[sudo-workers] Empty SUDOERS_SEARCH_FILTER bug
Todd C. Miller
Todd.Miller at courtesan.com
Thu Aug 31 06:05:13 MDT 2017
It works fine for me with sudo 1.8.21, what version of sudo are you
testing?
$ grep search_filter /etc/ldap.conf
# sudoers_search_filter sudoOrder=5
sudoers_search_filter
Results in queries like:
sudo: ldap search '(&(|(sudoUser=millert)(sudoUser=%staff)(sudoUser=%#20)(sudoUser=ALL))(&(|(!(sudoNotAfter=*))(sudoNotAfter>=20170831115629.0Z))(|(!(sudoNotBefore=*))(sudoNotBefore<=20170831115629.0Z))))'
sudo: ldap search '(&(|(sudoUser=+*)(sudoUser=%:*))(&(|(!(sudoNotAfter=*))(sudoNotAfter>=20170831115629.0Z))(|(!(sudoNotBefore=*))(sudoNotBefore<=20170831115629.0Z))))'
This was probably fixed by https://www.sudo.ws/repos/sudo/rev/54856973af41
Specifically, the hunk that changes how an empty CONF_STR is stored.
- todd
More information about the sudo-workers
mailing list