It was already unsigned in sudoers but not in the front-end or the
python plugin. Making this consistent resolves a lot of -Wconversion
warnings. Also clean up some other -Wconversion warnings in sudo_debug.c.
This makes it possible to tell whether an entry was rejected due
to a negative match (explicitly denied) as opposed to a non-match.
Also fixes a bug where the runas status was only printed for positive
matches.
Previously, the user could specify the runas user's home dir for
"sudo -i" or the user's existing cwd when -i is not specified.
This behavior was never documented and is inconsistent with how
the -R option is handled.
Previously, check_user_runcwd() would return true if the runcwd
matched the user's cwd, even if sudoers specified a different one.
The user-specified runcwd was ignored but it is better to error out
in this case. It is now also possible to use "sudo -D" with the
directory specified in sudoers.
The lack of setting to NULL is a holdover from when command_info was a local variable and not a global one. However, we given how other global variables are set to NULL, it is best that we do the same here to avoid potential issues should sudoers_policy_store_result be called again after the first time failed, otherwise we could get a double-free.
Variable length arrays are supported by C99, but having it denoted as "1" confused the compiler and is not defined.
Note that because we don't get the inferred NULL terminator, we have to increase the malloc size by one.
This makes it possible to call the appropriate runas user or group
list match function when resolving aliases instead of calling
runaslist_matches() itself. Fixes a bug that prevented the group
specified via "sudo -g" from matching when a Runas_Alias was used
in the user or group portion of a Runas_Spec.
If a sudoers rule has no runas list, a user-specified runas group
should only be allowed if it matches a group that the default runas
user belongs to. Instead, a missing group check allowed the user
run commands as the default runas user with an arbitrary group.
This means that a rule like "somebody host = ALL", which should be
equivalent to "somebody host = (root) ALL", had the same effect as
"somebody host = (root:ALL) ALL".
Now that we are guaranteed to have a runas user list for all sudoers
rules that contain a runas list, we can remove support for the
special case where user_matched is set in the runas group matching
conditional. This fixes a bug where "sudo -u myuser -g mygroup"
was permitted by a rule like "myuser ALL = (root) ALL".
When a sudoers rule permits the user to run commands as a group,
not a user, we should set the runasusers to single member with the
special MYSELF token. This guarantees that the only time runasusers
will be NULL is when no runaslist is present.
This can be used to support netgroup queries on systems that lack
the innetgr() function and where the LDAP server cannot query the
nisNetgroup by nisNetgroupTriple.
This allows us to use the LDAP-specific version of innetgr() when
possible. Also enable "use_netgroups" by default even on systems
without innetgr() since we can now query netgroups directly via
LDAP.
