--- embedaddon/sudo/plugins/sudoers/sudo_nss.c 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/plugins/sudoers/sudo_nss.c 2012/10/09 09:29:52 1.1.1.3 @@ -18,6 +18,8 @@ #include #include +#include + #include #ifdef STDC_HEADERS # include @@ -47,8 +49,11 @@ extern struct sudo_nss sudo_nss_file; #ifdef HAVE_LDAP extern struct sudo_nss sudo_nss_ldap; #endif +#ifdef HAVE_SSSD +extern struct sudo_nss sudo_nss_sss; +#endif -#if defined(HAVE_LDAP) && defined(_PATH_NSSWITCH_CONF) +#if (defined(HAVE_LDAP) || defined(HAVE_SSSD)) && defined(_PATH_NSSWITCH_CONF) /* * Read in /etc/nsswitch.conf * Returns a tail queue of matches. @@ -58,6 +63,9 @@ sudo_read_nss(void) { FILE *fp; char *cp; +#ifdef HAVE_SSSD + bool saw_sss = false; +#endif bool saw_files = false; bool saw_ldap = false; bool got_match = false; @@ -84,10 +92,19 @@ sudo_read_nss(void) } else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { tq_append(&snl, &sudo_nss_ldap); got_match = true; +#ifdef HAVE_SSSD + } else if (strcasecmp(cp, "sss") == 0 && !saw_sss) { + tq_append(&snl, &sudo_nss_sss); + got_match = true; +#endif } else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) { /* NOTFOUND affects the most recent entry */ tq_last(&snl)->ret_if_notfound = true; got_match = false; + } else if (strcasecmp(cp, "[SUCCESS=return]") == 0 && got_match) { + /* SUCCESS affects the most recent entry */ + tq_last(&snl)->ret_if_found = true; + got_match = false; } else got_match = false; } @@ -104,9 +121,9 @@ nomatch: debug_return_ptr(&snl); } -#else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */ +#else /* (HAVE_LDAP || HAVE_SSSD) && _PATH_NSSWITCH_CONF */ -# if defined(HAVE_LDAP) && defined(_PATH_NETSVC_CONF) +# if (defined(HAVE_LDAP) || defined(HAVE_SSSD)) && defined(_PATH_NETSVC_CONF) /* * Read in /etc/netsvc.conf (like nsswitch.conf on AIX) @@ -117,6 +134,9 @@ sudo_read_nss(void) { FILE *fp; char *cp, *ep; +#ifdef HAVE_SSSD + bool saw_sss = false; +#endif bool saw_files = false; bool saw_ldap = false; bool got_match = false; @@ -156,6 +176,13 @@ sudo_read_nss(void) tq_append(&snl, &sudo_nss_ldap); got_match = true; ep = &cp[4]; +#ifdef HAVE_SSSD + } else if (!saw_sss && strncasecmp(cp, "sss", 3) == 0 && + (isspace((unsigned char)cp[3]) || cp[3] == '\0')) { + tq_append(&snl, &sudo_nss_sss); + got_match = true; + ep = &cp[3]; +#endif } else { got_match = false; } @@ -195,6 +222,9 @@ sudo_read_nss(void) static struct sudo_nss_list snl; debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) +# ifdef HAVE_SSSD + tq_append(&snl, &sudo_nss_sss); +# endif # ifdef HAVE_LDAP tq_append(&snl, &sudo_nss_ldap); # endif @@ -233,11 +263,15 @@ display_privs(struct sudo_nss_list *snl, struct passwd { struct sudo_nss *nss; struct lbuf defs, privs; - int count, olen; + struct stat sb; + int cols, count, olen; debug_decl(display_privs, SUDO_DEBUG_NSS) - lbuf_init(&defs, output, 4, NULL, sudo_user.cols); - lbuf_init(&privs, output, 4, NULL, sudo_user.cols); + cols = sudo_user.cols; + if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) + cols = 0; + lbuf_init(&defs, output, 4, NULL, cols); + lbuf_init(&privs, output, 4, NULL, cols); /* Display defaults from all sources. */ lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"), @@ -272,13 +306,14 @@ display_privs(struct sudo_nss_list *snl, struct passwd tq_foreach_fwd(snl, nss) { count += nss->display_privs(nss, pw, &privs); } - if (count) { - lbuf_print(&defs); - lbuf_print(&privs); - } else { - printf(_("User %s is not allowed to run sudo on %s.\n"), pw->pw_name, - user_shost); + if (count == 0) { + defs.len = 0; + privs.len = 0; + lbuf_append(&privs, _("User %s is not allowed to run sudo on %s.\n"), + pw->pw_name, user_shost); } + lbuf_print(&defs); + lbuf_print(&privs); lbuf_destroy(&defs); lbuf_destroy(&privs);