rpms/sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

SSSD patch update

Browse Source
This commit is contained in:
Daniel Kopecek 2012-02-22 11:27:43 +01:00
parent d415988861
commit b27e499e8f
2 changed files with 40 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
sudo-1.8.3p1-sssd-support.patch
View File

@ -48,7 +48,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/Makefile.in.sssd-support sudo-1.8.3p1/plug
$(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/sudoers/sssd.c diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/sudoers/sssd.c
--- sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support 2012-01-19 13:41:51.885154296 +0100 --- sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support 2012-01-19 13:41:51.885154296 +0100
+++ sudo-1.8.3p1/plugins/sudoers/sssd.c 2012-02-07 12:22:37.641156963 +0100 +++ sudo-1.8.3p1/plugins/sudoers/sssd.c 2012-02-17 09:38:27.195588846 +0100
@@ -0,0 +1,1157 @@ @@ -0,0 +1,1157 @@
+/* +/*
+ * Copyright (c) 2003-2011 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 2003-2011 Todd C. Miller <Todd.Miller@courtesan.com>
@ -116,7 +116,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+static int sudo_sssd_open(struct sudo_nss *nss); +static int sudo_sssd_open(struct sudo_nss *nss);
+static int sudo_sssd_close(struct sudo_nss *nss); +static int sudo_sssd_close(struct sudo_nss *nss);
+static int sudo_sssd_parse(struct sudo_nss *nss); +static int sudo_sssd_parse(struct sudo_nss *nss);
+static void sudo_sssd_parse_options(struct sss_rule *rule); +static void sudo_sssd_parse_options(struct sss_sudo_rule *rule);
+static int sudo_sssd_setdefs(struct sudo_nss *nss); +static int sudo_sssd_setdefs(struct sudo_nss *nss);
+static int sudo_sssd_lookup(struct sudo_nss *nss, int ret, int pwflag); +static int sudo_sssd_lookup(struct sudo_nss *nss, int ret, int pwflag);
+static int sudo_sssd_display_cmnd(struct sudo_nss *nss, struct passwd *pw); +static int sudo_sssd_display_cmnd(struct sudo_nss *nss, struct passwd *pw);
@ -130,11 +130,11 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ struct lbuf *lbuf); + struct lbuf *lbuf);
+ +
+ +
+static struct sss_result *sudo_sssd_result_get(struct sudo_nss *nss, +static struct sss_sudo_result *sudo_sssd_result_get(struct sudo_nss *nss,
+ struct passwd *pw, + struct passwd *pw,
+ uint32_t *state); + uint32_t *state);
+ +
+static void sudo_sssd_attrcpy(struct sss_attr *dst, const struct sss_attr *src) +static void sudo_sssd_attrcpy(struct sss_sudo_attr *dst, const struct sss_sudo_attr *src)
+{ +{
+ int i; + int i;
+ +
@ -151,7 +151,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ return; + return;
+} +}
+ +
+static void sudo_sssd_rulecpy(struct sss_rule *dst, const struct sss_rule *src) +static void sudo_sssd_rulecpy(struct sss_sudo_rule *dst, const struct sss_sudo_rule *src)
+{ +{
+ int i; + int i;
+ +
@ -159,7 +159,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ DPRINTF(2, "emalloc: cnt=%d", src->num_attrs); + DPRINTF(2, "emalloc: cnt=%d", src->num_attrs);
+ +
+ dst->num_attrs = src->num_attrs; + dst->num_attrs = src->num_attrs;
+ dst->attrs = emalloc(sizeof(struct sss_attr) * dst->num_attrs); + dst->attrs = emalloc(sizeof(struct sss_sudo_attr) * dst->num_attrs);
+ +
+ for (i = 0; i < dst->num_attrs; ++i) { + for (i = 0; i < dst->num_attrs; ++i) {
+ sudo_sssd_attrcpy(dst->attrs + i, + sudo_sssd_attrcpy(dst->attrs + i,
@ -173,9 +173,9 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+#define _SUDO_SSS_STATE_HOSTMATCH 0x01 +#define _SUDO_SSS_STATE_HOSTMATCH 0x01
+#define _SUDO_SSS_STATE_USERMATCH 0x02 +#define _SUDO_SSS_STATE_USERMATCH 0x02
+ +
+static struct sss_result *sudo_sssd_filter_result(struct sss_result *in_res, int (*filterp)(struct sss_rule *, void *), int act, void *filterp_arg) +static struct sss_sudo_result *sudo_sssd_filter_result(struct sss_sudo_result *in_res, int (*filterp)(struct sss_sudo_rule *, void *), int act, void *filterp_arg)
+{ +{
+ struct sss_result *out_res; + struct sss_sudo_result *out_res;
+ int i, l, r; + int i, l, r;
+ +
+ DPRINTF(3, "in_res=%p, count=%u, act=%s", + DPRINTF(3, "in_res=%p, count=%u, act=%s",
@ -186,8 +186,8 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ +
+ DPRINTF(3, "emalloc: cnt=%d", in_res->num_rules); + DPRINTF(3, "emalloc: cnt=%d", in_res->num_rules);
+ +
+ out_res = emalloc(sizeof(struct sss_result)); + out_res = emalloc(sizeof(struct sss_sudo_result));
+ out_res->rules = in_res->num_rules > 0 ? emalloc(sizeof(struct sss_rule) * in_res->num_rules) : NULL; + out_res->rules = in_res->num_rules > 0 ? emalloc(sizeof(struct sss_sudo_rule) * in_res->num_rules) : NULL;
+ out_res->num_rules = 0; + out_res->num_rules = 0;
+ +
+ for (i = l = 0; i < in_res->num_rules; ++i) { + for (i = l = 0; i < in_res->num_rules; ++i) {
@ -207,7 +207,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ +
+ if (l < in_res->num_rules) { + if (l < in_res->num_rules) {
+ DPRINTF(3, "reallocating result: %p (count: %u -> %u)", out_res->rules, in_res->num_rules, l); + DPRINTF(3, "reallocating result: %p (count: %u -> %u)", out_res->rules, in_res->num_rules, l);
+ out_res->rules = realloc(out_res->rules, sizeof(struct sss_rule) * l); + out_res->rules = realloc(out_res->rules, sizeof(struct sss_sudo_rule) * l);
+ } + }
+ +
+ out_res->num_rules = l; + out_res->num_rules = l;
@ -217,7 +217,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ +
+struct sudo_sssd_handle { +struct sudo_sssd_handle {
+ char *username; + char *username;
+ struct sss_result *result; + struct sss_sudo_result *result;
+ struct group_list *grlist; + struct group_list *grlist;
+}; +};
+ +
@ -271,8 +271,8 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+{ +{
+ struct sudo_sssd_handle *handle = nss->handle; + struct sudo_sssd_handle *handle = nss->handle;
+ +
+ struct sss_result *sres; + struct sss_sudo_result *sres;
+ struct sss_rule *rule; + struct sss_sudo_rule *rule;
+ uint32_t serr; + uint32_t serr;
+ int i; + int i;
+ +
@ -300,7 +300,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+} +}
+ +
+static int +static int
+sudo_sssd_check_runas_user(struct sss_rule *rule) +sudo_sssd_check_runas_user(struct sss_sudo_rule *rule)
+{ +{
+ char **v_arr = NULL; + char **v_arr = NULL;
+ char *val; + char *val;
@ -403,7 +403,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+} +}
+ +
+static int +static int
+sudo_sssd_check_runas_group(struct sss_rule *rule) +sudo_sssd_check_runas_group(struct sss_sudo_rule *rule)
+{ +{
+ char **v_arr = NULL; + char **v_arr = NULL;
+ char *val; + char *val;
@ -447,7 +447,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ * else FALSE. RunAs info is optional. + * else FALSE. RunAs info is optional.
+ */ + */
+static int +static int
+sudo_sssd_check_runas(struct sss_rule *rule) +sudo_sssd_check_runas(struct sss_sudo_rule *rule)
+{ +{
+ int ret; + int ret;
+ +
@ -460,7 +460,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ return ret; + return ret;
+} +}
+ +
+static int sudo_sssd_check_host(struct sss_rule *rule) +static int sudo_sssd_check_host(struct sss_sudo_rule *rule)
+{ +{
+ char **v_arr, *val; + char **v_arr, *val;
+ int ret = FALSE, i; + int ret = FALSE, i;
@ -500,7 +500,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ return ret; + return ret;
+} +}
+ +
+static int sudo_sssd_result_filterp(struct sss_rule *rule, void *unused) +static int sudo_sssd_result_filterp(struct sss_sudo_rule *rule, void *unused)
+{ +{
+ (void)unused; + (void)unused;
+ +
@ -510,12 +510,12 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ return 0; + return 0;
+} +}
+ +
+static struct sss_result *sudo_sssd_result_get(struct sudo_nss *nss, +static struct sss_sudo_result *sudo_sssd_result_get(struct sudo_nss *nss,
+ struct passwd *pw, + struct passwd *pw,
+ uint32_t *state) + uint32_t *state)
+{ +{
+ struct sudo_sssd_handle *handle = nss->handle; + struct sudo_sssd_handle *handle = nss->handle;
+ struct sss_result *u_sres, *f_sres; + struct sss_sudo_result *u_sres, *f_sres;
+ uint32_t serr = 0, ret; + uint32_t serr = 0, ret;
+ +
+ DPRINTF(1, "pw_name=%s", pw->pw_name); + DPRINTF(1, "pw_name=%s", pw->pw_name);
@ -583,7 +583,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ * Returns TRUE if found and allowed, FALSE if negated, else UNSPEC. + * Returns TRUE if found and allowed, FALSE if negated, else UNSPEC.
+ */ + */
+static int +static int
+sudo_sssd_check_bool(struct sss_rule *rule, char *option) +sudo_sssd_check_bool(struct sss_sudo_rule *rule, char *option)
+{ +{
+ char ch, *var, **v_arr = NULL; + char ch, *var, **v_arr = NULL;
+ int i, ret = UNSPEC; + int i, ret = UNSPEC;
@ -624,7 +624,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ * FALSE if disallowed and UNSPEC if not matched. + * FALSE if disallowed and UNSPEC if not matched.
+ */ + */
+static int +static int
+sudo_sssd_check_command(struct sss_rule *rule, int *setenv_implied) +sudo_sssd_check_command(struct sss_sudo_rule *rule, int *setenv_implied)
+{ +{
+ char **v_arr = NULL, *val; + char **v_arr = NULL, *val;
+ char *allowed_cmnd, *allowed_args; + char *allowed_cmnd, *allowed_args;
@ -641,7 +641,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ DPRINTF(2, "No result."); + DPRINTF(2, "No result.");
+ return ret; + return ret;
+ default: + default:
+ DPRINTF(2, "sss_sudo_get_values: != 0"); + DPRINTF(2, "sss_sudo_sudo_get_values: != 0");
+ return ret; + return ret;
+ } + }
+ +
@ -692,7 +692,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+} +}
+ +
+static void +static void
+sudo_sssd_parse_options(struct sss_rule *rule) +sudo_sssd_parse_options(struct sss_sudo_rule *rule)
+{ +{
+ int i; + int i;
+ char op, *v, *val; + char op, *v, *val;
@ -748,8 +748,8 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+{ +{
+ int rc, setenv_implied; + int rc, setenv_implied;
+ +
+ struct sss_result *sres = NULL; + struct sss_sudo_result *sres = NULL;
+ struct sss_rule *rule; + struct sss_sudo_rule *rule;
+ uint32_t i, state = 0; + uint32_t i, state = 0;
+ +
+ /* Fetch list of sudoRole entries that match user and host. */ + /* Fetch list of sudoRole entries that match user and host. */
@ -863,8 +863,8 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+static int sudo_sssd_display_cmnd(struct sudo_nss *nss, struct passwd *pw) +static int sudo_sssd_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
+{ +{
+ struct sudo_sssd_handle *handle = nss->handle; + struct sudo_sssd_handle *handle = nss->handle;
+ struct sss_result *sres = NULL; + struct sss_sudo_result *sres = NULL;
+ struct sss_rule *rule; + struct sss_sudo_rule *rule;
+ int i, found = FALSE; + int i, found = FALSE;
+ +
+ if (handle == NULL) + if (handle == NULL)
@ -895,7 +895,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ user_args ? " " : "", user_args ? user_args : ""); + user_args ? " " : "", user_args ? user_args : "");
+ +
+ if (sres != NULL) + if (sres != NULL)
+ sss_sudo_free_result(sres); + sss_sudo_sudo_free_result(sres);
+ +
+ return !found; + return !found;
+} +}
@ -905,8 +905,8 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+{ +{
+ struct sudo_sssd_handle *handle = nss->handle; + struct sudo_sssd_handle *handle = nss->handle;
+ +
+ struct sss_rule *rule; + struct sss_sudo_rule *rule;
+ struct sss_result *sres = NULL; + struct sss_sudo_result *sres = NULL;
+ +
+ uint32_t serr = 0; + uint32_t serr = 0;
+ +
@ -964,7 +964,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ return 0; + return 0;
+} +}
+ +
+static int sudo_sssd_display_entry_long(struct sss_rule *rule, struct lbuf *lbuf) +static int sudo_sssd_display_entry_long(struct sss_sudo_rule *rule, struct lbuf *lbuf)
+{ +{
+ char **v_arr = NULL; + char **v_arr = NULL;
+ int count = 0, i; + int count = 0, i;
@ -1071,7 +1071,7 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+ return count; + return count;
+} +}
+ +
+static int sudo_sssd_display_entry_short(struct sss_rule *rule, struct lbuf *lbuf) +static int sudo_sssd_display_entry_short(struct sss_sudo_rule *rule, struct lbuf *lbuf)
+{ +{
+ char **v_arr = NULL; + char **v_arr = NULL;
+ int count = 0, i; + int count = 0, i;
@ -1182,8 +1182,8 @@ diff -up sudo-1.8.3p1/plugins/sudoers/sssd.c.sssd-support sudo-1.8.3p1/plugins/s
+static int sudo_sssd_display_privs(struct sudo_nss *nss, struct passwd *pw, +static int sudo_sssd_display_privs(struct sudo_nss *nss, struct passwd *pw,
+ struct lbuf *lbuf) + struct lbuf *lbuf)
+{ +{
+ struct sss_result *sres = NULL; + struct sss_sudo_result *sres = NULL;
+ struct sss_rule *rule; + struct sss_sudo_rule *rule;
+ unsigned int i, count = 0; + unsigned int i, count = 0;
+ +
+ DPRINTF(2, "sssd/ldap search for command list"); + DPRINTF(2, "sssd/ldap search for command list");

5
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.3p1 Version: 1.8.3p1
Release: 4%{?dist} Release: 5%{?dist}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -175,6 +175,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8* %{_mandir}/man8/sudo_plugin.8*
%changelog %changelog
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5
- SSSD patch update
* Tue Feb 7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4 * Tue Feb 7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4
- added SSSD support - added SSSD support