]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 406db89)
In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
authorTodd C. Miller <Todd.Miller@courtesan.com>
Thu, 27 May 2004 19:55:06 +0000 (19:55 +0000)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Thu, 27 May 2004 19:55:06 +0000 (19:55 +0000)
explicitly denied and the command matched.  This fixes a long-standing
bug and makes:
    foo machine = (ALL) /usr/bin/blah
    foo machine = (!bar) /usr/bin/blah

equivalent to:
    foo machine = (ALL, !bar) /usr/bin/blah

parse.c patch | blob | history

diff --git a/parse.c b/parse.c
index 33a77021b4990577bfa026c6660cf02330c79b8f..7a1d2321e5e2835c51709e3d90311f923dca0ddd 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -193,22 +193,21 @@ sudoers_lookup(pwflag)
        while (top) {
            if (host_matches == TRUE) {
                CLR(error, FLAG_NO_HOST);
-               if (runas_matches == TRUE) {
-                   if (cmnd_matches == TRUE) {
-                       /*
-                        * User was granted access to cmnd on host.
-                        */
-                       return(VALIDATE_OK |
-                           (no_passwd == TRUE ? FLAG_NOPASS : 0) |
-                           (no_execve == TRUE ? FLAG_NOEXEC : 0));
-                   } else if (cmnd_matches == FALSE) {
-                       /*
-                        * User was explicitly denied access to cmnd on host.
-                        */
-                       return(VALIDATE_NOT_OK |
-                           (no_passwd == TRUE ? FLAG_NOPASS : 0) |
-                           (no_execve == TRUE ? FLAG_NOEXEC : 0));
-                   }
+               if (runas_matches == TRUE && cmnd_matches == TRUE) {
+                   /*
+                    * User was granted access to cmnd on host as user.
+                    */
+                   return(VALIDATE_OK |
+                       (no_passwd == TRUE ? FLAG_NOPASS : 0) |
+                       (no_execve == TRUE ? FLAG_NOEXEC : 0));
+               } else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
+                   (runas_matches == FALSE && cmnd_matches == TRUE)) {
+                   /*
+                    * User was explicitly denied access to cmnd on host.
+                    */
+                   return(VALIDATE_NOT_OK |
+                       (no_passwd == TRUE ? FLAG_NOPASS : 0) |
+                       (no_execve == TRUE ? FLAG_NOEXEC : 0));
                }
            }
            top--;
Unnamed repository; edit this file 'description' to name the repository.