Sudo "ALL" implies the SETENV tag.

author Todd C. Miller <Todd.Miller@sudo.ws>

Wed, 16 May 2018 16:01:52 +0000 (10:01 -0600)

committer Todd C. Miller <Todd.Miller@sudo.ws>

Wed, 16 May 2018 16:01:52 +0000 (10:01 -0600)
author Todd C. Miller <Todd.Miller@sudo.ws>
Wed, 16 May 2018 16:01:52 +0000 (10:01 -0600)
committer Todd C. Miller <Todd.Miller@sudo.ws>
Wed, 16 May 2018 16:01:52 +0000 (10:01 -0600)
diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c

index c9a81557cd1b5d680f3dffaf2946a97c94ccac75..af6dbdd70109d15601a34b7a6872553e288586cb 100644 (file)
--- a/plugins/sudoers/ldap_util.c
+++ b/plugins/sudoers/ldap_util.c
@@ -398,6 +398,8 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
             cmndspec->notbefore = prev_cmndspec->notbefore;
             cmndspec->notafter = prev_cmndspec->notafter;
             cmndspec->tags = prev_cmndspec->tags;
+           if (cmndspec->tags.setenv == IMPLIED)
+               cmndspec->tags.setenv = UNSPEC;
         } else {
             /* Parse sudoRunAsUser / sudoRunAs */
             if (runasusers != NULL) {
@@ -514,6 +516,9 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
             /* So we can inherit previous values. */
             prev_cmndspec = cmndspec;
         }
+       /* Sudo "ALL" implies the SETENV tag. */
+       if (c == NULL && cmndspec->tags.setenv == UNSPEC)
+           cmndspec->tags.setenv = IMPLIED;
      }
      /* Negated commands take precedence so we insert them at the end. */
      TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries);
author	Todd C. Miller <Todd.Miller@sudo.ws>
	Wed, 16 May 2018 16:01:52 +0000 (10:01 -0600)
committer	Todd C. Miller <Todd.Miller@sudo.ws>
	Wed, 16 May 2018 16:01:52 +0000 (10:01 -0600)