isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add per-source innetgr function pointer and use it in netgr_matches().

Browse Source 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
This commit is contained in:
Todd C. Miller
2023-03-08 13:44:22 -07:00
parent d2582c2cdb
commit 0aad96bba1
11 changed files with 60 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/sudoers/ldap.c
View File

@@ -348,7 +348,9 @@ sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw)
negated = true;
}
if (*val == '+') {
if (netgr_matches(val, def_netgroup_tuple ? user_runhost : NULL,
/* Custom innetgr() function not used here. */
if (netgr_matches(NULL, val,
def_netgroup_tuple ? user_runhost : NULL,
def_netgroup_tuple ? user_srunhost : NULL, pw->pw_name))
ret = true;
DPRINTF2("ldap sudoUser netgroup '%s%s' ... %s",
@@ -1766,7 +1768,7 @@ sudo_ldap_open(struct sudo_nss *nss)
}
handle->ld = ld;
/* handle->pw = NULL; */
init_parse_tree(&handle->parse_tree, NULL, NULL);
init_parse_tree(&handle->parse_tree, NULL, NULL, nss);
nss->handle = handle;
done: