Add support for permitting access by group ID in addition to group name.
This commit is contained in:
Todd C. Miller
@@ -999,7 +999,7 @@ static char *
|
|||||||
sudo_ldap_build_pass1(struct passwd *pw)
|
sudo_ldap_build_pass1(struct passwd *pw)
|
||||||
{
|
{
|
||||||
struct group *grp;
|
struct group *grp;
|
||||||
char *buf, timebuffer[TIMEFILTER_LENGTH];
|
char *buf, timebuffer[TIMEFILTER_LENGTH], gidbuf[MAX_UID_T_LEN];
|
||||||
struct group_list *grlist;
|
struct group_list *grlist;
|
||||||
size_t sz = 0;
|
size_t sz = 0;
|
||||||
int i;
|
int i;
|
||||||
@@ -1012,16 +1012,22 @@ sudo_ldap_build_pass1(struct passwd *pw)
|
|||||||
/* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
|
/* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
|
||||||
sz += 29 + strlen(pw->pw_name);
|
sz += 29 + strlen(pw->pw_name);
|
||||||
|
|
||||||
/* Add space for primary and supplementary groups */
|
/* Add space for primary and supplementary groups and gids */
|
||||||
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
|
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
|
||||||
sz += 12 + strlen(grp->gr_name);
|
sz += 12 + strlen(grp->gr_name);
|
||||||
}
|
}
|
||||||
|
sz += 13 + MAX_UID_T_LEN;
|
||||||
if ((grlist = get_group_list(pw)) != NULL) {
|
if ((grlist = get_group_list(pw)) != NULL) {
|
||||||
for (i = 0; i < grlist->ngroups; i++) {
|
for (i = 0; i < grlist->ngroups; i++) {
|
||||||
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
|
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
|
||||||
continue;
|
continue;
|
||||||
sz += 12 + strlen(grlist->groups[i]);
|
sz += 12 + strlen(grlist->groups[i]);
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < grlist->ngids; i++) {
|
||||||
|
if (pw->pw_gid == grlist->gids[i])
|
||||||
|
continue;
|
||||||
|
sz += 13 + MAX_UID_T_LEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If timed, add space for time limits. */
|
/* If timed, add space for time limits. */
|
||||||
@@ -1045,14 +1051,18 @@ sudo_ldap_build_pass1(struct passwd *pw)
|
|||||||
(void) strlcat(buf, pw->pw_name, sz);
|
(void) strlcat(buf, pw->pw_name, sz);
|
||||||
(void) strlcat(buf, ")", sz);
|
(void) strlcat(buf, ")", sz);
|
||||||
|
|
||||||
/* Append primary group */
|
/* Append primary group and gid */
|
||||||
if (grp != NULL) {
|
if (grp != NULL) {
|
||||||
(void) strlcat(buf, "(sudoUser=%", sz);
|
(void) strlcat(buf, "(sudoUser=%", sz);
|
||||||
(void) strlcat(buf, grp->gr_name, sz);
|
(void) strlcat(buf, grp->gr_name, sz);
|
||||||
(void) strlcat(buf, ")", sz);
|
(void) strlcat(buf, ")", sz);
|
||||||
}
|
}
|
||||||
|
(void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_gid);
|
||||||
|
(void) strlcat(buf, "(sudoUser=%#", sz);
|
||||||
|
(void) strlcat(buf, gidbuf, sz);
|
||||||
|
(void) strlcat(buf, ")", sz);
|
||||||
|
|
||||||
/* Append supplementary groups */
|
/* Append supplementary groups and gids */
|
||||||
if (grlist != NULL) {
|
if (grlist != NULL) {
|
||||||
for (i = 0; i < grlist->ngroups; i++) {
|
for (i = 0; i < grlist->ngroups; i++) {
|
||||||
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
|
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
|
||||||
@@ -1061,6 +1071,13 @@ sudo_ldap_build_pass1(struct passwd *pw)
|
|||||||
(void) strlcat(buf, grlist->groups[i], sz);
|
(void) strlcat(buf, grlist->groups[i], sz);
|
||||||
(void) strlcat(buf, ")", sz);
|
(void) strlcat(buf, ")", sz);
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < grlist->ngids; i++) {
|
||||||
|
(void) snprintf(gidbuf, sizeof(gidbuf), "%u",
|
||||||
|
(unsigned int)grlist->gids[i]);
|
||||||
|
(void) strlcat(buf, "(sudoUser=%#", sz);
|
||||||
|
(void) strlcat(buf, gidbuf, sz);
|
||||||
|
(void) strlcat(buf, ")", sz);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Done with groups. */
|
/* Done with groups. */
|
||||||
|
|||||||
Reference in New Issue
Block a user