packages/utsudo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 init utsudo for openEuler-23.09

Browse Source 
From: @binlingyu 
Reviewed-by: @ut-wanglujun 
Signed-off-by: @ut-wanglujun
This commit is contained in:
openeuler-ci-bot 2023-08-18 01:34:14 +00:00 committed by Gitee
commit fcf10ba943
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 853 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

387
0001-fix-compile-error-undefined-reference-to-sys_sigabbr.patch Normal file
View File

@ -0,0 +1,387 @@
From 2c066e021947d7a876cf4fd22cfdc8aa783401ec Mon Sep 17 00:00:00 2001
From: wanglujun <wanglujun@uniontech.com>
Date: Mon, 7 Aug 2023 08:57:02 +0800
Subject: [PATCH] fix compile error: undefined reference to sys_sigabbrev
---
lib/util/src/sig2str.rs | 163 ++++++++++++++++++++++++++++++++++++----
lib/util/src/str2sig.rs | 147 +++++++++++++++++++++++++++++++++++-
2 files changed, 291 insertions(+), 19 deletions(-)
diff --git a/lib/util/src/sig2str.rs b/lib/util/src/sig2str.rs
index 05838c8..be45208 100644
--- a/lib/util/src/sig2str.rs
+++ b/lib/util/src/sig2str.rs
@@ -49,19 +49,10 @@ macro_rules! NSIG {
};
}
-/* sys_sigabbrev is not declared by glibc */
-// # define sudo_sys_signame sys_sigabbrev
-#[macro_export]
-macro_rules! sudo_sys_signame {
- () => {
- sys_sigabbrev
- };
-}
-
pub type size_t = libc::c_ulong;
-pub const _SC_RTSIG_MAX: libc::c_int = 31;
+pub const _SC_RTSIG_MAX: libc::c_uint = 31;
pub type __int32_t = libc::c_int;
-pub const _ISlower: libc::c_int = 512;
+pub const _ISlower: libc::c_uint = 512;
extern "C" {
fn __errno_location() -> *mut libc::c_int;
@@ -75,7 +66,6 @@ extern "C" {
_: ...
) -> libc::c_int;
fn sudo_strlcpy(dst: *mut libc::c_char, src: *const libc::c_char, siz: size_t) -> size_t;
- static sys_sigabbrev: [*const libc::c_char; 65];
fn __ctype_toupper_loc() -> *mut *const __int32_t;
fn __ctype_b_loc() -> *mut *const libc::c_ushort;
}
@@ -97,9 +87,150 @@ pub unsafe extern "C" fn sudo_sig2str(
signo: libc::c_int,
signame: *mut libc::c_char,
) -> libc::c_int {
+ static mut sudo_sys_signame: [*mut libc::c_char; 65] =
+ [0 as *const libc::c_char as *mut libc::c_char; 65];
+ let mut i: libc::c_int = 0;
+ sudo_sys_signame[0 as libc::c_int as usize] =
+ b"Signal 0\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ if (sudo_sys_signame[1 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[1 as libc::c_int as usize] =
+ b"HUP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[2 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[2 as libc::c_int as usize] =
+ b"INT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[3 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[3 as libc::c_int as usize] =
+ b"QUIT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[4 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[4 as libc::c_int as usize] =
+ b"ILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[5 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[5 as libc::c_int as usize] =
+ b"TRAP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[6 as libc::c_int as usize] =
+ b"ABRT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[6 as libc::c_int as usize] =
+ b"IOT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[8 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[8 as libc::c_int as usize] =
+ b"FPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[9 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[9 as libc::c_int as usize] =
+ b"KILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[7 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[7 as libc::c_int as usize] =
+ b"BUS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[11 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[11 as libc::c_int as usize] =
+ b"SEGV\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[31 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[31 as libc::c_int as usize] =
+ b"SYS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[13 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[13 as libc::c_int as usize] =
+ b"PIPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[14 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[14 as libc::c_int as usize] =
+ b"ALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[15 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[15 as libc::c_int as usize] =
+ b"TERM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[16 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[16 as libc::c_int as usize] =
+ b"STKFLT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[29 as libc::c_int as usize] =
+ b"IO\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[24 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[24 as libc::c_int as usize] =
+ b"XCPU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[25 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[25 as libc::c_int as usize] =
+ b"XFSZ\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[26 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[26 as libc::c_int as usize] =
+ b"VTALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[27 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[27 as libc::c_int as usize] =
+ b"PROF\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[28 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[28 as libc::c_int as usize] =
+ b"WINCH\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[10 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[10 as libc::c_int as usize] =
+ b"USR1\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[12 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[12 as libc::c_int as usize] =
+ b"USR2\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[30 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[30 as libc::c_int as usize] =
+ b"PWR\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[29 as libc::c_int as usize] =
+ b"POLL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[19 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[19 as libc::c_int as usize] =
+ b"STOP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[20 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[20 as libc::c_int as usize] =
+ b"TSTP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[18 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[18 as libc::c_int as usize] =
+ b"CONT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[17 as libc::c_int as usize] =
+ b"CHLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[17 as libc::c_int as usize] =
+ b"CLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[21 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[21 as libc::c_int as usize] =
+ b"TTIN\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[22 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[22 as libc::c_int as usize] =
+ b"TTOU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[23 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[23 as libc::c_int as usize] =
+ b"URG\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
/* Realtime signal support. */
if signo >= SIGRTMIN!() && signo <= SIGRTMAX!() {
- let mut rtmax: libc::c_long = sysconf(_SC_RTSIG_MAX);
+ let rtmax: libc::c_long = sysconf(_SC_RTSIG_MAX as libc::c_int);
if rtmax > 0 {
if signo == SIGRTMIN!() {
sudo_strlcpy(
@@ -134,12 +265,12 @@ pub unsafe extern "C" fn sudo_sig2str(
return 0;
}
- if signo > 0 && signo < NSIG!() && !sudo_sys_signame!()[signo as usize].is_null() {
- sudo_strlcpy(signame, sudo_sys_signame!()[signo as usize], SIG2STR_MAX!());
+ if signo > 0 && signo < NSIG!() && !(sudo_sys_signame[signo as usize]).is_null() {
+ sudo_strlcpy(signame, sudo_sys_signame[signo as usize], SIG2STR_MAX!());
/* Make sure we always return an upper case signame. */
if *(*__ctype_b_loc()).offset(*signame.offset(0 as isize) as isize) as libc::c_int
- & _ISlower
+ & _ISlower as libc::c_int as libc::c_ushort as libc::c_int
!= 0
{
let mut i: libc::c_int = 0;
diff --git a/lib/util/src/str2sig.rs b/lib/util/src/str2sig.rs
index d47bda3..00989e8 100644
--- a/lib/util/src/str2sig.rs
+++ b/lib/util/src/str2sig.rs
@@ -33,7 +33,6 @@ extern "C" {
fn strcmp(_: *const libc::c_char, _: *const libc::c_char) -> libc::c_int;
fn sysconf(__name: libc::c_int) -> libc::c_long;
fn strcasecmp(_: *const libc::c_char, _: *const libc::c_char) -> libc::c_int;
- static sys_sigabbrev: [*const libc::c_char; 65];
fn __errno_location() -> *mut libc::c_int;
}
@@ -105,6 +104,148 @@ pub unsafe extern "C" fn sudo_str2sig(
let mut errstr: *const libc::c_char = 0 as *const libc::c_char;
let mut signo: libc::c_int = 0;
+ static mut sudo_sys_signame: [*mut libc::c_char; 65] =
+ [0 as *const libc::c_char as *mut libc::c_char; 65];
+ let mut i: libc::c_int = 0;
+ sudo_sys_signame[0 as libc::c_int as usize] =
+ b"Signal 0\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ if (sudo_sys_signame[1 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[1 as libc::c_int as usize] =
+ b"HUP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[2 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[2 as libc::c_int as usize] =
+ b"INT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[3 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[3 as libc::c_int as usize] =
+ b"QUIT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[4 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[4 as libc::c_int as usize] =
+ b"ILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[5 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[5 as libc::c_int as usize] =
+ b"TRAP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[6 as libc::c_int as usize] =
+ b"ABRT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[6 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[6 as libc::c_int as usize] =
+ b"IOT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[8 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[8 as libc::c_int as usize] =
+ b"FPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[9 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[9 as libc::c_int as usize] =
+ b"KILL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[7 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[7 as libc::c_int as usize] =
+ b"BUS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[11 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[11 as libc::c_int as usize] =
+ b"SEGV\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[31 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[31 as libc::c_int as usize] =
+ b"SYS\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[13 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[13 as libc::c_int as usize] =
+ b"PIPE\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[14 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[14 as libc::c_int as usize] =
+ b"ALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[15 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[15 as libc::c_int as usize] =
+ b"TERM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[16 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[16 as libc::c_int as usize] =
+ b"STKFLT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[29 as libc::c_int as usize] =
+ b"IO\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[24 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[24 as libc::c_int as usize] =
+ b"XCPU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[25 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[25 as libc::c_int as usize] =
+ b"XFSZ\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[26 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[26 as libc::c_int as usize] =
+ b"VTALRM\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[27 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[27 as libc::c_int as usize] =
+ b"PROF\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[28 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[28 as libc::c_int as usize] =
+ b"WINCH\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[10 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[10 as libc::c_int as usize] =
+ b"USR1\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[12 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[12 as libc::c_int as usize] =
+ b"USR2\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[30 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[30 as libc::c_int as usize] =
+ b"PWR\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[29 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[29 as libc::c_int as usize] =
+ b"POLL\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[19 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[19 as libc::c_int as usize] =
+ b"STOP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[20 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[20 as libc::c_int as usize] =
+ b"TSTP\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[18 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[18 as libc::c_int as usize] =
+ b"CONT\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[17 as libc::c_int as usize] =
+ b"CHLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[17 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[17 as libc::c_int as usize] =
+ b"CLD\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[21 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[21 as libc::c_int as usize] =
+ b"TTIN\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[22 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[22 as libc::c_int as usize] =
+ b"TTOU\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+ if (sudo_sys_signame[23 as libc::c_int as usize]).is_null() {
+ sudo_sys_signame[23 as libc::c_int as usize] =
+ b"URG\0" as *const u8 as *const libc::c_char as *mut libc::c_char;
+ }
+
if (*(*__ctype_b_loc()).offset(*signame.offset(0 as isize) as libc::c_uchar as isize)
as libc::c_int
& _ISdigit as libc::c_ushort as libc::c_int)
@@ -187,8 +328,8 @@ pub unsafe extern "C" fn sudo_str2sig(
signo = 1;
while signo < NSIG as libc::c_int {
- if !(sys_sigabbrev[signo as usize]).is_null() {
- if strcasecmp(signame, sys_sigabbrev[signo as usize]) == 0 {
+ if !(sudo_sys_signame[signo as usize]).is_null() {
+ if strcasecmp(signame, sudo_sys_signame[signo as usize]) == 0 {
*result = signo;
return 0;
}
--
2.31.1

BIN
utsudo-0.0.1.tar.gz Normal file
View File

Binary file not shown.

86
utsudo-ldap.conf Normal file
View File

@ -0,0 +1,86 @@
## BINDDN DN
## The BINDDN parameter specifies the identity, in the form of a Dis
## tinguished Name (DN), to use when performing LDAP operations. If
## not specified, LDAP operations are performed with an anonymous
## identity. By default, most LDAP servers will allow anonymous
## access.
##
#binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
## BINDPW secret
## The BINDPW parameter specifies the password to use when performing
## LDAP operations. This is typically used in conjunction with the
## BINDDN parameter.
##
#bindpw secret
## SSL start_tls
## If the SSL parameter is set to start_tls, the LDAP server connec
## tion is initiated normally and TLS encryption is begun before the
## bind credentials are sent. This has the advantage of not requiring
## a dedicated port for encrypted communications. This parameter is
## only supported by LDAP servers that honor the start_tls extension,
## such as the OpenLDAP and Tivoli Directory servers.
##
#ssl start_tls
## TLS_CACERTFILE file name
## The path to a certificate authority bundle which contains the cer
## tificates for all the Certificate Authorities the client knows to
## be valid, e.g. /etc/ssl/ca-bundle.pem. This option is only sup
## ported by the OpenLDAP libraries. Netscape-derived LDAP libraries
## use the same certificate database for CA and client certificates
## (see TLS_CERT).
##
#tls_cacertfile /path/to/CA.crt
## TLS_CHECKPEER on/true/yes/off/false/no
## If enabled, TLS_CHECKPEER will cause the LDAP server's TLS certifi
## cated to be verified. If the server's TLS certificate cannot be
## verified (usually because it is signed by an unknown certificate
## authority), sudo will be unable to connect to it. If TLS_CHECKPEER
## is disabled, no check is made. Note that disabling the check cre
## ates an opportunity for man-in-the-middle attacks since the
## server's identity will not be authenticated. If possible, the CA's
## certificate should be installed locally so it can be verified.
## This option is not supported by the Tivoli Directory Server LDAP
## libraries.
#tls_checkpeer yes
##
## URI ldap[s]://[hostname[:port]] ...
## Specifies a whitespace-delimited list of one or more
## URIs describing the LDAP server(s) to connect to.
##
#uri ldap://ldapserver
##
## SUDOERS_BASE base
## The base DN to use when performing sudo LDAP queries.
## Multiple SUDOERS_BASE lines may be specified, in which
## case they are queried in the order specified.
##
#sudoers_base ou=SUDOers,dc=example,dc=com
##
## BIND_TIMELIMIT seconds
## The BIND_TIMELIMIT parameter specifies the amount of
## time to wait while trying to connect to an LDAP server.
##
#bind_timelimit 30
##
## TIMELIMIT seconds
## The TIMELIMIT parameter specifies the amount of time
## to wait for a response to an LDAP query.
##
#timelimit 30
##
## SUDOERS_DEBUG debug_level
## This sets the debug level for sudo LDAP queries. Debugging
## information is printed to the standard error. A value of 1
## results in a moderate amount of debugging information.
## A value of 2 shows the results of the matches themselves.
##
#sudoers_debug 1

57
utsudo.conf Normal file
View File

@ -0,0 +1,57 @@
#
# Default /etc/sudo.conf file
#
# Format:
# Plugin plugin_name plugin_path plugin_options ...
# Path askpass /path/to/askpass
# Path noexec /path/to/sudo_noexec.so
# Debug sudo /var/log/sudo_debug all@warn
# Set disable_coredump true
#
# Sudo plugins:
#
# The plugin_path is relative to ${prefix}/libexec unless fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
# The plugin_options are optional.
#
# The sudoers plugin is used by default if no Plugin lines are present.
Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so
#
# Sudo askpass:
#
# An askpass helper program may be specified to provide a graphical
# password prompt for "sudo -A" support. Sudo does not ship with its
# own passpass program but can use the OpenSSH askpass.
#
# Use the OpenSSH askpass
#Path askpass /usr/X11R6/bin/ssh-askpass
#
# Use the Gnome OpenSSH askpass
#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
#
# Sudo noexec:
#
# Path to a shared library containing dummy versions of the execv(),
# execve() and fexecve() library functions that just return an error.
# This is used to implement the "noexec" functionality on systems that
# support C<LD_PRELOAD> or its equivalent.
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_noexec.so file.
#
#Path noexec /usr/libexec/sudo_noexec.so
#
# Core dumps:
#
# By default, sudo disables core dumps while it is executing (they
# are re-enabled for the command that is run).
# To aid in debugging sudo problems, you may wish to enable core
# dumps by setting "disable_coredump" to false.
#
# Set to false here so as not to interfere with /proc/sys/fs/suid_dumpable
#
Set disable_coredump false

203
utsudo.spec Normal file
View File

@ -0,0 +1,203 @@
ExcludeArch: i686
Summary: The tudo respect sudo
Name: utsudo
Version: 0.0.1
Release: 0%{?dist}.01
License: ISC
Group: Applications/System
URL: https://www.sudo.ws/
Source0: %{name}-%{version}.tar.gz
Source1: utsudoers
Source2: utsudo-ldap.conf
Source3: utsudo.conf
Requires: /etc/pam.d/system-auth
Requires: /usr/bin/vi
Requires(post): /bin/chmod
BuildRequires: /usr/sbin/sendmail
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: flex
BuildRequires: gettext
BuildRequires: groff
BuildRequires: libtool
BuildRequires: audit-libs-devel
BuildRequires: libcap-devel
BuildRequires: libgcrypt-devel
BuildRequires: libselinux-devel
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: zlib-devel
BuildRequires: cargo
BuildRequires: rust
BuildRequires: patchelf
Patch0001: 0001-fix-compile-error-undefined-reference-to-sys_sigabbr.patch
%description
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
%prep
%setup -q
%patch0001 -p1
%build
# Remove bundled copy of zlib
rm -rf zlib/
autoreconf -I m4 -fv --install
%ifarch s390 s390x sparc64
F_PIE=-fPIE
%else
F_PIE=-fpie
%endif
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%configure \
--prefix=%{_prefix} \
--sbindir=%{_sbindir} \
--libdir=%{_libdir} \
--docdir=%{_pkgdocdir} \
--disable-root-mailer \
--with-logging=syslog \
--with-logfac=authpriv \
--with-pam \
--with-pam-login \
--with-editor=/bin/vi \
--with-env-editor \
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
--with-ldap-conf-file="%{_sysconfdir}/utsudo-ldap.conf" \
--with-selinux \
--with-passprompt="[utsudo] password for %p: " \
--with-linux-audit \
--with-sssd
make
%check
## make check
%install
rm -rf $RPM_BUILD_ROOT
# Update README.LDAP (#736653)
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/utsudo-ldap.conf|g' README.LDAP
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
install -p -d -m 750 $RPM_BUILD_ROOT/etc/utsudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/utsudoers
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/utsudo.conf
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/utsudo-ldap.conf
# Add sudo to protected packages
install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
touch utsudo.conf
echo utsudo > utsudo.conf
install -p -c -m 0644 utsudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
rm -f utsudo.conf
rm -f $RPM_BUILD_ROOT%{_bindir}/cvtsudoers
rm -f $RPM_BUILD_ROOT%{_bindir}/sudoreplay
rm -f $RPM_BUILD_ROOT%{_sbindir}/visudo
rm -f $RPM_BUILD_ROOT/etc/sudoers
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/utsudo/*.so # for stripping, reset in %%files
# Don't package LICENSE as a doc
rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
# Remove examples; Examples can be found in man pages too.
rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
# Remove all .la files
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
# Remove sudoers.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
# Remove sudo_plugin.h -add by uos
rm -f $RPM_BUILD_ROOT%{_includedir}/sudo_plugin.h
%find_lang utsudo
%find_lang utsudoers
cat utsudo.lang utsudoers.lang > utsudo_all.lang
rm utsudo.lang utsudoers.lang
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
mkdir -p $RPM_BUILD_ROOT/usr/share/doc/utsudo
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
#%%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
EOF
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
#%%PAM-1.0
auth include sudo
account include sudo
password include sudo
session optional pam_keyinit.so force revoke
session include sudo
EOF
%clean
rm -rf $RPM_BUILD_ROOT
%files -f utsudo_all.lang
%defattr(-,root,root)
%attr(0440,root,root) %config(noreplace) /etc/utsudoers
%attr(0640,root,root) %config(noreplace) /etc/utsudo.conf
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/utsudo-ldap.conf
%attr(0750,root,root) %dir /etc/utsudoers.d/
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
%attr(0644,root,root) %{_tmpfilesdir}/utsudo.conf
%attr(0644,root,root) /etc/dnf/protected.d/utsudo.conf
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%attr(4111,root,root) %{_bindir}/utsudo
%{_bindir}/utsudoedit
%dir %{_libexecdir}/utsudo
%attr(0755,root,root) %{_libexecdir}/utsudo/sesh
%attr(0644,root,root) %{_libexecdir}/utsudo/sudo_noexec.so
%attr(0644,root,root) %{_libexecdir}/utsudo/sudoers.so
%attr(0644,root,root) %{_libexecdir}/utsudo/group_file.so
%attr(0644,root,root) %{_libexecdir}/utsudo/system_group.so
%{_libexecdir}/utsudo/libutsudo_util.so
%{_libexecdir}/utsudo/libutsudo_util.so.?
%attr(0644,root,root) %{_libexecdir}/utsudo/libutsudo_util.so.?.?.?
%dir %{_pkgdocdir}/
%{!?_licensedir:%global license %%doc}
%license doc/LICENSE
# Make sure permissions are ok even if we're updating
%post
/bin/chmod 0440 /etc/utsudoers || :
%changelog
* Mon Aug 07 2023 Lujun <wanglujun@uniontech.com> - 0.0.1-0.01
- Add Patch: 0001-fix-compile-error-undefined-reference-to-sys_sigabbr.patch
* Tue May 10 2022 Lujun <wanglujun@uniontech.com> - 0.0.1
- init.

120
utsudoers Normal file
View File

@ -0,0 +1,120 @@
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Refuse to run if unable to disable echo on the tty.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults match_group_by_gid
# Prior to version 1.8.15, groups listed in sudoers that were not
# found in the system group database were passed to the group
# plugin, if any. Starting with 1.8.15, only groups of the form
# %:group are resolved via the group plugin by default.
# We enable always_query_group_plugin to restore old behavior.
# Disable this option for new behavior.
Defaults always_query_group_plugin
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d