List SELinux role/type for "sudo -l" with LDAP and SSSd backends.

author Todd C. Miller <Todd.Miller@courtesan.com>

Tue, 14 Feb 2017 22:56:34 +0000 (15:56 -0700)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Tue, 14 Feb 2017 22:56:34 +0000 (15:56 -0700)
author Todd C. Miller <Todd.Miller@courtesan.com>
Tue, 14 Feb 2017 22:56:34 +0000 (15:56 -0700)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Tue, 14 Feb 2017 22:56:34 +0000 (15:56 -0700)
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c

index 7a28cf1165ce92a5422e5dc00f76b0f160fdec01..1fa74d0864b849a966b4f261413a243bf0877408 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -2479,8 +2479,20 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct passwd *pw,
                 sudo_lbuf_append(lbuf, negated ? "NOSETENV: " : "SETENV: ");
             else if (strcmp(val, "mail_all_cmnds") == 0 || strcmp(val, "mail_always") == 0)
                 sudo_lbuf_append(lbuf, negated ? "NOMAIL: " : "MAIL: ");
-           else if (!negated && strcmp(val, "command_timeout") == 0)
-               sudo_lbuf_append(lbuf, "TIMEOUT=%s", val);
+           else if (!negated && strncmp(val, "command_timeout=", 16) == 0)
+               sudo_lbuf_append(lbuf, "TIMEOUT=%s ", val + 16);
+#ifdef HAVE_SELINUX
+           else if (!negated && strncmp(val, "role=", 5) == 0)
+               sudo_lbuf_append(lbuf, "ROLE=%s ", val + 5);
+           else if (!negated && strncmp(val, "type=", 5) == 0)
+               sudo_lbuf_append(lbuf, "TYPE=%s ", val + 5);
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_PRIV_SET
+           else if (!negated && strncmp(val, "privs=", 6) == 0)
+               sudo_lbuf_append(lbuf, "PRIVS=%s ", val + 6);
+           else if (!negated && strncmp(val, "limitprivs=", 11) == 0)
+               sudo_lbuf_append(lbuf, "LIMITPRIVS=%s ", val + 11);
+#endif /* HAVE_PRIV_SET */
         }
         ldap_value_free_len(bv);
      }
diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c

index 3823d0f457f564581ec97229b4cffa06073e8b2a..93d407c7d103c267ea3eb0c02c2f8332ab59aef5 100644 (file)
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1728,6 +1728,20 @@ sudo_sss_display_entry_short(struct sudo_sss_handle *handle,
                 sudo_lbuf_append(lbuf, negated ? "NOSETENV: " : "SETENV: ");
             else if (strcmp(val, "mail_all_cmnds") == 0 || strcmp(val, "mail_always") == 0)
                 sudo_lbuf_append(lbuf, negated ? "NOMAIL: " : "MAIL: ");
+           else if (!negated && strncmp(val, "command_timeout=", 16) == 0)
+               sudo_lbuf_append(lbuf, "TIMEOUT=%s ", val + 16);
+#ifdef HAVE_SELINUX
+           else if (!negated && strncmp(val, "role=", 5) == 0)
+               sudo_lbuf_append(lbuf, "ROLE=%s ", val + 5);
+           else if (!negated && strncmp(val, "type=", 5) == 0)
+               sudo_lbuf_append(lbuf, "TYPE=%s ", val + 5);
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_PRIV_SET
+           else if (!negated && strncmp(val, "privs=", 6) == 0)
+               sudo_lbuf_append(lbuf, "PRIVS=%s ", val + 6);
+           else if (!negated && strncmp(val, "limitprivs=", 11) == 0)
+               sudo_lbuf_append(lbuf, "LIMITPRIVS=%s ", val + 11);
+#endif /* HAVE_PRIV_SET */
         }
         handle->fn_free_values(val_array);
         break;
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Tue, 14 Feb 2017 22:56:34 +0000 (15:56 -0700)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Tue, 14 Feb 2017 22:56:34 +0000 (15:56 -0700)
plugins/sudoers/ldap.c		patch \| blob \| history
plugins/sudoers/sssd.c		patch \| blob \| history