diff -rup original/configure.in new/configure.in --- original/configure.in 2012-07-19 12:13:15.872301022 +0200 +++ new/configure.in 2012-07-23 11:31:42.821466529 +0200 @@ -101,6 +101,7 @@ AC_SUBST([root_sudo]) AC_SUBST([path_info]) AC_SUBST([ldap_conf]) AC_SUBST([ldap_secret]) +AC_SUBST([sssd_lib]) AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) @@ -290,8 +291,6 @@ dnl AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], [case $with_sssd in yes) - SUDO_LIBS="${SUDO_LIBS} `pkg-config libsss_sudo --libs`" - SUDOERS_LIBS="${SUDO_LIBS} `pkg-config libsss_sudo --libs`" SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" AC_DEFINE(HAVE_SSSD) ;; @@ -300,6 +299,11 @@ AC_ARG_WITH(sssd, [AS_HELP_STRING([--wit ;; esac]) +AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) +sssd_lib="\"LIBDIR\"" +test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" +SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) + AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) diff -rup original/pathnames.h.in new/pathnames.h.in --- original/pathnames.h.in 2012-07-19 12:13:15.779299949 +0200 +++ new/pathnames.h.in 2012-07-19 15:58:49.454653685 +0200 @@ -157,6 +157,10 @@ #undef _PATH_LDAP_SECRET #endif /* _PATH_LDAP_SECRET */ +#ifndef _PATH_SSSD_LIB +#undef _PATH_SSSD_LIB +#endif /* _PATH_SSSD_LIB */ + #ifndef _PATH_NSSWITCH_CONF #undef _PATH_NSSWITCH_CONF #endif /* _PATH_NSSWITCH_CONF */ diff -rup original/plugins/sudoers/Makefile.in new/plugins/sudoers/Makefile.in --- original/plugins/sudoers/Makefile.in 2012-07-19 12:13:15.756299680 +0200 +++ new/plugins/sudoers/Makefile.in 2012-07-23 11:31:56.084610531 +0200 @@ -32,6 +32,7 @@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include docdir = @docdir@ timedir = @timedir@ +libdir = @libdir@ # Compiler & tools to use CC = @CC@ @@ -51,7 +52,7 @@ SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@ +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ diff -rup original/plugins/sudoers/sssd.c new/plugins/sudoers/sssd.c --- original/plugins/sudoers/sssd.c 2012-07-19 12:13:15.667298652 +0200 +++ new/plugins/sudoers/sssd.c 2012-07-23 11:32:04.260699269 +0200 @@ -44,23 +44,70 @@ #if TIME_WITH_SYS_TIME # include #endif +#ifdef HAVE_DLOPEN +# include +#else +# include "compat/dlfcn.h" +#endif #include #include #include -#include #include +#include #include "sudoers.h" #include "parse.h" #include "lbuf.h" #include "sudo_debug.h" +/* SSSD <--> SUDO interface - do not change */ +struct sss_sudo_attr { + char *name; + char **values; + unsigned int num_values; +}; + +struct sss_sudo_rule { + unsigned int num_attrs; + struct sss_sudo_attr *attrs; +}; + +struct sss_sudo_result { + unsigned int num_rules; + struct sss_sudo_rule *rules; +}; + +typedef int (*sss_sudo_send_recv_t)(uid_t, const char*, const char*, + uint32_t*, struct sss_sudo_result**); + +typedef int (*sss_sudo_send_recv_defaults_t)(uid_t, const char*, uint32_t*, + char**, struct sss_sudo_result**); + +typedef void (*sss_sudo_free_result_t)(struct sss_sudo_result*); + +typedef int (*sss_sudo_get_values_t)(struct sss_sudo_rule*, const char*, + char***); + +typedef void (*sss_sudo_free_values_t)(char**); + /* sudo_nss implementation */ + +struct sudo_sss_handle { + char *domainname; + struct passwd *pw; + void *ssslib; + sss_sudo_send_recv_t fn_send_recv; + sss_sudo_send_recv_defaults_t fn_send_recv_defaults; + sss_sudo_free_result_t fn_free_result; + sss_sudo_get_values_t fn_get_values; + sss_sudo_free_values_t fn_free_values; +}; + static int sudo_sss_open(struct sudo_nss *nss); static int sudo_sss_close(struct sudo_nss *nss); static int sudo_sss_parse(struct sudo_nss *nss); -static void sudo_sss_parse_options(struct sss_sudo_rule *rule); +static void sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule); static int sudo_sss_setdefs(struct sudo_nss *nss); static int sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag); static int sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw); @@ -121,7 +168,7 @@ static void sudo_sss_rulecpy(struct sss_ #define _SUDO_SSS_STATE_HOSTMATCH 0x01 #define _SUDO_SSS_STATE_USERMATCH 0x02 -static struct sss_sudo_result *sudo_sss_filter_result(struct sss_sudo_result *in_res, int (*filterp)(struct sss_sudo_rule *, void *), int act, void *filterp_arg) +static struct sss_sudo_result *sudo_sss_filter_result(struct sudo_sss_handle *handle, struct sss_sudo_result *in_res, int (*filterp)(struct sudo_sss_handle *, struct sss_sudo_rule *, void *), int act, void *filterp_arg) { struct sss_sudo_result *out_res; int i, l, r; @@ -140,7 +187,7 @@ static struct sss_sudo_result *sudo_sss_ out_res->num_rules = 0; for (i = l = 0; i < in_res->num_rules; ++i) { - r = filterp(in_res->rules + i, filterp_arg); + r = filterp(handle, in_res->rules + i, filterp_arg); if (( r && act == _SUDO_SSS_FILTER_INCLUDE) || (!r && act == _SUDO_SSS_FILTER_EXCLUDE)) @@ -164,11 +211,6 @@ static struct sss_sudo_result *sudo_sss_ debug_return_ptr(out_res); } -struct sudo_sss_handle { - char *domainname; - struct passwd *pw; -}; - struct sudo_nss sudo_nss_sss = { &sudo_nss_sss, NULL, @@ -188,10 +230,50 @@ struct sudo_nss sudo_nss_sss = { static int sudo_sss_open(struct sudo_nss *nss) { struct sudo_sss_handle *handle; + static const char path[] = _PATH_SSSD_LIB"/libsss_sudo.so"; debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD); /* Create a handle container. */ handle = emalloc(sizeof(struct sudo_sss_handle)); + + /* Load symbols */ + handle->ssslib = dlopen(path, RTLD_LAZY); + if (handle->ssslib == NULL) { + warningx(_("Unable to dlopen %s: %s"), path, dlerror()); + warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?")); + debug_return_int(EFAULT); + } + + handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv"); + if (handle->fn_send_recv == NULL) { + warningx(_("unable to find symbol \"sss_sudo_send_recv\" in %s"), path); + debug_return_int(EFAULT); + } + + handle->fn_send_recv_defaults = dlsym(handle->ssslib, "sss_sudo_send_recv_defaults"); + if (handle->fn_send_recv_defaults == NULL) { + warningx(_("unable to find symbol \"sss_sudo_send_recv_defaults\" in %s"), path); + debug_return_int(EFAULT); + } + + handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result"); + if (handle->fn_free_result == NULL) { + warningx(_("unable to find symbol \"sss_sudo_free_result\" in %s"), path); + debug_return_int(EFAULT); + } + + handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values"); + if (handle->fn_get_values == NULL) { + warningx(_("unable to find symbol \"sss_sudo_get_values\" in %s"), path); + debug_return_int(EFAULT); + } + + handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values"); + if (handle->fn_free_values == NULL) { + warningx(_("unable to find symbol \"sss_sudo_free_values\" in %s"), path); + debug_return_int(EFAULT); + } + handle->domainname = NULL; handle->pw = sudo_user.pw; nss->handle = handle; @@ -204,7 +286,14 @@ static int sudo_sss_open(struct sudo_nss // ok static int sudo_sss_close(struct sudo_nss *nss) { + struct sudo_sss_handle *handle; debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD); + + if (nss && nss->handle) { + handle = nss->handle; + dlclose(handle->ssslib); + } + efree(nss->handle); debug_return_int(0); } @@ -231,11 +320,11 @@ static int sudo_sss_setdefs(struct sudo_ sudo_debug_printf(1, "Looking for cn=defaults"); - if (sss_sudo_send_recv_defaults(handle->pw->pw_uid, handle->pw->pw_name, + if (handle->fn_send_recv_defaults(handle->pw->pw_uid, handle->pw->pw_name, &sss_error, &handle->domainname, &sss_result) != 0) { - sudo_debug_printf(2, "sss_sudo_send_recv_defaults: != 0, sss_error=%u", sss_error); + sudo_debug_printf(2, "handle->fn_send_recv_defaults: != 0, sss_error=%u", sss_error); debug_return_int(-1); } @@ -250,10 +339,10 @@ static int sudo_sss_setdefs(struct sudo_ for (i = 0; i < sss_result->num_rules; ++i) { sudo_debug_printf(1, "Parsing cn=defaults, %d/%d", i, sss_result->num_rules); sss_rule = sss_result->rules + i; - sudo_sss_parse_options(sss_rule); + sudo_sss_parse_options(handle, sss_rule); } - sss_sudo_free_result(sss_result); + handle->fn_free_result(sss_result); debug_return_int(0); } @@ -276,7 +365,7 @@ static int sudo_sss_checkpw(struct sudo_ } static int -sudo_sss_check_runas_user(struct sss_sudo_rule *sss_rule) +sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *sss_rule) { char **val_array = NULL; char *val; @@ -287,7 +376,7 @@ sudo_sss_check_runas_user(struct sss_sud debug_return_int(UNSPEC); /* get the runas user from the entry */ - switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array)) + switch (handle->fn_get_values(sss_rule, "sudoRunAsUser", &val_array)) { case 0: break; @@ -295,7 +384,7 @@ sudo_sss_check_runas_user(struct sss_sud sudo_debug_printf(2, "No result. Trying old style (sudoRunAs)"); /* try old style */ - switch (sss_sudo_get_values(sss_rule, "sudoRunAs", &val_array)) + switch (handle->fn_get_values(sss_rule, "sudoRunAs", &val_array)) { case 0: break; @@ -307,12 +396,12 @@ sudo_sss_check_runas_user(struct sss_sud */ return !strcasecmp(runas_pw->pw_name, def_runas_default); default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAs): != 0"); debug_return_int(UNSPEC); } break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsUser): != 0"); debug_return_int(UNSPEC); } @@ -373,13 +462,13 @@ sudo_sss_check_runas_user(struct sss_sud sudo_debug_printf(2, "sssd/ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not"); } - sss_sudo_free_values(val_array); /* cleanup */ + handle->fn_free_values(val_array); /* cleanup */ debug_return_int(ret); } static int -sudo_sss_check_runas_group(struct sss_sudo_rule *rule) +sudo_sss_check_runas_group(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { char **val_array = NULL; char *val; @@ -391,7 +480,7 @@ sudo_sss_check_runas_group(struct sss_su debug_return_int(UNSPEC); /* get the values from the entry */ - switch (sss_sudo_get_values(rule, "sudoRunAsGroup", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) { case 0: break; @@ -399,7 +488,7 @@ sudo_sss_check_runas_group(struct sss_su sudo_debug_printf(2, "No result."); debug_return_int(false); default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsGroup): != 0"); debug_return_int(UNSPEC); } @@ -414,7 +503,7 @@ sudo_sss_check_runas_group(struct sss_su sudo_debug_printf(2, "sssd/ldap sudoRunAsGroup '%s' ... %s", val, ret ? "MATCH!" : "not"); } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); debug_return_int(ret); } @@ -424,7 +513,7 @@ sudo_sss_check_runas_group(struct sss_su * else false. RunAs info is optional. */ static int -sudo_sss_check_runas(struct sss_sudo_rule *rule) +sudo_sss_check_runas(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { int ret; debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD); @@ -432,13 +521,13 @@ sudo_sss_check_runas(struct sss_sudo_rul if (rule == NULL) debug_return_int(false); - ret = sudo_sss_check_runas_user(rule) != false && - sudo_sss_check_runas_group(rule) != false; + ret = sudo_sss_check_runas_user(handle, rule) != false && + sudo_sss_check_runas_group(handle, rule) != false; debug_return_int(ret); } -static int sudo_sss_check_host(struct sss_sudo_rule *rule) +static int sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { char **val_array, *val; int ret = false, i; @@ -448,7 +537,7 @@ static int sudo_sss_check_host(struct ss debug_return_int(ret); /* get the values from the rule */ - switch (sss_sudo_get_values(rule, "sudoHost", &val_array)) + switch (handle->fn_get_values(rule, "sudoHost", &val_array)) { case 0: break; @@ -456,7 +545,7 @@ static int sudo_sss_check_host(struct ss sudo_debug_printf(2, "No result."); debug_return_int(false); default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoHost): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoHost): != 0"); debug_return_int(ret); } @@ -474,17 +563,17 @@ static int sudo_sss_check_host(struct ss sudo_debug_printf(2, "sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not"); } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); debug_return_int(ret); } -static int sudo_sss_result_filterp(struct sss_sudo_rule *rule, void *unused) +static int sudo_sss_result_filterp(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, void *unused) { (void)unused; debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD); - if (sudo_sss_check_host(rule)) + if (sudo_sss_check_host(handle, rule)) debug_return_int(1); else debug_return_int(0); @@ -505,7 +594,7 @@ static struct sss_sudo_result *sudo_sss_ u_sss_result = f_sss_result = NULL; - switch (ret = sss_sudo_send_recv(handle->pw->pw_uid, handle->pw->pw_name, + switch (ret = handle->fn_send_recv(handle->pw->pw_uid, handle->pw->pw_name, handle->domainname, &sss_error, &u_sss_result)) { case 0: @@ -530,11 +619,11 @@ static struct sss_sudo_result *sudo_sss_ } break; default: - sudo_debug_printf(2, "sss_sudo_send_recv: != 0: ret=%d", ret); + sudo_debug_printf(2, "handle->fn_send_recv: != 0: ret=%d", ret); debug_return_ptr(NULL); } - f_sss_result = sudo_sss_filter_result(u_sss_result, sudo_sss_result_filterp, + f_sss_result = sudo_sss_filter_result(handle, u_sss_result, sudo_sss_result_filterp, _SUDO_SSS_FILTER_INCLUDE, NULL); if (f_sss_result != NULL) @@ -547,7 +636,7 @@ static struct sss_sudo_result *sudo_sss_ sudo_debug_printf(3, "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result, u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules); - sss_sudo_free_result(u_sss_result); + handle->fn_free_result(u_sss_result); debug_return_ptr(f_sss_result); } @@ -557,7 +646,7 @@ static struct sss_sudo_result *sudo_sss_ * Returns true if found and allowed, false if negated, else UNSPEC. */ static int -sudo_sss_check_bool(struct sss_sudo_rule *rule, char *option) +sudo_sss_check_bool(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, char *option) { char ch, *var, **val_array = NULL; int i, ret = UNSPEC; @@ -566,7 +655,7 @@ sudo_sss_check_bool(struct sss_sudo_rule if (rule == NULL) debug_return_int(ret); - switch (sss_sudo_get_values(rule, "sudoOption", &val_array)) + switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: break; @@ -574,7 +663,7 @@ sudo_sss_check_bool(struct sss_sudo_rule sudo_debug_printf(2, "No result."); debug_return_int(ret); default: - sudo_debug_printf(2, "sss_sudo_get_values: != 0"); + sudo_debug_printf(2, "handle->fn_get_values: != 0"); debug_return_int(ret); } @@ -589,7 +678,7 @@ sudo_sss_check_bool(struct sss_sudo_rule ret = (ch != '!'); } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); debug_return_int(ret); } @@ -599,7 +688,7 @@ sudo_sss_check_bool(struct sss_sudo_rule * false if disallowed and UNSPEC if not matched. */ static int -sudo_sss_check_command(struct sss_sudo_rule *rule, int *setenv_implied) +sudo_sss_check_command(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, int *setenv_implied) { char **val_array = NULL, *val; char *allowed_cmnd, *allowed_args; @@ -609,7 +698,7 @@ sudo_sss_check_command(struct sss_sudo_r if (rule == NULL) debug_return_int(ret); - switch (sss_sudo_get_values(rule, "sudoCommand", &val_array)) + switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) { case 0: break; @@ -617,7 +706,7 @@ sudo_sss_check_command(struct sss_sudo_r sudo_debug_printf(2, "No result."); debug_return_int(ret); default: - sudo_debug_printf(2, "sss_sudo_get_values: != 0"); + sudo_debug_printf(2, "handle->fn_get_values: != 0"); debug_return_int(ret); } @@ -662,13 +751,13 @@ sudo_sss_check_command(struct sss_sudo_r efree(allowed_cmnd); /* cleanup */ } - sss_sudo_free_values(val_array); /* more cleanup */ + handle->fn_free_values(val_array); /* more cleanup */ debug_return_int(ret); } static void -sudo_sss_parse_options(struct sss_sudo_rule *rule) +sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { int i; char op, *v, *val; @@ -678,7 +767,7 @@ sudo_sss_parse_options(struct sss_sudo_r if (rule == NULL) debug_return; - switch (sss_sudo_get_values(rule, "sudoOption", &val_array)) + switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: break; @@ -686,7 +775,7 @@ sudo_sss_parse_options(struct sss_sudo_r sudo_debug_printf(2, "No result."); debug_return; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoOption): != 0"); debug_return; } @@ -718,7 +807,7 @@ sudo_sss_parse_options(struct sss_sudo_r efree(v); } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); debug_return; } @@ -726,6 +815,7 @@ static int sudo_sss_lookup(struct sudo_n { int rc, setenv_implied; + struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; uint32_t i, state = 0; @@ -750,12 +840,12 @@ static int sudo_sss_lookup(struct sudo_n rule = sss_result->rules + i; if ((pwcheck == any && doauth != false) || (pwcheck == all && doauth == false)) { - doauth = sudo_sss_check_bool(rule, "authenticate"); + doauth = sudo_sss_check_bool(handle, rule, "authenticate"); } /* Only check the command when listing another user. */ if (user_uid == 0 || list_pw == NULL || user_uid == list_pw->pw_uid || - sudo_sss_check_command(rule, NULL)) { + sudo_sss_check_command(handle, rule, NULL)) { matched = true; break; } @@ -791,9 +881,9 @@ static int sudo_sss_lookup(struct sudo_n if (sss_result != NULL) { for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; - if (!sudo_sss_check_runas(rule)) + if (!sudo_sss_check_runas(handle, rule)) continue; - rc = sudo_sss_check_command(rule, &setenv_implied); + rc = sudo_sss_check_command(handle, rule, &setenv_implied); if (rc != UNSPEC) { /* We have a match. */ sudo_debug_printf(1, "Command %sallowed", rc == true ? "" : "NOT "); @@ -802,7 +892,7 @@ static int sudo_sss_lookup(struct sudo_n /* Apply entry-specific options. */ if (setenv_implied) def_setenv = true; - sudo_sss_parse_options(rule); + sudo_sss_parse_options(handle, rule); #ifdef HAVE_SELINUX /* Set role and type if not specified on command line. */ if (user_role == NULL) @@ -865,8 +955,8 @@ static int sudo_sss_display_cmnd(struct for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; - if (sudo_sss_check_command(rule, NULL) && - sudo_sss_check_runas(rule)) { + if (sudo_sss_check_command(handle, rule, NULL) && + sudo_sss_check_runas(handle, rule)) { found = true; goto done; } @@ -878,7 +968,7 @@ done: user_args ? " " : "", user_args ? user_args : ""); if (sss_result != NULL) - sss_sudo_free_result(sss_result); + handle->fn_free_result(sss_result); debug_return_int(!found); } @@ -901,11 +991,11 @@ static int sudo_sss_display_defaults(str if (handle == NULL) goto done; - if (sss_sudo_send_recv_defaults(pw->pw_uid, pw->pw_name, + if (handle->fn_send_recv_defaults(pw->pw_uid, pw->pw_name, &sss_error, &handle->domainname, &sss_result) != 0) { - sudo_debug_printf(2, "sss_sudo_send_recv_defaults: !=0, sss_error=%u", sss_error); + sudo_debug_printf(2, "handle->fn_send_recv_defaults: !=0, sss_error=%u", sss_error); goto done; } @@ -922,7 +1012,7 @@ static int sudo_sss_display_defaults(str for (i = 0; i < sss_result->num_rules; ++i) { rule = sss_result->rules + i; - switch (sss_sudo_get_values(rule, "sudoOption", &val_array)) + switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: break; @@ -930,7 +1020,7 @@ static int sudo_sss_display_defaults(str sudo_debug_printf(2, "No result."); continue; default: - sudo_debug_printf(2, "sss_sudo_get_values: != 0"); + sudo_debug_printf(2, "handle->fn_get_values: != 0"); continue; } @@ -946,11 +1036,11 @@ static int sudo_sss_display_defaults(str count++; } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); val_array = NULL; } - sss_sudo_free_result(sss_result); + handle->fn_free_result(sss_result); done: debug_return_int(count); } @@ -963,7 +1053,7 @@ static int sudo_sss_display_bound_defaul debug_return_int(0); } -static int sudo_sss_display_entry_long(struct sss_sudo_rule *rule, struct lbuf *lbuf) +static int sudo_sss_display_entry_long(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, struct lbuf *lbuf) { char **val_array = NULL; int count = 0, i; @@ -971,94 +1061,94 @@ static int sudo_sss_display_entry_long(s /* get the RunAsUser Values from the entry */ lbuf_append(lbuf, " RunAsUsers: "); - switch (sss_sudo_get_values(rule, "sudoRunAsUser", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAsUser", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: - switch (sss_sudo_get_values(rule, "sudoRunAs", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAs", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result."); lbuf_append(lbuf, "%s", def_runas_default); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAs): != 0"); debug_return_int(count); } break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsUser): != 0"); debug_return_int(count); } lbuf_append(lbuf, "\n"); /* get the RunAsGroup Values from the entry */ - switch (sss_sudo_get_values(rule, "sudoRunAsGroup", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) { case 0: lbuf_append(lbuf, " RunAsGroups: "); for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); lbuf_append(lbuf, "\n"); break; case ENOENT: sudo_debug_printf(2, "No result."); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsGroup): != 0"); debug_return_int(count); } /* get the Option Values from the entry */ - switch (sss_sudo_get_values(rule, "sudoOption", &val_array)) + switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: lbuf_append(lbuf, " Options: "); for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); lbuf_append(lbuf, "\n"); break; case ENOENT: sudo_debug_printf(2, "No result."); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoOption): != 0"); debug_return_int(count); } /* Get the command values from the entry. */ - switch (sss_sudo_get_values(rule, "sudoCommand", &val_array)) { + switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) { case 0: lbuf_append(lbuf, _(" Commands:\n")); for (i = 0; val_array[i] != NULL; ++i) { lbuf_append(lbuf, "\t%s\n", val_array[i]); count++; } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result."); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoCommand): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoCommand): != 0"); debug_return_int(count); } debug_return_int(count); } -static int sudo_sss_display_entry_short(struct sss_sudo_rule *rule, struct lbuf *lbuf) +static int sudo_sss_display_entry_short(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, struct lbuf *lbuf) { char **val_array = NULL; int count = 0, i; @@ -1067,58 +1157,58 @@ static int sudo_sss_display_entry_short( lbuf_append(lbuf, " ("); /* get the RunAsUser Values from the entry */ - switch (sss_sudo_get_values(rule, "sudoRunAsUser", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAsUser", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result. Trying old style (sudoRunAs)."); /* try old style */ - switch (sss_sudo_get_values(rule, "sudoRunAs", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAs", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result."); lbuf_append(lbuf, "%s", def_runas_default); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAs): != 0"); debug_return_int(count); } break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsUser): != 0"); debug_return_int(count); } /* get the RunAsGroup Values from the entry */ - switch (sss_sudo_get_values(rule, "sudoRunAsGroup", &val_array)) + switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) { case 0: lbuf_append(lbuf, " : "); for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result."); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsGroup): != 0"); debug_return_int(count); } lbuf_append(lbuf, ") "); /* get the Option Values from the entry */ - switch (sss_sudo_get_values(rule, "sudoOption", &val_array)) + switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) { @@ -1136,30 +1226,30 @@ static int sudo_sss_display_entry_short( "NOSETENV: " : "SETENV: "); } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result."); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoOption): != 0"); debug_return_int(count); } /* get the Command Values from the entry */ - switch (sss_sudo_get_values(rule, "sudoCommand", &val_array)) { + switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) { lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); count++; } - sss_sudo_free_values(val_array); + handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(2, "No result."); break; default: - sudo_debug_printf(2, "sss_sudo_get_values(sudoCommand): != 0"); + sudo_debug_printf(2, "handle->fn_get_values(sudoCommand): != 0"); debug_return_int(count); } lbuf_append(lbuf, "\n"); @@ -1193,13 +1283,13 @@ static int sudo_sss_display_privs(struct for (i = 0; i < sss_result->num_rules; ++i) { rule = sss_result->rules + i; if (long_list) - count += sudo_sss_display_entry_long(rule, lbuf); + count += sudo_sss_display_entry_long(handle, rule, lbuf); else - count += sudo_sss_display_entry_short(rule, lbuf); + count += sudo_sss_display_entry_short(handle, rule, lbuf); } if (sss_result != NULL) - sss_sudo_free_result(sss_result); + handle->fn_free_result(sss_result); debug_return_int(count); }