mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 07:15:27 +00:00
Code Issues Releases Wiki Activity

Unifdef parser support for SELinux, AppArmor and Solaris privileges.

Browse Source
This commit is contained in:
Todd C. Miller
2024-05-01 08:04:00 -06:00
parent 38b98b4174
commit 389c8550c9
17 changed files with 267 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/sudoers/ldap_util.c
View File

@@ -1,7 +1,7 @@
/*
* SPDX-License-Identifier: ISC
*
* Copyright (c) 2013, 2016, 2018-2018 Todd C. Miller <Todd.Miller@sudo.ws>
* Copyright (c) 2013, 2016, 2018-2024 Todd C. Miller <Todd.Miller@sudo.ws>
*
* This code is derived from software contributed by Aaron Spangler.
*
@@ -439,17 +439,11 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
cmndspec->timeout = prev_cmndspec->timeout;
cmndspec->runchroot = prev_cmndspec->runchroot;
cmndspec->runcwd = prev_cmndspec->runcwd;
#ifdef HAVE_SELINUX
cmndspec->role = prev_cmndspec->role;
cmndspec->type = prev_cmndspec->type;
#endif /* HAVE_SELINUX */
#ifdef HAVE_APPARMOR
cmndspec->apparmor_profile = prev_cmndspec->apparmor_profile;
#endif /* HAVE_APPARMOR */
#ifdef HAVE_PRIV_SET
cmndspec->privs = prev_cmndspec->privs;
cmndspec->limitprivs = prev_cmndspec->limitprivs;
#endif /* HAVE_PRIV_SET */
cmndspec->tags = prev_cmndspec->tags;
if (cmndspec->tags.setenv == IMPLIED)
cmndspec->tags.setenv = UNSPEC;
@@ -519,7 +513,6 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
}
if ((cmndspec->runcwd = strdup(val)) == NULL)
break;
#ifdef HAVE_SELINUX
} else if (strcmp(var, "role") == 0 && val != NULL) {
if (cmndspec->role != NULL) {
free(cmndspec->role);
@@ -536,8 +529,6 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
}
if ((cmndspec->type = strdup(val)) == NULL)
break;
#endif /* HAVE_SELINUX */
#ifdef HAVE_APPARMOR
} else if (strcmp(var, "apparmor_profile") == 0 && val != NULL) {
if (cmndspec->apparmor_profile != NULL) {
free(cmndspec->apparmor_profile);
@@ -546,8 +537,6 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
}
if ((cmndspec->apparmor_profile = strdup(val)) == NULL)
break;
#endif /* HAVE_APPARMOR */
#ifdef HAVE_PRIV_SET
} else if (strcmp(var, "privs") == 0 && val != NULL) {
if (cmndspec->privs != NULL) {
free(cmndspec->privs);
@@ -564,7 +553,6 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
}
if ((cmndspec->limitprivs = strdup(val)) == NULL)
break;
#endif /* HAVE_PRIV_SET */
} else if (store_options) {
if (!append_default(var, val, op, source,
&priv->defaults)) {