#include "sudo.h"
#include <options.h>
-extern FILE *yyin, *yyout;
-
/*
* Globals
*/
int parse_error = FALSE;
+extern FILE *yyin, *yyout;
/*
* Prototypes for static (local) functions
while (top) {
if (host_matches == TRUE)
if (cmnd_matches == TRUE)
- /* user was granted access to cmnd on host */
- return(VALIDATE_OK);
+ if (runas_user == NULL ||
+ (runas_user != NULL && runas_matches == TRUE))
+ /*
+ * User was granted access to cmnd on host.
+ * If no passwd required return as such.
+ */
+ if (no_passwd == TRUE)
+ return(VALIDATE_OK_NOPASS);
+ else
+ return(VALIDATE_OK);
+ else
+ return(VALIDATE_NOT_OK);
else if (cmnd_matches == FALSE)
- /* user was explicitly denied acces to cmnd on host */
+ /* User was explicitly denied acces to cmnd on host. */
return(VALIDATE_NOT_OK);
top--;
}
%k 3500
%s GOTCMND
+%s GOTRUNAS
%%
[ \t]+ { /* throw away space/tabs */
return('.');
}
+NOPASSWD: {
+ /* XXX - is this the best way? */
+ /* cmnd does not require passwd for this user */
+ LEXTRACE("NOPASSWD ");
+ return(NOPASSWD);
+ }
+
\+[a-zA-Z][a-zA-Z0-9_-]* {
fill(yytext, yyleng);
return(NETGROUP);
return(FQHOST);
}
+\( {
+ /* XXX - what about '(' in command args? */
+ BEGIN GOTRUNAS;
+ LEXTRACE("RUNAS ");
+ return (RUNAS);
+ }
+
+<GOTRUNAS>[A-Z][A-Z0-9_]* {
+ /* User_Alias that user can run command as or ALL */
+ fill(yytext, yyleng);
+ if (strcmp(yytext, "ALL") == 0) {
+ LEXTRACE("ALL ");
+ return(ALL);
+ } else {
+ LEXTRACE("ALIAS ");
+ return(ALIAS);
+ }
+ }
+
+<GOTRUNAS>#?[a-zA-Z0-9_-]+ {
+ /* username/uid that user can run command as */
+ /* XXX - should we allow more than thse chars? */
+ fill(yytext, yyleng);
+ LEXTRACE("NAME ");
+ return(NAME);
+ }
+
+<GOTRUNAS>\) BEGIN 0; /* XXX - will newlines be treated correctly? */
+
+
\/[^\,:=\\ \t\n#]+ {
/* directories can't have args... */
if (yytext[yyleng - 1] == '/') {
LEXTRACE("USERALIAS ");
return(USERALIAS);
}
-
l = yyleng - 1;
if (isalpha(yytext[l]) || isdigit(yytext[l])) {
/* NAME is what RFC1034 calls a label */
projects / sudo / commitdiff