1 |
diff -up sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace sudo-1.8.6p3/plugins/sudoers/match.c |
2 |
--- sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace 2013-08-12 14:42:56.498247674 +0200 |
3 |
+++ sudo-1.8.6p3/plugins/sudoers/match.c 2013-08-12 14:43:01.009264127 +0200 |
4 |
@@ -713,6 +713,10 @@ netgr_matches(char *netgr, char *lhost, |
5 |
#ifdef HAVE_GETDOMAINNAME |
6 |
static int initialized; |
7 |
#endif |
8 |
+#ifdef HAVE_INNETGR |
9 |
+ bool innetgr_lhost = false; |
10 |
+ bool innetgr_shost = false; |
11 |
+#endif |
12 |
debug_decl(netgr_matches, SUDO_DEBUG_MATCH) |
13 |
|
14 |
/* make sure we have a valid netgroup, sudo style */ |
15 |
@@ -733,9 +737,39 @@ netgr_matches(char *netgr, char *lhost, |
16 |
|
17 |
#ifdef HAVE_INNETGR |
18 |
if (innetgr(netgr, lhost, user, domain)) |
19 |
- debug_return_bool(true); |
20 |
+ innetgr_lhost = true; |
21 |
else if (lhost != shost && innetgr(netgr, shost, user, domain)) |
22 |
- debug_return_bool(true); |
23 |
+ innetgr_shost = true; |
24 |
+ |
25 |
+ if (innetgr_lhost) { |
26 |
+ sudo_debug_printf(SUDO_DEBUG_TRACE, |
27 |
+ "(%s, %s, %s) found in netgroup %s\n", |
28 |
+ shost ? shost : "*", |
29 |
+ user ? user : "*", |
30 |
+ domain ? domain : "*", |
31 |
+ netgr); |
32 |
+ } else if (innetgr_shost) { |
33 |
+ sudo_debug_printf(SUDO_DEBUG_TRACE, |
34 |
+ "(%s, %s, %s) found in netgroup %s\n", |
35 |
+ lhost ? lhost : "*", |
36 |
+ user ? user : "*", |
37 |
+ domain ? domain : "*", |
38 |
+ netgr); |
39 |
+ } else { |
40 |
+ sudo_debug_printf(SUDO_DEBUG_TRACE, |
41 |
+ "(%s, %s, %s) NOT found in netgroup %s\n", |
42 |
+ shost ? shost : "*", |
43 |
+ user ? user : "*", |
44 |
+ domain ? domain : "*", |
45 |
+ netgr); |
46 |
+ sudo_debug_printf(SUDO_DEBUG_TRACE, |
47 |
+ "(%s, %s, %s) NOT found in netgroup %s\n", |
48 |
+ lhost ? lhost : "*", |
49 |
+ user ? user : "*", |
50 |
+ domain ? domain : "*", |
51 |
+ netgr); |
52 |
+ } |
53 |
+ debug_return_bool(innetgr_lhost || innetgr_shost); |
54 |
#endif /* HAVE_INNETGR */ |
55 |
|
56 |
debug_return_bool(false); |