mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

Support negated sudoHost entries.

Browse Source
This commit is contained in:
Todd C. Miller
2016-09-14 10:33:27 -06:00
parent 7fd6edb6df
commit ff753d1e16
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/sudoers/sssd.c
View File

@@ -730,6 +730,7 @@ sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
char **val_array, *val;
bool ret = false;
bool foundbang = false;
int i;
debug_decl(sudo_sss_check_host, SUDOERS_DEBUG_SSSD);
@@ -749,16 +750,21 @@ sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
}
/* walk through values */
for (i = 0; val_array[i] != NULL && !ret; ++i) {
for (i = 0; val_array[i] != NULL && !foundbang; ++i) {
val = val_array[i];
sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val);
if (*val == '!') {
val++;
foundbang = true;
}
/* match any or address or netgroup or hostname */
if (strcmp(val, "ALL") == 0 || addr_matches(val) ||
netgr_matches(val, handle->host, handle->shost,
def_netgroup_tuple ? handle->pw->pw_name : NULL) ||
hostname_matches(handle->shost, handle->host, val))
ret = true;
ret = !foundbang;
sudo_debug_printf(SUDO_DEBUG_INFO,
"sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not");