diff -rup original/common/sudo_debug.c new/common/sudo_debug.c
--- original/common/sudo_debug.c 2012-05-15 18:22:01.000000000 +0200
+++ new/common/sudo_debug.c 2012-07-17 10:24:05.389397245 +0200
@@ -101,6 +101,7 @@ const char *const sudo_debug_subsystems[
"perms",
"plugin",
"hooks",
+ "sssd",
NULL
};
diff -rup original/include/sudo_debug.h new/include/sudo_debug.h
--- original/include/sudo_debug.h 2012-05-15 18:22:02.000000000 +0200
+++ new/include/sudo_debug.h 2012-07-17 10:49:43.470809390 +0200
@@ -71,6 +71,7 @@
#define SUDO_DEBUG_PERMS (23<<6) /* uid/gid swapping functions */
#define SUDO_DEBUG_PLUGIN (24<<6) /* main plugin functions */
#define SUDO_DEBUG_HOOKS (25<<6) /* hook functions */
+#define SUDO_DEBUG_SSSD (26<<6) /* sudoers SSSD */
#define SUDO_DEBUG_ALL 0xfff0 /* all subsystems */
/* Flag to include string version of errno in debug info. */
diff -rup original/plugins/sudoers/sssd.c new/plugins/sudoers/sssd.c
--- original/plugins/sudoers/sssd.c 2012-07-17 10:13:42.366133003 +0200
+++ new/plugins/sudoers/sssd.c 2012-07-17 10:24:05.383397175 +0200
@@ -86,7 +86,7 @@ static struct sss_sudo_result *sudo_sss_
static void sudo_sss_attrcpy(struct sss_sudo_attr *dst, const struct sss_sudo_attr *src)
{
int i;
- debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_LDAP)
+ debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD)
DPRINTF(3, "dst=%p, src=%p", dst, src);
DPRINTF(2, "emalloc: cnt=%d", src->num_values);
@@ -104,8 +104,8 @@ static void sudo_sss_attrcpy(struct sss_
static void sudo_sss_rulecpy(struct sss_sudo_rule *dst, const struct sss_sudo_rule *src)
{
int i;
- debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_LDAP)
-
+ debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD)
+
DPRINTF(3, "dst=%p, src=%p", dst, src);
DPRINTF(2, "emalloc: cnt=%d", src->num_attrs);
@@ -130,7 +130,7 @@ static struct sss_sudo_result *sudo_sss_
{
struct sss_sudo_result *out_res;
int i, l, r;
- debug_decl(sudo_sss_filter_result, SUDO_DEBUG_LDAP)
+ debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD)
DPRINTF(3, "in_res=%p, count=%u, act=%s",
in_res, in_res->num_rules, act == _SUDO_SSS_FILTER_EXCLUDE ? "EXCLUDE" : "INCLUDE");
@@ -193,7 +193,7 @@ struct sudo_nss sudo_nss_sss = {
static int sudo_sss_open(struct sudo_nss *nss)
{
struct sudo_sss_handle *handle;
- debug_decl(sudo_sss_open, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD);
/* Create a handle container. */
handle = emalloc(sizeof(struct sudo_sss_handle));
@@ -209,7 +209,7 @@ static int sudo_sss_open(struct sudo_nss
// ok
static int sudo_sss_close(struct sudo_nss *nss)
{
- debug_decl(sudo_sss_close, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD);
efree(nss->handle);
debug_return_int(0);
}
@@ -217,7 +217,7 @@ static int sudo_sss_close(struct sudo_ns
// ok
static int sudo_sss_parse(struct sudo_nss *nss)
{
- debug_decl(sudo_sss_parse, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_parse, SUDO_DEBUG_SSSD);
debug_return_int(0);
}
@@ -229,7 +229,7 @@ static int sudo_sss_setdefs(struct sudo_
struct sss_sudo_rule *sss_rule;
uint32_t sss_error;
int i;
- debug_decl(sudo_sss_setdefs, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_setdefs, SUDO_DEBUG_SSSD);
if (handle == NULL)
debug_return_int(-1);
@@ -257,7 +257,7 @@ static int sudo_sss_setdefs(struct sudo_
static int sudo_sss_checkpw(struct sudo_nss *nss, struct passwd *pw)
{
struct sudo_sss_handle *handle = nss->handle;
- debug_decl(sudo_sss_checkpw, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_checkpw, SUDO_DEBUG_SSSD);
if (pw->pw_name != handle->pw->pw_name ||
pw->pw_uid != handle->pw->pw_uid)
@@ -278,13 +278,13 @@ sudo_sss_check_runas_user(struct sss_sud
char **val_array = NULL;
char *val;
int ret = false, i;
- debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_SSSD);
if (!runas_pw)
debug_return_int(UNSPEC);
/* get the runas user from the entry */
- switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array))
+ switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array))
{
case 0:
break;
@@ -315,18 +315,18 @@ sudo_sss_check_runas_user(struct sss_sud
/*
* BUG:
- *
+ *
* if runas is not specified on the command line, the only information
* as to which user to run as is in the runas_default option. We should
* check to see if we have the local option present. Unfortunately we
* don't parse these options until after this routine says yes or no.
* The query has already returned, so we could peek at the attribute
* values here though.
- *
+ *
* For now just require users to always use -u option unless its set
* in the global defaults. This behaviour is no different than the global
* /etc/sudoers.
- *
+ *
* Sigh - maybe add this feature later
*/
@@ -381,7 +381,7 @@ sudo_sss_check_runas_group(struct sss_su
char **val_array = NULL;
char *val;
int ret = false, i;
- debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_SSSD);
/* runas_gr is only set if the user specified the -g flag */
if (!runas_gr)
@@ -424,7 +424,7 @@ static int
sudo_sss_check_runas(struct sss_sudo_rule *rule)
{
int ret;
- debug_decl(sudo_sss_check_runas, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD);
if (rule == NULL)
debug_return_int(false);
@@ -439,7 +439,7 @@ static int sudo_sss_check_host(struct ss
{
char **val_array, *val;
int ret = false, i;
- debug_decl(sudo_sss_check_host, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD);
if (rule == NULL)
debug_return_int(ret);
@@ -479,7 +479,7 @@ static int sudo_sss_check_host(struct ss
static int sudo_sss_result_filterp(struct sss_sudo_rule *rule, void *unused)
{
(void)unused;
- debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD);
if (sudo_sss_check_host(rule))
debug_return_int(1);
@@ -492,7 +492,7 @@ static struct sss_sudo_result *sudo_sss_
struct sudo_sss_handle *handle = nss->handle;
struct sss_sudo_result *u_sss_result, *f_sss_result;
uint32_t sss_error = 0, ret;
- debug_decl(sudo_sss_result_get, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_result_get, SUDO_DEBUG_SSSD);
if (sudo_sss_checkpw(nss, pw) != 0)
debug_return_ptr(NULL);
@@ -558,7 +558,7 @@ sudo_sss_check_bool(struct sss_sudo_rule
{
char ch, *var, **val_array = NULL;
int i, ret = UNSPEC;
- debug_decl(sudo_sss_check_bool, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_check_bool, SUDO_DEBUG_SSSD);
if (rule == NULL)
debug_return_int(ret);
@@ -601,7 +601,7 @@ sudo_sss_check_command(struct sss_sudo_r
char **val_array = NULL, *val;
char *allowed_cmnd, *allowed_args;
int i, foundbang, ret = UNSPEC;
- debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD);
if (rule == NULL)
debug_return_int(ret);
@@ -670,7 +670,7 @@ sudo_sss_parse_options(struct sss_sudo_r
int i;
char op, *v, *val;
char **val_array = NULL;
- debug_decl(sudo_sss_parse_options, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_parse_options, SUDO_DEBUG_SSSD);
if (rule == NULL)
debug_return;
@@ -726,7 +726,7 @@ static int sudo_sss_lookup(struct sudo_n
struct sss_sudo_result *sss_result = NULL;
struct sss_sudo_rule *rule;
uint32_t i, state = 0;
- debug_decl(sudo_sss_lookup, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_lookup, SUDO_DEBUG_SSSD);
/* Fetch list of sudoRole entries that match user and host. */
sss_result = sudo_sss_result_get(nss, sudo_user.pw, &state);
@@ -738,7 +738,7 @@ static int sudo_sss_lookup(struct sudo_n
if (pwflag) {
int doauth = UNSPEC;
int matched = UNSPEC;
- enum def_tuple pwcheck =
+ enum def_tuple pwcheck =
(pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
DPRINTF(2, "perform search for pwflag %d", pwflag);
@@ -842,7 +842,7 @@ static int sudo_sss_display_cmnd(struct
struct sss_sudo_result *sss_result = NULL;
struct sss_sudo_rule *rule;
int i, found = false;
- debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_SSSD);
if (handle == NULL)
goto done;
@@ -893,7 +893,7 @@ static int sudo_sss_display_defaults(str
char *prefix, *val, **val_array = NULL;
int count = 0, i, j;
- debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_SSSD);
if (handle == NULL)
goto done;
@@ -934,7 +934,7 @@ static int sudo_sss_display_defaults(str
prefix = ", ";
count++;
}
-
+
sss_sudo_free_values(val_array);
val_array = NULL;
}
@@ -948,7 +948,7 @@ done:
static int sudo_sss_display_bound_defaults(struct sudo_nss *nss,
struct passwd *pw, struct lbuf *lbuf)
{
- debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_SSSD);
debug_return_int(0);
}
@@ -956,7 +956,7 @@ static int sudo_sss_display_entry_long(s
{
char **val_array = NULL;
int count = 0, i;
- debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_SSSD);
/* get the RunAsUser Values from the entry */
lbuf_append(lbuf, " RunAsUsers: ");
@@ -1051,7 +1051,7 @@ static int sudo_sss_display_entry_short(
{
char **val_array = NULL;
int count = 0, i;
- debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_SSSD);
lbuf_append(lbuf, " (");
@@ -1164,7 +1164,7 @@ static int sudo_sss_display_privs(struct
struct sss_sudo_result *sss_result = NULL;
struct sss_sudo_rule *rule;
unsigned int i, count = 0;
- debug_decl(sudo_sss_display_privs, SUDO_DEBUG_LDAP);
+ debug_decl(sudo_sss_display_privs, SUDO_DEBUG_SSSD);
if (handle == NULL)
debug_return_int(-1);