sudo/sme9/sudo-1.8.6p3-ipahostname.patch

diff -up sudo-1.8.6p3/configure.in.ipahostname sudo-1.8.6p3/configure.in
--- sudo-1.8.6p3/configure.in.ipahostname       2013-08-15 13:15:06.770835409 +0200
+++ sudo-1.8.6p3/configure.in   2013-08-15 13:15:06.897836025 +0200
@@ -307,7 +307,7 @@ dnl Handle SSSD support.
 dnl
 AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
 [case $with_sssd in
-    yes)       SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
+    yes)       SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo ipa_hostname.lo"
                AC_DEFINE(HAVE_SSSD)
                ;;
     no)                ;;
diff -up sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c.ipahostname sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c
--- sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c.ipahostname     2013-08-15 13:15:06.897836025 +0200
+++ sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c 2013-08-15 14:17:53.893315819 +0200
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * Authors:
+ *      Daniel Kopecek <dkopecek@redhat.com>
+ */
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <resolv.h>
+#include <string.h>
+#include <ctype.h>
+
+static const char *sssd_conf_path = "/etc/sssd/sssd.conf";
+
+char *ipa_hostname(void)
+{
+       static char hname[MAXHOSTNAMELEN+1];
+       size_t hname_len = 0;
+       char *line = NULL;
+       ssize_t line_len = 0;
+       size_t line_buflen = 0;
+       FILE *fp;
+
+       if ((fp = fopen(sssd_conf_path, "r")) == NULL)
+               return NULL;
+       while ((line_len = getline(&line, &line_buflen, fp)) > 0) {
+               char *keyword_loc;
+               if ((keyword_loc = strstr(line, "ipa_hostname")) != NULL) {
+                       size_t i;
+                       char *value_loc;
+                       size_t value_len;
+
+                       value_loc = keyword_loc + strlen("ipa_hostname") + 1;
+                       value_len = line_len - (size_t)(value_loc - line);
+
+                       /* Skip spaces and the assignment operator */
+                       for (i = 0; i < value_len; ++i) {
+                               if (isspace(value_loc[i]) || value_loc[i] == '=') {
+                                       continue;
+                               } else {
+                                       break;
+                               }
+                       }
+
+                       value_loc += i;
+                       value_len -= i;
+
+                       if (value_len <= MAXHOSTNAMELEN) {
+                               memcpy(hname, value_loc, value_len * sizeof(char));
+                               free(line);
+                               fclose(fp);
+                               hname_len = value_len;
+                               hname[hname_len] = '\0';
+                               /* Remove spaces from the end of the string */
+                               for (i = hname_len - 1; i > 0; --i) {
+                                       if (isspace(hname[i])) {
+                                               hname[i] = '\0';
+                                               --hname_len;
+                                       } else {
+                                               break;
+                                       }
+                               }
+                               return hname;
+                       }
+               }
+               free(line);
+               line = NULL;
+       }
+
+       fclose(fp);
+       return NULL;
+}
diff -up sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h.ipahostname sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h
--- sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h.ipahostname     2013-08-15 13:15:06.897836025 +0200
+++ sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h 2013-08-15 13:15:06.897836025 +0200
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * Authors:
+ *      Daniel Kopecek <dkopecek@redhat.com>
+ */
+#ifndef _IPA_HOSTNAME_H_
+#define _IPA_HOSTNAME_H_
+
+char *ipa_hostname(void);
+
+#endif /* _IPA_HOSTNAME_H_ */
diff -up sudo-1.8.6p3/plugins/sudoers/Makefile.in.ipahostname sudo-1.8.6p3/plugins/sudoers/Makefile.in
--- sudo-1.8.6p3/plugins/sudoers/Makefile.in.ipahostname        2012-09-18 15:57:43.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/Makefile.in    2013-08-15 13:15:06.898836030 +0200
@@ -722,6 +722,8 @@ sia.lo: $(authdir)/sia.c $(top_builddir)
         $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
        $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(authdir)/sia.c
+ipa_hostname.lo: $(srcdir)/ipa_hostname.c $(srcdir)/ipa_hostname.h
+       $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(srcdir)/ipa_hostname.c
 sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \
          $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \
          $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.ipahostname sudo-1.8.6p3/plugins/sudoers/sssd.c
--- sudo-1.8.6p3/plugins/sudoers/sssd.c.ipahostname     2013-08-15 13:15:06.891835996 +0200
+++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2013-08-15 13:15:06.898836030 +0200
@@ -60,6 +60,7 @@
 #include "parse.h"
 #include "lbuf.h"
 #include "sudo_debug.h"
+#include "ipa_hostname.h"
 
 /* SSSD <--> SUDO interface - do not change */
 struct sss_sudo_attr {
@@ -549,6 +550,24 @@ sudo_sss_check_runas(struct sudo_sss_han
     debug_return_bool(ret);
 }
 
+static bool sudo_sss_ipa_hostname_matches(const char *hostname_val)
+{
+       bool ret = false;
+       char *ipa_hostname_val;
+       debug_decl(sudo_sss_ipa_hostname_matches, SUDO_DEBUG_SSSD)
+
+       if ((ipa_hostname_val = ipa_hostname()) != NULL) {
+               ret = hostname_matches(ipa_hostname_val, ipa_hostname_val, hostname_val) || \
+                     netgr_matches(hostname_val, ipa_hostname_val, ipa_hostname_val, NULL);
+       }
+
+       sudo_debug_printf(SUDO_DEBUG_TRACE, "IPA hostname (%s) matches %s => %s",
+                         ipa_hostname_val ? ipa_hostname_val : "<none>", hostname_val,
+                         ret ? "true" : "false");
+
+       debug_return_bool(ret);
+}
+
 static bool
 sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
 {
@@ -580,6 +599,7 @@ sudo_sss_check_host(struct sudo_sss_hand
 
        /* match any or address or netgroup or hostname */
        if (!strcmp(val, "ALL") || addr_matches(val) ||
+           sudo_sss_ipa_hostname_matches(val) ||
            netgr_matches(val, user_host, user_shost, NULL) ||
            hostname_matches(user_shost, user_host, val))
            ret = true;
1	jpp	1.1	diff -up sudo-1.8.6p3/configure.in.ipahostname sudo-1.8.6p3/configure.in
2			--- sudo-1.8.6p3/configure.in.ipahostname 2013-08-15 13:15:06.770835409 +0200
3			+++ sudo-1.8.6p3/configure.in 2013-08-15 13:15:06.897836025 +0200
4			@@ -307,7 +307,7 @@ dnl Handle SSSD support.
5			dnl
6			AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
7			[case $with_sssd in
8			- yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
9			+ yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo ipa_hostname.lo"
10			AC_DEFINE(HAVE_SSSD)
11			;;
12			no) ;;
13			diff -up sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c.ipahostname sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c
14			--- sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c.ipahostname 2013-08-15 13:15:06.897836025 +0200
15			+++ sudo-1.8.6p3/plugins/sudoers/ipa_hostname.c 2013-08-15 14:17:53.893315819 +0200
16			@@ -0,0 +1,88 @@
17			+/*
18			+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.
19			+ * All Rights Reserved.
20			+ *
21			+ * This library is free software; you can redistribute it and/or
22			+ * modify it under the terms of the GNU Lesser General Public
23			+ * License as published by the Free Software Foundation; either
24			+ * version 2.1 of the License, or (at your option) any later version.
25			+ *
26			+ * This library is distributed in the hope that it will be useful,
27			+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
28			+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
29			+ * Lesser General Public License for more details.
30			+ *
31			+ * You should have received a copy of the GNU Lesser General Public
32			+ * License along with this library; if not, write to the Free Software
33			+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
34			+ *
35			+ * Authors:
36			+ * Daniel Kopecek <dkopecek@redhat.com>
37			+ */
38			+#define _GNU_SOURCE
39			+#include <stdio.h>
40			+#include <stdlib.h>
41			+#include <resolv.h>
42			+#include <string.h>
43			+#include <ctype.h>
44			+
45			+static const char *sssd_conf_path = "/etc/sssd/sssd.conf";
46			+
47			+char *ipa_hostname(void)
48			+{
49			+ static char hname[MAXHOSTNAMELEN+1];
50			+ size_t hname_len = 0;
51			+ char *line = NULL;
52			+ ssize_t line_len = 0;
53			+ size_t line_buflen = 0;
54			+ FILE *fp;
55			+
56			+ if ((fp = fopen(sssd_conf_path, "r")) == NULL)
57			+ return NULL;
58			+ while ((line_len = getline(&line, &line_buflen, fp)) > 0) {
59			+ char *keyword_loc;
60			+ if ((keyword_loc = strstr(line, "ipa_hostname")) != NULL) {
61			+ size_t i;
62			+ char *value_loc;
63			+ size_t value_len;
64			+
65			+ value_loc = keyword_loc + strlen("ipa_hostname") + 1;
66			+ value_len = line_len - (size_t)(value_loc - line);
67			+
68			+ /* Skip spaces and the assignment operator */
69			+ for (i = 0; i < value_len; ++i) {
70			+ if (isspace(value_loc[i]) \|\| value_loc[i] == '=') {
71			+ continue;
72			+ } else {
73			+ break;
74			+ }
75			+ }
76			+
77			+ value_loc += i;
78			+ value_len -= i;
79			+
80			+ if (value_len <= MAXHOSTNAMELEN) {
81			+ memcpy(hname, value_loc, value_len * sizeof(char));
82			+ free(line);
83			+ fclose(fp);
84			+ hname_len = value_len;
85			+ hname[hname_len] = '\0';
86			+ /* Remove spaces from the end of the string */
87			+ for (i = hname_len - 1; i > 0; --i) {
88			+ if (isspace(hname[i])) {
89			+ hname[i] = '\0';
90			+ --hname_len;
91			+ } else {
92			+ break;
93			+ }
94			+ }
95			+ return hname;
96			+ }
97			+ }
98			+ free(line);
99			+ line = NULL;
100			+ }
101			+
102			+ fclose(fp);
103			+ return NULL;
104			+}
105			diff -up sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h.ipahostname sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h
106			--- sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h.ipahostname 2013-08-15 13:15:06.897836025 +0200
107			+++ sudo-1.8.6p3/plugins/sudoers/ipa_hostname.h 2013-08-15 13:15:06.897836025 +0200
108			@@ -0,0 +1,27 @@
109			+/*
110			+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.
111			+ * All Rights Reserved.
112			+ *
113			+ * This library is free software; you can redistribute it and/or
114			+ * modify it under the terms of the GNU Lesser General Public
115			+ * License as published by the Free Software Foundation; either
116			+ * version 2.1 of the License, or (at your option) any later version.
117			+ *
118			+ * This library is distributed in the hope that it will be useful,
119			+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
120			+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
121			+ * Lesser General Public License for more details.
122			+ *
123			+ * You should have received a copy of the GNU Lesser General Public
124			+ * License along with this library; if not, write to the Free Software
125			+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
126			+ *
127			+ * Authors:
128			+ * Daniel Kopecek <dkopecek@redhat.com>
129			+ */
130			+#ifndef _IPA_HOSTNAME_H_
131			+#define _IPA_HOSTNAME_H_
132			+
133			+char *ipa_hostname(void);
134			+
135			+#endif /* _IPA_HOSTNAME_H_ */
136			diff -up sudo-1.8.6p3/plugins/sudoers/Makefile.in.ipahostname sudo-1.8.6p3/plugins/sudoers/Makefile.in
137			--- sudo-1.8.6p3/plugins/sudoers/Makefile.in.ipahostname 2012-09-18 15:57:43.000000000 +0200
138			+++ sudo-1.8.6p3/plugins/sudoers/Makefile.in 2013-08-15 13:15:06.898836030 +0200
139			@@ -722,6 +722,8 @@ sia.lo: $(authdir)/sia.c $(top_builddir)
140			$(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
141			$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
142			$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(authdir)/sia.c
143			+ipa_hostname.lo: $(srcdir)/ipa_hostname.c $(srcdir)/ipa_hostname.h
144			+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(DEFS) $(srcdir)/ipa_hostname.c
145			sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \
146			$(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \
147			$(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
148			diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.ipahostname sudo-1.8.6p3/plugins/sudoers/sssd.c
149			--- sudo-1.8.6p3/plugins/sudoers/sssd.c.ipahostname 2013-08-15 13:15:06.891835996 +0200
150			+++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2013-08-15 13:15:06.898836030 +0200
151			@@ -60,6 +60,7 @@
152			#include "parse.h"
153			#include "lbuf.h"
154			#include "sudo_debug.h"
155			+#include "ipa_hostname.h"
156
157			/* SSSD <--> SUDO interface - do not change */
158			struct sss_sudo_attr {
159			@@ -549,6 +550,24 @@ sudo_sss_check_runas(struct sudo_sss_han
160			debug_return_bool(ret);
161			}
162
163			+static bool sudo_sss_ipa_hostname_matches(const char *hostname_val)
164			+{
165			+ bool ret = false;
166			+ char *ipa_hostname_val;
167			+ debug_decl(sudo_sss_ipa_hostname_matches, SUDO_DEBUG_SSSD)
168			+
169			+ if ((ipa_hostname_val = ipa_hostname()) != NULL) {
170			+ ret = hostname_matches(ipa_hostname_val, ipa_hostname_val, hostname_val) \|\| \
171			+ netgr_matches(hostname_val, ipa_hostname_val, ipa_hostname_val, NULL);
172			+ }
173			+
174			+ sudo_debug_printf(SUDO_DEBUG_TRACE, "IPA hostname (%s) matches %s => %s",
175			+ ipa_hostname_val ? ipa_hostname_val : "<none>", hostname_val,
176			+ ret ? "true" : "false");
177			+
178			+ debug_return_bool(ret);
179			+}
180			+
181			static bool
182			sudo_sss_check_host(struct sudo_sss_handle handle, struct sss_sudo_rule rule)
183			{
184			@@ -580,6 +599,7 @@ sudo_sss_check_host(struct sudo_sss_hand
185
186			/* match any or address or netgroup or hostname */
187			if (!strcmp(val, "ALL") \|\| addr_matches(val) \|\|
188			+ sudo_sss_ipa_hostname_matches(val) \|\|
189			netgr_matches(val, user_host, user_shost, NULL) \|\|
190			hostname_matches(user_shost, user_host, val))
191			ret = true;