Run the command on the specified _\bh_\bo_\bs_\bt if the security policy
plugin supports remote commands. Note that the _\bs_\bu_\bd_\bo_\be_\br_\bs
plugin does not currently support running remote commands.
+ This may also be used in conjunction with the -\b-l\bl option to
+ list a user's privileges for the remote host.
-\b-i\bi, -\b--\b-l\blo\bog\bgi\bin\bn
Run the shell specified by the target user's password
Note that the
\fIsudoers\fR
plugin does not currently support running remote commands.
+This may also be used in conjunction with the
+\fB\-l\fR
+option to list a user's privileges for the remote host.
.TP 12n
\fB\-i\fR, \fB\--login\fR
Run the shell specified by the target user's password database entry
Note that the
.Em sudoers
plugin does not currently support running remote commands.
+This may also be used in conjunction with the
+.Fl l
+option to list a user's privileges for the remote host.
.It Fl i , -login
Run the shell specified by the target user's password database entry
as a login shell.
time(&now);
if (def_loglinelen < sizeof(LOG_INDENT)) {
/* Don't pretty-print long log file lines (hard to grep) */
- if (def_log_host)
+ if (def_log_host) {
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n",
- get_timestr(now, def_log_year), user_name, user_shost, msg);
- else
+ get_timestr(now, def_log_year), user_name, user_srunhost,
+ msg);
+ } else {
(void) fprintf(fp, "%s : %s : %s\n",
get_timestr(now, def_log_year), user_name, msg);
+ }
} else {
- if (def_log_host)
+ if (def_log_host) {
len = easprintf(&full_line, "%s : %s : HOST=%s : %s",
- get_timestr(now, def_log_year), user_name, user_shost, msg);
- else
+ get_timestr(now, def_log_year), user_name, user_srunhost,
+ msg);
+ } else {
len = easprintf(&full_line, "%s : %s : %s",
get_timestr(now, def_log_year), user_name, msg);
+ }
/*
* Print out full_line with word wrap around def_loglinelen chars.
} else if (ISSET(status, FLAG_NO_HOST)) {
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not allowed to run sudo "
"on %s. This incident will be reported.\n"),
- user_name, user_shost);
+ user_name, user_srunhost);
} else if (ISSET(status, FLAG_NO_CHECK)) {
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run "
- "sudo on %s.\n"), user_name, user_shost);
+ "sudo on %s.\n"), user_name, user_srunhost);
} else {
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed "
"to execute '%s%s%s' as %s%s%s on %s.\n"),
matched = !m->negated;
break;
case NETGROUP:
- if (netgr_matches(m->name, user_host, user_shost, NULL))
+ if (netgr_matches(m->name, user_runhost, user_srunhost, NULL))
matched = !m->negated;
break;
case NTWKADDR:
}
/* FALLTHROUGH */
case WORD:
- if (hostname_matches(user_shost, user_host, m->name))
+ if (hostname_matches(user_srunhost, user_runhost, m->name))
matched = !m->negated;
break;
}
char * const *cur;
const char *p, *errstr, *groups = NULL;
const char *debug_flags = NULL;
+ const char *remhost = NULL;
int flags = 0;
debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN)
sudo_user.max_groups = atoi(*cur + sizeof("max_groups=") - 1);
continue;
}
+ if (MATCHES(*cur, "remote_host=")) {
+ remhost = *cur + sizeof("remote_host=") - 1;
+ continue;
+ }
}
for (cur = info->user_info; *cur != NULL; cur++) {
continue;
}
}
+ user_runhost = user_srunhost = estrdup(remhost ? remhost : user_host);
+ if ((p = strchr(user_runhost, '.')))
+ user_srunhost = estrndup(user_runhost, (size_t)(p - user_runhost));
if (user_cwd == NULL)
user_cwd = "unknown";
if (user_tty == NULL)
/*
* Print out privileges for the specified user.
- * We only get here if the user is allowed to run something on this host.
+ * We only get here if the user is allowed to run something.
*/
void
display_privs(struct sudo_nss_list *snl, struct passwd *pw)
lbuf_init(&privs, output, 8, NULL, cols);
/* Display defaults from all sources. */
- lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"),
- pw->pw_name);
+ lbuf_append(&defs, _("Matching Defaults entries for %s on %s:\n"),
+ pw->pw_name, user_srunhost);
count = 0;
tq_foreach_fwd(snl, nss) {
count += nss->display_defaults(nss, pw, &defs);
/* Display privileges from all sources. */
lbuf_append(&privs,
- _("User %s may run the following commands on this host:\n"),
- pw->pw_name);
+ _("User %s may run the following commands on %s:\n"),
+ pw->pw_name, user_srunhost);
count = 0;
tq_foreach_fwd(snl, nss) {
count += nss->display_privs(nss, pw, &privs);
char *ttypath;
char *host;
char *shost;
+ char *runhost;
+ char *srunhost;
char *prompt;
char *cmnd;
char *cmnd_args;
#define user_prompt (sudo_user.prompt)
#define user_host (sudo_user.host)
#define user_shost (sudo_user.shost)
+#define user_runhost (sudo_user.runhost)
+#define user_srunhost (sudo_user.srunhost)
#define user_ccname (sudo_user.krb5_ccname)
#define safe_cmnd (sudo_user.cmnd_safe)
#define login_class (sudo_user.class_name)
projects / sudo / commitdiff