#include "parse.h"
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.16 2007/09/04 14:58:46 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.20 2007/11/27 17:06:54 millert Exp $";
#endif /* lint */
#ifndef LINE_MAX
/* walk through values */
for (p = v; p && *p && !ret; p++) {
/* match any or address or netgroup or hostname */
- if (!strcasecmp(*p, "ALL") || addr_matches(*p) ||
+ if (!strcmp(*p, "ALL") || addr_matches(*p) ||
netgr_matches(*p, user_host, user_shost, NULL) ||
!hostname_matches(user_shost, user_host, *p))
ret = TRUE;
* Walk through search results and return TRUE if we have a command match.
*/
int
-sudo_ldap_check_command(ld, entry)
+sudo_ldap_check_command(ld, entry, setenv_implied)
LDAP *ld;
LDAPMessage *entry;
+ int *setenv_implied;
{
char *allowed_cmnd, *allowed_args, **v = NULL, **p = NULL;
int foundbang, ret = FALSE;
/* get_first_entry */
for (p = v; p && *p && ret >= 0; p++) {
/* Match against ALL ? */
- if (!strcasecmp(*p, "ALL")) {
+ if (!strcmp(*p, "ALL")) {
ret = TRUE;
+ if (setenv_implied != NULL)
+ *setenv_implied = TRUE;
DPRINTF(("ldap sudoCommand '%s' ... MATCH!", *p), 2);
continue;
}
/* paste values together */
for (p = v; p && *p; p++) {
if (p != v && sep != NULL)
- ncat(&b, &sz, sep); /* append seperator */
+ ncat(&b, &sz, sep); /* append separator */
ncat(&b, &sz, *p); /* append value */
}
LDAPMessage *entry = NULL, *result = NULL; /* used for searches */
char *filt; /* used to parse attributes */
int rc, ret = FALSE, do_netgr; /* temp/final return values */
+ int setenv_implied;
int ldap_user_matches = FALSE, ldap_host_matches = FALSE; /* flags */
/* Open a connection to the LDAP server. */
* user netgroups. Then we take the netgroups returned and
* try to match them against the username.
*/
-
+ setenv_implied = FALSE;
for (do_netgr = 0; !ret && do_netgr < 2; do_netgr++) {
filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1();
DPRINTF(("ldap search '%s'", filt), 1);
/* add matches for listing later */
sudo_ldap_add_match(ld, entry, pwflag) &&
/* verify command match */
- sudo_ldap_check_command(ld, entry) &&
+ sudo_ldap_check_command(ld, entry, &setenv_implied) &&
/* verify runas match */
sudo_ldap_check_runas(ld, entry)
) {
/* We have a match! */
DPRINTF(("Perfect Matched!"), 1);
/* pick up any options */
+ if (setenv_implied)
+ def_setenv = TRUE;
sudo_ldap_parse_options(ld, entry);
/* make sure we don't reenter loop */
ret = VALIDATE_OK;