diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2007-12-03 15:09:49 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2007-12-03 15:09:49 +0000 |
| commit | e13a45b4924436ca148adef026b9720c372786a9 (patch) | |
| tree | a1bcc5d921771603e1758c3699703839063ff965 /usr.bin/sudo/ldap.c | |
| parent | 1a3b3a6368a160285258f3e55f46e99aa22db27a (diff) | |
update to sudo 1.6.9p9
Diffstat (limited to 'usr.bin/sudo/ldap.c')
| -rw-r--r-- | usr.bin/sudo/ldap.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/usr.bin/sudo/ldap.c b/usr.bin/sudo/ldap.c index 454f5364692..14d046c74be 100644 --- a/usr.bin/sudo/ldap.c +++ b/usr.bin/sudo/ldap.c @@ -65,7 +65,7 @@ #include "parse.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.16 2007/09/04 14:58:46 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.20 2007/11/27 17:06:54 millert Exp $"; #endif /* lint */ #ifndef LINE_MAX @@ -163,7 +163,7 @@ sudo_ldap_check_host(ld, entry) /* walk through values */ for (p = v; p && *p && !ret; p++) { /* match any or address or netgroup or hostname */ - if (!strcasecmp(*p, "ALL") || addr_matches(*p) || + if (!strcmp(*p, "ALL") || addr_matches(*p) || netgr_matches(*p, user_host, user_shost, NULL) || !hostname_matches(user_shost, user_host, *p)) ret = TRUE; @@ -257,9 +257,10 @@ sudo_ldap_check_runas(ld, entry) * Walk through search results and return TRUE if we have a command match. */ int -sudo_ldap_check_command(ld, entry) +sudo_ldap_check_command(ld, entry, setenv_implied) LDAP *ld; LDAPMessage *entry; + int *setenv_implied; { char *allowed_cmnd, *allowed_args, **v = NULL, **p = NULL; int foundbang, ret = FALSE; @@ -272,8 +273,10 @@ sudo_ldap_check_command(ld, entry) /* get_first_entry */ for (p = v; p && *p && ret >= 0; p++) { /* Match against ALL ? */ - if (!strcasecmp(*p, "ALL")) { + if (!strcmp(*p, "ALL")) { ret = TRUE; + if (setenv_implied != NULL) + *setenv_implied = TRUE; DPRINTF(("ldap sudoCommand '%s' ... MATCH!", *p), 2); continue; } @@ -919,6 +922,7 @@ sudo_ldap_check(pwflag) LDAPMessage *entry = NULL, *result = NULL; /* used for searches */ char *filt; /* used to parse attributes */ int rc, ret = FALSE, do_netgr; /* temp/final return values */ + int setenv_implied; int ldap_user_matches = FALSE, ldap_host_matches = FALSE; /* flags */ /* Open a connection to the LDAP server. */ @@ -942,7 +946,7 @@ sudo_ldap_check(pwflag) * user netgroups. Then we take the netgroups returned and * try to match them against the username. */ - + setenv_implied = FALSE; for (do_netgr = 0; !ret && do_netgr < 2; do_netgr++) { filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(); DPRINTF(("ldap search '%s'", filt), 1); @@ -968,13 +972,15 @@ sudo_ldap_check(pwflag) /* add matches for listing later */ sudo_ldap_add_match(ld, entry, pwflag) && /* verify command match */ - sudo_ldap_check_command(ld, entry) && + sudo_ldap_check_command(ld, entry, &setenv_implied) && /* verify runas match */ sudo_ldap_check_runas(ld, entry) ) { /* We have a match! */ DPRINTF(("Perfect Matched!"), 1); /* pick up any options */ + if (setenv_implied) + def_setenv = TRUE; sudo_ldap_parse_options(ld, entry); /* make sure we don't reenter loop */ ret = VALIDATE_OK; |