isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add struct sudoers_runas_context and move runas-specific bits into it.

Browse Source
This commit is contained in:
Todd C. Miller
2023-08-12 14:20:30 -06:00
parent d8b28dad97
commit a321e6cedf
26 changed files with 386 additions and 356 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/sudoers/ldap.c
View File

@@ -329,8 +329,8 @@ sudo_ldap_check_non_unix_group(const struct sudo_nss *nss, LDAPMessage *entry,
}
if (*val == '+') {
if (netgr_matches(nss, val,
def_netgroup_tuple ? user_ctx.runhost : NULL,
def_netgroup_tuple ? user_ctx.srunhost : NULL, pw->pw_name))
def_netgroup_tuple ? runas_ctx.host : NULL,
def_netgroup_tuple ? runas_ctx.shost : NULL, pw->pw_name))
ret = true;
DPRINTF2("ldap sudoUser netgroup '%s%s' ... %s",
negated ? "!" : "", val, ret ? "MATCH!" : "not");
@@ -666,11 +666,11 @@ sudo_netgroup_lookup(LDAP *ld, struct passwd *pw,
if ((escaped_user = sudo_ldap_value_dup(pw->pw_name)) == NULL)
goto oom;
if (def_netgroup_tuple) {
escaped_host = sudo_ldap_value_dup(user_ctx.runhost);
if (user_ctx.runhost == user_ctx.srunhost)
escaped_host = sudo_ldap_value_dup(runas_ctx.host);
if (runas_ctx.host == runas_ctx.shost)
escaped_shost = escaped_host;
else
escaped_shost = sudo_ldap_value_dup(user_ctx.srunhost);
escaped_shost = sudo_ldap_value_dup(runas_ctx.shost);
if (escaped_host == NULL || escaped_shost == NULL)
goto oom;
}
@@ -1925,7 +1925,7 @@ sudo_ldap_query(const struct sudo_nss *nss, struct passwd *pw)
free_userspecs(&handle->parse_tree.userspecs);
DPRINTF1("%s: ldap search user %s, host %s", __func__, pw->pw_name,
user_ctx.runhost);
runas_ctx.host);
if ((lres = sudo_ldap_result_get(nss, pw)) == NULL)
goto done;