Make runas and NOPASSWD tags persistent across entris in a command list.

author Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 5 Apr 1999 20:28:16 +0000 (20:28 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 5 Apr 1999 20:28:16 +0000 (20:28 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 5 Apr 1999 20:28:16 +0000 (20:28 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 5 Apr 1999 20:28:16 +0000 (20:28 +0000)
diff --git a/parse.lex b/parse.lex

index 6adfbc0aa0e17d5501ec024542fb5021c2abfd3c..b99f7d929e5ec352ac69fa87015b9a77af4c4bbd 100644 (file)
--- a/parse.lex
+++ b/parse.lex
@@ -157,6 +157,12 @@ NOPASSWD[[:blank:]]*:      {
                                 return(NOPASSWD);
                         }
  
+PASSWD[[:blank:]]*:    { 
+                               /* cmnd requires passwd for this user */
+                               LEXTRACE("PASSWD ");
+                               return(PASSWD);
+                       }
+
  \+{WORD}               {
                             /* netgroup */
                             fill(yytext, yyleng);
diff --git a/parse.yacc b/parse.yacc

index caa0c633d8a7c12083bb3b68307078275d7ce8b1..0081780f01cd6dd3a11a22a1e98c44eb347bddba 100644 (file)
--- a/parse.yacc
+++ b/parse.yacc
@@ -102,6 +102,20 @@ int top = 0, stacksize = 0;
         top++; \
      }
  
+#define pushcp \
+    { \
+       if (top >= stacksize) { \
+           while ((stacksize += STACKINCREMENT) < top); \
+           match = (struct matchstack *) erealloc(match, sizeof(struct matchstack) * stacksize); \
+       } \
+       match[top].user   = match[top-1].user; \
+       match[top].cmnd   = match[top-1].cmnd; \
+       match[top].host   = match[top-1].host; \
+       match[top].runas  = match[top-1].runas; \
+       match[top].nopass = match[top-1].nopass; \
+       top++; \
+    }
+
  #define pop \
      { \
         if (top == 0) \
@@ -171,7 +185,8 @@ void yyerror(s)
  %token <string>  USERGROUP             /* a usergroup (%NAME) */
  %token <string>  NAME                  /* a mixed-case name */
  %token <tok>    RUNAS                  /* a mixed-case runas name */
-%token <tok>    NOPASSWD               /* no passwd req for command*/
+%token <tok>    NOPASSWD               /* no passwd req for command */
+%token <tok>    PASSWD                 /* passwd req for command (default) */
  %token <command> COMMAND               /* an absolute pathname */
  %token <tok>    COMMENT                /* comment and/or carriage return */
  %token <tok>    ALL                    /* ALL keyword */
@@ -268,20 +283,11 @@ cmndspeclist      :       cmndspec
  
  cmndspec       :       {   /* Push a new entry onto the stack if needed */
                             if (user_matches == TRUE && host_matches == TRUE &&
-                               cmnd_matches != -1 && runas_matches == TRUE) {
-                               push;
-                               user_matches = TRUE;
-                               host_matches = TRUE;
-                           } else {
-                               cmnd_matches = -1;
-                               runas_matches = -1;
-                               no_passwd = -1;
-                           }
+                               cmnd_matches != -1 && runas_matches == TRUE)
+                               pushcp;
+                           cmnd_matches = -1;
                         } runasspec nopasswd opcmnd {
-                           if ($2 > 0)
-                               runas_matches = TRUE;
-                           if ($3 == TRUE)
-                               no_passwd = TRUE;
+                           /* XXX - test runas_matches and cmnd_matches instead? */
                             if (($2 == -1 || $4 == -1) && printmatches == TRUE) {
                                 cm_list[cm_list_len].runas_len = 0;
                                 cm_list[cm_list_len].cmnd_len = 0;
@@ -315,10 +321,18 @@ opcmnd            :       cmnd { ; }
                 ;
  
  runasspec      :       /* empty */ {
-                           $$ = (strcmp(RUNAS_DEFAULT, runas_user) == 0);
+                           /*
+                            * If this is the first entry in a command list
+                            * then check against RUNAS_DEFAULT.
+                            */
+                           if (runas_matches == -1)
+                               runas_matches =
+                                   (strcmp(RUNAS_DEFAULT, runas_user) == 0);
+                           $$ = runas_matches;
                         }
                 |       RUNAS runaslist {
-                           $$ = $2;
+                           runas_matches = ($2 > 0);
+                           $$ = runas_matches;
                         }
                 ;
  
@@ -411,14 +425,20 @@ runasuser :       NAME {
                 ;
  
  nopasswd       :       /* empty */ {
-                           $$ = FALSE;
+                           ;
                         }
                 |       NOPASSWD {
-                           $$ = TRUE;
+                           no_passwd = $$ = TRUE;
                             if (printmatches == TRUE && host_matches == TRUE &&
                                 user_matches == TRUE)
                                 cm_list[cm_list_len].nopasswd = TRUE;
                         }
+               |       PASSWD {
+                           no_passwd = $$ = FALSE;
+                           if (printmatches == TRUE && host_matches == TRUE &&
+                               user_matches == TRUE)
+                               cm_list[cm_list_len].nopasswd = FALSE;
+                       }
                 ;
  
  cmnd           :       ALL {
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 5 Apr 1999 20:28:16 +0000 (20:28 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 5 Apr 1999 20:28:16 +0000 (20:28 +0000)
parse.lex		patch \| blob \| history
parse.yacc		patch \| blob \| history