|
 |
049d966 |
diff -rup original/common/sudo_debug.c new/common/sudo_debug.c
|
|
|
049d966 |
--- original/common/sudo_debug.c 2012-05-15 18:22:01.000000000 +0200
|
|
|
049d966 |
+++ new/common/sudo_debug.c 2012-07-17 10:24:05.389397245 +0200
|
|
|
049d966 |
@@ -101,6 +101,7 @@ const char *const sudo_debug_subsystems[
|
|
|
049d966 |
"perms",
|
|
|
049d966 |
"plugin",
|
|
|
049d966 |
"hooks",
|
|
|
049d966 |
+ "sssd",
|
|
|
049d966 |
NULL
|
|
|
049d966 |
};
|
|
|
049d966 |
|
|
|
049d966 |
diff -rup original/include/sudo_debug.h new/include/sudo_debug.h
|
|
|
049d966 |
--- original/include/sudo_debug.h 2012-05-15 18:22:02.000000000 +0200
|
|
|
049d966 |
+++ new/include/sudo_debug.h 2012-07-17 10:49:43.470809390 +0200
|
|
|
049d966 |
@@ -71,6 +71,7 @@
|
|
|
049d966 |
#define SUDO_DEBUG_PERMS (23<<6) /* uid/gid swapping functions */
|
|
|
049d966 |
#define SUDO_DEBUG_PLUGIN (24<<6) /* main plugin functions */
|
|
|
049d966 |
#define SUDO_DEBUG_HOOKS (25<<6) /* hook functions */
|
|
|
049d966 |
+#define SUDO_DEBUG_SSSD (26<<6) /* sudoers SSSD */
|
|
|
049d966 |
#define SUDO_DEBUG_ALL 0xfff0 /* all subsystems */
|
|
|
049d966 |
|
|
|
049d966 |
/* Flag to include string version of errno in debug info. */
|
|
|
049d966 |
diff -rup original/plugins/sudoers/sssd.c new/plugins/sudoers/sssd.c
|
|
|
049d966 |
--- original/plugins/sudoers/sssd.c 2012-07-17 10:13:42.366133003 +0200
|
|
|
049d966 |
+++ new/plugins/sudoers/sssd.c 2012-07-17 10:24:05.383397175 +0200
|
|
|
049d966 |
@@ -86,7 +86,7 @@ static struct sss_sudo_result *sudo_sss_
|
|
|
049d966 |
static void sudo_sss_attrcpy(struct sss_sudo_attr *dst, const struct sss_sudo_attr *src)
|
|
|
049d966 |
{
|
|
|
049d966 |
int i;
|
|
|
049d966 |
- debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_LDAP)
|
|
|
049d966 |
+ debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD)
|
|
|
049d966 |
|
|
|
049d966 |
DPRINTF(3, "dst=%p, src=%p", dst, src);
|
|
|
049d966 |
DPRINTF(2, "emalloc: cnt=%d", src->num_values);
|
|
|
049d966 |
@@ -104,8 +104,8 @@ static void sudo_sss_attrcpy(struct sss_
|
|
|
049d966 |
static void sudo_sss_rulecpy(struct sss_sudo_rule *dst, const struct sss_sudo_rule *src)
|
|
|
049d966 |
{
|
|
|
049d966 |
int i;
|
|
|
049d966 |
- debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_LDAP)
|
|
|
049d966 |
-
|
|
|
049d966 |
+ debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD)
|
|
|
049d966 |
+
|
|
|
049d966 |
DPRINTF(3, "dst=%p, src=%p", dst, src);
|
|
|
049d966 |
DPRINTF(2, "emalloc: cnt=%d", src->num_attrs);
|
|
|
049d966 |
|
|
|
049d966 |
@@ -130,7 +130,7 @@ static struct sss_sudo_result *sudo_sss_
|
|
|
049d966 |
{
|
|
|
049d966 |
struct sss_sudo_result *out_res;
|
|
|
049d966 |
int i, l, r;
|
|
|
049d966 |
- debug_decl(sudo_sss_filter_result, SUDO_DEBUG_LDAP)
|
|
|
049d966 |
+ debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD)
|
|
|
049d966 |
|
|
|
049d966 |
DPRINTF(3, "in_res=%p, count=%u, act=%s",
|
|
|
049d966 |
in_res, in_res->num_rules, act == _SUDO_SSS_FILTER_EXCLUDE ? "EXCLUDE" : "INCLUDE");
|
|
|
049d966 |
@@ -193,7 +193,7 @@ struct sudo_nss sudo_nss_sss = {
|
|
|
049d966 |
static int sudo_sss_open(struct sudo_nss *nss)
|
|
|
049d966 |
{
|
|
|
049d966 |
struct sudo_sss_handle *handle;
|
|
|
049d966 |
- debug_decl(sudo_sss_open, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
/* Create a handle container. */
|
|
|
049d966 |
handle = emalloc(sizeof(struct sudo_sss_handle));
|
|
|
049d966 |
@@ -209,7 +209,7 @@ static int sudo_sss_open(struct sudo_nss
|
|
|
049d966 |
// ok
|
|
|
049d966 |
static int sudo_sss_close(struct sudo_nss *nss)
|
|
|
049d966 |
{
|
|
|
049d966 |
- debug_decl(sudo_sss_close, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
efree(nss->handle);
|
|
|
049d966 |
debug_return_int(0);
|
|
|
049d966 |
}
|
|
|
049d966 |
@@ -217,7 +217,7 @@ static int sudo_sss_close(struct sudo_ns
|
|
|
049d966 |
// ok
|
|
|
049d966 |
static int sudo_sss_parse(struct sudo_nss *nss)
|
|
|
049d966 |
{
|
|
|
049d966 |
- debug_decl(sudo_sss_parse, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_parse, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
debug_return_int(0);
|
|
|
049d966 |
}
|
|
|
049d966 |
|
|
|
049d966 |
@@ -229,7 +229,7 @@ static int sudo_sss_setdefs(struct sudo_
|
|
|
049d966 |
struct sss_sudo_rule *sss_rule;
|
|
|
049d966 |
uint32_t sss_error;
|
|
|
049d966 |
int i;
|
|
|
049d966 |
- debug_decl(sudo_sss_setdefs, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_setdefs, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (handle == NULL)
|
|
|
049d966 |
debug_return_int(-1);
|
|
|
049d966 |
@@ -257,7 +257,7 @@ static int sudo_sss_setdefs(struct sudo_
|
|
|
049d966 |
static int sudo_sss_checkpw(struct sudo_nss *nss, struct passwd *pw)
|
|
|
049d966 |
{
|
|
|
049d966 |
struct sudo_sss_handle *handle = nss->handle;
|
|
|
049d966 |
- debug_decl(sudo_sss_checkpw, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_checkpw, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (pw->pw_name != handle->pw->pw_name ||
|
|
|
049d966 |
pw->pw_uid != handle->pw->pw_uid)
|
|
|
049d966 |
@@ -278,13 +278,13 @@ sudo_sss_check_runas_user(struct sss_sud
|
|
|
049d966 |
char **val_array = NULL;
|
|
|
049d966 |
char *val;
|
|
|
049d966 |
int ret = false, i;
|
|
|
049d966 |
- debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (!runas_pw)
|
|
|
049d966 |
debug_return_int(UNSPEC);
|
|
|
049d966 |
|
|
|
049d966 |
/* get the runas user from the entry */
|
|
|
049d966 |
- switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array))
|
|
|
049d966 |
+ switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array))
|
|
|
049d966 |
{
|
|
|
049d966 |
case 0:
|
|
|
049d966 |
break;
|
|
|
049d966 |
@@ -315,18 +315,18 @@ sudo_sss_check_runas_user(struct sss_sud
|
|
|
049d966 |
|
|
|
049d966 |
/*
|
|
|
049d966 |
* BUG:
|
|
|
049d966 |
- *
|
|
|
049d966 |
+ *
|
|
|
049d966 |
* if runas is not specified on the command line, the only information
|
|
|
049d966 |
* as to which user to run as is in the runas_default option. We should
|
|
|
049d966 |
* check to see if we have the local option present. Unfortunately we
|
|
|
049d966 |
* don't parse these options until after this routine says yes or no.
|
|
|
049d966 |
* The query has already returned, so we could peek at the attribute
|
|
|
049d966 |
* values here though.
|
|
|
049d966 |
- *
|
|
|
049d966 |
+ *
|
|
|
049d966 |
* For now just require users to always use -u option unless its set
|
|
|
049d966 |
* in the global defaults. This behaviour is no different than the global
|
|
|
049d966 |
* /etc/sudoers.
|
|
|
049d966 |
- *
|
|
|
049d966 |
+ *
|
|
|
049d966 |
* Sigh - maybe add this feature later
|
|
|
049d966 |
*/
|
|
|
049d966 |
|
|
|
049d966 |
@@ -381,7 +381,7 @@ sudo_sss_check_runas_group(struct sss_su
|
|
|
049d966 |
char **val_array = NULL;
|
|
|
049d966 |
char *val;
|
|
|
049d966 |
int ret = false, i;
|
|
|
049d966 |
- debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
/* runas_gr is only set if the user specified the -g flag */
|
|
|
049d966 |
if (!runas_gr)
|
|
|
049d966 |
@@ -424,7 +424,7 @@ static int
|
|
|
049d966 |
sudo_sss_check_runas(struct sss_sudo_rule *rule)
|
|
|
049d966 |
{
|
|
|
049d966 |
int ret;
|
|
|
049d966 |
- debug_decl(sudo_sss_check_runas, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (rule == NULL)
|
|
|
049d966 |
debug_return_int(false);
|
|
|
049d966 |
@@ -439,7 +439,7 @@ static int sudo_sss_check_host(struct ss
|
|
|
049d966 |
{
|
|
|
049d966 |
char **val_array, *val;
|
|
|
049d966 |
int ret = false, i;
|
|
|
049d966 |
- debug_decl(sudo_sss_check_host, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (rule == NULL)
|
|
|
049d966 |
debug_return_int(ret);
|
|
|
049d966 |
@@ -479,7 +479,7 @@ static int sudo_sss_check_host(struct ss
|
|
|
049d966 |
static int sudo_sss_result_filterp(struct sss_sudo_rule *rule, void *unused)
|
|
|
049d966 |
{
|
|
|
049d966 |
(void)unused;
|
|
|
049d966 |
- debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (sudo_sss_check_host(rule))
|
|
|
049d966 |
debug_return_int(1);
|
|
|
049d966 |
@@ -492,7 +492,7 @@ static struct sss_sudo_result *sudo_sss_
|
|
|
049d966 |
struct sudo_sss_handle *handle = nss->handle;
|
|
|
049d966 |
struct sss_sudo_result *u_sss_result, *f_sss_result;
|
|
|
049d966 |
uint32_t sss_error = 0, ret;
|
|
|
049d966 |
- debug_decl(sudo_sss_result_get, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_result_get, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (sudo_sss_checkpw(nss, pw) != 0)
|
|
|
049d966 |
debug_return_ptr(NULL);
|
|
|
049d966 |
@@ -558,7 +558,7 @@ sudo_sss_check_bool(struct sss_sudo_rule
|
|
|
049d966 |
{
|
|
|
049d966 |
char ch, *var, **val_array = NULL;
|
|
|
049d966 |
int i, ret = UNSPEC;
|
|
|
049d966 |
- debug_decl(sudo_sss_check_bool, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_check_bool, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (rule == NULL)
|
|
|
049d966 |
debug_return_int(ret);
|
|
|
049d966 |
@@ -601,7 +601,7 @@ sudo_sss_check_command(struct sss_sudo_r
|
|
|
049d966 |
char **val_array = NULL, *val;
|
|
|
049d966 |
char *allowed_cmnd, *allowed_args;
|
|
|
049d966 |
int i, foundbang, ret = UNSPEC;
|
|
|
049d966 |
- debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (rule == NULL)
|
|
|
049d966 |
debug_return_int(ret);
|
|
|
049d966 |
@@ -670,7 +670,7 @@ sudo_sss_parse_options(struct sss_sudo_r
|
|
|
049d966 |
int i;
|
|
|
049d966 |
char op, *v, *val;
|
|
|
049d966 |
char **val_array = NULL;
|
|
|
049d966 |
- debug_decl(sudo_sss_parse_options, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_parse_options, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (rule == NULL)
|
|
|
049d966 |
debug_return;
|
|
|
049d966 |
@@ -726,7 +726,7 @@ static int sudo_sss_lookup(struct sudo_n
|
|
|
049d966 |
struct sss_sudo_result *sss_result = NULL;
|
|
|
049d966 |
struct sss_sudo_rule *rule;
|
|
|
049d966 |
uint32_t i, state = 0;
|
|
|
049d966 |
- debug_decl(sudo_sss_lookup, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_lookup, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
/* Fetch list of sudoRole entries that match user and host. */
|
|
|
049d966 |
sss_result = sudo_sss_result_get(nss, sudo_user.pw, &state);
|
|
|
049d966 |
@@ -738,7 +738,7 @@ static int sudo_sss_lookup(struct sudo_n
|
|
|
049d966 |
if (pwflag) {
|
|
|
049d966 |
int doauth = UNSPEC;
|
|
|
049d966 |
int matched = UNSPEC;
|
|
|
049d966 |
- enum def_tuple pwcheck =
|
|
|
049d966 |
+ enum def_tuple pwcheck =
|
|
|
049d966 |
(pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
|
|
|
049d966 |
|
|
|
049d966 |
DPRINTF(2, "perform search for pwflag %d", pwflag);
|
|
|
049d966 |
@@ -842,7 +842,7 @@ static int sudo_sss_display_cmnd(struct
|
|
|
049d966 |
struct sss_sudo_result *sss_result = NULL;
|
|
|
049d966 |
struct sss_sudo_rule *rule;
|
|
|
049d966 |
int i, found = false;
|
|
|
049d966 |
- debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (handle == NULL)
|
|
|
049d966 |
goto done;
|
|
|
049d966 |
@@ -893,7 +893,7 @@ static int sudo_sss_display_defaults(str
|
|
|
049d966 |
char *prefix, *val, **val_array = NULL;
|
|
|
049d966 |
int count = 0, i, j;
|
|
|
049d966 |
|
|
|
049d966 |
- debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (handle == NULL)
|
|
|
049d966 |
goto done;
|
|
|
049d966 |
@@ -934,7 +934,7 @@ static int sudo_sss_display_defaults(str
|
|
|
049d966 |
prefix = ", ";
|
|
|
049d966 |
count++;
|
|
|
049d966 |
}
|
|
|
049d966 |
-
|
|
|
049d966 |
+
|
|
|
049d966 |
sss_sudo_free_values(val_array);
|
|
|
049d966 |
val_array = NULL;
|
|
|
049d966 |
}
|
|
|
049d966 |
@@ -948,7 +948,7 @@ done:
|
|
|
049d966 |
static int sudo_sss_display_bound_defaults(struct sudo_nss *nss,
|
|
|
049d966 |
struct passwd *pw, struct lbuf *lbuf)
|
|
|
049d966 |
{
|
|
|
049d966 |
- debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
debug_return_int(0);
|
|
|
049d966 |
}
|
|
|
049d966 |
|
|
|
049d966 |
@@ -956,7 +956,7 @@ static int sudo_sss_display_entry_long(s
|
|
|
049d966 |
{
|
|
|
049d966 |
char **val_array = NULL;
|
|
|
049d966 |
int count = 0, i;
|
|
|
049d966 |
- debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
/* get the RunAsUser Values from the entry */
|
|
|
049d966 |
lbuf_append(lbuf, " RunAsUsers: ");
|
|
|
049d966 |
@@ -1051,7 +1051,7 @@ static int sudo_sss_display_entry_short(
|
|
|
049d966 |
{
|
|
|
049d966 |
char **val_array = NULL;
|
|
|
049d966 |
int count = 0, i;
|
|
|
049d966 |
- debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
lbuf_append(lbuf, " (");
|
|
|
049d966 |
|
|
|
049d966 |
@@ -1164,7 +1164,7 @@ static int sudo_sss_display_privs(struct
|
|
|
049d966 |
struct sss_sudo_result *sss_result = NULL;
|
|
|
049d966 |
struct sss_sudo_rule *rule;
|
|
|
049d966 |
unsigned int i, count = 0;
|
|
|
049d966 |
- debug_decl(sudo_sss_display_privs, SUDO_DEBUG_LDAP);
|
|
|
049d966 |
+ debug_decl(sudo_sss_display_privs, SUDO_DEBUG_SSSD);
|
|
|
049d966 |
|
|
|
049d966 |
if (handle == NULL)
|
|
|
049d966 |
debug_return_int(-1);
|