[sudo-users] sudo 1.7.2p1 host parsing problem

Thu Dec 17 10:01:34 EST 2009

In message <4B2925AC.1010905 at coat.com>
	so spake Matt Marchione (mmarchio):

> I'm encountering a problem with sudo 1.7.2p1 on Solaris.  It took
> me a little while to figure out what triggers it. The hostname
> parsing does not seem to work right if the target host is not
> included in the host list at the front of the user privileges.

There is a bug when displaying entries that have multiple hosts on
the same line.  The included patch should fix that.  BTW, in sudo
1.7.x you don't need to run sudo twice to check these things.  You
can do, e.g. "./sudo -U test1 -l"

 - todd

Index: parse.c
===================================================================
RCS file: /home/cvs/courtesan/sudo/parse.c,v
retrieving revision 1.244
diff -u -p -u -r1.244 parse.c

--- parse.c	6 Sep 2009 13:28:36 -0000	1.244
+++ parse.c	17 Dec 2009 15:01:18 -0000
@@ -320,6 +320,8 @@ sudo_file_display_priv_short(pw, us, lbu
     int nfound = 0;
 
     tq_foreach_fwd(&us->privileges, priv) {
+	if (hostlist_matches(&priv->hostlist) != ALLOW)
+	    continue;
 	tags.noexec = UNSPEC;
 	tags.setenv = UNSPEC;
 	tags.nopasswd = UNSPEC;
@@ -372,6 +374,8 @@ sudo_file_display_priv_long(pw, us, lbuf
     int nfound = 0;
 
     tq_foreach_fwd(&us->privileges, priv) {
+	if (hostlist_matches(&priv->hostlist) != ALLOW)
+	    continue;
 	tags.noexec = UNSPEC;
 	tags.setenv = UNSPEC;
 	tags.nopasswd = UNSPEC;
@@ -428,9 +432,7 @@ sudo_file_display_privs(nss, pw, lbuf)
 	return(-1);
 
     tq_foreach_fwd(&userspecs, us) {
-	/* XXX - why only check the first privilege here? */
-	if (userlist_matches(pw, &us->users) != ALLOW ||
-	    hostlist_matches(&us->privileges.first->hostlist) != ALLOW)
+	if (userlist_matches(pw, &us->users) != ALLOW)
 	    continue;
 
 	if (long_list)

