diff -rup original/plugins/sudoers/sssd.c new/plugins/sudoers/sssd.c --- original/plugins/sudoers/sssd.c 2012-07-17 10:50:20.110201384 +0200 +++ new/plugins/sudoers/sssd.c 2012-07-17 11:09:31.213626613 +0200 @@ -56,11 +56,6 @@ #include "lbuf.h" #include "sudo_debug.h" -extern int debug_level; -#define __sssd_debug debug_level - -#define DPRINTF(level, fmt, ...) if (__sssd_debug >= (level)) warningx("%s:%d: "fmt, __PRETTY_FUNCTION__, __LINE__, ##__VA_ARGS__) - /* sudo_nss implementation */ static int sudo_sss_open(struct sudo_nss *nss); static int sudo_sss_close(struct sudo_nss *nss); @@ -88,8 +83,8 @@ static void sudo_sss_attrcpy(struct sss_ int i; debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD) - DPRINTF(3, "dst=%p, src=%p", dst, src); - DPRINTF(2, "emalloc: cnt=%d", src->num_values); + sudo_debug_printf(3, "dst=%p, src=%p", dst, src); + sudo_debug_printf(2, "emalloc: cnt=%d", src->num_values); dst->name = strdup(src->name); dst->num_values = src->num_values; @@ -106,8 +101,8 @@ static void sudo_sss_rulecpy(struct sss_ int i; debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD) - DPRINTF(3, "dst=%p, src=%p", dst, src); - DPRINTF(2, "emalloc: cnt=%d", src->num_attrs); + sudo_debug_printf(3, "dst=%p, src=%p", dst, src); + sudo_debug_printf(2, "emalloc: cnt=%d", src->num_attrs); dst->num_attrs = src->num_attrs; dst->attrs = emalloc(sizeof(struct sss_sudo_attr) * dst->num_attrs); @@ -132,13 +127,13 @@ static struct sss_sudo_result *sudo_sss_ int i, l, r; debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD) - DPRINTF(3, "in_res=%p, count=%u, act=%s", + sudo_debug_printf(3, "in_res=%p, count=%u, act=%s", in_res, in_res->num_rules, act == _SUDO_SSS_FILTER_EXCLUDE ? "EXCLUDE" : "INCLUDE"); if (in_res == NULL) debug_return_ptr(NULL); - DPRINTF(3, "emalloc: cnt=%d", in_res->num_rules); + sudo_debug_printf(3, "emalloc: cnt=%d", in_res->num_rules); out_res = emalloc(sizeof(struct sss_sudo_result)); out_res->rules = in_res->num_rules > 0 ? emalloc(sizeof(struct sss_sudo_rule) * in_res->num_rules) : NULL; @@ -150,7 +145,7 @@ static struct sss_sudo_result *sudo_sss_ if (( r && act == _SUDO_SSS_FILTER_INCLUDE) || (!r && act == _SUDO_SSS_FILTER_EXCLUDE)) { - DPRINTF(3, "COPY (%s): %p[%u] => %p[%u] (= %p)", + sudo_debug_printf(3, "COPY (%s): %p[%u] => %p[%u] (= %p)", act == _SUDO_SSS_FILTER_EXCLUDE ? "not excluded" : "included", in_res->rules, i, out_res->rules, l, in_res->rules + i); @@ -160,7 +155,7 @@ static struct sss_sudo_result *sudo_sss_ } if (l < in_res->num_rules) { - DPRINTF(3, "reallocating result: %p (count: %u -> %u)", out_res->rules, in_res->num_rules, l); + sudo_debug_printf(3, "reallocating result: %p (count: %u -> %u)", out_res->rules, in_res->num_rules, l); out_res->rules = realloc(out_res->rules, sizeof(struct sss_sudo_rule) * l); } @@ -201,7 +196,7 @@ static int sudo_sss_open(struct sudo_nss handle->pw = sudo_user.pw; nss->handle = handle; - DPRINTF(3, "handle=%p", handle); + sudo_debug_printf(3, "handle=%p", handle); debug_return_int(0); } @@ -234,18 +229,18 @@ static int sudo_sss_setdefs(struct sudo_ if (handle == NULL) debug_return_int(-1); - DPRINTF(1, "Looking for cn=defaults"); + sudo_debug_printf(1, "Looking for cn=defaults"); if (sss_sudo_send_recv_defaults(handle->pw->pw_uid, handle->pw->pw_name, &sss_error, &handle->domainname, &sss_result) != 0) { - DPRINTF(2, "sss_sudo_send_recv_defaults: != 0, sss_error=%u", sss_error); + sudo_debug_printf(2, "sss_sudo_send_recv_defaults: != 0, sss_error=%u", sss_error); debug_return_int(-1); } for (i = 0; i < sss_result->num_rules; ++i) { - DPRINTF(1, "Parsing cn=defaults, %d/%d", i, sss_result->num_rules); + sudo_debug_printf(1, "Parsing cn=defaults, %d/%d", i, sss_result->num_rules); sss_rule = sss_result->rules + i; sudo_sss_parse_options(sss_rule); } @@ -262,7 +257,7 @@ static int sudo_sss_checkpw(struct sudo_ if (pw->pw_name != handle->pw->pw_name || pw->pw_uid != handle->pw->pw_uid) { - DPRINTF(1, "Requested name or uid don't match the initial once, reinitializing..."); + sudo_debug_printf(1, "Requested name or uid don't match the initial once, reinitializing..."); handle->pw = pw; if (sudo_sss_setdefs(nss) != 0) @@ -289,7 +284,7 @@ sudo_sss_check_runas_user(struct sss_sud case 0: break; case ENOENT: - DPRINTF(2, "No result. Trying old style (sudoRunAs)"); + sudo_debug_printf(2, "No result. Trying old style (sudoRunAs)"); /* try old style */ switch (sss_sudo_get_values(sss_rule, "sudoRunAs", &val_array)) @@ -297,19 +292,19 @@ sudo_sss_check_runas_user(struct sss_sud case 0: break; case ENOENT: - DPRINTF(2, "No result. Matching against runas_default"); + sudo_debug_printf(2, "No result. Matching against runas_default"); /* * If there are no runas entries, match runas_default against * what the user specified on the command line. */ return !strcasecmp(runas_pw->pw_name, def_runas_default); default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAs): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0"); debug_return_int(UNSPEC); } break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); debug_return_int(UNSPEC); } @@ -334,40 +329,40 @@ sudo_sss_check_runas_user(struct sss_sud for (i = 0; val_array[i] != NULL && !ret; ++i) { val = val_array[i]; - DPRINTF(3, "val[%d]=%s", i, val); + sudo_debug_printf(3, "val[%d]=%s", i, val); switch (val[0]) { case '+': - DPRINTF(3, "netgr_"); + sudo_debug_printf(3, "netgr_"); if (netgr_matches(val, NULL, NULL, runas_pw->pw_name)) { - DPRINTF(3, "=> match"); + sudo_debug_printf(3, "=> match"); ret = true; } break; case '%': - DPRINTF(3, "usergr_"); + sudo_debug_printf(3, "usergr_"); if (usergr_matches(val, runas_pw->pw_name, runas_pw)) { - DPRINTF(3, "=> match"); + sudo_debug_printf(3, "=> match"); ret = true; } break; case 'A': if (strcmp(val, "ALL") == 0) { - DPRINTF(3, "ALL => match"); + sudo_debug_printf(3, "ALL => match"); ret = true; break; } /* FALLTHROUGH */ - DPRINTF(3, "FALLTHROUGH"); + sudo_debug_printf(3, "FALLTHROUGH"); default: if (strcasecmp(val, runas_pw->pw_name) == 0) { - DPRINTF(3, "%s == %s (pw_name) => match", val, runas_pw->pw_name); + sudo_debug_printf(3, "%s == %s (pw_name) => match", val, runas_pw->pw_name); ret = true; } break; } - DPRINTF(2, "sssd/ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not"); + sudo_debug_printf(2, "sssd/ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not"); } sss_sudo_free_values(val_array); /* cleanup */ @@ -393,22 +388,22 @@ sudo_sss_check_runas_group(struct sss_su case 0: break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); debug_return_int(false); default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); debug_return_int(UNSPEC); } /* walk through values returned, looking for a match */ for (i = 0; val_array[i] != NULL; ++i) { val = val_array[i]; - DPRINTF(3, "val[%d]=%s", i, val); + sudo_debug_printf(3, "val[%d]=%s", i, val); if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr)) ret = true; - DPRINTF(2, "sssd/ldap sudoRunAsGroup '%s' ... %s", val, ret ? "MATCH!" : "not"); + sudo_debug_printf(2, "sssd/ldap sudoRunAsGroup '%s' ... %s", val, ret ? "MATCH!" : "not"); } sss_sudo_free_values(val_array); @@ -450,17 +445,17 @@ static int sudo_sss_check_host(struct ss case 0: break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); debug_return_int(false); default: - DPRINTF(2, "sss_sudo_get_values(sudoHost): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoHost): != 0"); debug_return_int(ret); } /* walk through values */ for (i = 0; val_array[i] != NULL; ++i) { val = val_array[i]; - DPRINTF(3, "val[%d]=%s", i, val); + sudo_debug_printf(3, "val[%d]=%s", i, val); /* match any or address or netgroup or hostname */ if (!strcmp(val, "ALL") || addr_matches(val) || @@ -468,7 +463,7 @@ static int sudo_sss_check_host(struct ss hostname_matches(user_shost, user_host, val)) ret = true; - DPRINTF(2, "sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not"); + sudo_debug_printf(2, "sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not"); } sss_sudo_free_values(val_array); @@ -497,8 +492,8 @@ static struct sss_sudo_result *sudo_sss_ if (sudo_sss_checkpw(nss, pw) != 0) debug_return_ptr(NULL); - DPRINTF(1, " username=%s", handle->pw->pw_name); - DPRINTF(1, "domainname=%s", handle->domainname); + sudo_debug_printf(1, " username=%s", handle->pw->pw_name); + sudo_debug_printf(1, "domainname=%s", handle->domainname); u_sss_result = f_sss_result = NULL; @@ -510,24 +505,24 @@ static struct sss_sudo_result *sudo_sss_ case 0: if (u_sss_result != NULL) { if (state != NULL) { - DPRINTF(3, "state |= USERMATCH"); + sudo_debug_printf(3, "state |= USERMATCH"); *state |= _SUDO_SSS_STATE_USERMATCH; } - DPRINTF(2, "Received %u rule(s)", u_sss_result->num_rules); + sudo_debug_printf(2, "Received %u rule(s)", u_sss_result->num_rules); } else { - DPRINTF(2, "Internal error: u_sss_result == NULL && sss_error == 0"); + sudo_debug_printf(2, "Internal error: u_sss_result == NULL && sss_error == 0"); debug_return_ptr(NULL); } break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); default: - DPRINTF(2, "sss_error=%u\n", sss_error); + sudo_debug_printf(2, "sss_error=%u\n", sss_error); debug_return_ptr(NULL); } break; default: - DPRINTF(2, "sss_sudo_send_recv: != 0: ret=%d", ret); + sudo_debug_printf(2, "sss_sudo_send_recv: != 0: ret=%d", ret); debug_return_ptr(NULL); } @@ -537,11 +532,11 @@ static struct sss_sudo_result *sudo_sss_ if (f_sss_result != NULL) if (f_sss_result->num_rules > 0) if (state != NULL) { - DPRINTF(3, "state |= HOSTMATCH"); + sudo_debug_printf(3, "state |= HOSTMATCH"); *state |= _SUDO_SSS_STATE_HOSTMATCH; } - DPRINTF(3, "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", + sudo_debug_printf(3, "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result, u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules); sss_sudo_free_result(u_sss_result); @@ -568,17 +563,17 @@ sudo_sss_check_bool(struct sss_sudo_rule case 0: break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); debug_return_int(ret); default: - DPRINTF(2, "sss_sudo_get_values: != 0"); + sudo_debug_printf(2, "sss_sudo_get_values: != 0"); debug_return_int(ret); } /* walk through options */ for (i = 0; val_array[i] != NULL; ++i) { var = val_array[i]; - DPRINTF(2, "sssd/ldap sudoOption: '%s'", var); + sudo_debug_printf(2, "sssd/ldap sudoOption: '%s'", var); if ((ch = *var) == '!') var++; @@ -611,24 +606,24 @@ sudo_sss_check_command(struct sss_sudo_r case 0: break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); debug_return_int(ret); default: - DPRINTF(2, "sss_sudo_get_values: != 0"); + sudo_debug_printf(2, "sss_sudo_get_values: != 0"); debug_return_int(ret); } for (i = 0; val_array[i] != NULL && ret != false; ++i) { val = val_array[i]; - DPRINTF(3, "val[%d]=%s", i, val); + sudo_debug_printf(3, "val[%d]=%s", i, val); /* Match against ALL ? */ if (!strcmp(val, "ALL")) { ret = true; if (setenv_implied != NULL) *setenv_implied = true; - DPRINTF(2, "sssd/ldap sudoCommand '%s' ... MATCH!", val); + sudo_debug_printf(2, "sssd/ldap sudoCommand '%s' ... MATCH!", val); continue; } @@ -655,7 +650,7 @@ sudo_sss_check_command(struct sss_sudo_r ret = foundbang ? false : true; } - DPRINTF(2, "sssd/ldap sudoCommand '%s' ... %s", val, ret == true ? "MATCH!" : "not"); + sudo_debug_printf(2, "sssd/ldap sudoCommand '%s' ... %s", val, ret == true ? "MATCH!" : "not"); efree(allowed_cmnd); /* cleanup */ } @@ -680,16 +675,16 @@ sudo_sss_parse_options(struct sss_sudo_r case 0: break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); debug_return; default: - DPRINTF(2, "sss_sudo_get_values(sudoOption): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0"); debug_return; } /* walk through options */ for (i = 0; val_array[i] != NULL; i++) { - DPRINTF(2, "sssd/ldap sudoOption: '%s'", val_array[i]); + sudo_debug_printf(2, "sssd/ldap sudoOption: '%s'", val_array[i]); v = estrdup(val_array[i]); /* check for equals sign past first char */ @@ -741,7 +736,7 @@ static int sudo_sss_lookup(struct sudo_n enum def_tuple pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; - DPRINTF(2, "perform search for pwflag %d", pwflag); + sudo_debug_printf(2, "perform search for pwflag %d", pwflag); if (sss_result != NULL) { for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; @@ -782,7 +777,7 @@ static int sudo_sss_lookup(struct sudo_n goto done; } - DPRINTF(1, "searching SSSD/LDAP for sudoers entries"); + sudo_debug_printf(1, "searching SSSD/LDAP for sudoers entries"); setenv_implied = false; if (sss_result != NULL) { @@ -793,9 +788,9 @@ static int sudo_sss_lookup(struct sudo_n rc = sudo_sss_check_command(rule, &setenv_implied); if (rc != UNSPEC) { /* We have a match. */ - DPRINTF(1, "Command %sallowed", rc == true ? "" : "NOT "); + sudo_debug_printf(1, "Command %sallowed", rc == true ? "" : "NOT "); if (rc == true) { - DPRINTF(3, "SSSD rule: %p", rule); + sudo_debug_printf(3, "SSSD rule: %p", rule); /* Apply entry-specific options. */ if (setenv_implied) def_setenv = true; @@ -818,7 +813,7 @@ static int sudo_sss_lookup(struct sudo_n } } done: - DPRINTF(1, "Done with LDAP searches"); + sudo_debug_printf(1, "Done with LDAP searches"); if (!ISSET(ret, VALIDATE_OK)) { /* No matching entries. */ @@ -831,7 +826,7 @@ done: if (state & _SUDO_SSS_STATE_HOSTMATCH) CLR(ret, FLAG_NO_HOST); - DPRINTF(3, "sudo_sss_lookup(%d)=0x%02x", pwflag, ret); + sudo_debug_printf(3, "sudo_sss_lookup(%d)=0x%02x", pwflag, ret); debug_return_int(ret); } @@ -854,7 +849,7 @@ static int sudo_sss_display_cmnd(struct * The sudo_sss_result_get() function returns all nodes that match * the user and the host. */ - DPRINTF(1, "sssd/ldap search for command list"); + sudo_debug_printf(1, "sssd/ldap search for command list"); sss_result = sudo_sss_result_get(nss, pw, NULL); if (sss_result == NULL) @@ -902,7 +897,7 @@ static int sudo_sss_display_defaults(str &sss_error, &handle->domainname, &sss_result) != 0) { - DPRINTF(2, "sss_sudo_send_recv_defaults: !=0, sss_error=%u", sss_error); + sudo_debug_printf(2, "sss_sudo_send_recv_defaults: !=0, sss_error=%u", sss_error); goto done; } @@ -916,10 +911,10 @@ static int sudo_sss_display_defaults(str case 0: break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); continue; default: - DPRINTF(2, "sss_sudo_get_values: != 0"); + sudo_debug_printf(2, "sss_sudo_get_values: != 0"); continue; } @@ -976,16 +971,16 @@ static int sudo_sss_display_entry_long(s sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); lbuf_append(lbuf, "%s", def_runas_default); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAs): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0"); debug_return_int(count); } break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); debug_return_int(count); } lbuf_append(lbuf, "\n"); @@ -1001,10 +996,10 @@ static int sudo_sss_display_entry_long(s lbuf_append(lbuf, "\n"); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); debug_return_int(count); } @@ -1019,10 +1014,10 @@ static int sudo_sss_display_entry_long(s lbuf_append(lbuf, "\n"); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoOption): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0"); debug_return_int(count); } @@ -1037,10 +1032,10 @@ static int sudo_sss_display_entry_long(s sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoCommand): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoCommand): != 0"); debug_return_int(count); } @@ -1064,7 +1059,7 @@ static int sudo_sss_display_entry_short( sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result. Trying old style (sudoRunAs)."); + sudo_debug_printf(2, "No result. Trying old style (sudoRunAs)."); /* try old style */ switch (sss_sudo_get_values(rule, "sudoRunAs", &val_array)) { @@ -1074,16 +1069,16 @@ static int sudo_sss_display_entry_short( sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); lbuf_append(lbuf, "%s", def_runas_default); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAs): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0"); debug_return_int(count); } break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0"); debug_return_int(count); } @@ -1097,10 +1092,10 @@ static int sudo_sss_display_entry_short( sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0"); debug_return_int(count); } @@ -1128,10 +1123,10 @@ static int sudo_sss_display_entry_short( sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoOption): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0"); debug_return_int(count); } @@ -1145,10 +1140,10 @@ static int sudo_sss_display_entry_short( sss_sudo_free_values(val_array); break; case ENOENT: - DPRINTF(2, "No result."); + sudo_debug_printf(2, "No result."); break; default: - DPRINTF(2, "sss_sudo_get_values(sudoCommand): != 0"); + sudo_debug_printf(2, "sss_sudo_get_values(sudoCommand): != 0"); debug_return_int(count); } lbuf_append(lbuf, "\n"); @@ -1171,7 +1166,7 @@ static int sudo_sss_display_privs(struct if (sudo_sss_checkpw(nss, pw) != 0) debug_return_int(-1); - DPRINTF(2, "sssd/ldap search for command list"); + sudo_debug_printf(2, "sssd/ldap search for command list"); sss_result = sudo_sss_result_get(nss, pw, NULL);