* Print a record in the short form, ala file sudoers.
*/
static int
-sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct sudo_lbuf *lbuf)
+sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct passwd *pw,
+ struct sudo_lbuf *lbuf)
{
struct berval **bv, **p;
+ bool no_runas_user = true;
int count = 0;
debug_decl(sudo_ldap_display_entry_short, SUDOERS_DEBUG_LDAP)
sudo_lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val);
}
ldap_value_free_len(bv);
- } else
- sudo_lbuf_append(lbuf, "%s", def_runas_default);
+ no_runas_user = false;
+ }
/* get the RunAsGroup Values from the entry */
bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
if (bv != NULL) {
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", pw->pw_name);
+ }
sudo_lbuf_append(lbuf, " : ");
for (p = bv; *p != NULL; p++) {
sudo_lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val);
}
ldap_value_free_len(bv);
+ } else {
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", def_runas_default);
+ }
}
sudo_lbuf_append(lbuf, ") ");
* Print a record in the long form.
*/
static int
-sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct sudo_lbuf *lbuf)
+sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct passwd *pw,
+ struct sudo_lbuf *lbuf)
{
struct berval **bv, **p;
+ bool no_runas_user = true;
char *rdn;
int count = 0;
debug_decl(sudo_ldap_display_entry_long, SUDOERS_DEBUG_LDAP)
sudo_lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val);
}
ldap_value_free_len(bv);
- } else
- sudo_lbuf_append(lbuf, "%s", def_runas_default);
- sudo_lbuf_append(lbuf, "\n");
+ no_runas_user = false;
+ }
/* get the RunAsGroup Values from the entry */
bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
if (bv != NULL) {
- sudo_lbuf_append(lbuf, " RunAsGroups: ");
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", pw->pw_name);
+ }
+ sudo_lbuf_append(lbuf, "\n RunAsGroups: ");
for (p = bv; *p != NULL; p++) {
sudo_lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val);
}
ldap_value_free_len(bv);
sudo_lbuf_append(lbuf, "\n");
+ } else {
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", def_runas_default);
+ }
+ sudo_lbuf_append(lbuf, "\n");
}
/* get the Option Values from the entry */
for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry;
if (long_list)
- count += sudo_ldap_display_entry_long(ld, entry, lbuf);
+ count += sudo_ldap_display_entry_long(ld, entry, pw, lbuf);
else
- count += sudo_ldap_display_entry_short(ld, entry, lbuf);
+ count += sudo_ldap_display_entry_short(ld, entry, pw, lbuf);
}
done:
static int
sudo_sss_display_entry_long(struct sudo_sss_handle *handle,
- struct sss_sudo_rule *rule, struct sudo_lbuf *lbuf)
+ struct sss_sudo_rule *rule, struct passwd *pw, struct sudo_lbuf *lbuf)
{
char **val_array = NULL;
+ bool no_runas_user = true;
int count = 0, i;
debug_decl(sudo_sss_display_entry_long, SUDOERS_DEBUG_SSSD);
for (i = 0; val_array[i] != NULL; ++i)
sudo_lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
handle->fn_free_values(val_array);
+ no_runas_user = false;
break;
case ENOENT:
switch (handle->fn_get_values(rule, "sudoRunAs", &val_array)) {
for (i = 0; val_array[i] != NULL; ++i)
sudo_lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
handle->fn_free_values(val_array);
+ no_runas_user = false;
break;
case ENOENT:
sudo_debug_printf(SUDO_DEBUG_INFO, "No result.");
- sudo_lbuf_append(lbuf, "%s", def_runas_default);
break;
default:
sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAs): != 0");
sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsUser): != 0");
debug_return_int(count);
}
- sudo_lbuf_append(lbuf, "\n");
/* get the RunAsGroup Values from the entry */
switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) {
case 0:
- sudo_lbuf_append(lbuf, " RunAsGroups: ");
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", pw->pw_name);
+ }
+ sudo_lbuf_append(lbuf, "\n RunAsGroups: ");
for (i = 0; val_array[i] != NULL; ++i)
sudo_lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
handle->fn_free_values(val_array);
sudo_lbuf_append(lbuf, "\n");
break;
case ENOENT:
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", pw->pw_name);
+ }
+ sudo_lbuf_append(lbuf, "\n");
sudo_debug_printf(SUDO_DEBUG_INFO, "No result.");
break;
default:
static int
sudo_sss_display_entry_short(struct sudo_sss_handle *handle,
- struct sss_sudo_rule *rule, struct sudo_lbuf *lbuf)
+ struct sss_sudo_rule *rule, struct passwd *pw, struct sudo_lbuf *lbuf)
{
char **val_array = NULL;
+ bool no_runas_user = true;
int count = 0, i;
debug_decl(sudo_sss_display_entry_short, SUDOERS_DEBUG_SSSD);
for (i = 0; val_array[i] != NULL; ++i)
sudo_lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
handle->fn_free_values(val_array);
+ no_runas_user = false;
break;
case ENOENT:
sudo_debug_printf(SUDO_DEBUG_INFO, "No result. Trying old style (sudoRunAs).");
for (i = 0; val_array[i] != NULL; ++i)
sudo_lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
handle->fn_free_values(val_array);
+ no_runas_user = false;
break;
case ENOENT:
sudo_debug_printf(SUDO_DEBUG_INFO, "No result.");
- sudo_lbuf_append(lbuf, "%s", def_runas_default);
break;
default:
sudo_debug_printf(SUDO_DEBUG_INFO,
/* get the RunAsGroup Values from the entry */
switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) {
case 0:
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", pw->pw_name);
+ }
sudo_lbuf_append(lbuf, " : ");
for (i = 0; val_array[i] != NULL; ++i)
sudo_lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]);
handle->fn_free_values(val_array);
break;
case ENOENT:
+ if (no_runas_user) {
+ /* finish printing sudoRunAs */
+ sudo_lbuf_append(lbuf, "%s", def_runas_default);
+ }
sudo_debug_printf(SUDO_DEBUG_INFO, "No result.");
break;
default:
for (i = 0; i < sss_result->num_rules; ++i) {
rule = sss_result->rules + i;
if (long_list)
- count += sudo_sss_display_entry_long(handle, rule, lbuf);
+ count += sudo_sss_display_entry_long(handle, rule, pw, lbuf);
else
- count += sudo_sss_display_entry_short(handle, rule, lbuf);
+ count += sudo_sss_display_entry_short(handle, rule, pw, lbuf);
}
handle->fn_free_result(sss_result);
projects / sudo / commitdiff