Allow a digest to be specified with the "ALL" command for ldap/sssd back-ends.
This has been possible with sudoers file entries since sudo 1.9.0 but no corresponding change was made for ldap/sssd.
This commit is contained in:
Todd C. Miller
@@ -582,26 +582,22 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
|
|||||||
|
|
||||||
/* Fill in command member now that options have been processed. */
|
/* Fill in command member now that options have been processed. */
|
||||||
m->negated = negated;
|
m->negated = negated;
|
||||||
|
if (!sudo_ldap_extract_digests(&cmnd, &c->digests))
|
||||||
|
goto oom;
|
||||||
if (strcmp(cmnd, "ALL") == 0) {
|
if (strcmp(cmnd, "ALL") == 0) {
|
||||||
/* TODO: support digests with ALL */
|
|
||||||
m->type = ALL;
|
|
||||||
if (cmndspec->tags.setenv == UNSPEC)
|
if (cmndspec->tags.setenv == UNSPEC)
|
||||||
cmndspec->tags.setenv = IMPLIED;
|
cmndspec->tags.setenv = IMPLIED;
|
||||||
|
m->type = ALL;
|
||||||
} else {
|
} else {
|
||||||
char *args;
|
char *args = strpbrk(cmnd, " \t");
|
||||||
|
if (args != NULL) {
|
||||||
m->type = COMMAND;
|
|
||||||
|
|
||||||
/* Fill in command with optional digests. */
|
|
||||||
if (!sudo_ldap_extract_digests(&cmnd, &c->digests))
|
|
||||||
goto oom;
|
|
||||||
if ((args = strpbrk(cmnd, " \t")) != NULL) {
|
|
||||||
*args++ = '\0';
|
*args++ = '\0';
|
||||||
if ((c->args = strdup(args)) == NULL)
|
if ((c->args = strdup(args)) == NULL)
|
||||||
goto oom;
|
goto oom;
|
||||||
}
|
}
|
||||||
if ((c->cmnd = strdup(cmnd)) == NULL)
|
if ((c->cmnd = strdup(cmnd)) == NULL)
|
||||||
goto oom;
|
goto oom;
|
||||||
|
m->type = COMMAND;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Negated commands take precedence so we insert them at the end. */
|
/* Negated commands take precedence so we insert them at the end. */
|
||||||
|
|||||||
Reference in New Issue
Block a user