1 |
diff -up sudo-1.8.6p3/common/sudo_debug.c.sudoorderfix sudo-1.8.6p3/common/sudo_debug.c |
2 |
--- sudo-1.8.6p3/common/sudo_debug.c.sudoorderfix 2015-02-27 19:00:15.546968602 +0100 |
3 |
+++ sudo-1.8.6p3/common/sudo_debug.c 2015-02-27 19:01:33.966134891 +0100 |
4 |
@@ -272,6 +272,13 @@ void sudo_debug_exit_ptr(const char *fun |
5 |
"<- %s @ %s:%d := %p", func, file, line, rval); |
6 |
} |
7 |
|
8 |
+void sudo_debug_exit_double(const char *func, const char *file, int line, |
9 |
+ int subsys, double rval) |
10 |
+{ |
11 |
+ sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, |
12 |
+ "<- %s @ %s:%d := %f", func, file, line, rval); |
13 |
+} |
14 |
+ |
15 |
static void |
16 |
sudo_debug_write_conv(const char *func, const char *file, int lineno, |
17 |
const char *str, int len, int errno_val) |
18 |
diff -up sudo-1.8.6p3/include/sudo_debug.h.sudoorderfix sudo-1.8.6p3/include/sudo_debug.h |
19 |
--- sudo-1.8.6p3/include/sudo_debug.h.sudoorderfix 2015-02-27 18:57:26.015770964 +0100 |
20 |
+++ sudo-1.8.6p3/include/sudo_debug.h 2015-02-27 18:59:27.375480734 +0100 |
21 |
@@ -166,6 +166,14 @@ |
22 |
return (void *)sudo_debug_rval; \ |
23 |
} while (0) |
24 |
|
25 |
+#define debug_return_double(rval) \ |
26 |
+ do { \ |
27 |
+ double sudo_debug_rval = (rval); \ |
28 |
+ sudo_debug_exit_double(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ |
29 |
+ sudo_debug_rval); \ |
30 |
+ return sudo_debug_rval; \ |
31 |
+ } while (0) |
32 |
+ |
33 |
/* |
34 |
* Variadic macros are a C99 feature but GNU cpp has supported |
35 |
* a (different) version of them for a long time. |
36 |
@@ -193,6 +201,7 @@ void sudo_debug_enter(const char *func, |
37 |
void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]); |
38 |
void sudo_debug_exit(const char *func, const char *file, int line, int subsys); |
39 |
void sudo_debug_exit_int(const char *func, const char *file, int line, int subsys, int rval); |
40 |
+void sudo_debug_exit_double(const char *func, const char *file, int line, int subsys, double rval); |
41 |
void sudo_debug_exit_long(const char *func, const char *file, int line, int subsys, long rval); |
42 |
void sudo_debug_exit_size_t(const char *func, const char *file, int line, int subsys, size_t rval); |
43 |
void sudo_debug_exit_bool(const char *func, const char *file, int line, int subsys, int rval); |
44 |
diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.sudoorderfix sudo-1.8.6p3/plugins/sudoers/sssd.c |
45 |
--- sudo-1.8.6p3/plugins/sudoers/sssd.c.sudoorderfix 2015-02-27 18:53:18.259404975 +0100 |
46 |
+++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2015-02-27 19:04:10.217473712 +0100 |
47 |
@@ -696,6 +696,74 @@ sudo_sss_result_filterp(struct sudo_sss_ |
48 |
debug_return_int(0); |
49 |
} |
50 |
|
51 |
+static double sudo_sss_rule_get_sudoOrder(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) |
52 |
+{ |
53 |
+ char **val_array = NULL; |
54 |
+ int i; |
55 |
+ |
56 |
+ debug_decl(sudo_sss_rule_get_sudoOrder, SUDO_DEBUG_SSSD); |
57 |
+ |
58 |
+ if (!rule) { |
59 |
+ debug_return_double(-1); |
60 |
+ } |
61 |
+ |
62 |
+ switch (handle->fn_get_values(rule, "sudoOrder", &val_array)) { |
63 |
+ case 0: |
64 |
+ break; |
65 |
+ case ENOENT: |
66 |
+ /* default sudoOrder is 0 */ |
67 |
+ debug_return_double(0); |
68 |
+ default: |
69 |
+ sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoUser): != 0"); |
70 |
+ debug_return_double(-1); |
71 |
+ } |
72 |
+ |
73 |
+ if (val_array == NULL) { |
74 |
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, |
75 |
+ "BUG: val_array not allocated after a successful call to fn_get_values"); |
76 |
+ debug_return_double(-1); |
77 |
+ } |
78 |
+ |
79 |
+ /* Use the last sudoOrder value if there are more than one */ |
80 |
+ i = 0; |
81 |
+ while (val_array[i] != NULL) { |
82 |
+ if (val_array[i+1] == NULL) { |
83 |
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, "using sudoOrder value \"%s\"", val_array[i]); |
84 |
+ double val = atof(val_array[i]); |
85 |
+ handle->fn_free_values(val_array); |
86 |
+ debug_return_double(val); |
87 |
+ } |
88 |
+ ++i; |
89 |
+ } |
90 |
+ |
91 |
+ /* We should get here in a normal case */ |
92 |
+ handle->fn_free_values(val_array); |
93 |
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, |
94 |
+ "fn_get_values call was successful but no values were stored in the array!"); |
95 |
+ debug_return_double(0); |
96 |
+} |
97 |
+ |
98 |
+static int sudo_sss_rule_order_compare(const void *a, const void *b, void *arg) |
99 |
+{ |
100 |
+ struct sudo_sss_handle *handle = (struct sudo_sss_handle *)arg; |
101 |
+ struct sss_sudo_rule *rule_a = (struct sss_sudo_rule *)a; |
102 |
+ struct sss_sudo_rule *rule_b = (struct sss_sudo_rule *)b; |
103 |
+ debug_decl(sudo_sss_rule_order_compare, SUDO_DEBUG_SSSD); |
104 |
+ |
105 |
+ const double a_order = sudo_sss_rule_get_sudoOrder(handle, rule_a); |
106 |
+ const double b_order = sudo_sss_rule_get_sudoOrder(handle, rule_b); |
107 |
+ |
108 |
+ if (a_order > b_order) { |
109 |
+ debug_return_int(-1); |
110 |
+ } |
111 |
+ else if (a_order < b_order) { |
112 |
+ debug_return_int(1); |
113 |
+ } |
114 |
+ else { |
115 |
+ debug_return_int(0); |
116 |
+ } |
117 |
+} |
118 |
+ |
119 |
static struct sss_sudo_result * |
120 |
sudo_sss_result_get(struct sudo_nss *nss, struct passwd *pw, uint32_t *state) |
121 |
{ |
122 |
@@ -761,6 +829,12 @@ sudo_sss_result_get(struct sudo_nss *nss |
123 |
"u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result, |
124 |
u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules); |
125 |
|
126 |
+ sudo_debug_printf(SUDO_DEBUG_INFO, |
127 |
+ "Sorting the remaining entries using the sudoOrder attribute"); |
128 |
+ |
129 |
+ qsort_r(f_sss_result->rules, f_sss_result->num_rules, sizeof(f_sss_result->rules[0]), |
130 |
+ sudo_sss_rule_order_compare, handle); |
131 |
+ |
132 |
handle->fn_free_result(u_sss_result); |
133 |
|
134 |
debug_return_ptr(f_sss_result); |