SF.net SVN: gar:[26028] csw/mgar/pkg/sudo/trunk
dmichelsen at users.sourceforge.net
dmichelsen at users.sourceforge.net
Wed Nov 9 09:03:11 CET 2016
Revision: 26028
http://sourceforge.net/p/gar/code/26028
Author: dmichelsen
Date: 2016-11-09 08:03:11 +0000 (Wed, 09 Nov 2016)
Log Message:
-----------
sudo/trunk: Add patch for sudo_ldap
Modified Paths:
--------------
csw/mgar/pkg/sudo/trunk/Makefile
Added Paths:
-----------
csw/mgar/pkg/sudo/trunk/files/40cbd5790106
Modified: csw/mgar/pkg/sudo/trunk/Makefile
===================================================================
--- csw/mgar/pkg/sudo/trunk/Makefile 2016-11-08 13:41:51 UTC (rev 26027)
+++ csw/mgar/pkg/sudo/trunk/Makefile 2016-11-09 08:03:11 UTC (rev 26028)
@@ -21,6 +21,10 @@
DISTFILES += sudo.conf.CSW
DISTFILES += map.sudo
+# Use patch until this is fixed:
+# https://www.sudo.ws/pipermail/sudo-users/2016-November/005855.html
+PATCHFILES += 40cbd5790106
+
LICENSE = doc/LICENSE
VENDOR_URL = http://www.sudo.ws
Added: csw/mgar/pkg/sudo/trunk/files/40cbd5790106
===================================================================
--- csw/mgar/pkg/sudo/trunk/files/40cbd5790106 (rev 0)
+++ csw/mgar/pkg/sudo/trunk/files/40cbd5790106 2016-11-09 08:03:11 UTC (rev 26028)
@@ -0,0 +1,121 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller at courtesan.com>
+# Date 1478640923 25200
+# Node ID 40cbd579010615597370933e1c66ca4627e9095a
+# Parent 6b64a8e3a19dbb6a3ed48b0751f1a6eeaf290d24
+Fix a bug in host matching where a negated sudoHost entry would
+prevent other sudoHosts following it from matching.
+
+diff -r 6b64a8e3a19d -r 40cbd5790106 plugins/sudoers/ldap.c
+--- a/plugins/sudoers/ldap.c Tue Nov 08 12:58:28 2016 -0700
++++ b/plugins/sudoers/ldap.c Tue Nov 08 14:35:23 2016 -0700
+@@ -722,20 +722,21 @@
+ {
+ struct berval **bv, **p;
+ char *val;
+- bool ret = false;
+- bool foundbang = false;
++ int matched = UNSPEC;
+ debug_decl(sudo_ldap_check_host, SUDOERS_DEBUG_LDAP)
+
+ if (!entry)
+- debug_return_bool(ret);
++ debug_return_bool(false);
+
+ /* get the values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoHost");
+ if (bv == NULL)
+- debug_return_bool(ret);
++ debug_return_bool(false);
+
+ /* walk through values */
+- for (p = bv; *p != NULL && !foundbang; p++) {
++ for (p = bv; *p != NULL && matched != false; p++) {
++ bool foundbang = false;
++
+ val = (*p)->bv_val;
+
+ if (*val == '!') {
+@@ -747,14 +748,17 @@
+ if (strcmp(val, "ALL") == 0 || addr_matches(val) ||
+ netgr_matches(val, user_runhost, user_srunhost,
+ def_netgroup_tuple ? pw->pw_name : NULL) ||
+- hostname_matches(user_srunhost, user_runhost, val))
+- ret = !foundbang;
+- DPRINTF2("ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not");
++ hostname_matches(user_srunhost, user_runhost, val)) {
++
++ matched = foundbang ? false : true;
++ }
++ DPRINTF2("ldap sudoHost '%s' ... %s",
++ val, matched == true ? "MATCH!" : "not");
+ }
+
+ ldap_value_free_len(bv); /* cleanup */
+
+- debug_return_bool(ret);
++ debug_return_bool(matched == true);
+ }
+
+ static int
+diff -r 6b64a8e3a19d -r 40cbd5790106 plugins/sudoers/sssd.c
+--- a/plugins/sudoers/sssd.c Tue Nov 08 12:58:28 2016 -0700
++++ b/plugins/sudoers/sssd.c Tue Nov 08 14:35:23 2016 -0700
+@@ -741,13 +741,12 @@
+ sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
+ {
+ char **val_array, *val;
+- bool ret = false;
+- bool foundbang = false;
++ int matched = UNSPEC;
+ int i;
+ debug_decl(sudo_sss_check_host, SUDOERS_DEBUG_SSSD);
+
+ if (rule == NULL)
+- debug_return_bool(ret);
++ debug_return_bool(false);
+
+ /* get the values from the rule */
+ switch (handle->fn_get_values(rule, "sudoHost", &val_array)) {
+@@ -758,11 +757,13 @@
+ debug_return_bool(false);
+ default:
+ sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoHost): != 0");
+- debug_return_bool(ret);
++ debug_return_bool(false);
+ }
+
+ /* walk through values */
+- for (i = 0; val_array[i] != NULL && !foundbang; ++i) {
++ for (i = 0; val_array[i] != NULL && matched != false; ++i) {
++ bool foundbang = false;
++
+ val = val_array[i];
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val);
+
+@@ -775,16 +776,18 @@
+ if (strcmp(val, "ALL") == 0 || addr_matches(val) ||
+ netgr_matches(val, handle->host, handle->shost,
+ def_netgroup_tuple ? handle->pw->pw_name : NULL) ||
+- hostname_matches(handle->shost, handle->host, val))
+- ret = !foundbang;
++ hostname_matches(handle->shost, handle->host, val)) {
+
+- sudo_debug_printf(SUDO_DEBUG_INFO,
+- "sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not");
++ matched = foundbang ? false : true;
++ }
++
++ sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoHost '%s' ... %s",
++ val, matched == true ? "MATCH!" : "not");
+ }
+
+ handle->fn_free_values(val_array);
+
+- debug_return_bool(ret);
++ debug_return_bool(matched == true);
+ }
+
+ /*
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list