2
0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 14:25:15 +00:00

Add support for runas groups. This allows the user to run a command

with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
This commit is contained in:
Todd C. Miller
2007-11-21 20:12:00 +00:00
parent bfd781ff65
commit f9f4aca556
28 changed files with 1446 additions and 1061 deletions

11
parse.h
View File

@@ -98,7 +98,8 @@ struct privilege {
*/
struct cmndspec {
struct cmndspec *prev, *next;
struct member_list runaslist; /* list of runas users */
struct member_list runasuserlist; /* list of runas users */
struct member_list runasgrouplist; /* list of runas groups */
struct member *cmnd; /* command to allow/deny */
struct cmndtag tags; /* tag specificaion */
};
@@ -113,6 +114,11 @@ struct member {
short negated; /* negated via '!'? */
};
struct runascontainer {
struct member *runasusers;
struct member *runasgroups;
};
/*
* Generic structure to hold {User,Host,Runas,Cmnd}_Alias
* Aliases are stored in a red-black tree, sorted by name and type.
@@ -160,10 +166,11 @@ int hostlist_matches __P((struct member_list *));
int hostname_matches __P((char *, char *, char *));
int netgr_matches __P((char *, char *, char *, char *));
int no_aliases __P((void));
int runaslist_matches __P((struct member_list *));
int runaslist_matches __P((struct member_list *, struct member_list *));
int userlist_matches __P((struct passwd *, struct member_list *));
int usergr_matches __P((char *, char *, struct passwd *));
int userpw_matches __P((char *, char *, struct passwd *));
int group_matches __P((char *, struct group *));
struct alias *find_alias __P((char *, int));
void alias_apply __P((int (*)(void *, void *), void *));
void init_aliases __P((void));