isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sudo "ALL" implies the SETENV tag.

Browse Source
This commit is contained in:
Todd C. Miller
2018-05-16 10:01:52 -06:00
parent cf9c0102d4
commit 3ca0882d14
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/sudoers/ldap_util.c
View File

@@ -398,6 +398,8 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
cmndspec->notbefore = prev_cmndspec->notbefore; cmndspec->notbefore = prev_cmndspec->notbefore;
cmndspec->notafter = prev_cmndspec->notafter; cmndspec->notafter = prev_cmndspec->notafter;
cmndspec->tags = prev_cmndspec->tags; cmndspec->tags = prev_cmndspec->tags;
if (cmndspec->tags.setenv == IMPLIED)
cmndspec->tags.setenv = UNSPEC;
} else { } else {
/* Parse sudoRunAsUser / sudoRunAs */ /* Parse sudoRunAsUser / sudoRunAs */
if (runasusers != NULL) { if (runasusers != NULL) {
@@ -514,6 +516,9 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
/* So we can inherit previous values. */ /* So we can inherit previous values. */
prev_cmndspec = cmndspec; prev_cmndspec = cmndspec;
} }
/* Sudo "ALL" implies the SETENV tag. */
if (c == NULL && cmndspec->tags.setenv == UNSPEC)
cmndspec->tags.setenv = IMPLIED;
} }
/* Negated commands take precedence so we insert them at the end. */ /* Negated commands take precedence so we insert them at the end. */
TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries); TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries);