isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd

Browse Source 
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
This commit is contained in:
Todd C. Miller
2000-01-03 04:43:33 +00:00
parent df297922c5
commit 625e3e46d0
5 changed files with 134 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
parse.c
View File

@@ -98,6 +98,7 @@ static const char rcsid[] = "$Sudo$";
* Globals * Globals
*/ */
int parse_error = FALSE; int parse_error = FALSE;
extern int keepall;
extern FILE *yyin, *yyout; extern FILE *yyin, *yyout;
/* /*
@@ -111,8 +112,8 @@ static int has_meta __P((char *));
* allowed to run the specified command on this host as the target user. * allowed to run the specified command on this host as the target user.
*/ */
int int
sudoers_lookup(check_cmnd) sudoers_lookup(pwflags)
int check_cmnd; int pwflags;
{ {
int error; int error;
@@ -127,6 +128,10 @@ sudoers_lookup(check_cmnd)
/* Allocate space for data structures in the parser. */ /* Allocate space for data structures in the parser. */
init_parser(); init_parser();
/* For most pwflags to be useful we need to keep more state around. */
if (pwflags && !(pwflags & PWCHECK_NEVER))
keepall = TRUE;
/* Need to be root while stat'ing things in the parser. */ /* Need to be root while stat'ing things in the parser. */
set_perms(PERM_ROOT, 0); set_perms(PERM_ROOT, 0);
error = yyparse(); error = yyparse();
@@ -146,30 +151,45 @@ sudoers_lookup(check_cmnd)
error = VALIDATE_NOT_OK; error = VALIDATE_NOT_OK;
else else
error = VALIDATE_NOT_OK | FLAG_NOPASS; error = VALIDATE_NOT_OK | FLAG_NOPASS;
if (check_cmnd == TRUE) { if (pwflags) {
error |= FLAG_NO_CHECK;
} else {
error |= FLAG_NO_HOST; error |= FLAG_NO_HOST;
if (!top) if (!top)
error |= FLAG_NO_USER; error |= FLAG_NO_USER;
} else }
error |= FLAG_NO_CHECK;
/* /*
* Only check the actual command if the check_cmnd flag is set. * Only check the actual command if pwflags flag is not set.
* It is not set for the "validate" and "list" pseudo-commands. * It is set for the "validate", "list" and "kill" pseudo-commands.
* Always check the host and user. * Always check the host and user.
*/ */
if (check_cmnd == FALSE) if (pwflags) {
int nopass, found;
if ((pwflags & PWCHECK_NEVER) || !def_flag(I_AUTHENTICATE))
nopass = FLAG_NOPASS;
else
nopass = -1;
found = 0;
while (top) { while (top) {
if (host_matches == TRUE) { if (host_matches == TRUE) {
/* User may always validate or list on allowed hosts */ found = 1;
if (no_passwd == TRUE) if (!(pwflags & PWCHECK_RUNAS) || runas_matches == TRUE) {
return(VALIDATE_OK | FLAG_NOPASS); if ((pwflags & PWCHECK_ANY) && no_passwd == TRUE)
else nopass = FLAG_NOPASS;
return(VALIDATE_OK); else if ((pwflags & PWCHECK_ALL) && nopass != 0)
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
}
} }
top--; top--;
} }
else if (found) {
if (nopass == -1)
nopass = 0;
return(VALIDATE_OK | nopass);
}
} else {
while (top) { while (top) {
if (host_matches == TRUE) { if (host_matches == TRUE) {
error &= ~FLAG_NO_HOST; error &= ~FLAG_NO_HOST;
@@ -196,6 +216,7 @@ sudoers_lookup(check_cmnd)
} }
top--; top--;
} }
}
/* /*
* The user was not explicitly granted nor denied access. * The user was not explicitly granted nor denied access.

6
parse.yacc
View File

@@ -90,6 +90,7 @@ int errorlineno = -1;
int clearaliases = TRUE; int clearaliases = TRUE;
int printmatches = FALSE; int printmatches = FALSE;
int pedantic = FALSE; int pedantic = FALSE;
int keepall = FALSE;
/* /*
* Alias types * Alias types
@@ -411,6 +412,9 @@ cmndspec : runasspec nopasswd opcmnd {
* the user was listed in sudoers. Also, we * the user was listed in sudoers. Also, we
* need to be able to tell whether or not a * need to be able to tell whether or not a
* user was listed for this specific host. * user was listed for this specific host.
*
* If keepall is set and the user matches then
* we need to keep entries around too...
*/ */
if (user_matches != -1 && host_matches != -1 && if (user_matches != -1 && host_matches != -1 &&
cmnd_matches != -1 && runas_matches != -1) cmnd_matches != -1 && runas_matches != -1)
@@ -419,6 +423,8 @@ cmndspec : runasspec nopasswd opcmnd {
(top == 2 && host_matches != -1 && (top == 2 && host_matches != -1 &&
match[0].host == -1))) match[0].host == -1)))
pushcp; pushcp;
else if (user_matches == TRUE && keepall)
pushcp;
cmnd_matches = -1; cmnd_matches = -1;
} }
; ;

12
sudo.c
View File

@@ -163,7 +163,7 @@ main(argc, argv)
int fd; int fd;
int cmnd_status; int cmnd_status;
int sudo_mode; int sudo_mode;
int check_cmnd; int sudoers_flags;
#ifdef POSIX_SIGNALS #ifdef POSIX_SIGNALS
sigset_t set, oset; sigset_t set, oset;
#else #else
@@ -218,7 +218,7 @@ main(argc, argv)
/* Setup defaults data structures. */ /* Setup defaults data structures. */
init_defaults(); init_defaults();
check_cmnd = 1; sudoers_flags = 0;
if (sudo_mode & MODE_SHELL) if (sudo_mode & MODE_SHELL)
user_cmnd = "shell"; user_cmnd = "shell";
else else
@@ -237,12 +237,12 @@ main(argc, argv)
break; break;
case MODE_VALIDATE: case MODE_VALIDATE:
user_cmnd = "validate"; user_cmnd = "validate";
check_cmnd = 0; sudoers_flags = PWCHECK_ALL | PWCHECK_RUNAS;
break; break;
case MODE_KILL: case MODE_KILL:
case MODE_INVALIDATE: case MODE_INVALIDATE:
user_cmnd = "kill"; user_cmnd = "kill";
check_cmnd = 0; sudoers_flags = PWCHECK_NEVER;
break; break;
case MODE_LISTDEFS: case MODE_LISTDEFS:
list_options(); list_options();
@@ -251,7 +251,7 @@ main(argc, argv)
case MODE_LIST: case MODE_LIST:
user_cmnd = "list"; user_cmnd = "list";
printmatches = 1; printmatches = 1;
check_cmnd = 0; sudoers_flags = PWCHECK_ANY;
break; break;
} }
@@ -270,7 +270,7 @@ main(argc, argv)
add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */ add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */
/* Validate the user but don't search for pseudo-commands. */ /* Validate the user but don't search for pseudo-commands. */
validated = sudoers_lookup(check_cmnd); validated = sudoers_lookup(sudoers_flags);
/* This goes after the sudoers parse since we honor sudoers options. */ /* This goes after the sudoers parse since we honor sudoers options. */
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {

12
sudo.h
View File

@@ -144,6 +144,18 @@ struct sudo_user {
#define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */ #define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
#define SUDO_UNLOCK 4 /* unlock a file */ #define SUDO_UNLOCK 4 /* unlock a file */
/*
* Flags for sudoers_lookup:
* PASSWD_NEVER: user never has to give a passwd
* PASSWD_ALL: no passwd needed if all entries for host have NOPASSWD flag
* PASSWD_ANY: no passwd needed if any entry for host has a NOPASSWD flag
* PWCHECK_RUNAS: require that runas_matches be TRUE
*/
#define PWCHECK_NEVER 001
#define PWCHECK_ALL 002
#define PWCHECK_ANY 004
#define PWCHECK_RUNAS 010
/* /*
* Function prototypes * Function prototypes
*/ */

144
sudo.tab.c
View File

@@ -108,6 +108,7 @@ int errorlineno = -1;
int clearaliases = TRUE; int clearaliases = TRUE;
int printmatches = FALSE; int printmatches = FALSE;
int pedantic = FALSE; int pedantic = FALSE;
int keepall = FALSE;
/* /*
* Alias types * Alias types
@@ -219,14 +220,14 @@ yyerror(s)
} }
parse_error = TRUE; parse_error = TRUE;
} }
#line 206 "parse.yacc" #line 207 "parse.yacc"
typedef union { typedef union {
char *string; char *string;
int BOOLEAN; int BOOLEAN;
struct sudo_command command; struct sudo_command command;
int tok; int tok;
} YYSTYPE; } YYSTYPE;
#line 230 "sudo.tab.c" #line 231 "sudo.tab.c"
#define COMMAND 257 #define COMMAND 257
#define ALIAS 258 #define ALIAS 258
#define NTWKADDR 259 #define NTWKADDR 259
@@ -576,7 +577,7 @@ short *yyss;
short *yysslim; short *yysslim;
YYSTYPE *yyvs; YYSTYPE *yyvs;
int yystacksize; int yystacksize;
#line 818 "parse.yacc" #line 824 "parse.yacc"
#define MOREALIASES (32) #define MOREALIASES (32)
aliasinfo *aliases = NULL; aliasinfo *aliases = NULL;
@@ -927,7 +928,7 @@ init_parser()
if (printmatches == TRUE) if (printmatches == TRUE)
expand_match_list(); expand_match_list();
} }
#line 931 "sudo.tab.c" #line 932 "sudo.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */ /* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || __STDC__ #if defined(__cplusplus) || __STDC__
static int yygrowstack(void) static int yygrowstack(void)
@@ -1108,74 +1109,74 @@ yyreduce:
switch (yyn) switch (yyn)
{ {
case 3: case 3:
#line 256 "parse.yacc" #line 257 "parse.yacc"
{ ; } { ; }
break; break;
case 4: case 4:
#line 258 "parse.yacc" #line 259 "parse.yacc"
{ yyerrok; } { yyerrok; }
break; break;
case 5: case 5:
#line 259 "parse.yacc" #line 260 "parse.yacc"
{ push; } { push; }
break; break;
case 6: case 6:
#line 259 "parse.yacc" #line 260 "parse.yacc"
{ {
while (top && user_matches != TRUE) while (top && user_matches != TRUE)
pop; pop;
} }
break; break;
case 7: case 7:
#line 264 "parse.yacc" #line 265 "parse.yacc"
{ ; } { ; }
break; break;
case 8: case 8:
#line 266 "parse.yacc" #line 267 "parse.yacc"
{ ; } { ; }
break; break;
case 9: case 9:
#line 268 "parse.yacc" #line 269 "parse.yacc"
{ ; } { ; }
break; break;
case 10: case 10:
#line 270 "parse.yacc" #line 271 "parse.yacc"
{ ; } { ; }
break; break;
case 11: case 11:
#line 272 "parse.yacc" #line 273 "parse.yacc"
{ ; } { ; }
break; break;
case 13: case 13:
#line 277 "parse.yacc" #line 278 "parse.yacc"
{ {
defaults_matches = TRUE; defaults_matches = TRUE;
} }
break; break;
case 14: case 14:
#line 280 "parse.yacc" #line 281 "parse.yacc"
{ push; } { push; }
break; break;
case 15: case 15:
#line 280 "parse.yacc" #line 281 "parse.yacc"
{ {
defaults_matches = user_matches; defaults_matches = user_matches;
pop; pop;
} }
break; break;
case 16: case 16:
#line 284 "parse.yacc" #line 285 "parse.yacc"
{ push; } { push; }
break; break;
case 17: case 17:
#line 284 "parse.yacc" #line 285 "parse.yacc"
{ {
defaults_matches = host_matches; defaults_matches = host_matches;
pop; pop;
} }
break; break;
case 20: case 20:
#line 293 "parse.yacc" #line 294 "parse.yacc"
{ {
if (defaults_matches && !set_default(yyvsp[0].string, NULL, 1)) { if (defaults_matches && !set_default(yyvsp[0].string, NULL, 1)) {
yyerror(NULL); yyerror(NULL);
@@ -1185,7 +1186,7 @@ case 20:
} }
break; break;
case 21: case 21:
#line 300 "parse.yacc" #line 301 "parse.yacc"
{ {
if (defaults_matches && !set_default(yyvsp[0].string, NULL, 0)) { if (defaults_matches && !set_default(yyvsp[0].string, NULL, 0)) {
yyerror(NULL); yyerror(NULL);
@@ -1195,7 +1196,7 @@ case 21:
} }
break; break;
case 22: case 22:
#line 307 "parse.yacc" #line 308 "parse.yacc"
{ {
/* XXX - need to support quoted values */ /* XXX - need to support quoted values */
if (defaults_matches && !set_default(yyvsp[-2].string, yyvsp[0].string, 1)) { if (defaults_matches && !set_default(yyvsp[-2].string, yyvsp[0].string, 1)) {
@@ -1207,7 +1208,7 @@ case 22:
} }
break; break;
case 25: case 25:
#line 321 "parse.yacc" #line 322 "parse.yacc"
{ {
/* /*
* We already did a push if necessary in * We already did a push if necessary in
@@ -1223,27 +1224,27 @@ case 25:
} }
break; break;
case 26: case 26:
#line 336 "parse.yacc" #line 337 "parse.yacc"
{ {
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
host_matches = yyvsp[0].BOOLEAN; host_matches = yyvsp[0].BOOLEAN;
} }
break; break;
case 27: case 27:
#line 340 "parse.yacc" #line 341 "parse.yacc"
{ {
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
host_matches = ! yyvsp[0].BOOLEAN; host_matches = ! yyvsp[0].BOOLEAN;
} }
break; break;
case 28: case 28:
#line 345 "parse.yacc" #line 346 "parse.yacc"
{ {
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
} }
break; break;
case 29: case 29:
#line 348 "parse.yacc" #line 349 "parse.yacc"
{ {
if (addr_matches(yyvsp[0].string)) if (addr_matches(yyvsp[0].string))
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1253,7 +1254,7 @@ case 29:
} }
break; break;
case 30: case 30:
#line 355 "parse.yacc" #line 356 "parse.yacc"
{ {
if (netgr_matches(yyvsp[0].string, user_host, NULL)) if (netgr_matches(yyvsp[0].string, user_host, NULL))
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1263,7 +1264,7 @@ case 30:
} }
break; break;
case 31: case 31:
#line 362 "parse.yacc" #line 363 "parse.yacc"
{ {
if (strcasecmp(user_shost, yyvsp[0].string) == 0) if (strcasecmp(user_shost, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1273,7 +1274,7 @@ case 31:
} }
break; break;
case 32: case 32:
#line 369 "parse.yacc" #line 370 "parse.yacc"
{ {
if (strcasecmp(user_host, yyvsp[0].string) == 0) if (strcasecmp(user_host, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1283,7 +1284,7 @@ case 32:
} }
break; break;
case 33: case 33:
#line 376 "parse.yacc" #line 377 "parse.yacc"
{ {
aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS); aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
@@ -1308,7 +1309,7 @@ case 33:
} }
break; break;
case 36: case 36:
#line 404 "parse.yacc" #line 405 "parse.yacc"
{ {
/* /*
* Push the entry onto the stack if it is worth * Push the entry onto the stack if it is worth
@@ -1319,6 +1320,9 @@ case 36:
* the user was listed in sudoers. Also, we * the user was listed in sudoers. Also, we
* need to be able to tell whether or not a * need to be able to tell whether or not a
* user was listed for this specific host. * user was listed for this specific host.
*
* If keepall is set and the user matches then
* we need to keep entries around too...
*/ */
if (user_matches != -1 && host_matches != -1 && if (user_matches != -1 && host_matches != -1 &&
cmnd_matches != -1 && runas_matches != -1) cmnd_matches != -1 && runas_matches != -1)
@@ -1327,18 +1331,20 @@ case 36:
(top == 2 && host_matches != -1 && (top == 2 && host_matches != -1 &&
match[0].host == -1))) match[0].host == -1)))
pushcp; pushcp;
else if (user_matches == TRUE && keepall)
pushcp;
cmnd_matches = -1; cmnd_matches = -1;
} }
break; break;
case 37: case 37:
#line 426 "parse.yacc" #line 432 "parse.yacc"
{ {
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = yyvsp[0].BOOLEAN; cmnd_matches = yyvsp[0].BOOLEAN;
} }
break; break;
case 38: case 38:
#line 430 "parse.yacc" #line 436 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1350,14 +1356,14 @@ case 38:
} }
break; break;
case 39: case 39:
#line 438 "parse.yacc" #line 444 "parse.yacc"
{ {
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = ! yyvsp[0].BOOLEAN; cmnd_matches = ! yyvsp[0].BOOLEAN;
} }
break; break;
case 40: case 40:
#line 444 "parse.yacc" #line 450 "parse.yacc"
{ {
if (printmatches == TRUE && host_matches == TRUE && if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) { user_matches == TRUE) {
@@ -1383,17 +1389,17 @@ case 40:
} }
break; break;
case 41: case 41:
#line 467 "parse.yacc" #line 473 "parse.yacc"
{ {
runas_matches = (yyvsp[0].BOOLEAN == TRUE ? TRUE : FALSE); runas_matches = (yyvsp[0].BOOLEAN == TRUE ? TRUE : FALSE);
} }
break; break;
case 42: case 42:
#line 472 "parse.yacc" #line 478 "parse.yacc"
{ ; } { ; }
break; break;
case 43: case 43:
#line 473 "parse.yacc" #line 479 "parse.yacc"
{ {
/* Later entries override earlier ones. */ /* Later entries override earlier ones. */
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
@@ -1403,11 +1409,11 @@ case 43:
} }
break; break;
case 44: case 44:
#line 482 "parse.yacc" #line 488 "parse.yacc"
{ ; } { ; }
break; break;
case 45: case 45:
#line 483 "parse.yacc" #line 489 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1419,14 +1425,14 @@ case 45:
} }
break; break;
case 46: case 46:
#line 491 "parse.yacc" #line 497 "parse.yacc"
{ {
/* Set $$ to the negation of runasuser */ /* Set $$ to the negation of runasuser */
yyval.BOOLEAN = (yyvsp[0].BOOLEAN == -1 ? -1 : ! yyvsp[0].BOOLEAN); yyval.BOOLEAN = (yyvsp[0].BOOLEAN == -1 ? -1 : ! yyvsp[0].BOOLEAN);
} }
break; break;
case 47: case 47:
#line 496 "parse.yacc" #line 502 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1443,7 +1449,7 @@ case 47:
} }
break; break;
case 48: case 48:
#line 510 "parse.yacc" #line 516 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1460,7 +1466,7 @@ case 48:
} }
break; break;
case 49: case 49:
#line 524 "parse.yacc" #line 530 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1477,7 +1483,7 @@ case 49:
} }
break; break;
case 50: case 50:
#line 538 "parse.yacc" #line 544 "parse.yacc"
{ {
aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS); aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
@@ -1509,7 +1515,7 @@ case 50:
} }
break; break;
case 51: case 51:
#line 567 "parse.yacc" #line 573 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1522,7 +1528,7 @@ case 51:
} }
break; break;
case 52: case 52:
#line 579 "parse.yacc" #line 585 "parse.yacc"
{ {
/* Inherit NOPASSWD/PASSWD status. */ /* Inherit NOPASSWD/PASSWD status. */
if (printmatches == TRUE && host_matches == TRUE && if (printmatches == TRUE && host_matches == TRUE &&
@@ -1535,7 +1541,7 @@ case 52:
} }
break; break;
case 53: case 53:
#line 589 "parse.yacc" #line 595 "parse.yacc"
{ {
no_passwd = TRUE; no_passwd = TRUE;
if (printmatches == TRUE && host_matches == TRUE && if (printmatches == TRUE && host_matches == TRUE &&
@@ -1544,7 +1550,7 @@ case 53:
} }
break; break;
case 54: case 54:
#line 595 "parse.yacc" #line 601 "parse.yacc"
{ {
no_passwd = FALSE; no_passwd = FALSE;
if (printmatches == TRUE && host_matches == TRUE && if (printmatches == TRUE && host_matches == TRUE &&
@@ -1553,7 +1559,7 @@ case 54:
} }
break; break;
case 55: case 55:
#line 603 "parse.yacc" #line 609 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) if (in_alias == TRUE)
@@ -1573,7 +1579,7 @@ case 55:
} }
break; break;
case 56: case 56:
#line 620 "parse.yacc" #line 626 "parse.yacc"
{ {
aliasinfo *aip; aliasinfo *aip;
@@ -1605,7 +1611,7 @@ case 56:
} }
break; break;
case 57: case 57:
#line 649 "parse.yacc" #line 655 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
if (in_alias == TRUE) { if (in_alias == TRUE) {
@@ -1634,11 +1640,11 @@ case 57:
} }
break; break;
case 60: case 60:
#line 681 "parse.yacc" #line 687 "parse.yacc"
{ push; } { push; }
break; break;
case 61: case 61:
#line 681 "parse.yacc" #line 687 "parse.yacc"
{ {
if ((host_matches != -1 || pedantic) && if ((host_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) !add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches))
@@ -1647,7 +1653,7 @@ case 61:
} }
break; break;
case 66: case 66:
#line 697 "parse.yacc" #line 703 "parse.yacc"
{ {
push; push;
if (printmatches == TRUE) { if (printmatches == TRUE) {
@@ -1660,7 +1666,7 @@ case 66:
} }
break; break;
case 67: case 67:
#line 706 "parse.yacc" #line 712 "parse.yacc"
{ {
if ((cmnd_matches != -1 || pedantic) && if ((cmnd_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) !add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches))
@@ -1673,11 +1679,11 @@ case 67:
} }
break; break;
case 68: case 68:
#line 718 "parse.yacc" #line 724 "parse.yacc"
{ ; } { ; }
break; break;
case 72: case 72:
#line 726 "parse.yacc" #line 732 "parse.yacc"
{ {
if (printmatches == TRUE) { if (printmatches == TRUE) {
in_alias = TRUE; in_alias = TRUE;
@@ -1689,7 +1695,7 @@ case 72:
} }
break; break;
case 73: case 73:
#line 734 "parse.yacc" #line 740 "parse.yacc"
{ {
if ((yyvsp[0].BOOLEAN != -1 || pedantic) && if ((yyvsp[0].BOOLEAN != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) !add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN))
@@ -1701,11 +1707,11 @@ case 73:
} }
break; break;
case 76: case 76:
#line 749 "parse.yacc" #line 755 "parse.yacc"
{ push; } { push; }
break; break;
case 77: case 77:
#line 749 "parse.yacc" #line 755 "parse.yacc"
{ {
if ((user_matches != -1 || pedantic) && if ((user_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) !add_alias(yyvsp[-3].string, USER_ALIAS, user_matches))
@@ -1715,21 +1721,21 @@ case 77:
} }
break; break;
case 80: case 80:
#line 762 "parse.yacc" #line 768 "parse.yacc"
{ {
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
user_matches = yyvsp[0].BOOLEAN; user_matches = yyvsp[0].BOOLEAN;
} }
break; break;
case 81: case 81:
#line 766 "parse.yacc" #line 772 "parse.yacc"
{ {
if (yyvsp[0].BOOLEAN != -1) if (yyvsp[0].BOOLEAN != -1)
user_matches = ! yyvsp[0].BOOLEAN; user_matches = ! yyvsp[0].BOOLEAN;
} }
break; break;
case 82: case 82:
#line 771 "parse.yacc" #line 777 "parse.yacc"
{ {
if (strcmp(yyvsp[0].string, user_name) == 0) if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1739,7 +1745,7 @@ case 82:
} }
break; break;
case 83: case 83:
#line 778 "parse.yacc" #line 784 "parse.yacc"
{ {
if (usergr_matches(yyvsp[0].string, user_name)) if (usergr_matches(yyvsp[0].string, user_name))
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1749,7 +1755,7 @@ case 83:
} }
break; break;
case 84: case 84:
#line 785 "parse.yacc" #line 791 "parse.yacc"
{ {
if (netgr_matches(yyvsp[0].string, NULL, user_name)) if (netgr_matches(yyvsp[0].string, NULL, user_name))
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
@@ -1759,7 +1765,7 @@ case 84:
} }
break; break;
case 85: case 85:
#line 792 "parse.yacc" #line 798 "parse.yacc"
{ {
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS); aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
@@ -1782,12 +1788,12 @@ case 85:
} }
break; break;
case 86: case 86:
#line 812 "parse.yacc" #line 818 "parse.yacc"
{ {
yyval.BOOLEAN = TRUE; yyval.BOOLEAN = TRUE;
} }
break; break;
#line 1791 "sudo.tab.c" #line 1797 "sudo.tab.c"
} }
yyssp -= yym; yyssp -= yym;
yystate = *yyssp; yystate = *yyssp;