!2 init utsudo for openEuler-23.09

From: @binlingyu 
Reviewed-by: @ut-wanglujun 
Signed-off-by: @ut-wanglujun

0001-fix-compile-error-undefined-reference-to-sys_sigabbr.patch

@@ -0,0 +1,387 @@
+From 2c066e021947d7a876cf4fd22cfdc8aa783401ec Mon Sep 17 00:00:00 2001
+From: wanglujun <wanglujun@uniontech.com>
+Date: Mon, 7 Aug 2023 08:57:02 +0800
+Subject: [PATCH] fix compile error: undefined reference to sys_sigabbrev
+
+---
+ lib/util/src/sig2str.rs | 163 ++++++++++++++++++++++++++++++++++++----
+ lib/util/src/str2sig.rs | 147 +++++++++++++++++++++++++++++++++++-
+ 2 files changed, 291 insertions(+), 19 deletions(-)
+
+diff --git a/lib/util/src/sig2str.rs b/lib/util/src/sig2str.rs
+index 05838c8..be45208 100644
+--- a/lib/util/src/sig2str.rs
++++ b/lib/util/src/sig2str.rs
+@@ -49,19 +49,10 @@ macro_rules! NSIG {
+     };
+ }
+ 
+-/* sys_sigabbrev is not declared by glibc */
+-//   #  define sudo_sys_signame	sys_sigabbrev
+-#[macro_export]
+-macro_rules! sudo_sys_signame {
+-    () => {
+-        sys_sigabbrev
+-    };
+-}
+-
+ pub type size_t = libc::c_ulong;
+-pub const _SC_RTSIG_MAX: libc::c_int = 31;
++pub const _SC_RTSIG_MAX: libc::c_uint = 31;
+ pub type __int32_t = libc::c_int;
+-pub const _ISlower: libc::c_int = 512;
++pub const _ISlower: libc::c_uint = 512;
+ 
+ extern "C" {
+     fn __errno_location() -> *mut libc::c_int;
+@@ -75,7 +66,6 @@ extern "C" {
+         _: ...
+     ) -> libc::c_int;
+     fn sudo_strlcpy(dst: *mut libc::c_char, src: *const libc::c_char, siz: size_t) -> size_t;
+-    static sys_sigabbrev: [*const libc::c_char; 65];
+     fn __ctype_toupper_loc() -> *mut *const __int32_t;
+     fn __ctype_b_loc() -> *mut *const libc::c_ushort;
+ }
+@@ -97,9 +87,150 @@ pub unsafe extern "C" fn sudo_sig2str(
+     signo: libc::c_int,
+     signame: *mut libc::c_char,
+ ) -> libc::c_int {
++    static mut sudo_sys_signame: [*mut libc::c_char; 65] =
++        [0 as *const libc::c_char as *mut libc::c_char; 65];
++    let mut i: libc::c_int = 0;
++    sudo_sys_signame[0 as libc::c_int as usize] =
++        b"Signal 0\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    if (sudo_sys_signame[1 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[1 as libc::c_int as usize] =
++            b"HUP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[2 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[2 as libc::c_int as usize] =
++            b"INT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[3 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[3 as libc::c_int as usize] =
++            b"QUIT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[4 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[4 as libc::c_int as usize] =
++            b"ILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[5 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[5 as libc::c_int as usize] =
++            b"TRAP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[6 as libc::c_int as usize] =
++            b"ABRT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[6 as libc::c_int as usize] =
++            b"IOT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[8 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[8 as libc::c_int as usize] =
++            b"FPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[9 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[9 as libc::c_int as usize] =
++            b"KILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[7 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[7 as libc::c_int as usize] =
++            b"BUS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[11 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[11 as libc::c_int as usize] =
++            b"SEGV\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[31 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[31 as libc::c_int as usize] =
++            b"SYS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[13 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[13 as libc::c_int as usize] =
++            b"PIPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[14 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[14 as libc::c_int as usize] =
++            b"ALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[15 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[15 as libc::c_int as usize] =
++            b"TERM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[16 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[16 as libc::c_int as usize] =
++            b"STKFLT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[29 as libc::c_int as usize] =
++            b"IO\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[24 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[24 as libc::c_int as usize] =
++            b"XCPU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[25 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[25 as libc::c_int as usize] =
++            b"XFSZ\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[26 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[26 as libc::c_int as usize] =
++            b"VTALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[27 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[27 as libc::c_int as usize] =
++            b"PROF\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[28 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[28 as libc::c_int as usize] =
++            b"WINCH\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[10 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[10 as libc::c_int as usize] =
++            b"USR1\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[12 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[12 as libc::c_int as usize] =
++            b"USR2\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[30 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[30 as libc::c_int as usize] =
++            b"PWR\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[29 as libc::c_int as usize] =
++            b"POLL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[19 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[19 as libc::c_int as usize] =
++            b"STOP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[20 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[20 as libc::c_int as usize] =
++            b"TSTP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[18 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[18 as libc::c_int as usize] =
++            b"CONT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[17 as libc::c_int as usize] =
++            b"CHLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[17 as libc::c_int as usize] =
++            b"CLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[21 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[21 as libc::c_int as usize] =
++            b"TTIN\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[22 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[22 as libc::c_int as usize] =
++            b"TTOU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[23 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[23 as libc::c_int as usize] =
++            b"URG\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
+     /* Realtime signal support. */
+     if signo >= SIGRTMIN!() && signo <= SIGRTMAX!() {
+-        let mut rtmax: libc::c_long = sysconf(_SC_RTSIG_MAX);
++        let rtmax: libc::c_long = sysconf(_SC_RTSIG_MAX as libc::c_int);
+         if rtmax > 0 {
+             if signo == SIGRTMIN!() {
+                 sudo_strlcpy(
+@@ -134,12 +265,12 @@ pub unsafe extern "C" fn sudo_sig2str(
+         return 0;
+     }
+ 
+-    if signo > 0 && signo < NSIG!() && !sudo_sys_signame!()[signo as usize].is_null() {
+-        sudo_strlcpy(signame, sudo_sys_signame!()[signo as usize], SIG2STR_MAX!());
++    if signo > 0 && signo < NSIG!() && !(sudo_sys_signame[signo as usize]).is_null() {
++        sudo_strlcpy(signame, sudo_sys_signame[signo as usize], SIG2STR_MAX!());
+ 
+         /* Make sure we always return an upper case signame. */
+         if *(*__ctype_b_loc()).offset(*signame.offset(0 as isize) as isize) as libc::c_int
+-            & _ISlower
++            & _ISlower as libc::c_int as libc::c_ushort as libc::c_int
+             != 0
+         {
+             let mut i: libc::c_int = 0;
+diff --git a/lib/util/src/str2sig.rs b/lib/util/src/str2sig.rs
+index d47bda3..00989e8 100644
+--- a/lib/util/src/str2sig.rs
++++ b/lib/util/src/str2sig.rs
+@@ -33,7 +33,6 @@ extern "C" {
+     fn strcmp(_: *const libc::c_char, _: *const libc::c_char) -> libc::c_int;
+     fn sysconf(__name: libc::c_int) -> libc::c_long;
+     fn strcasecmp(_: *const libc::c_char, _: *const libc::c_char) -> libc::c_int;
+-    static sys_sigabbrev: [*const libc::c_char; 65];
+     fn __errno_location() -> *mut libc::c_int;
+ }
+ 
+@@ -105,6 +104,148 @@ pub unsafe extern "C" fn sudo_str2sig(
+     let mut errstr: *const libc::c_char = 0 as *const libc::c_char;
+     let mut signo: libc::c_int = 0;
+ 
++    static mut sudo_sys_signame: [*mut libc::c_char; 65] =
++        [0 as *const libc::c_char as *mut libc::c_char; 65];
++    let mut i: libc::c_int = 0;
++    sudo_sys_signame[0 as libc::c_int as usize] =
++        b"Signal 0\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    if (sudo_sys_signame[1 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[1 as libc::c_int as usize] =
++            b"HUP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[2 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[2 as libc::c_int as usize] =
++            b"INT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[3 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[3 as libc::c_int as usize] =
++            b"QUIT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[4 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[4 as libc::c_int as usize] =
++            b"ILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[5 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[5 as libc::c_int as usize] =
++            b"TRAP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[6 as libc::c_int as usize] =
++            b"ABRT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[6 as libc::c_int as usize] =
++            b"IOT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[8 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[8 as libc::c_int as usize] =
++            b"FPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[9 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[9 as libc::c_int as usize] =
++            b"KILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[7 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[7 as libc::c_int as usize] =
++            b"BUS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[11 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[11 as libc::c_int as usize] =
++            b"SEGV\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[31 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[31 as libc::c_int as usize] =
++            b"SYS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[13 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[13 as libc::c_int as usize] =
++            b"PIPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[14 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[14 as libc::c_int as usize] =
++            b"ALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[15 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[15 as libc::c_int as usize] =
++            b"TERM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[16 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[16 as libc::c_int as usize] =
++            b"STKFLT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[29 as libc::c_int as usize] =
++            b"IO\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[24 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[24 as libc::c_int as usize] =
++            b"XCPU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[25 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[25 as libc::c_int as usize] =
++            b"XFSZ\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[26 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[26 as libc::c_int as usize] =
++            b"VTALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[27 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[27 as libc::c_int as usize] =
++            b"PROF\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[28 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[28 as libc::c_int as usize] =
++            b"WINCH\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[10 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[10 as libc::c_int as usize] =
++            b"USR1\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[12 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[12 as libc::c_int as usize] =
++            b"USR2\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[30 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[30 as libc::c_int as usize] =
++            b"PWR\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[29 as libc::c_int as usize] =
++            b"POLL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[19 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[19 as libc::c_int as usize] =
++            b"STOP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[20 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[20 as libc::c_int as usize] =
++            b"TSTP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[18 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[18 as libc::c_int as usize] =
++            b"CONT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[17 as libc::c_int as usize] =
++            b"CHLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[17 as libc::c_int as usize] =
++            b"CLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[21 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[21 as libc::c_int as usize] =
++            b"TTIN\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[22 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[22 as libc::c_int as usize] =
++            b"TTOU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++    if (sudo_sys_signame[23 as libc::c_int as usize]).is_null() {
++        sudo_sys_signame[23 as libc::c_int as usize] =
++            b"URG\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
++    }
++
+     if (*(*__ctype_b_loc()).offset(*signame.offset(0 as isize) as libc::c_uchar as isize)
+         as libc::c_int
+         & _ISdigit as libc::c_ushort as libc::c_int)
+@@ -187,8 +328,8 @@ pub unsafe extern "C" fn sudo_str2sig(
+ 
+     signo = 1;
+     while signo < NSIG as libc::c_int {
+-        if !(sys_sigabbrev[signo as usize]).is_null() {
+-            if strcasecmp(signame, sys_sigabbrev[signo as usize]) == 0 {
++        if !(sudo_sys_signame[signo as usize]).is_null() {
++            if strcasecmp(signame, sudo_sys_signame[signo as usize]) == 0 {
+                 *result = signo;
+                 return 0;
+             }
+-- 
+2.31.1
+

utsudo-ldap.conf

@@ -0,0 +1,86 @@
+## BINDDN DN
+##  The BINDDN parameter specifies the identity, in the form of a Dis‐
+##  tinguished Name (DN), to use when performing LDAP operations.  If
+##  not specified, LDAP operations are performed with an anonymous
+##  identity.  By default, most LDAP servers will allow anonymous
+##  access.
+##
+#binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
+
+## BINDPW secret
+##  The BINDPW parameter specifies the password to use when performing
+##  LDAP operations.  This is typically used in conjunction with the
+##  BINDDN parameter.
+##
+#bindpw secret
+
+## SSL start_tls
+##  If the SSL parameter is set to start_tls, the LDAP server connec‐
+##  tion is initiated normally and TLS encryption is begun before the
+##  bind credentials are sent.  This has the advantage of not requiring
+##  a dedicated port for encrypted communications.  This parameter is
+##  only supported by LDAP servers that honor the start_tls extension,
+##  such as the OpenLDAP and Tivoli Directory servers.
+##
+#ssl start_tls
+
+## TLS_CACERTFILE file name
+##  The path to a certificate authority bundle which contains the cer‐
+##  tificates for all the Certificate Authorities the client knows to
+##  be valid, e.g. /etc/ssl/ca-bundle.pem.  This option is only sup‐
+##  ported by the OpenLDAP libraries.  Netscape-derived LDAP libraries
+##  use the same certificate database for CA and client certificates
+##  (see TLS_CERT).
+##
+#tls_cacertfile /path/to/CA.crt
+
+## TLS_CHECKPEER on/true/yes/off/false/no
+##  If enabled, TLS_CHECKPEER will cause the LDAP server's TLS certifi‐
+##  cated to be verified.  If the server's TLS certificate cannot be
+##  verified (usually because it is signed by an unknown certificate
+##  authority), sudo will be unable to connect to it.  If TLS_CHECKPEER
+##  is disabled, no check is made.  Note that disabling the check cre‐
+##  ates an opportunity for man-in-the-middle attacks since the
+##  server's identity will not be authenticated.  If possible, the CA's
+##  certificate should be installed locally so it can be verified.
+##  This option is not supported by the Tivoli Directory Server LDAP
+##  libraries.
+#tls_checkpeer yes
+
+##
+## URI ldap[s]://[hostname[:port]] ...
+##  Specifies a whitespace-delimited list of one or more
+##  URIs describing the LDAP server(s) to connect to. 
+##
+#uri ldap://ldapserver
+
+##
+## SUDOERS_BASE base
+##  The base DN to use when performing sudo LDAP queries.
+##  Multiple SUDOERS_BASE lines may be specified, in which
+##  case they are queried in the order specified.
+##
+#sudoers_base ou=SUDOers,dc=example,dc=com
+
+##
+## BIND_TIMELIMIT seconds
+##  The BIND_TIMELIMIT parameter specifies the amount of
+##  time to wait while trying to connect to an LDAP server.
+##
+#bind_timelimit 30
+
+##
+## TIMELIMIT seconds
+##  The TIMELIMIT parameter specifies the amount of time
+##  to wait for a response to an LDAP query.
+##
+#timelimit 30
+
+##
+## SUDOERS_DEBUG debug_level
+##  This sets the debug level for sudo LDAP queries. Debugging
+##  information is printed to the standard error. A value of 1
+##  results in a moderate amount of debugging information.
+##  A value of 2 shows the results of the matches themselves.
+##
+#sudoers_debug 1

utsudo.conf

@@ -0,0 +1,57 @@
+#
+# Default /etc/sudo.conf file
+#
+# Format:
+#   Plugin plugin_name plugin_path plugin_options ...
+#   Path askpass /path/to/askpass
+#   Path noexec /path/to/sudo_noexec.so
+#   Debug sudo /var/log/sudo_debug all@warn
+#   Set disable_coredump true
+#
+# Sudo plugins:
+#
+# The plugin_path is relative to ${prefix}/libexec unless fully qualified.
+# The plugin_name corresponds to a global symbol in the plugin
+#   that contains the plugin interface structure.
+# The plugin_options are optional.
+#
+# The sudoers plugin is used by default if no Plugin lines are present.
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+
+#
+# Sudo askpass:
+#
+# An askpass helper program may be specified to provide a graphical
+# password prompt for "sudo -A" support.  Sudo does not ship with its
+# own passpass program but can use the OpenSSH askpass.
+#
+# Use the OpenSSH askpass
+#Path askpass /usr/X11R6/bin/ssh-askpass
+#
+# Use the Gnome OpenSSH askpass
+#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+#
+# Sudo noexec:
+#
+# Path to a shared library containing dummy versions of the execv(),
+# execve() and fexecve() library functions that just return an error.
+# This is used to implement the "noexec" functionality on systems that
+# support C<LD_PRELOAD> or its equivalent.
+# The compiled-in value is usually sufficient and should only be changed
+# if you rename or move the sudo_noexec.so file.
+#
+#Path noexec /usr/libexec/sudo_noexec.so
+
+#
+# Core dumps:
+#
+# By default, sudo disables core dumps while it is executing (they
+# are re-enabled for the command that is run).
+# To aid in debugging sudo problems, you may wish to enable core
+# dumps by setting "disable_coredump" to false.
+#
+# Set to false here so as not to interfere with /proc/sys/fs/suid_dumpable
+#
+Set disable_coredump false

utsudo.spec

@@ -0,0 +1,203 @@
+ExcludeArch: i686
+
+Summary: The tudo respect sudo
+Name: utsudo
+Version: 0.0.1
+Release: 0%{?dist}.01
+License: ISC
+Group: Applications/System
+URL: https://www.sudo.ws/
+
+Source0: %{name}-%{version}.tar.gz
+Source1: utsudoers
+Source2: utsudo-ldap.conf
+Source3: utsudo.conf
+
+Requires: /etc/pam.d/system-auth
+Requires: /usr/bin/vi
+Requires(post): /bin/chmod
+
+BuildRequires: /usr/sbin/sendmail
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: bison
+BuildRequires: flex
+BuildRequires: gettext
+BuildRequires: groff
+BuildRequires: libtool
+BuildRequires: audit-libs-devel
+BuildRequires: libcap-devel
+BuildRequires: libgcrypt-devel
+BuildRequires: libselinux-devel
+BuildRequires: openldap-devel
+BuildRequires: pam-devel
+BuildRequires: zlib-devel
+BuildRequires: cargo
+BuildRequires: rust
+BuildRequires: patchelf
+
+Patch0001: 0001-fix-compile-error-undefined-reference-to-sys_sigabbr.patch
+
+%description
+Sudo (superuser do) allows a system administrator to give certain
+users (or groups of users) the ability to run some (or all) commands
+as root while logging all commands and arguments. Sudo operates on a
+per-command basis.  It is not a replacement for the shell.  Features
+include: the ability to restrict what commands a user may run on a
+per-host basis, copious logging of each command (providing a clear
+audit trail of who did what), a configurable timeout of the sudo
+command, and the ability to use the same configuration file (sudoers)
+on many different machines.
+
+%prep
+%setup -q
+
+%patch0001 -p1
+
+%build
+# Remove bundled copy of zlib
+rm -rf zlib/
+autoreconf -I m4 -fv --install
+
+%ifarch s390 s390x sparc64
+F_PIE=-fPIE
+%else
+F_PIE=-fpie
+%endif
+
+export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
+
+%configure \
+        --prefix=%{_prefix} \
+        --sbindir=%{_sbindir} \
+        --libdir=%{_libdir} \
+        --docdir=%{_pkgdocdir} \
+        --disable-root-mailer \
+        --with-logging=syslog \
+        --with-logfac=authpriv \
+        --with-pam \
+        --with-pam-login \
+        --with-editor=/bin/vi \
+        --with-env-editor \
+        --with-ignore-dot \
+        --with-tty-tickets \
+        --with-ldap \
+        --with-ldap-conf-file="%{_sysconfdir}/utsudo-ldap.conf" \
+        --with-selinux \
+        --with-passprompt="[utsudo] password for %p: " \
+        --with-linux-audit \
+        --with-sssd
+make
+
+%check
+## make check
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+
+# Update README.LDAP (#736653)
+sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/utsudo-ldap.conf|g' README.LDAP
+
+make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
+install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
+install -p -d -m 750 $RPM_BUILD_ROOT/etc/utsudoers.d
+install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/utsudoers
+install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/utsudo.conf
+install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/utsudo-ldap.conf
+
+# Add sudo to protected packages
+install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
+touch utsudo.conf
+echo utsudo > utsudo.conf
+install -p -c -m 0644 utsudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
+rm -f utsudo.conf
+rm -f $RPM_BUILD_ROOT%{_bindir}/cvtsudoers
+rm -f $RPM_BUILD_ROOT%{_bindir}/sudoreplay
+rm -f $RPM_BUILD_ROOT%{_sbindir}/visudo
+rm -f $RPM_BUILD_ROOT/etc/sudoers
+
+chmod +x $RPM_BUILD_ROOT%{_libexecdir}/utsudo/*.so # for stripping, reset in %%files
+
+# Don't package LICENSE as a doc
+rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
+
+# Remove examples; Examples can be found in man pages too.
+rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
+
+# Remove all .la files
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+
+# Remove sudoers.dist
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
+
+# Remove sudo_plugin.h -add by uos
+rm -f $RPM_BUILD_ROOT%{_includedir}/sudo_plugin.h
+
+%find_lang utsudo
+%find_lang utsudoers
+
+cat utsudo.lang utsudoers.lang > utsudo_all.lang
+rm utsudo.lang utsudoers.lang
+
+mkdir -p $RPM_BUILD_ROOT/etc/pam.d
+mkdir -p $RPM_BUILD_ROOT/usr/share/doc/utsudo
+cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
+#%%PAM-1.0
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+EOF
+
+cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
+#%%PAM-1.0
+auth       include      sudo
+account    include      sudo
+password   include      sudo
+session    optional     pam_keyinit.so force revoke
+session    include      sudo
+EOF
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f utsudo_all.lang
+%defattr(-,root,root)
+%attr(0440,root,root) %config(noreplace) /etc/utsudoers
+%attr(0640,root,root) %config(noreplace) /etc/utsudo.conf
+%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/utsudo-ldap.conf
+%attr(0750,root,root) %dir /etc/utsudoers.d/
+%config(noreplace) /etc/pam.d/sudo
+%config(noreplace) /etc/pam.d/sudo-i
+%attr(0644,root,root) %{_tmpfilesdir}/utsudo.conf
+%attr(0644,root,root) /etc/dnf/protected.d/utsudo.conf
+%dir /var/db/sudo
+%dir /var/db/sudo/lectured
+%attr(4111,root,root) %{_bindir}/utsudo
+%{_bindir}/utsudoedit
+%dir %{_libexecdir}/utsudo
+%attr(0755,root,root) %{_libexecdir}/utsudo/sesh
+%attr(0644,root,root) %{_libexecdir}/utsudo/sudo_noexec.so
+%attr(0644,root,root) %{_libexecdir}/utsudo/sudoers.so
+%attr(0644,root,root) %{_libexecdir}/utsudo/group_file.so
+%attr(0644,root,root) %{_libexecdir}/utsudo/system_group.so
+%{_libexecdir}/utsudo/libutsudo_util.so
+%{_libexecdir}/utsudo/libutsudo_util.so.?
+%attr(0644,root,root) %{_libexecdir}/utsudo/libutsudo_util.so.?.?.?
+%dir %{_pkgdocdir}/
+%{!?_licensedir:%global license %%doc}
+%license doc/LICENSE
+
+# Make sure permissions are ok even if we're updating
+%post
+/bin/chmod 0440 /etc/utsudoers || :
+
+%changelog
+* Mon Aug 07 2023 Lujun <wanglujun@uniontech.com> - 0.0.1-0.01
+- Add Patch: 0001-fix-compile-error-undefined-reference-to-sys_sigabbr.patch
+
+* Tue May 10 2022 Lujun <wanglujun@uniontech.com> - 0.0.1
+- init.

utsudoers

@@ -0,0 +1,120 @@
+## Sudoers allows particular users to run various commands as
+## the root user, without needing the root password.
+##
+## Examples are provided at the bottom of the file for collections
+## of related commands, which can then be delegated out to particular
+## users or groups.
+## 
+## This file must be edited with the 'visudo' command.
+
+## Host Aliases
+## Groups of machines. You may prefer to use hostnames (perhaps using 
+## wildcards for entire domains) or IP addresses instead.
+# Host_Alias     FILESERVERS = fs1, fs2
+# Host_Alias     MAILSERVERS = smtp, smtp2
+
+## User Aliases
+## These aren't often necessary, as you can use regular groups
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
+## rather than USERALIAS
+# User_Alias ADMINS = jsmith, mikem
+
+
+## Command Aliases
+## These are groups of related commands...
+
+## Networking
+# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
+
+## Installation and management of software
+# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
+
+## Services
+# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
+
+## Updating the locate database
+# Cmnd_Alias LOCATE = /usr/bin/updatedb
+
+## Storage
+# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
+
+## Delegating permissions
+# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 
+
+## Processes
+# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+
+## Drivers
+# Cmnd_Alias DRIVERS = /sbin/modprobe
+
+# Defaults specification
+
+#
+# Refuse to run if unable to disable echo on the tty.
+#
+Defaults   !visiblepw
+
+#
+# Preserving HOME has security implications since many programs
+# use it when searching for configuration files. Note that HOME
+# is already set when the the env_reset option is enabled, so
+# this option is only effective for configurations where either
+# env_reset is disabled or HOME is present in the env_keep list.
+#
+Defaults    always_set_home
+Defaults    match_group_by_gid
+
+# Prior to version 1.8.15, groups listed in sudoers that were not
+# found in the system group database were passed to the group
+# plugin, if any. Starting with 1.8.15, only groups of the form
+# %:group are resolved via the group plugin by default.
+# We enable always_query_group_plugin to restore old behavior.
+# Disable this option for new behavior.
+Defaults    always_query_group_plugin
+
+Defaults    env_reset
+Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
+Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+
+#
+# Adding HOME to env_keep may enable a user to run unrestricted
+# commands via sudo.
+#
+# Defaults   env_keep += "HOME"
+
+Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+
+## Next comes the main part: which users can run what software on 
+## which machines (the sudoers file can be shared between multiple
+## systems).
+## Syntax:
+##
+## 	user	MACHINE=COMMANDS
+##
+## The COMMANDS section may have other options added to it.
+##
+## Allow root to run any commands anywhere 
+root	ALL=(ALL) 	ALL
+
+## Allows members of the 'sys' group to run networking, software, 
+## service management apps and more.
+# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
+
+## Allows people in group wheel to run all commands
+%wheel	ALL=(ALL)	ALL
+
+## Same thing without a password
+# %wheel	ALL=(ALL)	NOPASSWD: ALL
+
+## Allows members of the users group to mount and unmount the 
+## cdrom as root
+# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
+
+## Allows members of the users group to shutdown this system
+# %users  localhost=/sbin/shutdown -h now
+
+## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+#includedir /etc/sudoers.d