isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudo_ldap_check_non_unix_group: pass nss pointer to netgr_matches()

Browse Source 
This allows us to use the LDAP-specific version of innetgr() when
possible.  Also enable "use_netgroups" by default even on systems
without innetgr() since we can now query netgroups directly via
LDAP.
This commit is contained in:
Todd C. Miller
2023-06-06 19:55:06 -06:00
parent 245c56bac1
commit 6fddb2875c
4 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/sudoers/parse.h
View File

@@ -435,7 +435,7 @@ struct group;
struct passwd;
bool group_matches(const char *sudoers_group, const struct group *gr);
bool hostname_matches(const char *shost, const char *lhost, const char *pattern);
bool netgr_matches(struct sudo_nss *nss, const char *netgr, const char *lhost, const char *shost, const char *user);
bool netgr_matches(const struct sudo_nss *nss, const char *netgr, const char *lhost, const char *shost, const char *user);
bool usergr_matches(const char *group, const char *user, const struct passwd *pw);
bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw);
int cmnd_matches(const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info);