diff options
Diffstat (limited to 'src/sss_client/sudo_plugin/sss_sudoplugin.c')
| -rw-r--r-- | src/sss_client/sudo_plugin/sss_sudoplugin.c | 1526 |
1 files changed, 763 insertions, 763 deletions
diff --git a/src/sss_client/sudo_plugin/sss_sudoplugin.c b/src/sss_client/sudo_plugin/sss_sudoplugin.c index 2b058e6a..12fa4ec5 100644 --- a/src/sss_client/sudo_plugin/sss_sudoplugin.c +++ b/src/sss_client/sudo_plugin/sss_sudoplugin.c @@ -12,7 +12,7 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + The coding of some of the components in this programe is based on the code adapted from the sudo project at www.sudo.ws @@ -25,15 +25,15 @@ along with this program. If not, see <http://www.gnu.org/licenses/> -*/ + */ - /* - * Define to the version of sudo package - * This declaration is to be removed and - * it is to be imported from config.h - */ +/* + * Define to the version of sudo package + * This declaration is to be removed and + * it is to be imported from config.h + */ #define SUDO_PACKAGE_STRING "sudo 1.8.1" #ifndef _PATH_VI @@ -143,9 +143,9 @@ static int debug_level; struct user_info_struct { - char *username; - int lines; - int cols; + char *username; + int lines; + int cols; }user_information; @@ -156,8 +156,8 @@ struct user_info_struct struct sss_sudo_msg_contents msg; static struct pam_conv conv = { - misc_conv, - NULL + misc_conv, + NULL }; @@ -193,23 +193,23 @@ void print_sudo_items(void) /* initialise size of message contents as zero and boolean values as FALSE */ void init_size_of_msg_contents( void ) { - msg.userid=-1; + msg.userid=-1; - msg.use_sudoedit = FALSE; - msg.use_set_home = FALSE; - msg.use_preserve_environment = FALSE; - msg.use_implied_shell = FALSE; - msg.use_login_shell = FALSE; - msg.use_run_shell = FALSE; - msg.use_preserve_groups = FALSE; - msg.use_ignore_ticket = FALSE; - msg.use_noninteractive = FALSE; + msg.use_sudoedit = FALSE; + msg.use_set_home = FALSE; + msg.use_preserve_environment = FALSE; + msg.use_implied_shell = FALSE; + msg.use_login_shell = FALSE; + msg.use_run_shell = FALSE; + msg.use_preserve_groups = FALSE; + msg.use_ignore_ticket = FALSE; + msg.use_noninteractive = FALSE; - msg.debug_level=0; + msg.debug_level=0; - msg.command_count=0; + msg.command_count=0; - msg.cli_pid = getpid(); + msg.cli_pid = getpid(); } /* @@ -224,221 +224,221 @@ int policy_open(unsigned int version, char * const user_info[], char * const user_env[]) { - char * const *ui; - struct passwd *pw; - const char *runas_user = NULL; - struct group *gr; - const char *runas_group = NULL; - - - if (sudo_conv == NULL) sudo_conv = conversation; - if (sudo_log == NULL) sudo_log = sudo_printf; - + char * const *ui; + struct passwd *pw; + const char *runas_user = NULL; + struct group *gr; + const char *runas_group = NULL; + + + if (sudo_conv == NULL) sudo_conv = conversation; + if (sudo_log == NULL) sudo_log = sudo_printf; + /* Check the version of sudo plugin api */ - if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) { - sudo_log(SUDO_CONV_ERROR_MSG, - "The sss sudo plugin requires API version %d.x\n", - SUDO_API_VERSION_MAJOR); - return ERROR; + if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) { + sudo_log(SUDO_CONV_ERROR_MSG, + "The sss sudo plugin requires API version %d.x\n", + SUDO_API_VERSION_MAJOR); + return ERROR; } - init_size_of_msg_contents(); + init_size_of_msg_contents(); + - for (ui = settings; *ui != NULL; ui++) { - /* get the debug level */ - if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) { - debug_level = atoi(*ui + sizeof("debug_level=") - 1); - msg.debug_level = debug_level; - } - - /* - *check if the user specified the -E flag, indicating that - *the user wishes to preserve the environment. - * - */ - - else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0) - msg.use_preserve_environment = TRUE; - } - - /* - * check if the user specified the -H flag. If true, set the - * HOME environment variable to the target user's home directory. - */ - - else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0) - msg.use_set_home = TRUE; - } - - /* - * check if the user specified the -s flag, indicating that the - * user wishes to run a shell. - */ - - else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0) - msg.use_run_shell = TRUE; - } - - /* - * Check if the user specified the -i flag, indicating that the - * user wishes to run a login shell. - */ - - else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0) - msg.use_login_shell = TRUE; - } - - /* - * check to see whether user specified the -k flag along with a - * command, indicating that the user wishes to ignore any cached - * authentication credentials. - */ - - else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0) - msg.use_ignore_ticket = TRUE; - } - - /* - * The prompt to use when requesting a password, if specified - * via the -p flag. - */ - - else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) { - msg.prompt = strdup(*ui + sizeof("prompt=") - 1); - } - - /* Find the user to be run as */ - - else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) { - msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1); - runas_user = msg.runas_user; - } - - /* Find the group to be run as */ - - else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) { - msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1); - runas_group = msg.runas_group; - } - - /* - * To get thhe command name that sudo was run as, typically - * "sudo" or "sudoedit". setprogname() is only supported in BSD - * No need to include it now. - * - * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) { - * setprogname(*ui + sizeof("progname=") - 1); - * } - * - */ - - /* Check to see if sudo was called as sudoedit or with -e flag. */ - - else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) - use_sudoedit = TRUE; - msg.use_sudoedit = use_sudoedit; - } - - /* This plugin doesn't support running sudo with no arguments. */ - - else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0) - return -2; - /* usage error */ - } - - /* - *check to see whether user specified the -P flag, indicating - *that the user wishes to preserve the group vector instead of - *setting it based on the runas user. - */ - - else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0) - msg.use_preserve_groups = TRUE; - } - - /* - * check to see whether user specified the -n flag, indicating that - * sudo should operate in non-interactive mode. The plugin may reject - * a command run in non-interactive mode if user interaction is required. - */ - - else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) { - if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0) - msg.use_noninteractive = TRUE; - } - - /* to get network_addrs */ - - else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) { - msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1); - } - - /* settings are over */ - } - - - /* Build the user info */ - - for (ui = user_info; *ui != NULL; ui++) { - - /* get user name */ - - if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) { - user_information.username = strdup(*ui + sizeof("user=") - 1); - } - - /* get user id */ - else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) { - msg.userid = atoi(*ui + sizeof("uid=") - 1); - } - - - /* get cwd */ - else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) { - msg.cwd = strdup(*ui + sizeof("cwd=") - 1); - } - - /* get tty */ - else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) { - msg.tty = strdup( *ui + sizeof("tty=") - 1); - } - - /* get lines - to be removed at final code if no use */ - else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) { - user_information.lines = atoi(*ui + sizeof("lines=") - 1); - } - - /* get cols - to be removed at final code if no use */ - else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) { - user_information.cols = atoi(*ui + sizeof("cols=") - 1); - } - } + /* get the debug level */ + if (strncmp(*ui, "debug_level=", sizeof("debug_level=") - 1) == 0) { + debug_level = atoi(*ui + sizeof("debug_level=") - 1); + msg.debug_level = debug_level; + } + + /* + *check if the user specified the -E flag, indicating that + *the user wishes to preserve the environment. + * + */ + + else if (strncmp(*ui, "preserve_environment=", sizeof("preserve_environment=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("preserve_environment=") - 1, "true") == 0) + msg.use_preserve_environment = TRUE; + } + + /* + * check if the user specified the -H flag. If true, set the + * HOME environment variable to the target user's home directory. + */ + + else if (strncmp(*ui, "set_home=", sizeof("set_home=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("set_home=") - 1, "true") == 0) + msg.use_set_home = TRUE; + } + + /* + * check if the user specified the -s flag, indicating that the + * user wishes to run a shell. + */ + + else if (strncmp(*ui, "run_shell=", sizeof("run_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("run_shell=") - 1, "true") == 0) + msg.use_run_shell = TRUE; + } + + /* + * Check if the user specified the -i flag, indicating that the + * user wishes to run a login shell. + */ + + else if (strncmp(*ui, "login_shell=", sizeof("login_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("login_shell=") - 1, "true") == 0) + msg.use_login_shell = TRUE; + } + + /* + * check to see whether user specified the -k flag along with a + * command, indicating that the user wishes to ignore any cached + * authentication credentials. + */ + + else if (strncmp(*ui, "ignore_ticket=", sizeof("ignore_ticket=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("ignore_ticket=") - 1, "true") == 0) + msg.use_ignore_ticket = TRUE; + } + + /* + * The prompt to use when requesting a password, if specified + * via the -p flag. + */ + + else if (strncmp(*ui, "prompt=", sizeof("prompt=") - 1) == 0) { + msg.prompt = strdup(*ui + sizeof("prompt=") - 1); + } + + /* Find the user to be run as */ + + else if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) { + msg.runas_user = strdup(*ui + sizeof("runas_user=") - 1); + runas_user = msg.runas_user; + } + + /* Find the group to be run as */ + + else if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) { + msg.runas_group = strdup(*ui + sizeof("runas_group=") - 1); + runas_group = msg.runas_group; + } + + /* + * To get thhe command name that sudo was run as, typically + * "sudo" or "sudoedit". setprogname() is only supported in BSD + * No need to include it now. + * + * else if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) { + * setprogname(*ui + sizeof("progname=") - 1); + * } + * + */ + + /* Check to see if sudo was called as sudoedit or with -e flag. */ + + else if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) + use_sudoedit = TRUE; + msg.use_sudoedit = use_sudoedit; + } + + /* This plugin doesn't support running sudo with no arguments. */ + + else if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0) + return -2; + /* usage error */ + } + + /* + *check to see whether user specified the -P flag, indicating + *that the user wishes to preserve the group vector instead of + *setting it based on the runas user. + */ + + else if (strncmp(*ui, "preserve_groups=", sizeof("preserve_groups=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("preserve_groups=") - 1, "true") == 0) + msg.use_preserve_groups = TRUE; + } + + /* + * check to see whether user specified the -n flag, indicating that + * sudo should operate in non-interactive mode. The plugin may reject + * a command run in non-interactive mode if user interaction is required. + */ + + else if (strncmp(*ui, "noninteractive=", sizeof("noninteractive=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("noninteractive=") - 1, "true") == 0) + msg.use_noninteractive = TRUE; + } + + /* to get network_addrs */ + + else if (strncmp(*ui, "network_addrs=", sizeof("network_addrs=") - 1) == 0) { + msg.network_addrs = strdup(*ui + sizeof("network_addrs=") - 1); + } + + /* settings are over */ + } + + + /* Build the user info */ + + for (ui = user_info; *ui != NULL; ui++) { + + /* get user name */ + + if (strncmp(*ui, "user=", sizeof("user=") - 1) == 0) { + user_information.username = strdup(*ui + sizeof("user=") - 1); + } + + /* get user id */ + else if (strncmp(*ui, "uid=", sizeof("uid=") - 1) == 0) { + msg.userid = atoi(*ui + sizeof("uid=") - 1); + } + + + /* get cwd */ + else if (strncmp(*ui, "cwd=", sizeof("cwd=") - 1) == 0) { + msg.cwd = strdup(*ui + sizeof("cwd=") - 1); + } + + /* get tty */ + else if (strncmp(*ui, "tty=", sizeof("tty=") - 1) == 0) { + msg.tty = strdup( *ui + sizeof("tty=") - 1); + } + + /* get lines - to be removed at final code if no use */ + else if (strncmp(*ui, "lines=", sizeof("lines=") - 1) == 0) { + user_information.lines = atoi(*ui + sizeof("lines=") - 1); + } + + /* get cols - to be removed at final code if no use */ + else if (strncmp(*ui, "cols=", sizeof("cols=") - 1) == 0) { + user_information.cols = atoi(*ui + sizeof("cols=") - 1); + } + } if (runas_user != NULL) { - if ((pw = getpwnam(runas_user)) == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user); - return 0; - } - runas_uid = pw->pw_uid; + if ((pw = getpwnam(runas_user)) == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user); + return 0; + } + runas_uid = pw->pw_uid; } if (runas_group != NULL) { - if ((gr = getgrnam(runas_group)) == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group); - return 0; - } - runas_gid = gr->gr_gid; + if ((gr = getgrnam(runas_group)) == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group); + return 0; + } + runas_gid = gr->gr_gid; } /* fill Plugin state. */ @@ -463,45 +463,45 @@ char * find_in_path(char *command, char **envp) char *qualified = NULL; if (strchr(command, '/') != NULL) - return command; + return command; path = getenv("PATH"); for (ep = plugin_state.envp; *ep != NULL; ep++) { - if (strncmp(*ep, "PATH=", 5) == 0) { - path = *ep + 5; - break; - } + if (strncmp(*ep, "PATH=", 5) == 0) { + path = *ep + 5; + break; + } } path = strdup(path); path0 = path; - + do { - if ((cp = strchr(path, ':'))) - *cp = '\0'; - - snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command); - - if (stat(pathbuf, &sb) == 0) { - if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) { - qualified = pathbuf; - break; - } - } - path = cp + 1; + if ((cp = strchr(path, ':'))) + *cp = '\0'; + + snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command); + + if (stat(pathbuf, &sb) == 0) { + if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) { + qualified = pathbuf; + break; + } + } + path = cp + 1; } while (cp != NULL); - + free(path0); return ((qualified != NULL) ? strdup(qualified) : NULL); } - /* - * Information about the command being run in the form - * of "name=value" strings. These values are used by - * sudo to set the execution environment when running a - * command. The plugin is responsible for creating and - * populating the vector, which must be terminated with a NULL pointer. - * - */ +/* + * Information about the command being run in the form + * of "name=value" strings. These values are used by + * sudo to set the execution environment when running a + * command. The plugin is responsible for creating and + * populating the vector, which must be terminated with a NULL pointer. + * + */ char ** build_command_info(char *command) { static char **command_info; @@ -509,39 +509,39 @@ char ** build_command_info(char *command) /* Setup command info. */ command_info = calloc(32, sizeof(char *)); - + if (command_info == NULL) - return NULL; - + return NULL; + if (asprintf(&command_info[i++],"%s=%s","command", command) == -1 || - asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 || - asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) { - return NULL; + asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 || + asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) { + return NULL; } - + if (runas_gid != -1) { - if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 || - asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) { - return NULL; - } + if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 || + asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) { + return NULL; + } } - + if (use_sudoedit) { - command_info[i] = strdup("sudoedit=true"); - if (command_info[i++] == NULL){ - return NULL; - } + command_info[i] = strdup("sudoedit=true"); + if (command_info[i++] == NULL){ + return NULL; + } } - + #ifdef USE_TIMEOUT command_info[i++] = "timeout=30"; #endif - + return command_info; } - /* finds a valid editor for sudo edit or "sudo vi" */ +/* finds a valid editor for sudo edit or "sudo vi" */ char * find_editor(int nfiles, char * const files[], char **argv_out[]) { char *cp; @@ -557,16 +557,16 @@ char * find_editor(int nfiles, char * const files[], char **argv_out[]) /* Lookup EDITOR in user's environment. */ editor = _PATH_VI; for (ep = plugin_state.envp; *ep != NULL; ep++) { - if (strncmp(*ep, "EDITOR=", 7) == 0) { - editor = *ep + 7; - break; - } + if (strncmp(*ep, "EDITOR=", 7) == 0) { + editor = *ep + 7; + break; + } } - + editor = strdup(editor); if (editor == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); - return NULL; + sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); + return NULL; } /* @@ -576,36 +576,36 @@ char * find_editor(int nfiles, char * const files[], char **argv_out[]) */ nargc = 1; for (wasblank = 0, cp = editor; *cp != '\0'; cp++) { - - if (isblank((unsigned char) *cp)) { - wasblank = 1; - } - else if (wasblank) { - wasblank = 0; - nargc++; - } - } - + + if (isblank((unsigned char) *cp)) { + wasblank = 1; + } + else if (wasblank) { + wasblank = 0; + nargc++; + } + } + /* If we can't find the editor in the user's PATH, give up. */ cp = strtok(editor, " \t"); if (cp == NULL || - (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { - return NULL; + (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { + return NULL; } - + nargv = (char **) malloc((nargc + 1 + nfiles + 1) * sizeof(char *)); if (nargv == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); - return NULL; + sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); + return NULL; } - + for (ac = 0; cp != NULL && ac < nargc; ac++) { - nargv[ac] = cp; - cp = strtok(NULL, " \t"); + nargv[ac] = cp; + cp = strtok(NULL, " \t"); } nargv[ac++] = "--"; for (i = 0; i < nfiles; ) - nargv[ac++] = files[i++]; + nargv[ac++] = files[i++]; nargv[ac] = NULL; *argv_out = nargv; @@ -636,23 +636,23 @@ int create_env_hash_table(char ** env, hash_table_t ** table_out) { delete_callback, NULL); if (err_h != HASH_SUCCESS) { - fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); - return err_h; + fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); + return err_h; } for(ui = (char **) msg.user_env; *ui!=NULL; ui++) { tmp = strchr(*ui,'='); *tmp = '\0'; - key.type = HASH_KEY_STRING; - key.str = strdup(*ui); - value.type = HASH_VALUE_PTR; - value.ptr = tmp+1; - - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - *tmp = '=' ; + key.type = HASH_KEY_STRING; + key.str = strdup(*ui); + value.type = HASH_VALUE_PTR; + value.ptr = tmp+1; + + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + *tmp = '=' ; } *table_out = local_table; @@ -676,144 +676,144 @@ int create_settings_hash_table(hash_table_t ** table_out) { delete_callback, NULL); if (err_h != HASH_SUCCESS) { - fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); + fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h)); + return err_h; + } + key.type = HASH_KEY_STRING; + value.type = HASH_VALUE_PTR; + if(msg.runas_user && *msg.runas_user ){ + key.str = strdup(SSS_SUDO_ITEM_RUSER); + value.ptr = msg.runas_user; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); return err_h; + } + free(key.str); } - key.type = HASH_KEY_STRING; - value.type = HASH_VALUE_PTR; - if(msg.runas_user && *msg.runas_user ){ - key.str = strdup(SSS_SUDO_ITEM_RUSER); - value.ptr = msg.runas_user; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } - if(msg.runas_group && *msg.runas_group ){ - key.str = strdup(SSS_SUDO_ITEM_RGROUP); - value.ptr = msg.runas_group; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } + if(msg.runas_group && *msg.runas_group ){ + key.str = strdup(SSS_SUDO_ITEM_RGROUP); + value.ptr = msg.runas_group; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + } - if(msg.prompt && *msg.prompt ){ - key.str = strdup(SSS_SUDO_ITEM_PROMPT); - value.ptr = msg.prompt; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } + if(msg.prompt && *msg.prompt ){ + key.str = strdup(SSS_SUDO_ITEM_PROMPT); + value.ptr = msg.prompt; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + } - if(msg.network_addrs && *msg.network_addrs ){ - key.str = strdup(SSS_SUDO_ITEM_NETADDR); - value.ptr = msg.network_addrs; - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - } + if(msg.network_addrs && *msg.network_addrs ){ + key.str = strdup(SSS_SUDO_ITEM_NETADDR); + value.ptr = msg.network_addrs; + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + } + + key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT); + value.ptr = GET_BOOL_STRING(msg.use_sudoedit); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME); + value.ptr = GET_BOOL_STRING(msg.use_set_home); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV); + value.ptr = GET_BOOL_STRING(msg.use_preserve_environment); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL); + value.ptr = GET_BOOL_STRING(msg.use_implied_shell); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL); + value.ptr = GET_BOOL_STRING(msg.use_login_shell); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL); + value.ptr = GET_BOOL_STRING(msg.use_run_shell); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS); + value.i = GET_BOOL_STRING(msg.use_preserve_groups); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET); + value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + + key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE); + value.ptr =GET_BOOL_STRING(msg.use_noninteractive); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL); + value.ptr = GET_BOOL_STRING(msg.debug_level); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); + + key.str = strdup(SSS_SUDO_ITEM_CLI_PID); + asprintf(&value.ptr,"%u",msg.cli_pid); + if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { + fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); + return err_h; + } + free(key.str); - key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT); - value.ptr = GET_BOOL_STRING(msg.use_sudoedit); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME); - value.ptr = GET_BOOL_STRING(msg.use_set_home); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV); - value.ptr = GET_BOOL_STRING(msg.use_preserve_environment); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL); - value.ptr = GET_BOOL_STRING(msg.use_implied_shell); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL); - value.ptr = GET_BOOL_STRING(msg.use_login_shell); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL); - value.ptr = GET_BOOL_STRING(msg.use_run_shell); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS); - value.i = GET_BOOL_STRING(msg.use_preserve_groups); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET); - value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - - key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE); - value.ptr =GET_BOOL_STRING(msg.use_noninteractive); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL); - value.ptr = GET_BOOL_STRING(msg.debug_level); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - - key.str = strdup(SSS_SUDO_ITEM_CLI_PID); - asprintf(&value.ptr,"%u",msg.cli_pid); - if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) { - fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h)); - return err_h; - } - free(key.str); - *table_out = local_table; @@ -851,20 +851,20 @@ void free_connection(DBusConnection *conn, DBusMessage *msg, DBusMessage *reply ){ - if(msg != NULL) - dbus_message_unref(msg); + if(msg != NULL) + dbus_message_unref(msg); - if(reply != NULL) - dbus_message_unref(reply); + if(reply != NULL) + dbus_message_unref(reply); - if (err != NULL && dbus_error_is_set(err)) - dbus_error_free(err); + if (err != NULL && dbus_error_is_set(err)) + dbus_error_free(err); - if(settings_table != NULL) - hash_destroy(settings_table); + if(settings_table != NULL) + hash_destroy(settings_table); - if(conn != NULL) - dbus_connection_close(conn); + if(conn != NULL) + dbus_connection_close(conn); } @@ -876,255 +876,255 @@ int sss_sudo_make_request(struct sss_cli_req_data *rd, { - char ** command_array,**ui; - char * result_str; - int err_status,count; - dbus_uint32_t status,command_array_out_size; - - DBusConnection* conn; - DBusError err; - - DBusMessage* dbus_msg; - DBusMessage* dbus_reply; - DBusMessageIter msg_iter; - DBusMessageIter sub_iter; - - dbus_bool_t ret=FALSE; - - hash_table_t *env_table = NULL; - hash_table_t *settings_table = NULL; - hash_table_t *env_table_out = NULL; - - fprintf(stdout,"Calling remote method to pack message\n"); - - if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) { - return SSS_SUDO_VALIDATION_ERR; - } - - - err_status = create_env_hash_table(msg.user_env,&env_table); - if(err_status != HASH_SUCCESS) { - fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); - return SSS_SUDO_MESSAGE_ERR; - } - - - err_status = create_settings_hash_table(&settings_table); - if(err_status != HASH_SUCCESS) { - fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); - return SSS_SUDO_MESSAGE_ERR; - } - - /* initialise the errors */ - dbus_error_init(&err); - - /* connect to the system bus and check for errors */ - conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err); - - if (dbus_error_is_set(&err)) { - fprintf(stderr, "Connection Error (%s)\n", err.message); - dbus_error_free(&err); - return SSS_SUDO_CONNECTION_ERR; - } - if (NULL == conn) { - return SSS_SUDO_CONNECTION_ERR; - } - - - /* create a new method call and check for errors */ - dbus_msg = dbus_message_new_method_call( NULL, /* target */ - SUDO_SERVER_PATH, /* object */ - SUDO_SERVER_INTERFACE, /* interface */ - SUDO_METHOD_QUERY); /* method name */ - if (NULL == dbus_msg) { - fprintf(stderr, "Message Null\n"); - free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - /* append arguments */ - - - dbus_message_iter_init_append(dbus_msg, &msg_iter); - if(dbus_error_is_set(&err)){ - fprintf(stderr, "Failed to initialize the iterator.\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - - if(!dbus_message_iter_open_container(&msg_iter, - DBUS_TYPE_STRUCT, - NULL, - &sub_iter)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_UINT32, - &msg.userid)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - &msg.cwd)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - - - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - &msg.tty)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - &msg.fq_command)) { - fprintf(stderr, "Out Of Memory! - at FQ command\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - if (!dbus_message_iter_append_basic(&msg_iter, - DBUS_TYPE_UINT32, - &msg.command_count)) { + char ** command_array,**ui; + char * result_str; + int err_status,count; + dbus_uint32_t status,command_array_out_size; + + DBusConnection* conn; + DBusError err; + + DBusMessage* dbus_msg; + DBusMessage* dbus_reply; + DBusMessageIter msg_iter; + DBusMessageIter sub_iter; + + dbus_bool_t ret=FALSE; + + hash_table_t *env_table = NULL; + hash_table_t *settings_table = NULL; + hash_table_t *env_table_out = NULL; + + fprintf(stdout,"Calling remote method to pack message\n"); + + if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) { + return SSS_SUDO_VALIDATION_ERR; + } + + + err_status = create_env_hash_table(msg.user_env,&env_table); + if(err_status != HASH_SUCCESS) { + fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); + return SSS_SUDO_MESSAGE_ERR; + } + + + err_status = create_settings_hash_table(&settings_table); + if(err_status != HASH_SUCCESS) { + fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status)); + return SSS_SUDO_MESSAGE_ERR; + } + + /* initialise the errors */ + dbus_error_init(&err); + + /* connect to the system bus and check for errors */ + conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err); + + if (dbus_error_is_set(&err)) { + fprintf(stderr, "Connection Error (%s)\n", err.message); + dbus_error_free(&err); + return SSS_SUDO_CONNECTION_ERR; + } + if (NULL == conn) { + return SSS_SUDO_CONNECTION_ERR; + } + + + /* create a new method call and check for errors */ + dbus_msg = dbus_message_new_method_call( NULL, /* target */ + SUDO_SERVER_PATH, /* object */ + SUDO_SERVER_INTERFACE, /* interface */ + SUDO_METHOD_QUERY); /* method name */ + if (NULL == dbus_msg) { + fprintf(stderr, "Message Null\n"); + free_connection(conn,&err,settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + /* append arguments */ + + + dbus_message_iter_init_append(dbus_msg, &msg_iter); + if(dbus_error_is_set(&err)){ + fprintf(stderr, "Failed to initialize the iterator.\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + + if(!dbus_message_iter_open_container(&msg_iter, + DBUS_TYPE_STRUCT, + NULL, + &sub_iter)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_UINT32, + &msg.userid)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.cwd)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + + + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.tty)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + &msg.fq_command)) { + fprintf(stderr, "Out Of Memory! - at FQ command\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if (!dbus_message_iter_append_basic(&msg_iter, + DBUS_TYPE_UINT32, + &msg.command_count)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + if(!dbus_message_iter_open_container(&msg_iter, + DBUS_TYPE_ARRAY, + "s", + &sub_iter)) { + fprintf(stderr, "Out Of Memory!\n"); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; + } + + for(command_array = msg.command ; *command_array != NULL ; command_array++) { + + if (!dbus_message_iter_append_basic(&sub_iter, + DBUS_TYPE_STRING, + command_array)) { fprintf(stderr, "Out Of Memory!\n"); free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } - if(!dbus_message_iter_open_container(&msg_iter, - DBUS_TYPE_ARRAY, - "s", - &sub_iter)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - for(command_array = msg.command ; *command_array != NULL ; command_array++) { - - if (!dbus_message_iter_append_basic(&sub_iter, - DBUS_TYPE_STRING, - command_array)) { - fprintf(stderr, "Out Of Memory!\n"); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; - } - - } - + } + if (!dbus_message_iter_close_container(&msg_iter,&sub_iter)) { fprintf(stderr, "Out Of Memory!\n"); free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } - //////// + //////// if(dbus_dhash_to_msg_iter(&settings_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ fprintf(stderr,"fatal: message framing failed."); free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); return SSS_SUDO_MESSAGE_ERR; } - + if(dbus_dhash_to_msg_iter(&env_table,&msg_iter) != SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr,"fatal: message framing failed."); - free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_MESSAGE_ERR; + fprintf(stderr,"fatal: message framing failed."); + free_connection(conn,&err,settings_table,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_MESSAGE_ERR; } hash_destroy(settings_table); - - /* send message and get a handle for a reply */ - dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg, - -1, - &err); - fprintf(stdout,"Request Sent\n"); - if (dbus_error_is_set(&err)) { - fprintf(stderr, "Connection send-reply Error (%s)\n", err.message); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_REPLY_ERR; - } - if (NULL == dbus_reply) { - fprintf(stderr, "reply failed\n"); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); - return SSS_SUDO_REPLY_ERR; - } - - ret = dbus_message_get_args(dbus_reply, - &err, - DBUS_TYPE_UINT32,&status, - DBUS_TYPE_STRING,&result_str, - DBUS_TYPE_ARRAY,DBUS_TYPE_STRING,&command_array, - &command_array_out_size, - DBUS_TYPE_INVALID); + + /* send message and get a handle for a reply */ + dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg, + -1, + &err); + fprintf(stdout,"Request Sent\n"); + if (dbus_error_is_set(&err)) { + fprintf(stderr, "Connection send-reply Error (%s)\n", err.message); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_REPLY_ERR; + } + if (NULL == dbus_reply) { + fprintf(stderr, "reply failed\n"); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL); + return SSS_SUDO_REPLY_ERR; + } + + ret = dbus_message_get_args(dbus_reply, + &err, + DBUS_TYPE_UINT32,&status, + DBUS_TYPE_STRING,&result_str, + DBUS_TYPE_ARRAY,DBUS_TYPE_STRING,&command_array, + &command_array_out_size, + DBUS_TYPE_INVALID); if (!ret) { fprintf (stderr,"Failed to parse reply, killing connection\n"); free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); return SSS_SUDO_REPLY_ERR; } - + fprintf(stdout,"----------Reply--------:\n" "Header : %d \nResult status : %s\n" "Command : ", status,result_str); - for(count =0;count< command_array_out_size;count++){ - printf("%s ", command_array[count]); - } - if (!dbus_message_iter_init(dbus_reply, &msg_iter)) { - fprintf(stderr, "Reply iterator failed!\n"); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); - return SSS_SUDO_REPLY_ERR; - } + for(count =0;count< command_array_out_size;count++){ + printf("%s ", command_array[count]); + } + if (!dbus_message_iter_init(dbus_reply, &msg_iter)) { + fprintf(stderr, "Reply iterator failed!\n"); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); + return SSS_SUDO_REPLY_ERR; + } - printf("\n"); - dbus_message_iter_next(&msg_iter); - dbus_message_iter_next(&msg_iter); - dbus_message_iter_next(&msg_iter); + printf("\n"); + dbus_message_iter_next(&msg_iter); + dbus_message_iter_next(&msg_iter); + dbus_message_iter_next(&msg_iter); - if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){ - fprintf(stderr, "env message iterator corrupted!\n"); - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); - return SSS_SUDO_REPLY_ERR; - } - printf("---------Reply End----------\n"); + if(dbus_msg_iter_to_dhash(&msg_iter, &env_table_out) != SSS_SBUS_CONV_SUCCESS){ + fprintf(stderr, "env message iterator corrupted!\n"); + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); + return SSS_SUDO_REPLY_ERR; + } + printf("---------Reply End----------\n"); - /* free connection now */ - free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); + /* free connection now */ + free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply); - if(strncmp(result_str,"PASS",4)==0) - return SSS_STATUS_SUCCESS; - else - return SSS_STATUS_FAILED; + if(strncmp(result_str,"PASS",4)==0) + return SSS_STATUS_SUCCESS; + else + return SSS_STATUS_FAILED; } void free_all( void ) { - free(msg.cwd); - free(msg.tty); - free(msg.prompt); - free(msg.runas_user); - free(msg.runas_group); - //free(msg.network_addrs); - free(user_information.username); - + free(msg.cwd); + free(msg.tty); + free(msg.prompt); + free(msg.runas_user); + free(msg.runas_group); + //free(msg.network_addrs); + free(user_information.username); + } @@ -1151,7 +1151,7 @@ int send_and_receive() goto done; } -/* check the reply signature */ + /* check the reply signature */ if (replen < (2*sizeof(int32_t))) { //D(("response not in expected format.")); _status = SSS_SUDO_SYSTEM_ERR; @@ -1160,13 +1160,13 @@ int send_and_receive() -done: + done: _status = SSS_SUDO_SUCCESS; if (_status == SSS_SUDO_SUCCESS) - return _status; + return _status; else - return SSS_SUDO_FAILED; + return SSS_SUDO_FAILED; } @@ -1177,8 +1177,8 @@ done: * whether the user is allowed to run the specified commands. */ int policy_check(int argc, char * const argv[], - char *env_add[], char **command_info_out[], - char **argv_out[], char **user_env_out[]) + char *env_add[], char **command_info_out[], + char **argv_out[], char **user_env_out[]) { char *command; pam_handle_t *pamh; @@ -1187,45 +1187,45 @@ int policy_check(int argc, char * const argv[], int pam_ret; if (!argc || argv[0] == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); - return FALSE; + sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); + return FALSE; } command = find_in_path(argv[0], plugin_state.envp); if (command == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); - return FALSE; + sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); + return FALSE; } /* If "sudo vi" is run, auto-convert to sudoedit. */ if (strcmp(command, _PATH_VI) == 0) - use_sudoedit = TRUE; + use_sudoedit = TRUE; if (use_sudoedit) { - /* Rebuild argv using editor */ - command = find_editor(argc - 1, argv + 1, argv_out); - if (command == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); - return ERROR; - } - use_sudoedit = TRUE; + /* Rebuild argv using editor */ + command = find_editor(argc - 1, argv + 1, argv_out); + if (command == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); + return ERROR; + } + use_sudoedit = TRUE; } else { - /* No changes needd to argv */ - *argv_out = (char **)argv; + /* No changes needd to argv */ + *argv_out = (char **)argv; } /* No changes to envp */ *user_env_out = plugin_state.envp; /* Space for authentication */ - + pam_action = strdup("auth"); pam_user = user_information.username; - + sudo_log(SUDO_CONV_INFO_MSG, "\nCalling PAM with action: %s\nuser: %s\n", pam_action,pam_user); pam_ret = pam_start(SSS_SUDO_PAM_SERVICE, pam_user, &conv, &pamh); - + if (pam_ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, pam_ret)); return 0; @@ -1233,70 +1233,70 @@ int policy_check(int argc, char * const argv[], pam_ret = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK); switch(pam_ret) { - case PAM_ABORT: - fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_AUTH_ERR: - fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_SUCCESS: - fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret)); - break; - - case PAM_CRED_INSUFFICIENT: - fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_AUTHINFO_UNAVAIL: - fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_USER_UNKNOWN: - fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - case PAM_MAXTRIES: - fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - default: - fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret)); - pam_end(pamh, pam_ret); - return 0; - - } - - /* pam is success :) */ - pam_end(pamh, pam_ret); - - msg.fq_command = command; - msg.command = (char **) argv; - msg.command_count = argc; - - if(pam_ret==PAM_SUCCESS) { - pam_ret = send_and_receive(); - } - - free(pam_action); - free_all(); + case PAM_ABORT: + fprintf(stderr, "pam_authenticate - aborted: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_AUTH_ERR: + fprintf(stderr, "pam_authenticate - error: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_SUCCESS: + fprintf(stdout, "pam_authenticate - success: %s\n", pam_strerror(pamh, pam_ret)); + break; + + case PAM_CRED_INSUFFICIENT: + fprintf(stderr, "pam_authenticate - crendential not sufficient: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_AUTHINFO_UNAVAIL: + fprintf(stderr, "pam_authenticate - authentication information not available: %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_USER_UNKNOWN: + fprintf(stderr, "pam_authenticate - check the user specified : %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + case PAM_MAXTRIES: + fprintf(stderr, "pam_authenticate - maximum tries over : %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + default: + fprintf(stderr, "pam_authenticate - unknown error : %s\n", pam_strerror(pamh, pam_ret)); + pam_end(pamh, pam_ret); + return 0; + + } + + /* pam is success :) */ + pam_end(pamh, pam_ret); + + msg.fq_command = command; + msg.command = (char **) argv; + msg.command_count = argc; + + if(pam_ret==PAM_SUCCESS) { + pam_ret = send_and_receive(); + } + + free(pam_action); + free_all(); /* Setup command info. */ *command_info_out = build_command_info(command); - if (*command_info_out == NULL) { - sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); - return ERROR; + if (*command_info_out == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); + return ERROR; } - if(pam_ret==SSS_SUDO_SUCCESS) - return TRUE; + if(pam_ret==SSS_SUDO_SUCCESS) + return TRUE; - return FALSE; + return FALSE; } int policy_list(int argc, char * const argv[], int verbose, const char *list_user) @@ -1323,32 +1323,32 @@ void policy_close(int exit_status, int error) * The close function is called when the command being run by sudo finishes. */ if (error) { - sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error)); + sudo_log(SUDO_CONV_ERROR_MSG, "\nCommand error: %s\n", strerror(error)); } else { if (WIFEXITED(exit_status)) { - sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n", - WEXITSTATUS(exit_status)); + sudo_log(SUDO_CONV_INFO_MSG, "\nCommand exited with status %d\n", + WEXITSTATUS(exit_status)); } else if (WIFSIGNALED(exit_status)) { - sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n", - WTERMSIG(exit_status)); - } - } + sudo_log(SUDO_CONV_INFO_MSG, "\nCommand killed by signal %d\n", + WTERMSIG(exit_status)); + } + } } /* SUDO Plugin structure */ struct policy_plugin sss_sudo_policy = { -SUDO_POLICY_PLUGIN, -SUDO_API_VERSION, -policy_open, -policy_close, -policy_version, -policy_check, -policy_list, -NULL, /* validate */ -NULL /* invalidate */ + SUDO_POLICY_PLUGIN, + SUDO_API_VERSION, + policy_open, + policy_close, + policy_version, + policy_check, + policy_list, + NULL, /* validate */ + NULL /* invalidate */ }; /* IO_PLUGIN is not needed */ |