[sudo-workers] Patch for sudo-1.7.5b1
Andreas Mueller
afm at othello.ch
Tue Nov 9 09:26:06 EST 2010
Hi,
here is patch for sudo-1.7.5b1 that does the following
- all matching ldap entries are read into memory before
a final decision whether to allow a command or not is
reached (similar to what 1.7.5b1 does)
- adds an attribute sudoOrder that allows to specify the
order in which the entries should be evaluated to compensate
for the lack of ordering in LDAP sudoRoles
- some modifications that sudo never reads the directory
twice (as it usually does for sudo -l and other commands)
This is done by adding a richer handle to sudo_nss,
one that can cache the LDAP connection, the search
result and the user for which the last search was
performed.
- two more new attributes sudoNotBefore and sudoNotAfter
to allow timed attributes.
- some code reorganization: a lot of code duplication in
ldap searches has been eliminated. Genereting the LDAP
filters has been delegated to two new functions
Tested on Linux with a SunONE directory.
Best regards
Andreas
--
Prof. Dr. Andreas Mueller
andreas.mueller at othello.ch
Bubental 53, 8852 Altendorf
Voice: +41 55 4621481 Fax/Data: +41 55 4621482
http://www.eurocketry.org/forum/german/viewtopic.php?p=15049#15049
http://www.youtube.com/watch?v=keweeQdMAFM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo-1.7.5b1.patch
Type: text/x-patch
Size: 55230 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20101109/9c6268ec/attachment.bin>
More information about the sudo-workers
mailing list