rpms/sudo
6
0
Fork 0
Code Issues Pull Requests Releases Activity
049d9661dd
sudo/sudo-1.8.5-sssd-dlopen-lib.patch
Daniel Kopecek 049d9661dd added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) 
- re-enabled SSSD support
- removed libsss_sudo dependency
2012-07-26 09:32:44 +02:00

906 lines
31 KiB
Diff
Raw Blame History

diff -rup original/configure.in new/configure.in
--- original/configure.in 2012-07-19 12:13:15.872301022 +0200
+++ new/configure.in 2012-07-23 11:31:42.821466529 +0200
@@ -101,6 +101,7 @@ AC_SUBST([root_sudo])
AC_SUBST([path_info])
AC_SUBST([ldap_conf])
AC_SUBST([ldap_secret])
+AC_SUBST([sssd_lib])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
@@ -290,8 +291,6 @@ dnl
AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
[case $with_sssd in
yes)
- SUDO_LIBS="${SUDO_LIBS} `pkg-config libsss_sudo --libs`"
- SUDOERS_LIBS="${SUDO_LIBS} `pkg-config libsss_sudo --libs`"
SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
AC_DEFINE(HAVE_SSSD)
;;
@@ -300,6 +299,11 @@ AC_ARG_WITH(sssd, [AS_HELP_STRING([--wit
;;
esac])
+AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
+sssd_lib="\"LIBDIR\""
+test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
+SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
+
AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
diff -rup original/pathnames.h.in new/pathnames.h.in
--- original/pathnames.h.in 2012-07-19 12:13:15.779299949 +0200
+++ new/pathnames.h.in 2012-07-19 15:58:49.454653685 +0200
@@ -157,6 +157,10 @@
#undef _PATH_LDAP_SECRET
#endif /* _PATH_LDAP_SECRET */
+#ifndef _PATH_SSSD_LIB
+#undef _PATH_SSSD_LIB
+#endif /* _PATH_SSSD_LIB */
+
#ifndef _PATH_NSSWITCH_CONF
#undef _PATH_NSSWITCH_CONF
#endif /* _PATH_NSSWITCH_CONF */
diff -rup original/plugins/sudoers/Makefile.in new/plugins/sudoers/Makefile.in
--- original/plugins/sudoers/Makefile.in 2012-07-19 12:13:15.756299680 +0200
+++ new/plugins/sudoers/Makefile.in 2012-07-23 11:31:56.084610531 +0200
@@ -32,6 +32,7 @@ top_srcdir = @top_srcdir@
incdir = $(top_srcdir)/include
docdir = @docdir@
timedir = @timedir@
+libdir = @libdir@
# Compiler & tools to use
CC = @CC@
@@ -51,7 +52,7 @@ SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@
REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
# C preprocessor flags
-CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@
+CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @CPPFLAGS@
# Usually -O and/or -g
CFLAGS = @CFLAGS@
diff -rup original/plugins/sudoers/sssd.c new/plugins/sudoers/sssd.c
--- original/plugins/sudoers/sssd.c 2012-07-19 12:13:15.667298652 +0200
+++ new/plugins/sudoers/sssd.c 2012-07-23 11:32:04.260699269 +0200
@@ -44,23 +44,70 @@
#if TIME_WITH_SYS_TIME
# include <time.h>
#endif
+#ifdef HAVE_DLOPEN
+# include <dlfcn.h>
+#else
+# include "compat/dlfcn.h"
+#endif
#include <ctype.h>
#include <pwd.h>
#include <grp.h>
-#include <sss_sudo.h>
#include <errno.h>
+#include <stdint.h>
#include "sudoers.h"
#include "parse.h"
#include "lbuf.h"
#include "sudo_debug.h"
+/* SSSD <--> SUDO interface - do not change */
+struct sss_sudo_attr {
+ char *name;
+ char **values;
+ unsigned int num_values;
+};
+
+struct sss_sudo_rule {
+ unsigned int num_attrs;
+ struct sss_sudo_attr *attrs;
+};
+
+struct sss_sudo_result {
+ unsigned int num_rules;
+ struct sss_sudo_rule *rules;
+};
+
+typedef int (*sss_sudo_send_recv_t)(uid_t, const char*, const char*,
+ uint32_t*, struct sss_sudo_result**);
+
+typedef int (*sss_sudo_send_recv_defaults_t)(uid_t, const char*, uint32_t*,
+ char**, struct sss_sudo_result**);
+
+typedef void (*sss_sudo_free_result_t)(struct sss_sudo_result*);
+
+typedef int (*sss_sudo_get_values_t)(struct sss_sudo_rule*, const char*,
+ char***);
+
+typedef void (*sss_sudo_free_values_t)(char**);
+
/* sudo_nss implementation */
+
+struct sudo_sss_handle {
+ char *domainname;
+ struct passwd *pw;
+ void *ssslib;
+ sss_sudo_send_recv_t fn_send_recv;
+ sss_sudo_send_recv_defaults_t fn_send_recv_defaults;
+ sss_sudo_free_result_t fn_free_result;
+ sss_sudo_get_values_t fn_get_values;
+ sss_sudo_free_values_t fn_free_values;
+};
+
static int sudo_sss_open(struct sudo_nss *nss);
static int sudo_sss_close(struct sudo_nss *nss);
static int sudo_sss_parse(struct sudo_nss *nss);
-static void sudo_sss_parse_options(struct sss_sudo_rule *rule);
+static void sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule);
static int sudo_sss_setdefs(struct sudo_nss *nss);
static int sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag);
static int sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw);
@@ -121,7 +168,7 @@ static void sudo_sss_rulecpy(struct sss_
#define _SUDO_SSS_STATE_HOSTMATCH 0x01
#define _SUDO_SSS_STATE_USERMATCH 0x02
-static struct sss_sudo_result *sudo_sss_filter_result(struct sss_sudo_result *in_res, int (*filterp)(struct sss_sudo_rule *, void *), int act, void *filterp_arg)
+static struct sss_sudo_result *sudo_sss_filter_result(struct sudo_sss_handle *handle, struct sss_sudo_result *in_res, int (*filterp)(struct sudo_sss_handle *, struct sss_sudo_rule *, void *), int act, void *filterp_arg)
{
struct sss_sudo_result *out_res;
int i, l, r;
@@ -140,7 +187,7 @@ static struct sss_sudo_result *sudo_sss_
out_res->num_rules = 0;
for (i = l = 0; i < in_res->num_rules; ++i) {
- r = filterp(in_res->rules + i, filterp_arg);
+ r = filterp(handle, in_res->rules + i, filterp_arg);
if (( r && act == _SUDO_SSS_FILTER_INCLUDE) ||
(!r && act == _SUDO_SSS_FILTER_EXCLUDE))
@@ -164,11 +211,6 @@ static struct sss_sudo_result *sudo_sss_
debug_return_ptr(out_res);
}
-struct sudo_sss_handle {
- char *domainname;
- struct passwd *pw;
-};
-
struct sudo_nss sudo_nss_sss = {
&sudo_nss_sss,
NULL,
@@ -188,10 +230,50 @@ struct sudo_nss sudo_nss_sss = {
static int sudo_sss_open(struct sudo_nss *nss)
{
struct sudo_sss_handle *handle;
+ static const char path[] = _PATH_SSSD_LIB"/libsss_sudo.so";
debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD);
/* Create a handle container. */
handle = emalloc(sizeof(struct sudo_sss_handle));
+
+ /* Load symbols */
+ handle->ssslib = dlopen(path, RTLD_LAZY);
+ if (handle->ssslib == NULL) {
+ warningx(_("Unable to dlopen %s: %s"), path, dlerror());
+ warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?"));
+ debug_return_int(EFAULT);
+ }
+
+ handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv");
+ if (handle->fn_send_recv == NULL) {
+ warningx(_("unable to find symbol \"sss_sudo_send_recv\" in %s"), path);
+ debug_return_int(EFAULT);
+ }
+
+ handle->fn_send_recv_defaults = dlsym(handle->ssslib, "sss_sudo_send_recv_defaults");
+ if (handle->fn_send_recv_defaults == NULL) {
+ warningx(_("unable to find symbol \"sss_sudo_send_recv_defaults\" in %s"), path);
+ debug_return_int(EFAULT);
+ }
+
+ handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result");
+ if (handle->fn_free_result == NULL) {
+ warningx(_("unable to find symbol \"sss_sudo_free_result\" in %s"), path);
+ debug_return_int(EFAULT);
+ }
+
+ handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values");
+ if (handle->fn_get_values == NULL) {
+ warningx(_("unable to find symbol \"sss_sudo_get_values\" in %s"), path);
+ debug_return_int(EFAULT);
+ }
+
+ handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values");
+ if (handle->fn_free_values == NULL) {
+ warningx(_("unable to find symbol \"sss_sudo_free_values\" in %s"), path);
+ debug_return_int(EFAULT);
+ }
+
handle->domainname = NULL;
handle->pw = sudo_user.pw;
nss->handle = handle;
@@ -204,7 +286,14 @@ static int sudo_sss_open(struct sudo_nss
// ok
static int sudo_sss_close(struct sudo_nss *nss)
{
+ struct sudo_sss_handle *handle;
debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD);
+
+ if (nss && nss->handle) {
+ handle = nss->handle;
+ dlclose(handle->ssslib);
+ }
+
efree(nss->handle);
debug_return_int(0);
}
@@ -231,11 +320,11 @@ static int sudo_sss_setdefs(struct sudo_
sudo_debug_printf(1, "Looking for cn=defaults");
- if (sss_sudo_send_recv_defaults(handle->pw->pw_uid, handle->pw->pw_name,
+ if (handle->fn_send_recv_defaults(handle->pw->pw_uid, handle->pw->pw_name,
&sss_error, &handle->domainname,
&sss_result) != 0)
{
- sudo_debug_printf(2, "sss_sudo_send_recv_defaults: != 0, sss_error=%u", sss_error);
+ sudo_debug_printf(2, "handle->fn_send_recv_defaults: != 0, sss_error=%u", sss_error);
debug_return_int(-1);
}
@@ -250,10 +339,10 @@ static int sudo_sss_setdefs(struct sudo_
for (i = 0; i < sss_result->num_rules; ++i) {
sudo_debug_printf(1, "Parsing cn=defaults, %d/%d", i, sss_result->num_rules);
sss_rule = sss_result->rules + i;
- sudo_sss_parse_options(sss_rule);
+ sudo_sss_parse_options(handle, sss_rule);
}
- sss_sudo_free_result(sss_result);
+ handle->fn_free_result(sss_result);
debug_return_int(0);
}
@@ -276,7 +365,7 @@ static int sudo_sss_checkpw(struct sudo_
}
static int
-sudo_sss_check_runas_user(struct sss_sudo_rule *sss_rule)
+sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *sss_rule)
{
char **val_array = NULL;
char *val;
@@ -287,7 +376,7 @@ sudo_sss_check_runas_user(struct sss_sud
debug_return_int(UNSPEC);
/* get the runas user from the entry */
- switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array))
+ switch (handle->fn_get_values(sss_rule, "sudoRunAsUser", &val_array))
{
case 0:
break;
@@ -295,7 +384,7 @@ sudo_sss_check_runas_user(struct sss_sud
sudo_debug_printf(2, "No result. Trying old style (sudoRunAs)");
/* try old style */
- switch (sss_sudo_get_values(sss_rule, "sudoRunAs", &val_array))
+ switch (handle->fn_get_values(sss_rule, "sudoRunAs", &val_array))
{
case 0:
break;
@@ -307,12 +396,12 @@ sudo_sss_check_runas_user(struct sss_sud
*/
return !strcasecmp(runas_pw->pw_name, def_runas_default);
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAs): != 0");
debug_return_int(UNSPEC);
}
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsUser): != 0");
debug_return_int(UNSPEC);
}
@@ -373,13 +462,13 @@ sudo_sss_check_runas_user(struct sss_sud
sudo_debug_printf(2, "sssd/ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not");
}
- sss_sudo_free_values(val_array); /* cleanup */
+ handle->fn_free_values(val_array); /* cleanup */
debug_return_int(ret);
}
static int
-sudo_sss_check_runas_group(struct sss_sudo_rule *rule)
+sudo_sss_check_runas_group(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
char **val_array = NULL;
char *val;
@@ -391,7 +480,7 @@ sudo_sss_check_runas_group(struct sss_su
debug_return_int(UNSPEC);
/* get the values from the entry */
- switch (sss_sudo_get_values(rule, "sudoRunAsGroup", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array))
{
case 0:
break;
@@ -399,7 +488,7 @@ sudo_sss_check_runas_group(struct sss_su
sudo_debug_printf(2, "No result.");
debug_return_int(false);
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsGroup): != 0");
debug_return_int(UNSPEC);
}
@@ -414,7 +503,7 @@ sudo_sss_check_runas_group(struct sss_su
sudo_debug_printf(2, "sssd/ldap sudoRunAsGroup '%s' ... %s", val, ret ? "MATCH!" : "not");
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
debug_return_int(ret);
}
@@ -424,7 +513,7 @@ sudo_sss_check_runas_group(struct sss_su
* else false. RunAs info is optional.
*/
static int
-sudo_sss_check_runas(struct sss_sudo_rule *rule)
+sudo_sss_check_runas(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
int ret;
debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD);
@@ -432,13 +521,13 @@ sudo_sss_check_runas(struct sss_sudo_rul
if (rule == NULL)
debug_return_int(false);
- ret = sudo_sss_check_runas_user(rule) != false &&
- sudo_sss_check_runas_group(rule) != false;
+ ret = sudo_sss_check_runas_user(handle, rule) != false &&
+ sudo_sss_check_runas_group(handle, rule) != false;
debug_return_int(ret);
}
-static int sudo_sss_check_host(struct sss_sudo_rule *rule)
+static int sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
char **val_array, *val;
int ret = false, i;
@@ -448,7 +537,7 @@ static int sudo_sss_check_host(struct ss
debug_return_int(ret);
/* get the values from the rule */
- switch (sss_sudo_get_values(rule, "sudoHost", &val_array))
+ switch (handle->fn_get_values(rule, "sudoHost", &val_array))
{
case 0:
break;
@@ -456,7 +545,7 @@ static int sudo_sss_check_host(struct ss
sudo_debug_printf(2, "No result.");
debug_return_int(false);
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoHost): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoHost): != 0");
debug_return_int(ret);
}
@@ -474,17 +563,17 @@ static int sudo_sss_check_host(struct ss
sudo_debug_printf(2, "sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not");
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
debug_return_int(ret);
}
-static int sudo_sss_result_filterp(struct sss_sudo_rule *rule, void *unused)
+static int sudo_sss_result_filterp(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, void *unused)
{
(void)unused;
debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD);
- if (sudo_sss_check_host(rule))
+ if (sudo_sss_check_host(handle, rule))
debug_return_int(1);
else
debug_return_int(0);
@@ -505,7 +594,7 @@ static struct sss_sudo_result *sudo_sss_
u_sss_result = f_sss_result = NULL;
- switch (ret = sss_sudo_send_recv(handle->pw->pw_uid, handle->pw->pw_name,
+ switch (ret = handle->fn_send_recv(handle->pw->pw_uid, handle->pw->pw_name,
handle->domainname, &sss_error, &u_sss_result))
{
case 0:
@@ -530,11 +619,11 @@ static struct sss_sudo_result *sudo_sss_
}
break;
default:
- sudo_debug_printf(2, "sss_sudo_send_recv: != 0: ret=%d", ret);
+ sudo_debug_printf(2, "handle->fn_send_recv: != 0: ret=%d", ret);
debug_return_ptr(NULL);
}
- f_sss_result = sudo_sss_filter_result(u_sss_result, sudo_sss_result_filterp,
+ f_sss_result = sudo_sss_filter_result(handle, u_sss_result, sudo_sss_result_filterp,
_SUDO_SSS_FILTER_INCLUDE, NULL);
if (f_sss_result != NULL)
@@ -547,7 +636,7 @@ static struct sss_sudo_result *sudo_sss_
sudo_debug_printf(3, "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)",
u_sss_result, u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules);
- sss_sudo_free_result(u_sss_result);
+ handle->fn_free_result(u_sss_result);
debug_return_ptr(f_sss_result);
}
@@ -557,7 +646,7 @@ static struct sss_sudo_result *sudo_sss_
* Returns true if found and allowed, false if negated, else UNSPEC.
*/
static int
-sudo_sss_check_bool(struct sss_sudo_rule *rule, char *option)
+sudo_sss_check_bool(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, char *option)
{
char ch, *var, **val_array = NULL;
int i, ret = UNSPEC;
@@ -566,7 +655,7 @@ sudo_sss_check_bool(struct sss_sudo_rule
if (rule == NULL)
debug_return_int(ret);
- switch (sss_sudo_get_values(rule, "sudoOption", &val_array))
+ switch (handle->fn_get_values(rule, "sudoOption", &val_array))
{
case 0:
break;
@@ -574,7 +663,7 @@ sudo_sss_check_bool(struct sss_sudo_rule
sudo_debug_printf(2, "No result.");
debug_return_int(ret);
default:
- sudo_debug_printf(2, "sss_sudo_get_values: != 0");
+ sudo_debug_printf(2, "handle->fn_get_values: != 0");
debug_return_int(ret);
}
@@ -589,7 +678,7 @@ sudo_sss_check_bool(struct sss_sudo_rule
ret = (ch != '!');
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
debug_return_int(ret);
}
@@ -599,7 +688,7 @@ sudo_sss_check_bool(struct sss_sudo_rule
* false if disallowed and UNSPEC if not matched.
*/
static int
-sudo_sss_check_command(struct sss_sudo_rule *rule, int *setenv_implied)
+sudo_sss_check_command(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, int *setenv_implied)
{
char **val_array = NULL, *val;
char *allowed_cmnd, *allowed_args;
@@ -609,7 +698,7 @@ sudo_sss_check_command(struct sss_sudo_r
if (rule == NULL)
debug_return_int(ret);
- switch (sss_sudo_get_values(rule, "sudoCommand", &val_array))
+ switch (handle->fn_get_values(rule, "sudoCommand", &val_array))
{
case 0:
break;
@@ -617,7 +706,7 @@ sudo_sss_check_command(struct sss_sudo_r
sudo_debug_printf(2, "No result.");
debug_return_int(ret);
default:
- sudo_debug_printf(2, "sss_sudo_get_values: != 0");
+ sudo_debug_printf(2, "handle->fn_get_values: != 0");
debug_return_int(ret);
}
@@ -662,13 +751,13 @@ sudo_sss_check_command(struct sss_sudo_r
efree(allowed_cmnd); /* cleanup */
}
- sss_sudo_free_values(val_array); /* more cleanup */
+ handle->fn_free_values(val_array); /* more cleanup */
debug_return_int(ret);
}
static void
-sudo_sss_parse_options(struct sss_sudo_rule *rule)
+sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
int i;
char op, *v, *val;
@@ -678,7 +767,7 @@ sudo_sss_parse_options(struct sss_sudo_r
if (rule == NULL)
debug_return;
- switch (sss_sudo_get_values(rule, "sudoOption", &val_array))
+ switch (handle->fn_get_values(rule, "sudoOption", &val_array))
{
case 0:
break;
@@ -686,7 +775,7 @@ sudo_sss_parse_options(struct sss_sudo_r
sudo_debug_printf(2, "No result.");
debug_return;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoOption): != 0");
debug_return;
}
@@ -718,7 +807,7 @@ sudo_sss_parse_options(struct sss_sudo_r
efree(v);
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
debug_return;
}
@@ -726,6 +815,7 @@ static int sudo_sss_lookup(struct sudo_n
{
int rc, setenv_implied;
+ struct sudo_sss_handle *handle = nss->handle;
struct sss_sudo_result *sss_result = NULL;
struct sss_sudo_rule *rule;
uint32_t i, state = 0;
@@ -750,12 +840,12 @@ static int sudo_sss_lookup(struct sudo_n
rule = sss_result->rules + i;
if ((pwcheck == any && doauth != false) ||
(pwcheck == all && doauth == false)) {
- doauth = sudo_sss_check_bool(rule, "authenticate");
+ doauth = sudo_sss_check_bool(handle, rule, "authenticate");
}
/* Only check the command when listing another user. */
if (user_uid == 0 || list_pw == NULL ||
user_uid == list_pw->pw_uid ||
- sudo_sss_check_command(rule, NULL)) {
+ sudo_sss_check_command(handle, rule, NULL)) {
matched = true;
break;
}
@@ -791,9 +881,9 @@ static int sudo_sss_lookup(struct sudo_n
if (sss_result != NULL) {
for (i = 0; i < sss_result->num_rules; i++) {
rule = sss_result->rules + i;
- if (!sudo_sss_check_runas(rule))
+ if (!sudo_sss_check_runas(handle, rule))
continue;
- rc = sudo_sss_check_command(rule, &setenv_implied);
+ rc = sudo_sss_check_command(handle, rule, &setenv_implied);
if (rc != UNSPEC) {
/* We have a match. */
sudo_debug_printf(1, "Command %sallowed", rc == true ? "" : "NOT ");
@@ -802,7 +892,7 @@ static int sudo_sss_lookup(struct sudo_n
/* Apply entry-specific options. */
if (setenv_implied)
def_setenv = true;
- sudo_sss_parse_options(rule);
+ sudo_sss_parse_options(handle, rule);
#ifdef HAVE_SELINUX
/* Set role and type if not specified on command line. */
if (user_role == NULL)
@@ -865,8 +955,8 @@ static int sudo_sss_display_cmnd(struct
for (i = 0; i < sss_result->num_rules; i++) {
rule = sss_result->rules + i;
- if (sudo_sss_check_command(rule, NULL) &&
- sudo_sss_check_runas(rule)) {
+ if (sudo_sss_check_command(handle, rule, NULL) &&
+ sudo_sss_check_runas(handle, rule)) {
found = true;
goto done;
}
@@ -878,7 +968,7 @@ done:
user_args ? " " : "", user_args ? user_args : "");
if (sss_result != NULL)
- sss_sudo_free_result(sss_result);
+ handle->fn_free_result(sss_result);
debug_return_int(!found);
}
@@ -901,11 +991,11 @@ static int sudo_sss_display_defaults(str
if (handle == NULL)
goto done;
- if (sss_sudo_send_recv_defaults(pw->pw_uid, pw->pw_name,
+ if (handle->fn_send_recv_defaults(pw->pw_uid, pw->pw_name,
&sss_error, &handle->domainname,
&sss_result) != 0)
{
- sudo_debug_printf(2, "sss_sudo_send_recv_defaults: !=0, sss_error=%u", sss_error);
+ sudo_debug_printf(2, "handle->fn_send_recv_defaults: !=0, sss_error=%u", sss_error);
goto done;
}
@@ -922,7 +1012,7 @@ static int sudo_sss_display_defaults(str
for (i = 0; i < sss_result->num_rules; ++i) {
rule = sss_result->rules + i;
- switch (sss_sudo_get_values(rule, "sudoOption", &val_array))
+ switch (handle->fn_get_values(rule, "sudoOption", &val_array))
{
case 0:
break;
@@ -930,7 +1020,7 @@ static int sudo_sss_display_defaults(str
sudo_debug_printf(2, "No result.");
continue;
default:
- sudo_debug_printf(2, "sss_sudo_get_values: != 0");
+ sudo_debug_printf(2, "handle->fn_get_values: != 0");
continue;
}
@@ -946,11 +1036,11 @@ static int sudo_sss_display_defaults(str
count++;
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
val_array = NULL;
}
- sss_sudo_free_result(sss_result);
+ handle->fn_free_result(sss_result);
done:
debug_return_int(count);
}
@@ -963,7 +1053,7 @@ static int sudo_sss_display_bound_defaul
debug_return_int(0);
}
-static int sudo_sss_display_entry_long(struct sss_sudo_rule *rule, struct lbuf *lbuf)
+static int sudo_sss_display_entry_long(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, struct lbuf *lbuf)
{
char **val_array = NULL;
int count = 0, i;
@@ -971,94 +1061,94 @@ static int sudo_sss_display_entry_long(s
/* get the RunAsUser Values from the entry */
lbuf_append(lbuf, " RunAsUsers: ");
- switch (sss_sudo_get_values(rule, "sudoRunAsUser", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAsUser", &val_array))
{
case 0:
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
- switch (sss_sudo_get_values(rule, "sudoRunAs", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAs", &val_array))
{
case 0:
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
lbuf_append(lbuf, "%s", def_runas_default);
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAs): != 0");
debug_return_int(count);
}
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsUser): != 0");
debug_return_int(count);
}
lbuf_append(lbuf, "\n");
/* get the RunAsGroup Values from the entry */
- switch (sss_sudo_get_values(rule, "sudoRunAsGroup", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array))
{
case 0:
lbuf_append(lbuf, " RunAsGroups: ");
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
lbuf_append(lbuf, "\n");
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsGroup): != 0");
debug_return_int(count);
}
/* get the Option Values from the entry */
- switch (sss_sudo_get_values(rule, "sudoOption", &val_array))
+ switch (handle->fn_get_values(rule, "sudoOption", &val_array))
{
case 0:
lbuf_append(lbuf, " Options: ");
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
lbuf_append(lbuf, "\n");
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoOption): != 0");
debug_return_int(count);
}
/* Get the command values from the entry. */
- switch (sss_sudo_get_values(rule, "sudoCommand", &val_array)) {
+ switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) {
case 0:
lbuf_append(lbuf, _(" Commands:\n"));
for (i = 0; val_array[i] != NULL; ++i) {
lbuf_append(lbuf, "\t%s\n", val_array[i]);
count++;
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoCommand): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoCommand): != 0");
debug_return_int(count);
}
debug_return_int(count);
}
-static int sudo_sss_display_entry_short(struct sss_sudo_rule *rule, struct lbuf *lbuf)
+static int sudo_sss_display_entry_short(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, struct lbuf *lbuf)
{
char **val_array = NULL;
int count = 0, i;
@@ -1067,58 +1157,58 @@ static int sudo_sss_display_entry_short(
lbuf_append(lbuf, " (");
/* get the RunAsUser Values from the entry */
- switch (sss_sudo_get_values(rule, "sudoRunAsUser", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAsUser", &val_array))
{
case 0:
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result. Trying old style (sudoRunAs).");
/* try old style */
- switch (sss_sudo_get_values(rule, "sudoRunAs", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAs", &val_array))
{
case 0:
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
lbuf_append(lbuf, "%s", def_runas_default);
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAs): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAs): != 0");
debug_return_int(count);
}
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsUser): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsUser): != 0");
debug_return_int(count);
}
/* get the RunAsGroup Values from the entry */
- switch (sss_sudo_get_values(rule, "sudoRunAsGroup", &val_array))
+ switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array))
{
case 0:
lbuf_append(lbuf, " : ");
for (i = 0; val_array[i] != NULL; ++i)
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoRunAsGroup): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoRunAsGroup): != 0");
debug_return_int(count);
}
lbuf_append(lbuf, ") ");
/* get the Option Values from the entry */
- switch (sss_sudo_get_values(rule, "sudoOption", &val_array))
+ switch (handle->fn_get_values(rule, "sudoOption", &val_array))
{
case 0:
for (i = 0; val_array[i] != NULL; ++i) {
@@ -1136,30 +1226,30 @@ static int sudo_sss_display_entry_short(
"NOSETENV: " : "SETENV: ");
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoOption): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoOption): != 0");
debug_return_int(count);
}
/* get the Command Values from the entry */
- switch (sss_sudo_get_values(rule, "sudoCommand", &val_array)) {
+ switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) {
case 0:
for (i = 0; val_array[i] != NULL; ++i) {
lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
count++;
}
- sss_sudo_free_values(val_array);
+ handle->fn_free_values(val_array);
break;
case ENOENT:
sudo_debug_printf(2, "No result.");
break;
default:
- sudo_debug_printf(2, "sss_sudo_get_values(sudoCommand): != 0");
+ sudo_debug_printf(2, "handle->fn_get_values(sudoCommand): != 0");
debug_return_int(count);
}
lbuf_append(lbuf, "\n");
@@ -1193,13 +1283,13 @@ static int sudo_sss_display_privs(struct
for (i = 0; i < sss_result->num_rules; ++i) {
rule = sss_result->rules + i;
if (long_list)
- count += sudo_sss_display_entry_long(rule, lbuf);
+ count += sudo_sss_display_entry_long(handle, rule, lbuf);
else
- count += sudo_sss_display_entry_short(rule, lbuf);
+ count += sudo_sss_display_entry_short(handle, rule, lbuf);
}
if (sss_result != NULL)
- sss_sudo_free_result(sss_result);
+ handle->fn_free_result(sss_result);
debug_return_int(count);
}
Reference in New Issue View Git Blame Copy Permalink