diff -rup original/common/sudo_debug.c new/common/sudo_debug.c --- original/common/sudo_debug.c 2012-05-15 18:22:01.000000000 +0200 +++ new/common/sudo_debug.c 2012-07-17 10:24:05.389397245 +0200 @@ -101,6 +101,7 @@ const char *const sudo_debug_subsystems[ "perms", "plugin", "hooks", + "sssd", NULL }; diff -rup original/include/sudo_debug.h new/include/sudo_debug.h --- original/include/sudo_debug.h 2012-05-15 18:22:02.000000000 +0200 +++ new/include/sudo_debug.h 2012-07-17 10:49:43.470809390 +0200 @@ -71,6 +71,7 @@ #define SUDO_DEBUG_PERMS (23<<6) /* uid/gid swapping functions */ #define SUDO_DEBUG_PLUGIN (24<<6) /* main plugin functions */ #define SUDO_DEBUG_HOOKS (25<<6) /* hook functions */ +#define SUDO_DEBUG_SSSD (26<<6) /* sudoers SSSD */ #define SUDO_DEBUG_ALL 0xfff0 /* all subsystems */ /* Flag to include string version of errno in debug info. */ diff -rup original/plugins/sudoers/sssd.c new/plugins/sudoers/sssd.c --- original/plugins/sudoers/sssd.c 2012-07-17 10:13:42.366133003 +0200 +++ new/plugins/sudoers/sssd.c 2012-07-17 10:24:05.383397175 +0200 @@ -86,7 +86,7 @@ static struct sss_sudo_result *sudo_sss_ static void sudo_sss_attrcpy(struct sss_sudo_attr *dst, const struct sss_sudo_attr *src) { int i; - debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_LDAP) + debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD) DPRINTF(3, "dst=%p, src=%p", dst, src); DPRINTF(2, "emalloc: cnt=%d", src->num_values); @@ -104,8 +104,8 @@ static void sudo_sss_attrcpy(struct sss_ static void sudo_sss_rulecpy(struct sss_sudo_rule *dst, const struct sss_sudo_rule *src) { int i; - debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_LDAP) - + debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD) + DPRINTF(3, "dst=%p, src=%p", dst, src); DPRINTF(2, "emalloc: cnt=%d", src->num_attrs); @@ -130,7 +130,7 @@ static struct sss_sudo_result *sudo_sss_ { struct sss_sudo_result *out_res; int i, l, r; - debug_decl(sudo_sss_filter_result, SUDO_DEBUG_LDAP) + debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD) DPRINTF(3, "in_res=%p, count=%u, act=%s", in_res, in_res->num_rules, act == _SUDO_SSS_FILTER_EXCLUDE ? "EXCLUDE" : "INCLUDE"); @@ -193,7 +193,7 @@ struct sudo_nss sudo_nss_sss = { static int sudo_sss_open(struct sudo_nss *nss) { struct sudo_sss_handle *handle; - debug_decl(sudo_sss_open, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD); /* Create a handle container. */ handle = emalloc(sizeof(struct sudo_sss_handle)); @@ -209,7 +209,7 @@ static int sudo_sss_open(struct sudo_nss // ok static int sudo_sss_close(struct sudo_nss *nss) { - debug_decl(sudo_sss_close, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD); efree(nss->handle); debug_return_int(0); } @@ -217,7 +217,7 @@ static int sudo_sss_close(struct sudo_ns // ok static int sudo_sss_parse(struct sudo_nss *nss) { - debug_decl(sudo_sss_parse, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_parse, SUDO_DEBUG_SSSD); debug_return_int(0); } @@ -229,7 +229,7 @@ static int sudo_sss_setdefs(struct sudo_ struct sss_sudo_rule *sss_rule; uint32_t sss_error; int i; - debug_decl(sudo_sss_setdefs, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_setdefs, SUDO_DEBUG_SSSD); if (handle == NULL) debug_return_int(-1); @@ -257,7 +257,7 @@ static int sudo_sss_setdefs(struct sudo_ static int sudo_sss_checkpw(struct sudo_nss *nss, struct passwd *pw) { struct sudo_sss_handle *handle = nss->handle; - debug_decl(sudo_sss_checkpw, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_checkpw, SUDO_DEBUG_SSSD); if (pw->pw_name != handle->pw->pw_name || pw->pw_uid != handle->pw->pw_uid) @@ -278,13 +278,13 @@ sudo_sss_check_runas_user(struct sss_sud char **val_array = NULL; char *val; int ret = false, i; - debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_SSSD); if (!runas_pw) debug_return_int(UNSPEC); /* get the runas user from the entry */ - switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array)) + switch (sss_sudo_get_values(sss_rule, "sudoRunAsUser", &val_array)) { case 0: break; @@ -315,18 +315,18 @@ sudo_sss_check_runas_user(struct sss_sud /* * BUG: - * + * * if runas is not specified on the command line, the only information * as to which user to run as is in the runas_default option. We should * check to see if we have the local option present. Unfortunately we * don't parse these options until after this routine says yes or no. * The query has already returned, so we could peek at the attribute * values here though. - * + * * For now just require users to always use -u option unless its set * in the global defaults. This behaviour is no different than the global * /etc/sudoers. - * + * * Sigh - maybe add this feature later */ @@ -381,7 +381,7 @@ sudo_sss_check_runas_group(struct sss_su char **val_array = NULL; char *val; int ret = false, i; - debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_SSSD); /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) @@ -424,7 +424,7 @@ static int sudo_sss_check_runas(struct sss_sudo_rule *rule) { int ret; - debug_decl(sudo_sss_check_runas, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_int(false); @@ -439,7 +439,7 @@ static int sudo_sss_check_host(struct ss { char **val_array, *val; int ret = false, i; - debug_decl(sudo_sss_check_host, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_int(ret); @@ -479,7 +479,7 @@ static int sudo_sss_check_host(struct ss static int sudo_sss_result_filterp(struct sss_sudo_rule *rule, void *unused) { (void)unused; - debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD); if (sudo_sss_check_host(rule)) debug_return_int(1); @@ -492,7 +492,7 @@ static struct sss_sudo_result *sudo_sss_ struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *u_sss_result, *f_sss_result; uint32_t sss_error = 0, ret; - debug_decl(sudo_sss_result_get, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_result_get, SUDO_DEBUG_SSSD); if (sudo_sss_checkpw(nss, pw) != 0) debug_return_ptr(NULL); @@ -558,7 +558,7 @@ sudo_sss_check_bool(struct sss_sudo_rule { char ch, *var, **val_array = NULL; int i, ret = UNSPEC; - debug_decl(sudo_sss_check_bool, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_check_bool, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_int(ret); @@ -601,7 +601,7 @@ sudo_sss_check_command(struct sss_sudo_r char **val_array = NULL, *val; char *allowed_cmnd, *allowed_args; int i, foundbang, ret = UNSPEC; - debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_int(ret); @@ -670,7 +670,7 @@ sudo_sss_parse_options(struct sss_sudo_r int i; char op, *v, *val; char **val_array = NULL; - debug_decl(sudo_sss_parse_options, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_parse_options, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return; @@ -726,7 +726,7 @@ static int sudo_sss_lookup(struct sudo_n struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; uint32_t i, state = 0; - debug_decl(sudo_sss_lookup, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_lookup, SUDO_DEBUG_SSSD); /* Fetch list of sudoRole entries that match user and host. */ sss_result = sudo_sss_result_get(nss, sudo_user.pw, &state); @@ -738,7 +738,7 @@ static int sudo_sss_lookup(struct sudo_n if (pwflag) { int doauth = UNSPEC; int matched = UNSPEC; - enum def_tuple pwcheck = + enum def_tuple pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; DPRINTF(2, "perform search for pwflag %d", pwflag); @@ -842,7 +842,7 @@ static int sudo_sss_display_cmnd(struct struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; int i, found = false; - debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_SSSD); if (handle == NULL) goto done; @@ -893,7 +893,7 @@ static int sudo_sss_display_defaults(str char *prefix, *val, **val_array = NULL; int count = 0, i, j; - debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_SSSD); if (handle == NULL) goto done; @@ -934,7 +934,7 @@ static int sudo_sss_display_defaults(str prefix = ", "; count++; } - + sss_sudo_free_values(val_array); val_array = NULL; } @@ -948,7 +948,7 @@ done: static int sudo_sss_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { - debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_SSSD); debug_return_int(0); } @@ -956,7 +956,7 @@ static int sudo_sss_display_entry_long(s { char **val_array = NULL; int count = 0, i; - debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_SSSD); /* get the RunAsUser Values from the entry */ lbuf_append(lbuf, " RunAsUsers: "); @@ -1051,7 +1051,7 @@ static int sudo_sss_display_entry_short( { char **val_array = NULL; int count = 0, i; - debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_SSSD); lbuf_append(lbuf, " ("); @@ -1164,7 +1164,7 @@ static int sudo_sss_display_privs(struct struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; unsigned int i, count = 0; - debug_decl(sudo_sss_display_privs, SUDO_DEBUG_LDAP); + debug_decl(sudo_sss_display_privs, SUDO_DEBUG_SSSD); if (handle == NULL) debug_return_int(-1);