isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added support for NO_PASSWD and runas from garp@opustel.com

Browse Source
This commit is contained in:
Todd C. Miller
1996-04-28 00:59:21 +00:00
parent 88c189315c
commit 32002b7d97
2 changed files with 52 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
parse.c
View File

@@ -74,12 +74,11 @@ static char rcsid[] = "$Id$";
#include "sudo.h" #include "sudo.h"
#include <options.h> #include <options.h>
extern FILE *yyin, *yyout;
/* /*
* Globals * Globals
*/ */
int parse_error = FALSE; int parse_error = FALSE;
extern FILE *yyin, *yyout;
/* /*
* Prototypes for static (local) functions * Prototypes for static (local) functions
@@ -146,10 +145,20 @@ int validate(check_cmnd)
while (top) { while (top) {
if (host_matches == TRUE) if (host_matches == TRUE)
if (cmnd_matches == TRUE) if (cmnd_matches == TRUE)
/* user was granted access to cmnd on host */ if (runas_user == NULL ||
(runas_user != NULL && runas_matches == TRUE))
/*
* User was granted access to cmnd on host.
* If no passwd required return as such.
*/
if (no_passwd == TRUE)
return(VALIDATE_OK_NOPASS);
else
return(VALIDATE_OK); return(VALIDATE_OK);
else
return(VALIDATE_NOT_OK);
else if (cmnd_matches == FALSE) else if (cmnd_matches == FALSE)
/* user was explicitly denied acces to cmnd on host */ /* User was explicitly denied acces to cmnd on host. */
return(VALIDATE_NOT_OK); return(VALIDATE_NOT_OK);
top--; top--;
} }

39
parse.lex
View File

@@ -84,6 +84,7 @@ WORD [a-zA-Z0-9_-]+
%k 3500 %k 3500
%s GOTCMND %s GOTCMND
%s GOTRUNAS
%% %%
[ \t]+ { /* throw away space/tabs */ [ \t]+ { /* throw away space/tabs */
@@ -156,6 +157,13 @@ WORD [a-zA-Z0-9_-]+
return('.'); return('.');
} }
NOPASSWD: {
/* XXX - is this the best way? */
/* cmnd does not require passwd for this user */
LEXTRACE("NOPASSWD ");
return(NOPASSWD);
}
\+[a-zA-Z][a-zA-Z0-9_-]* { \+[a-zA-Z][a-zA-Z0-9_-]* {
fill(yytext, yyleng); fill(yytext, yyleng);
return(NETGROUP); return(NETGROUP);
@@ -178,6 +186,36 @@ WORD [a-zA-Z0-9_-]+
return(FQHOST); return(FQHOST);
} }
\( {
/* XXX - what about '(' in command args? */
BEGIN GOTRUNAS;
LEXTRACE("RUNAS ");
return (RUNAS);
}
<GOTRUNAS>[A-Z][A-Z0-9_]* {
/* User_Alias that user can run command as or ALL */
fill(yytext, yyleng);
if (strcmp(yytext, "ALL") == 0) {
LEXTRACE("ALL ");
return(ALL);
} else {
LEXTRACE("ALIAS ");
return(ALIAS);
}
}
<GOTRUNAS>#?[a-zA-Z0-9_-]+ {
/* username/uid that user can run command as */
/* XXX - should we allow more than thse chars? */
fill(yytext, yyleng);
LEXTRACE("NAME ");
return(NAME);
}
<GOTRUNAS>\) BEGIN 0; /* XXX - will newlines be treated correctly? */
\/[^\,:=\\ \t\n#]+ { \/[^\,:=\\ \t\n#]+ {
/* directories can't have args... */ /* directories can't have args... */
if (yytext[yyleng - 1] == '/') { if (yytext[yyleng - 1] == '/') {
@@ -217,7 +255,6 @@ WORD [a-zA-Z0-9_-]+
LEXTRACE("USERALIAS "); LEXTRACE("USERALIAS ");
return(USERALIAS); return(USERALIAS);
} }
l = yyleng - 1; l = yyleng - 1;
if (isalpha(yytext[l]) || isdigit(yytext[l])) { if (isalpha(yytext[l]) || isdigit(yytext[l])) {
/* NAME is what RFC1034 calls a label */ /* NAME is what RFC1034 calls a label */