[sudo-workers] double-quoted sudoOption values in LDAP sudoers
Daniel Kopecek
dkopecek at redhat.com
Tue Jul 7 02:18:53 MDT 2015
Hello,
I'm trying to figure out whether double-quoted values in a sudoOption
entry in LDAP sudoers are supported. Reading the manpage, it seems they
should be. However, when reading the code that handles sudoOptions in
plugins/sudoers/ldap.c (and sssd.c), I don't see any double-quote
handling in there:
/* check for equals sign past first char */
val = strchr(var, '=');
if (val > var) {
*val++ = '\0'; /* split on = and truncate var */
op = *(val - 2); /* peek for += or -= cases */
if (op == '+' || op == '-') {
*(val - 2) = '\0'; /* found, remove extra char */
/* case var+=val or var-=val */
set_default(var, val, (int) op);
} else {
/* case var=val */
set_default(var, val, true);
}
} else if (*var == '!') {
/* case !var Boolean False */
set_default(var + 1, NULL, false);
} else {
/* case var Boolean True */
set_default(var, NULL, true);
}
When processing an option, e.g. env_keep="FOO BAR", set_default is
called with: set_default('env_keep', '"FOO BAR"').
Am I missing something here or is there a bug either in the docs or in
the code?
Thanks,
Dan K.
More information about the sudo-workers
mailing list