int create_env_hash_table(char ** env, hash_table_t ** table_out) {
hash_table_t *local_table = NULL;
hash_key_t key;
hash_value_t value;
char * tmp;
char **ui;
int err_h;
err_h = hash_create((unsigned long)INIT_ENV_TABLE_SIZE,
&local_table,
delete_callback,
NULL);
if (err_h != HASH_SUCCESS) {
fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h));
return err_h;
}
for(ui = (char **) msg.user_env; *ui!=NULL; ui++) {
tmp = strchr(*ui,'=');
*tmp = '\0';
key.type = HASH_KEY_STRING;
key.str = strdup(*ui);
value.type = HASH_VALUE_PTR;
value.ptr = tmp+1;
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "couldn't add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
*tmp = '=' ;
}
*table_out = local_table;
return HASH_SUCCESS;
}
errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
{
#ifdef __linux__
int ret;
ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,
hash_talloc, hash_talloc_free, mem_ctx,
NULL, NULL);
if (ret != HASH_SUCCESS) {
DEBUG(SSSDBG_CRIT_FAILURE,
"hash_create_ex failed [%s]\n", hash_error_string(ret));
return ENOMEM;
}
return get_active_uid_linux(*table, 0);
#else
return ENOSYS;
#endif
}
static errno_t
add_sids_from_rid_array_to_hash_table(struct dom_sid *dom_sid,
struct samr_RidWithAttributeArray *groups,
struct sss_idmap_ctx *idmap_ctx,
hash_table_t *sid_table)
{
enum idmap_error_code err;
char *dom_sid_str = NULL;
size_t dom_sid_str_len;
char *sid_str = NULL;
char *rid_start;
hash_key_t key;
hash_value_t value;
int ret;
size_t c;
TALLOC_CTX *tmp_ctx = NULL;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
key.type = HASH_KEY_STRING;
value.type = HASH_VALUE_ULONG;
err = sss_idmap_smb_sid_to_sid(idmap_ctx, dom_sid, &dom_sid_str);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_OP_FAILURE, "sss_idmap_smb_sid_to_sid failed.\n");
ret = EFAULT;
goto done;
}
dom_sid_str_len = strlen(dom_sid_str);
sid_str = talloc_zero_size(tmp_ctx, dom_sid_str_len + 12);
if (sid_str == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_size failed.\n");
ret = ENOMEM;
goto done;
}
rid_start = sid_str + dom_sid_str_len;
memcpy(sid_str, dom_sid_str, dom_sid_str_len);
for (c = 0; c < groups->count; c++) {
memset(rid_start, '\0', 12);
ret = snprintf(rid_start, 12, "-%lu",
(unsigned long) groups->rids[c].rid);
if (ret < 0 || ret > 12) {
DEBUG(SSSDBG_OP_FAILURE, "snprintf failed.\n");
ret = EIO;
goto done;
}
key.str = sid_str;
value.ul = 0;
ret = hash_enter(sid_table, &key, &value);
if (ret != HASH_SUCCESS) {
DEBUG(SSSDBG_OP_FAILURE, "hash_enter failed [%d][%s].\n",
ret, hash_error_string(ret));
ret = EIO;
goto done;
}
}
ret = EOK;
done:
sss_idmap_free_sid(idmap_ctx, dom_sid_str);
talloc_free(tmp_ctx);
return ret;
}
int create_settings_hash_table(hash_table_t ** table_out) {
hash_table_t *local_table = NULL;
hash_key_t key;
hash_value_t value;
const char * truth = strdup("TRUE");
const char * fallacy = strdup("FALSE");
int err_h;
err_h = hash_create((unsigned long)INIT_SETTINGS_TABLE_SIZE,
&local_table,
delete_callback,
NULL);
if (err_h != HASH_SUCCESS) {
fprintf(stderr, "couldn't create hash table (%s)\n", hash_error_string(err_h));
return err_h;
}
key.type = HASH_KEY_STRING;
value.type = HASH_VALUE_PTR;
if(msg.runas_user && *msg.runas_user ){
key.str = strdup(SSS_SUDO_ITEM_RUSER);
value.ptr = msg.runas_user;
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
}
if(msg.runas_group && *msg.runas_group ){
key.str = strdup(SSS_SUDO_ITEM_RGROUP);
value.ptr = msg.runas_group;
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
}
if(msg.prompt && *msg.prompt ){
key.str = strdup(SSS_SUDO_ITEM_PROMPT);
value.ptr = msg.prompt;
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
}
if(msg.network_addrs && *msg.network_addrs ){
key.str = strdup(SSS_SUDO_ITEM_NETADDR);
value.ptr = msg.network_addrs;
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
}
key.str = strdup(SSS_SUDO_ITEM_USE_SUDOEDIT);
value.ptr = GET_BOOL_STRING(msg.use_sudoedit);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_SETHOME);
value.ptr = GET_BOOL_STRING(msg.use_set_home);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_PRESERV_ENV);
value.ptr = GET_BOOL_STRING(msg.use_preserve_environment);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_IMPLIED_SHELL);
value.ptr = GET_BOOL_STRING(msg.use_implied_shell);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_LOGIN_SHELL);
value.ptr = GET_BOOL_STRING(msg.use_login_shell);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_RUN_SHELL);
value.ptr = GET_BOOL_STRING(msg.use_run_shell);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_PRE_GROUPS);
value.i = GET_BOOL_STRING(msg.use_preserve_groups);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_IGNORE_TICKET);
value.ptr = GET_BOOL_STRING(msg.use_ignore_ticket);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_USE_NON_INTERACTIVE);
value.ptr =GET_BOOL_STRING(msg.use_noninteractive);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_DEBUG_LEVEL);
value.ptr = GET_BOOL_STRING(msg.debug_level);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
key.str = strdup(SSS_SUDO_ITEM_CLI_PID);
asprintf(&value.ptr,"%u",msg.cli_pid);
if ((err_h = hash_enter(local_table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(err_h));
return err_h;
}
free(key.str);
*table_out = local_table;
return HASH_SUCCESS;
}
int sss_sudo_make_request(struct sudo_result_contents ** sudo_result_out)
{
char ** command_array,**ui;
int err_status,count;
dbus_uint32_t header,command_array_out_size;
struct sudo_result_contents * sudo_result = NULL;
DBusConnection* conn;
DBusError err;
DBusMessage* dbus_msg;
DBusMessage* dbus_reply;
DBusMessageIter msg_iter;
dbus_bool_t ret = -1;
fprintf(stdout,"Sending message\n");
if(validate_message_content() != SSS_SUDO_VALIDATION_SUCCESS) {
return SSS_SUDO_VALIDATION_ERR;
}
err_status = create_env_hash_table(msg.user_env,&msg.env_table);
if(err_status != HASH_SUCCESS) {
fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status));
return SSS_SUDO_MESSAGE_ERR;
}
err_status = create_settings_hash_table(&msg.settings_table);
if(err_status != HASH_SUCCESS) {
fprintf(stderr, "ccouldn't create table: %s\n", hash_error_string(err_status));
return SSS_SUDO_MESSAGE_ERR;
}
/* initialise the errors */
dbus_error_init(&err);
/* connect to the system bus and check for errors */
conn = dbus_connection_open_private(SSS_SUDO_SERVICE_PIPE, &err);
if (dbus_error_is_set(&err)) {
fprintf(stderr, "Connection Error (%s)\n", err.message);
dbus_error_free(&err);
return SSS_SUDO_CONNECTION_ERR;
}
if (NULL == conn) {
return SSS_SUDO_CONNECTION_ERR;
}
/* create a new method call and check for errors */
dbus_msg = dbus_message_new_method_call( NULL, /* target */
SUDO_SERVER_PATH, /* object */
SUDO_SERVER_INTERFACE, /* interface */
SUDO_METHOD_QUERY); /* method name */
if (NULL == dbus_msg) {
fprintf(stderr, "Message Null\n");
free_connection(conn,&err,msg.settings_table,(DBusMessage *)NULL,(DBusMessage *)NULL);
return SSS_SUDO_MESSAGE_ERR;
}
/* append arguments */
dbus_message_iter_init_append(dbus_msg, &msg_iter);
if(dbus_error_is_set(&err)){
fprintf(stderr, "Failed to initialize the iterator.\n");
free_connection(conn,&err,msg.settings_table,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_MESSAGE_ERR;
}
ret = frame_sudo_message(conn,
&err,
dbus_msg,
&msg,
&msg_iter);
if( ret != SSS_SUDO_MESSAGE_OK){
sudo_log(SUDO_CONV_ERROR_MSG,"Failed to frame the message to sssd - Fatal (Access denied)\n");
free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_MESSAGE_ERR;
}
/* send message and get a handle for a reply */
dbus_reply = dbus_connection_send_with_reply_and_block (conn,dbus_msg,
SUDO_CLIENT_TIMEOUT,
&err);
fprintf(stdout,"Request Sent\n");
if (dbus_error_is_set(&err)) {
fprintf(stderr, "Connection send-reply Error (%s)\n", err.message);
free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_REPLY_ERR;
}
if (NULL == dbus_reply) {
fprintf(stderr, "reply failed\n");
free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,(DBusMessage *)NULL);
return SSS_SUDO_REPLY_ERR;
}
sudo_result= (struct sudo_result_contents *)malloc(sizeof(struct sudo_result_contents));
ret = get_reply_message(conn,
&err,
dbus_msg,
dbus_reply,
sudo_result,
&msg_iter);
if(ret != SSS_SUDO_REPLY_OK){
}
/* free connection now */
free_connection(conn,&err,(hash_table_t *)NULL,dbus_msg,dbus_reply);
*sudo_result_out = sudo_result;
return SSS_SUDO_SEND_AND_RECIEVE_OK;
}
static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
{
DIR *proc_dir = NULL;
struct dirent *dirent;
int ret, err;
pid_t pid = -1;
uid_t uid;
hash_key_t key;
hash_value_t value;
proc_dir = opendir("/proc");
if (proc_dir == NULL) {
ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
goto done;
};
errno = 0;
while ((dirent = readdir(proc_dir)) != NULL) {
if (only_numbers(dirent->d_name) != 0) continue;
ret = name_to_pid(dirent->d_name, &pid);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "name_to_pid failed.\n");
goto done;
}
ret = get_uid_from_pid(pid, &uid);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "get_uid_from_pid failed.\n");
goto done;
}
if (table != NULL) {
key.type = HASH_KEY_ULONG;
key.ul = (unsigned long) uid;
value.type = HASH_VALUE_ULONG;
value.ul = (unsigned long) uid;
ret = hash_enter(table, &key, &value);
if (ret != HASH_SUCCESS) {
DEBUG(SSSDBG_CRIT_FAILURE,
"cannot add to table [%s]\n", hash_error_string(ret));
ret = ENOMEM;
goto done;
}
} else {
if (uid == search_uid) {
ret = EOK;
goto done;
}
}
errno = 0;
}
if (errno != 0 && dirent == NULL) {
ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE, "readdir failed.\n");
goto done;
}
ret = closedir(proc_dir);
proc_dir = NULL;
if (ret == -1) {
DEBUG(SSSDBG_CRIT_FAILURE, "closedir failed, watch out.\n");
}
if (table != NULL) {
ret = EOK;
} else {
ret = ENOENT;
}
done:
if (proc_dir != NULL) {
err = closedir(proc_dir);
if (err) {
DEBUG(SSSDBG_CRIT_FAILURE, "closedir failed, bad dirp?\n");
}
}
return ret;
}
int main(int argc, char **argv)
{
static hash_table_t *table = NULL;
hash_key_t key, *keys;
hash_value_t value;
struct hash_iter_context_t *iter;
hash_entry_t *entry;
unsigned long i, n_entries;
int error;
struct my_data_t *my_data = new_data(1024, "Hello World!");
unsigned long count;
/* Create a hash table */
error = hash_create(10, &table, delete_callback, NULL);
if (error != HASH_SUCCESS) {
fprintf(stderr, "cannot create hash table (%s)\n", hash_error_string(error));
return error;
}
/* Enter a key named "My Data" and specify it's value as a pointer to my_data */
key.type = HASH_KEY_STRING;
key.str = strdup("My Data");
value.type = HASH_VALUE_PTR;
value.ptr = my_data;
if ((error = hash_enter(table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot add to table \"%s\" (%s)\n", key.str, hash_error_string(error));
return error;
}
free(key.str);
/* Get a list of keys and print them out, free the list when we're done */
if ((error = hash_keys(table, &count, &keys)) != HASH_SUCCESS) {
fprintf(stderr, "cannot get key list (%s)\n", hash_error_string(error));
return error;
}
for (i = 0; i < count; i++)
printf("key: %s\n", keys[i].str);
free(keys);
/* Lookup the key named "My Data" */
key.type = HASH_KEY_STRING;
key.str = strdup("My Data");
if ((error = hash_lookup(table, &key, &value)) != HASH_SUCCESS) {
fprintf(stderr, "cannot find key \"%s\" (%s)\n", key.str, hash_error_string(error));
}
free(key.str);
/* Visit each entry in the table, callback will increment count on each visit */
printf("Iterate using callback\n");
count = 0;
hash_iterate(table, visit_callback, &count);
/* Assure number of visits equal the table size */
assert(count == hash_count(table));
/* Visit each entry using iterator object */
printf("Iterate using iterator\n");
n_entries = 0;
iter = new_hash_iter_context(table);
while ((entry = iter->next(iter)) != NULL) {
struct my_data_t *data = (struct my_data_t *) entry->value.ptr;
printf("%s = [foo=%d bar=%s]\n", entry->key.str, data->foo, data->bar);
n_entries++;
}
free(iter);
/* Assure number of visits equal the table size */
assert(n_entries == hash_count(table));
/* Remove the entry, deletion callback will be invoked */
key.type = HASH_KEY_STRING;
key.str = strdup("My Data");
if ((error = hash_delete(table, &key)) != HASH_SUCCESS) {
fprintf(stderr, "cannot delete from table (%s)\n", hash_error_string(error));
}
/* Assure key is no longer in table */
assert (!hash_has_key(table, &key));
free(key.str);
/* Free the table */
hash_destroy(table);
return 0;
}
