diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2007-07-26 16:10:17 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2007-07-26 16:10:17 +0000 |
| commit | 828fe35b0dee0a24eae19e816e9f6bc05c720bc0 (patch) | |
| tree | 2adb27efde016e50eadcf2e74892e19861268a25 /usr.bin/sudo/sudoers2ldif | |
| parent | eb13f7f0aa17caa3bf79e5518751b3f095fb2445 (diff) | |
Update to sudo 1.6.9p1. Note that the environment handling in sudo
1.6.9 has changed relative to older versions. Sudo now starts
commands with a minimal environment containing the variables in the
env_keep and env_check lists. This behavior is configurable in the
sudoers file. Please see the "SECURITY NOTES" section in the sudo
manual.
Diffstat (limited to 'usr.bin/sudo/sudoers2ldif')
| -rw-r--r-- | usr.bin/sudo/sudoers2ldif | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/usr.bin/sudo/sudoers2ldif b/usr.bin/sudo/sudoers2ldif index b43f494bb57..da5bb97607a 100644 --- a/usr.bin/sudo/sudoers2ldif +++ b/usr.bin/sudo/sudoers2ldif @@ -5,16 +5,17 @@ use strict; # Converts a sudoers file to LDIF format in prepration for loading into # the LDAP server. # -# $Sudo: sudoers2ldif,v 1.2 2004/02/13 02:08:27 aaron Exp $ +# $Sudo: sudoers2ldif,v 1.2.2.1 2007/06/28 14:45:19 millert Exp $ # # BUGS: # Does not yet handle multiple lines with : in them -# Does not yet handle runas (xxx) syntax. # Does not yet remove quotation marks from options # Does not yet escape + at the beginning of a dn # Does not yet handle line wraps correctly # Does not yet handle multiple roles with same name (needs tiebreaker) +# Sudoers entries can have multiple Runas entries that override former ones, +# with LDAP sudoRunas applies to all commands in a sudoRole my %UA; my %HA; @@ -79,6 +80,12 @@ while (<>){ # will clobber options print "sudoUser: $_\n" foreach expand(\%UA,@users); print "sudoHost: $_\n" foreach expand(\%HA,@hosts); + my $runas = undef; + foreach (@cmds) { + if (s/^\(([^\)]+)\)\s*//) { + print "sudoRunas: $_\n" foreach expand(\%UA, split(/,\s*/, $1)); + } + } print "sudoCommand: $_\n" foreach expand(\%CA,@cmds); print "sudoOption: $_\n" foreach @options; print "\n"; @@ -103,6 +110,8 @@ sub expand{ s/PASSWD:\s*// && push @options,"authenticate"; s/NOEXEC:\s*// && push @options,"noexec"; s/EXEC:\s*// && push @options,"!noexec"; + s/SETENV:\s*// && push @options,"setenv"; + s/NOSETENV:\s*// && push @options,"!setenv"; s/\w+://; # silently remove other directives s/\s+$//; # right trim } |