added support for NO_PASSWD and runas from garp@opustel.com

1996-04-28 00:59:21 +00:00
parent 88c189315c
commit 32002b7d97
2 changed files with 52 additions and 6 deletions
--- a/parse.c
+++ b/parse.c
@@ -74,12 +74,11 @@ static char rcsid[] = "$Id$";
 #include "sudo.h"
 #include <options.h>

-extern FILE *yyin, *yyout;
-
 /*
 * Globals
 */
 int parse_error = FALSE;
+extern FILE *yyin, *yyout;

 /*
 * Prototypes for static (local) functions
@@ -146,10 +145,20 @@ int validate(check_cmnd)
 	while (top) {
 	    if (host_matches == TRUE)
 		if (cmnd_matches == TRUE)
-		    /* user was granted access to cmnd on host */
-		    return(VALIDATE_OK);
+		   if (runas_user == NULL || 
+			(runas_user != NULL && runas_matches == TRUE))
+		    	/*
+			 * User was granted access to cmnd on host.
+		    	 * If no passwd required return as such.
+			 */
+		    	if (no_passwd == TRUE)
+		    		return(VALIDATE_OK_NOPASS);
+		    	else
+		    		return(VALIDATE_OK);
+		   else
+		        return(VALIDATE_NOT_OK);
 		else if (cmnd_matches == FALSE)
-		    /* user was explicitly denied acces to cmnd on host */
+		    /* User was explicitly denied acces to cmnd on host. */
 		    return(VALIDATE_NOT_OK);
 	    top--;
 	}
--- a/parse.lex
+++ b/parse.lex
@@ -84,6 +84,7 @@ WORD			[a-zA-Z0-9_-]+
 %k	3500

 %s	GOTCMND
+%s	GOTRUNAS

 %%
 [ \t]+			{			/* throw away space/tabs */
@@ -156,6 +157,13 @@ WORD			[a-zA-Z0-9_-]+
 			    return('.');
 			}

+NOPASSWD:		{ 
+				/* XXX - is this the best way? */
+				/* cmnd does not require passwd for this user */
+			    	LEXTRACE("NOPASSWD ");
+			    	return(NOPASSWD);
+			}
+
 \+[a-zA-Z][a-zA-Z0-9_-]* {
 			    fill(yytext, yyleng);
 			    return(NETGROUP);
@@ -178,6 +186,36 @@ WORD			[a-zA-Z0-9_-]+
 			    return(FQHOST);
 			}

+\(			{
+				/* XXX - what about '(' in command args? */
+				BEGIN GOTRUNAS;
+				LEXTRACE("RUNAS ");
+				return (RUNAS);
+			}
+
+<GOTRUNAS>[A-Z][A-Z0-9_]* {
+			    /* User_Alias that user can run command as or ALL */
+			    fill(yytext, yyleng);
+			    if (strcmp(yytext, "ALL") == 0) {
+				LEXTRACE("ALL ");
+				return(ALL);
+			    } else {
+				LEXTRACE("ALIAS ");
+				return(ALIAS);
+			    }
+			}
+
+<GOTRUNAS>#?[a-zA-Z0-9_-]+	{
+			    /* username/uid that user can run command as */
+			    /* XXX - should we allow more than thse chars? */
+			    fill(yytext, yyleng);
+			    LEXTRACE("NAME ");
+			    return(NAME);
+			}
+
+<GOTRUNAS>\)		BEGIN 0; /* XXX - will newlines be treated correctly? */
+
+
 \/[^\,:=\\ \t\n#]+	{
 			    /* directories can't have args... */
 			    if (yytext[yyleng - 1] == '/') {
@@ -217,7 +255,6 @@ WORD			[a-zA-Z0-9_-]+
 				LEXTRACE("USERALIAS ");
 				return(USERALIAS);
 			    }
-
 			    l = yyleng - 1;
 			    if (isalpha(yytext[l]) || isdigit(yytext[l])) {
 				/* NAME is what RFC1034 calls a label */