From 608574a219226bf88268df440cbfeb5bc1a320ec Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 2 Aug 2018 14:45:00 -0600 Subject: [PATCH] For ldap/sssd, include defaults in the generate privilege unless we are listing in short mode (in which case we convert them to tags if possible). Fixes a problem where sudoOptions were not being applied to the command. --- plugins/sudoers/ldap.c | 2 +- plugins/sudoers/parse.c | 6 +++--- plugins/sudoers/policy.c | 4 ++-- plugins/sudoers/sssd.c | 2 +- plugins/sudoers/sudoers.c | 2 +- plugins/sudoers/sudoers.h | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 59512b9a1..fe45b8f5e 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -1196,7 +1196,7 @@ ldap_to_sudoers(LDAP *ld, struct ldap_result *lres, priv = sudo_ldap_role_to_priv(cn, hosts, runasusers, runasgroups, cmnds, opts, notbefore ? notbefore[0]->bv_val : NULL, - notafter ? notafter[0]->bv_val : NULL, false, long_list, + notafter ? notafter[0]->bv_val : NULL, false, !short_list, berval_iter); cleanup: diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 25a07e0ef..537b1f60a 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -540,10 +540,10 @@ sudo_display_userspecs(struct sudoers_parse_tree *parse_tree, struct passwd *pw, if (userlist_matches(parse_tree, pw, &us->users) != ALLOW) continue; - if (long_list) - nfound += display_priv_long(parse_tree, pw, us, lbuf); - else + if (short_list) nfound += display_priv_short(parse_tree, pw, us, lbuf); + else + nfound += display_priv_long(parse_tree, pw, us, lbuf); } if (sudo_lbuf_error(lbuf)) debug_return_int(-1); diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 0bb6dca76..d71a3c4bb 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -904,8 +904,8 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, SET(sudo_mode, MODE_CHECK); else SET(sudo_mode, MODE_LIST); - if (verbose) - long_list = 1; + if (!verbose) + short_list = 1; if (list_user) { list_pw = sudo_getpwnam(list_user); if (list_pw == NULL) { diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index 0c66a4b1a..1ca8b6848 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -356,7 +356,7 @@ sss_to_sudoers(struct sudo_sss_handle *handle, priv = sudo_ldap_role_to_priv(cn, hosts, runasusers, runasgroups, cmnds, opts, notbefore ? notbefore[0] : NULL, - notafter ? notafter[0] : NULL, false, long_list, val_array_iter); + notafter ? notafter[0] : NULL, false, !short_list, val_array_iter); cleanup: if (cn_array != NULL) diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index a7916315c..8d39140d6 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -85,7 +85,7 @@ static bool tty_present(void); */ struct sudo_user sudo_user; struct passwd *list_pw; -int long_list; +bool short_list; uid_t timestamp_uid; gid_t timestamp_gid; #ifdef HAVE_BSD_AUTH_H diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index e97bcae37..a169f2954 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -377,7 +377,7 @@ int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add void sudoers_cleanup(void); extern struct sudo_user sudo_user; extern struct passwd *list_pw; -extern int long_list; +extern bool short_list; extern int sudo_mode; extern uid_t timestamp_uid; extern gid_t timestamp_gid; -- 2.40.0