sudo/sme9/sudo-1.8.6p3-netgrmatchtrace.patch

diff -up sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace sudo-1.8.6p3/plugins/sudoers/match.c
--- sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace        2013-08-12 14:42:56.498247674 +0200
+++ sudo-1.8.6p3/plugins/sudoers/match.c        2013-08-12 14:43:01.009264127 +0200
@@ -713,6 +713,10 @@ netgr_matches(char *netgr, char *lhost,
 #ifdef HAVE_GETDOMAINNAME
     static int initialized;
 #endif
+#ifdef HAVE_INNETGR
+    bool innetgr_lhost = false;
+    bool innetgr_shost = false;
+#endif
     debug_decl(netgr_matches, SUDO_DEBUG_MATCH)
 
     /* make sure we have a valid netgroup, sudo style */
@@ -733,9 +737,39 @@ netgr_matches(char *netgr, char *lhost,
 
 #ifdef HAVE_INNETGR
     if (innetgr(netgr, lhost, user, domain))
-       debug_return_bool(true);
+           innetgr_lhost = true;
     else if (lhost != shost && innetgr(netgr, shost, user, domain))
-       debug_return_bool(true);
+           innetgr_shost = true;
+
+    if (innetgr_lhost) {
+           sudo_debug_printf(SUDO_DEBUG_TRACE,
+                             "(%s, %s, %s) found in netgroup %s\n",
+                             shost ? shost : "*",
+                             user ? user : "*",
+                             domain ? domain : "*",
+                             netgr);
+    } else if (innetgr_shost) {
+           sudo_debug_printf(SUDO_DEBUG_TRACE,
+                             "(%s, %s, %s) found in netgroup %s\n",
+                             lhost ? lhost : "*",
+                             user ? user : "*",
+                             domain ? domain : "*",
+                             netgr);
+    } else {
+           sudo_debug_printf(SUDO_DEBUG_TRACE,
+                             "(%s, %s, %s) NOT found in netgroup %s\n",
+                             shost ? shost : "*",
+                             user ? user : "*",
+                             domain ? domain : "*",
+                             netgr);
+           sudo_debug_printf(SUDO_DEBUG_TRACE,
+                             "(%s, %s, %s) NOT found in netgroup %s\n",
+                             lhost ? lhost : "*",
+                             user ? user : "*",
+                             domain ? domain : "*",
+                             netgr);
+    }
+    debug_return_bool(innetgr_lhost || innetgr_shost);
 #endif /* HAVE_INNETGR */
 
     debug_return_bool(false);
1	jpp	1.1	diff -up sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace sudo-1.8.6p3/plugins/sudoers/match.c
2			--- sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace 2013-08-12 14:42:56.498247674 +0200
3			+++ sudo-1.8.6p3/plugins/sudoers/match.c 2013-08-12 14:43:01.009264127 +0200
4			@@ -713,6 +713,10 @@ netgr_matches(char netgr, char lhost,
5			#ifdef HAVE_GETDOMAINNAME
6			static int initialized;
7			#endif
8			+#ifdef HAVE_INNETGR
9			+ bool innetgr_lhost = false;
10			+ bool innetgr_shost = false;
11			+#endif
12			debug_decl(netgr_matches, SUDO_DEBUG_MATCH)
13
14			/* make sure we have a valid netgroup, sudo style */
15			@@ -733,9 +737,39 @@ netgr_matches(char netgr, char lhost,
16
17			#ifdef HAVE_INNETGR
18			if (innetgr(netgr, lhost, user, domain))
19			- debug_return_bool(true);
20			+ innetgr_lhost = true;
21			else if (lhost != shost && innetgr(netgr, shost, user, domain))
22			- debug_return_bool(true);
23			+ innetgr_shost = true;
24			+
25			+ if (innetgr_lhost) {
26			+ sudo_debug_printf(SUDO_DEBUG_TRACE,
27			+ "(%s, %s, %s) found in netgroup %s\n",
28			+ shost ? shost : "*",
29			+ user ? user : "*",
30			+ domain ? domain : "*",
31			+ netgr);
32			+ } else if (innetgr_shost) {
33			+ sudo_debug_printf(SUDO_DEBUG_TRACE,
34			+ "(%s, %s, %s) found in netgroup %s\n",
35			+ lhost ? lhost : "*",
36			+ user ? user : "*",
37			+ domain ? domain : "*",
38			+ netgr);
39			+ } else {
40			+ sudo_debug_printf(SUDO_DEBUG_TRACE,
41			+ "(%s, %s, %s) NOT found in netgroup %s\n",
42			+ shost ? shost : "*",
43			+ user ? user : "*",
44			+ domain ? domain : "*",
45			+ netgr);
46			+ sudo_debug_printf(SUDO_DEBUG_TRACE,
47			+ "(%s, %s, %s) NOT found in netgroup %s\n",
48			+ lhost ? lhost : "*",
49			+ user ? user : "*",
50			+ domain ? domain : "*",
51			+ netgr);
52			+ }
53			+ debug_return_bool(innetgr_lhost \|\| innetgr_shost);
54			#endif /* HAVE_INNETGR */
55
56			debug_return_bool(false);