[sudo-workers] ldap and sssd don't parse whitespaces
Todd C. Miller
Todd.Miller at courtesan.com
Wed Dec 9 14:35:49 MST 2015
I agree that the whitespace should be ignored, though I also think
that sudoers2ldif should remove it when converting to ldif. I've
committed a diff for sudoers2ldif to that effect. For ldap/sssd
parsing I'd rather do something like the following (relative to the
current sudo repo sources).
- todd
diff -r dcc9d15b0f3c plugins/sudoers/ldap.c
--- a/plugins/sudoers/ldap.c Tue Dec 08 15:06:00 2015 -0700
+++ b/plugins/sudoers/ldap.c Wed Dec 09 14:31:33 2015 -0700
@@ -1046,7 +1046,7 @@
sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
{
struct berval **bv, **p;
- char *var, *val;
+ char *cp, *var;
int op;
bool rc = false;
debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP)
@@ -1064,17 +1064,25 @@
DPRINTF2("ldap sudoOption: '%s'", var);
/* check for equals sign past first char */
- val = strchr(var, '=');
- if (val > var) {
- *val++ = '\0'; /* split on = and truncate var */
- op = val[-2]; /* peek for += or -= cases */
+ cp = strchr(var, '=');
+ if (cp > var) {
+ char *val = cp + 1;
+ op = cp[-1]; /* peek for += or -= cases */
if (op == '+' || op == '-') {
/* case var+=val or var-=val */
- val[-2] = '\0'; /* remove extra + or - char */
+ cp--;
} else {
/* case var=val */
op = true;
}
+ /* Trim whitespace between var and operator. */
+ while (cp > var && isblank((unsigned char)cp[-1]))
+ cp--;
+ /* Truncate variable name. */
+ *cp = '\0';
+ /* Trim leading whitespace from val. */
+ while (isblank((unsigned char)*val))
+ val++;
/* Strip double quotes if present. */
if (*val == '"') {
char *ep = val + strlen(val);
@@ -1086,7 +1094,10 @@
set_default(var, val, op);
} else if (*var == '!') {
/* case !var Boolean False */
- set_default(var + 1, NULL, false);
+ do {
+ var++;
+ } while (isblank((unsigned char)*var));
+ set_default(var, NULL, false);
} else {
/* case var Boolean True */
set_default(var, NULL, true);
diff -r dcc9d15b0f3c plugins/sudoers/sssd.c
--- a/plugins/sudoers/sssd.c Tue Dec 08 15:06:00 2015 -0700
+++ b/plugins/sudoers/sssd.c Wed Dec 09 14:31:33 2015 -0700
@@ -1024,7 +1024,7 @@
{
int i, op;
bool ret = false;
- char *v, *val;
+ char *cp, *v;
char **val_array = NULL;
debug_decl(sudo_sss_parse_options, SUDOERS_DEBUG_SSSD);
@@ -1052,17 +1052,25 @@
}
/* check for equals sign past first char */
- val = strchr(v, '=');
- if (val > v) {
- *val++ = '\0'; /* split on = and truncate var */
- op = val[-2]; /* peek for += or -= cases */
+ cp = strchr(v, '=');
+ if (cp > v) {
+ char *val = cp + 1;
+ op = cp[-1]; /* peek for += or -= cases */
if (op == '+' || op == '-') {
/* case var+=val or var-=val */
- val[-2] = '\0'; /* remove extra + or - char */
+ cp--;
} else {
/* case var=val */
op = true;
}
+ /* Trim whitespace between var and operator. */
+ while (cp > v && isblank((unsigned char)cp[-1]))
+ cp--;
+ /* Truncate variable name. */
+ *cp = '\0';
+ /* Trim leading whitespace from val. */
+ while (isblank((unsigned char)*val))
+ val++;
/* Strip double quotes if present. */
if (*val == '"') {
char *ep = val + strlen(val);
@@ -1074,7 +1082,10 @@
set_default(v, val, op);
} else if (*v == '!') {
/* case !var Boolean False */
- set_default(v + 1, NULL, false);
+ do {
+ v++;
+ } while (isblank((unsigned char)*v));
+ set_default(v, NULL, false);
} else {
/* case var Boolean True */
set_default(v, NULL, true);
More information about the sudo-workers
mailing list