|
|
0e1944 |
diff -up ./plugins/sudoers/sssd.c.fqdnafterfree ./plugins/sudoers/sssd.c
|
|
|
0e1944 |
--- ./plugins/sudoers/sssd.c.fqdnafterfree 2017-01-14 05:30:15.000000000 +0100
|
|
|
0e1944 |
+++ ./plugins/sudoers/sssd.c 2017-04-25 14:23:39.655649726 +0200
|
|
|
0e1944 |
@@ -82,8 +82,8 @@ typedef void (*sss_sudo_free_values_t)(c
|
|
|
0e1944 |
|
|
|
0e1944 |
struct sudo_sss_handle {
|
|
|
0e1944 |
char *domainname;
|
|
|
0e1944 |
- char *host;
|
|
|
0e1944 |
- char *shost;
|
|
|
0e1944 |
+ char *ipa_host;
|
|
|
0e1944 |
+ char *ipa_shost;
|
|
|
0e1944 |
struct passwd *pw;
|
|
|
0e1944 |
void *ssslib;
|
|
|
0e1944 |
sss_sudo_send_recv_t fn_send_recv;
|
|
|
0e1944 |
@@ -385,7 +385,7 @@ sudo_sss_open(struct sudo_nss *nss)
|
|
|
0e1944 |
debug_decl(sudo_sss_open, SUDOERS_DEBUG_SSSD);
|
|
|
0e1944 |
|
|
|
0e1944 |
/* Create a handle container. */
|
|
|
0e1944 |
- handle = malloc(sizeof(struct sudo_sss_handle));
|
|
|
0e1944 |
+ handle = calloc(1, sizeof(struct sudo_sss_handle));
|
|
|
0e1944 |
if (handle == NULL) {
|
|
|
0e1944 |
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
0e1944 |
debug_return_int(ENOMEM);
|
|
|
0e1944 |
@@ -447,9 +447,6 @@ sudo_sss_open(struct sudo_nss *nss)
|
|
|
0e1944 |
debug_return_int(EFAULT);
|
|
|
0e1944 |
}
|
|
|
0e1944 |
|
|
|
0e1944 |
- handle->domainname = NULL;
|
|
|
0e1944 |
- handle->host = user_runhost;
|
|
|
0e1944 |
- handle->shost = user_srunhost;
|
|
|
0e1944 |
handle->pw = sudo_user.pw;
|
|
|
0e1944 |
nss->handle = handle;
|
|
|
0e1944 |
|
|
|
0e1944 |
@@ -458,7 +455,7 @@ sudo_sss_open(struct sudo_nss *nss)
|
|
|
0e1944 |
* in sssd.conf and use it in preference to user_runhost.
|
|
|
0e1944 |
*/
|
|
|
0e1944 |
if (strcmp(user_runhost, user_host) == 0) {
|
|
|
0e1944 |
- if (get_ipa_hostname(&handle->shost, &handle->host) == -1) {
|
|
|
0e1944 |
+ if (get_ipa_hostname(&handle->ipa_shost, &handle->ipa_host) == -1) {
|
|
|
0e1944 |
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
0e1944 |
free(handle);
|
|
|
0e1944 |
debug_return_int(ENOMEM);
|
|
|
0e1944 |
@@ -480,7 +477,10 @@ sudo_sss_close(struct sudo_nss *nss)
|
|
|
0e1944 |
if (nss && nss->handle) {
|
|
|
0e1944 |
handle = nss->handle;
|
|
|
0e1944 |
sudo_dso_unload(handle->ssslib);
|
|
|
0e1944 |
- free(nss->handle);
|
|
|
0e1944 |
+ free(handle->ipa_host);
|
|
|
0e1944 |
+ free(handle->ipa_shost);
|
|
|
0e1944 |
+ free(handle);
|
|
|
0e1944 |
+ nss->handle = NULL;
|
|
|
0e1944 |
}
|
|
|
0e1944 |
debug_return_int(0);
|
|
|
0e1944 |
}
|
|
|
0e1944 |
@@ -585,8 +585,9 @@ sudo_sss_checkpw(struct sudo_nss *nss, s
|
|
|
0e1944 |
static int
|
|
|
0e1944 |
sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *sss_rule, int group_matched)
|
|
|
0e1944 |
{
|
|
|
0e1944 |
- char **val_array = NULL;
|
|
|
0e1944 |
- char *val;
|
|
|
0e1944 |
+ const char *host = handle->ipa_host ? handle->ipa_host : user_runhost;
|
|
|
0e1944 |
+ const char *shost = handle->ipa_shost ? handle->ipa_shost : user_srunhost;
|
|
|
0e1944 |
+ char *val, **val_array = NULL;
|
|
|
0e1944 |
int ret = false, i;
|
|
|
0e1944 |
debug_decl(sudo_sss_check_runas_user, SUDOERS_DEBUG_SSSD);
|
|
|
0e1944 |
|
|
|
0e1944 |
@@ -656,8 +657,8 @@ sudo_sss_check_runas_user(struct sudo_ss
|
|
|
0e1944 |
switch (val[0]) {
|
|
|
0e1944 |
case '+':
|
|
|
0e1944 |
sudo_debug_printf(SUDO_DEBUG_DEBUG, "netgr_");
|
|
|
0e1944 |
- if (netgr_matches(val, def_netgroup_tuple ? handle->host : NULL,
|
|
|
0e1944 |
- def_netgroup_tuple ? handle->shost : NULL, runas_pw->pw_name)) {
|
|
|
0e1944 |
+ if (netgr_matches(val, def_netgroup_tuple ? host : NULL,
|
|
|
0e1944 |
+ def_netgroup_tuple ? shost : NULL, runas_pw->pw_name)) {
|
|
|
0e1944 |
sudo_debug_printf(SUDO_DEBUG_DEBUG, "=> match");
|
|
|
0e1944 |
ret = true;
|
|
|
0e1944 |
}
|
|
|
0e1944 |
@@ -762,7 +763,9 @@ sudo_sss_check_runas(struct sudo_sss_han
|
|
|
0e1944 |
static bool
|
|
|
0e1944 |
sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
|
|
|
0e1944 |
{
|
|
|
0e1944 |
- char **val_array, *val;
|
|
|
0e1944 |
+ const char *host = handle->ipa_host ? handle->ipa_host : user_runhost;
|
|
|
0e1944 |
+ const char *shost = handle->ipa_shost ? handle->ipa_shost : user_srunhost;
|
|
|
0e1944 |
+ char *val, **val_array;
|
|
|
0e1944 |
int matched = UNSPEC;
|
|
|
0e1944 |
bool negated;
|
|
|
0e1944 |
int i;
|
|
|
0e1944 |
@@ -792,9 +795,9 @@ sudo_sss_check_host(struct sudo_sss_hand
|
|
|
0e1944 |
|
|
|
0e1944 |
/* match any or address or netgroup or hostname */
|
|
|
0e1944 |
if (strcmp(val, "ALL") == 0 || addr_matches(val) ||
|
|
|
0e1944 |
- netgr_matches(val, handle->host, handle->shost,
|
|
|
0e1944 |
+ netgr_matches(val, host, shost,
|
|
|
0e1944 |
def_netgroup_tuple ? handle->pw->pw_name : NULL) ||
|
|
|
0e1944 |
- hostname_matches(handle->shost, handle->host, val)) {
|
|
|
0e1944 |
+ hostname_matches(shost, host, val)) {
|
|
|
0e1944 |
|
|
|
0e1944 |
matched = negated ? false : true;
|
|
|
0e1944 |
}
|
|
|
0e1944 |
@@ -816,9 +819,10 @@ sudo_sss_check_host(struct sudo_sss_hand
|
|
|
0e1944 |
static bool
|
|
|
0e1944 |
sudo_sss_check_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
|
|
|
0e1944 |
{
|
|
|
0e1944 |
- int ret = false;
|
|
|
0e1944 |
+ const char *host = handle->ipa_host ? handle->ipa_host : user_runhost;
|
|
|
0e1944 |
+ const char *shost = handle->ipa_shost ? handle->ipa_shost : user_srunhost;
|
|
|
0e1944 |
char **val_array;
|
|
|
0e1944 |
- int i;
|
|
|
0e1944 |
+ int i, ret = false;
|
|
|
0e1944 |
debug_decl(sudo_sss_check_user, SUDOERS_DEBUG_SSSD);
|
|
|
0e1944 |
|
|
|
0e1944 |
if (!handle || !rule)
|
|
|
0e1944 |
@@ -844,8 +848,8 @@ sudo_sss_check_user(struct sudo_sss_hand
|
|
|
0e1944 |
switch (*val) {
|
|
|
0e1944 |
case '+':
|
|
|
0e1944 |
/* Netgroup spec found, check membership. */
|
|
|
0e1944 |
- if (netgr_matches(val, def_netgroup_tuple ? handle->host : NULL,
|
|
|
0e1944 |
- def_netgroup_tuple ? handle->shost : NULL, handle->pw->pw_name)) {
|
|
|
0e1944 |
+ if (netgr_matches(val, def_netgroup_tuple ? host : NULL,
|
|
|
0e1944 |
+ def_netgroup_tuple ? shost : NULL, handle->pw->pw_name)) {
|
|
|
0e1944 |
ret = true;
|
|
|
0e1944 |
}
|
|
|
0e1944 |
break;
|