isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow a digest to be specified with the "ALL" command for ldap/sssd back-ends.

Browse Source 
This has been possible with sudoers file entries since sudo 1.9.0
but no corresponding change was made for ldap/sssd.
This commit is contained in:
Todd C. Miller
2021-09-17 15:29:00 -06:00
parent 49bf0cc84b
commit 702746f96b
1 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/sudoers/ldap_util.c
View File

@@ -582,26 +582,22 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
/* Fill in command member now that options have been processed. */
m->negated = negated;
if (!sudo_ldap_extract_digests(&cmnd, &c->digests))
goto oom;
if (strcmp(cmnd, "ALL") == 0) {
/* TODO: support digests with ALL */
m->type = ALL;
if (cmndspec->tags.setenv == UNSPEC)
cmndspec->tags.setenv = IMPLIED;
m->type = ALL;
} else {
char *args;
m->type = COMMAND;
/* Fill in command with optional digests. */
if (!sudo_ldap_extract_digests(&cmnd, &c->digests))
goto oom;
if ((args = strpbrk(cmnd, " \t")) != NULL) {
char *args = strpbrk(cmnd, " \t");
if (args != NULL) {
*args++ = '\0';
if ((c->args = strdup(args)) == NULL)
goto oom;
}
if ((c->cmnd = strdup(cmnd)) == NULL)
goto oom;
m->type = COMMAND;
}
}
/* Negated commands take precedence so we insert them at the end. */