We rely on the include path to find many of these headers. It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
We now pass a pointer to the context where necessary. There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions. If the plugin
API was able to pass around a closure pointer this would not be
necessary.
This may simply mean that nsswitch.conf lists sss as a sudoers
source but SSSD is not configured for sudo. Otherwise, the user
will receive a useless "problem with defaults entries" when the
sssd backend tries to fetch the global defaults. Bug #1022.
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
In the sssd backend, the rule_to_priv() cleanup code assumes cmnds
can be passed to fn_free_values(), which was not the case if we
receive an error getting values for "sudoCommand". This is a
regression introduced in sudo 1.9.1. Fix from Ron Bowes.
GitHub issue #67.
The file name in struct userspec was not set for the LDAP and SSSD
backends. There is no actual file in this case so set the name to
LDAP/SSSD. Also add a guard to make sure we don't try to print
NULL in sudoers_lookup_check() if name is left unset.
Otherwise, sudo_ldap_role_to_priv() will treat a NULL host list as
as the "ALL" wildcard. This regression was introduced in sudo 1.8.23,
which was the first version to convert LDAP sudoRole objects to
sudoers internal data structures.
Thanks to Andreas Mueller for reporting and debugging this problem.
Previously we needed to include headers required by the various
sudo*h files. Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
were sorted in descending order by sudoOrder. That allowed it to
avoid iterating over the entire list of rules. Now that we convert
to a sudoers parse tree, we need to convert rules in ascending
order, not descending. The simplest way to accomplish this is to
simply iterate over the rules from last to first, reversing the
sort order. Bug #849
we are listing in short mode (in which case we convert them to tags
if possible). Fixes a problem where sudoOptions were not being
applied to the command.
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
a pointer to a struct sudoers_parse_tree which will be filled in
by the getdefs() and query() functions.
