+ dbus_msg = dbus_message_new_method_call( NULL, /* target */
+ SUDO_SERVER_PATH, /* object */
+ SUDO_SERVER_INTERFACE, /* interface */
+ SUDO_METHOD_QUERY); /* method name */
+ if (NULL == dbus_msg) {
+ fprintf(stderr, "Message Null\n");
+ if (dbus_error_is_set(&err))
+ dbus_error_free(&err);
+ dbus_connection_close(conn);
+ return SSS_SUDO_SYSTEM_ERR;
+ }
+
+ start_header = SSS_START_OF_SUDO_REQUEST;
+
+ /* append arguments */
+
+
+ dbus_message_iter_init_append(dbus_msg, &msg_iter);
+
+ if (!dbus_message_iter_append_basic(&msg_iter,
+ DBUS_TYPE_UINT32,
+ &start_header)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if (!dbus_message_iter_append_basic(&msg_iter,
+ DBUS_TYPE_UINT32,
+ &nullable_status)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ if(!dbus_message_iter_open_container(&msg_iter,
+ DBUS_TYPE_STRUCT,NULL,
+ &sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_UINT32,
+ &msg.userid)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if(nullable_status & SSS_SUDO_ITEM_CWD){
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ &msg.cwd)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ }
+
+ if(nullable_status & SSS_SUDO_ITEM_TTY){
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ &msg.tty)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ }
+
+ if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ command_array = (char *) malloc(msg.command_count* sizeof (char*));
+
+ for(count = 0;count<msg.command_count;count++) {
+ command_array[count] = msg.command[count];
+ }
+
+
+ if(nullable_status & SSS_SUDO_ITEM_COMMAND){
+
+ if(!dbus_message_iter_open_container(&msg_iter,
+ DBUS_TYPE_ARRAY,"s",
+ &sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ for(count =0; count<msg.command_count;count++){
+
+ if (!dbus_message_iter_append_basic(&sub_iter,
+ DBUS_TYPE_STRING,
+ &command_array[count])) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ }
+
+ if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ }
+ ////////
+
+ if(!dbus_message_iter_open_container(&msg_iter,
+ DBUS_TYPE_ARRAY,
+ "{ss}",
+ &sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if(nullable_status & SSS_SUDO_ITEM_RUSER){
+ tmp = strdup("runasuser");
+
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &msg.runas_user)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ }
+
+
+ if(nullable_status & SSS_SUDO_ITEM_RGROUP){
+ tmp = strdup("runasgroup");
+ if(!dbus_message_iter_open_container(&sub_iter, DBUS_TYPE_DICT_ENTRY,NULL,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &msg.runas_group)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ }
+
+
+ if(nullable_status & SSS_SUDO_ITEM_PROMPT){
+ if(!dbus_message_iter_open_container(&sub_iter, DBUS_TYPE_DICT_ENTRY,NULL,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ tmp = strdup("prompt");
+
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &msg.prompt)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ }
+
+
+
+ if(nullable_status & SSS_SUDO_ITEM_NETADDR){
+ if(!dbus_message_iter_open_container(&sub_iter, DBUS_TYPE_DICT_ENTRY,NULL,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ tmp = strdup("networkaddress");
+
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &msg.network_addrs)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ }
+
+
+
+
+ tmp = strdup("use_sudoedit");
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_sudoedit))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ tmp = strdup("use_set_home");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_set_home))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ tmp = strdup("use_preserve_environment");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_preserve_environment))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ tmp = strdup("use_implied_shell");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_implied_shell))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ tmp = strdup("use_login_shell");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_login_shell))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ tmp = strdup("use_run_shell");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_run_shell))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ tmp = strdup("use_preserve_groups");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_preserve_groups))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ tmp = strdup("use_ignore_ticket");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_ignore_ticket))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ tmp = strdup("use_noninteractive");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.use_noninteractive))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,
+ NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ tmp = strdup("use_debug_level");
+
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ &tmp)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter,
+ DBUS_TYPE_STRING,
+ GET_BOOL_STRING(msg.debug_level))) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ free(tmp);
+
+
+
+
+
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ /////
+
+
+
+ if(!dbus_message_iter_open_container(&msg_iter,
+ DBUS_TYPE_ARRAY,
+ "{ss}",
+ &sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ for(ui = msg.user_env; *ui!=NULL;*ui++) {
+
+ tmp = strchr(*ui,'=');
+
+ *tmp = '\0';
+ if(!dbus_message_iter_open_container(&sub_iter,
+ DBUS_TYPE_DICT_ENTRY,NULL,
+ &dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, ui)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ if (!dbus_message_iter_append_basic(&dict_iter, DBUS_TYPE_STRING, &tmp+1)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+ *tmp = '=' ;
+
+ if (!dbus_message_iter_close_container(&sub_iter,&dict_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+ }
+
+if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) {
+ fprintf(stderr, "Out Of Memory!\n");
+ exit(1);
+ }
+
+
+ /* send message and get a handle for a reply */
+ dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg,
+ 600,
+ &err);
+ if (dbus_error_is_set(&err)) {
+ fprintf(stderr, "Connection send-reply Error (%s)\n", err.message);
+ dbus_error_free(&err);
+ exit(1);
+ }
+ if (NULL == dbus_reply) {
+ fprintf(stderr, "reply failed\n");
+ exit(1);
+ }
+
+
+ fprintf(stdout,"Request Sent\n");
+
+
+ ret = dbus_message_get_args(dbus_reply, &err,
+ DBUS_TYPE_UINT16, &status,
+ DBUS_TYPE_INVALID);
+ if (!ret) {
+ fprintf (stderr,"Failed to parse reply, killing connection\n");
+ if (dbus_error_is_set(&err)) dbus_error_free(&err);
+ dbus_connection_close(conn);
+ return SSS_SUDO_SYSTEM_ERR;
+ }
+
+ fprintf(stdout,"Got Reply: %d\n", status);
+
+ // free reply and close connection
+ /* free message */
+ dbus_message_unref(dbus_msg);
+ dbus_message_unref(dbus_reply);
+ dbus_connection_close(conn);
+
+free(command_array);
+
+return SSS_STATUS_SUCCESS;
+
+}
+
+void free_all()
+{
+ free(msg.cwd);
+ free(msg.tty);
+ free(msg.prompt);
+ free(msg.runas_user);
+ free(msg.runas_group);
+ free(msg.network_addrs);
+ free(user_information.username);
+
+}
+
+
+static int send_and_receive()
+{
+ int ret;
+ int errnop;
+ struct sss_cli_req_data rd;
+ uint8_t *buf = NULL;
+ uint8_t *repbuf = NULL;
+ size_t replen;
+ int _status = SSS_SUDO_SYSTEM_ERR;
+
+ print_sudo_items();
+
+ errnop = 0;
+ ret = sss_sudo_make_request( &rd, &repbuf, &replen, &errnop);
+
+ if (ret != SSS_SUDO_SUCCESS) {
+ if (errnop != 0) {
+ fprintf( stderr, "Request to sssd failed. %d", errnop);
+ }
+ _status = SSS_SUDO_SYSTEM_ERR;
+ goto done;
+ }
+
+/* check the reply signature */
+ if (replen < (2*sizeof(int32_t))) {
+ //D(("response not in expected format."));
+ _status = SSS_SUDO_SYSTEM_ERR;
+ goto done;
+ }
+
+
+
+done:
+ _status = SSS_STATUS_SUCCESS;
+
+ if (_status == SSS_STATUS_SUCCESS)
+ return _status;
+ else
+ return SSS_STATUS_UNAVAIL;
+}
+
+
+
+/*
+ * Plugin policy check function.
+ * The check_policy function is called by sudo to determine
+ * whether the user is allowed to run the specified commands.
+ */
+static int policy_check(int argc, char * const argv[],
+ char *env_add[], char **command_info_out[],
+ char **argv_out[], char **user_env_out[])
+{
+ char *command;
+ pam_handle_t *pamh;
+ char *pam_user;
+ char *pam_action;
+ int pam_ret;
+
+ if (!argc || argv[0] == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n");
+ return FALSE;
+ }
+
+
+ command = find_in_path(argv[0], plugin_state.envp);
+ if (command == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]);
+ return FALSE;
+ }
+
+ /* If "sudo vi" is run, auto-convert to sudoedit. */
+ if (strcmp(command, _PATH_VI) == 0)
+ use_sudoedit = TRUE;
+
+ if (use_sudoedit) {
+ /* Rebuild argv using editor */
+ command = find_editor(argc - 1, argv + 1, argv_out);
+ if (command == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n");
+ return ERROR;
+ }
+ use_sudoedit = TRUE;
+ } else {
+ /* No changes needd to argv */
+ *argv_out = (char **)argv;
+ }
+
+ /* No changes to envp */
+ *user_env_out = plugin_state.envp;
+
+ /* Space for authentication */
+
+ pam_action = strdup("auth");
+ pam_user = user_information.username;
+
+ sudo_log(SUDO_CONV_INFO_MSG, "\nCalling PAM with action: %s\nuser: %s\n", pam_action,pam_user);
+ pam_ret = pam_start(SSS_SUDO_PAM_SERVICE, pam_user, &conv, &pamh);
+
+ if (pam_ret != PAM_SUCCESS) {
+ fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, pam_ret));
+ return 0;
+ }
+
+ pam_ret = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
+ switch(pam_ret) {
+ case PAM_ABORT:
+ fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_AUTH_ERR:
+ fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_SUCCESS:
+ fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret));
+ break;
+
+ case PAM_CRED_INSUFFICIENT:
+ fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_AUTHINFO_UNAVAIL:
+ fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_USER_UNKNOWN:
+ fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ case PAM_MAXTRIES:
+ fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ default:
+ fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret));
+ pam_end(pamh, pam_ret);
+ return 0;
+
+ }
+
+ /* pam is success :) */
+ pam_end(pamh, pam_ret);
+
+ msg.command = argv;
+ msg.command_count = argc;
+
+ if(pam_ret==PAM_SUCCESS) {
+
+ pam_ret = send_and_receive();
+ }
+
+ free(pam_action);
+ free_all();
+ /* Setup command info. */
+ *command_info_out = build_command_info(command);
+ if (*command_info_out == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n");
+ return ERROR;
+ }
+ if(pam_ret==SSS_STATUS_SUCCESS)
+ return TRUE;
+
+ return FALSE;
+}
+
+static int policy_list(int argc, char * const argv[], int verbose, const char *list_user)
+{
+ /*
+ * List user's capabilities.
+ */
+ sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command. Currently validation isn't coded. :/\n");
+ return TRUE;
+}
+
+
+
+static int policy_version(int verbose)
+{
+ sudo_log(SUDO_CONV_INFO_MSG, "%sv\nSudo Plugin API version %dv\nSSSD sudo plugin version %s\n", SUDO_PACKAGE_STRING,SUDO_API_VERSION,SSS_SUDO_PLUGIN_VERSION);
+ return TRUE;
+}
+
+
+static void policy_close(int exit_status, int error)
+{
+ /*
+ * The close function is called when the command being run by sudo finishes.
+ */
+ if (error) {
+ sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error));
+ } else {
+ if (WIFEXITED(exit_status)) {
+ sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n",
+ WEXITSTATUS(exit_status));
+ } else if (WIFSIGNALED(exit_status)) {
+ sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n",
+ WTERMSIG(exit_status));
+ }
+ }
+}
+
+
+/* IO_PLUGIN is not needed */
+
+
+struct policy_plugin sss_sudo_policy = {
+ SUDO_POLICY_PLUGIN,
+ SUDO_API_VERSION,
+ policy_open,
+ policy_close,
+ policy_version,
+ policy_check,
+ policy_list,
+ NULL, /* validate */
+ NULL /* invalidate */
+};
+
+
+