static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
static int store_mode __P((char *, struct sudo_defs_types *, int));
+static int store_pwflag __P((char *, struct sudo_defs_types *, int));
/*
* Table describing compile-time and run-time options.
}, {
"secure_path", T_STR|T_BOOL,
"Value to override user's $PATH with: %s"
+ }, {
+ "listpw_i", T_INT, NULL
+ }, {
+ "verifypw_i", T_INT, NULL
+ }, {
+ "listpw", T_PWFLAG,
+ "When to require a password for 'list' pseudocommand: %s"
+ }, {
+ "verifypw", T_PWFLAG,
+ "When to require a password for 'verify' pseudocommand: %s"
}, {
NULL, 0, NULL
}
case T_STR:
case T_LOGFAC:
case T_LOGPRI:
+ case T_PWFLAG:
if (cur->sd_un.str) {
(void) printf(cur->desc, cur->sd_un.str);
putchar('\n');
return(FALSE);
}
break;
+ case T_PWFLAG:
+ if (!store_pwflag(val, cur, op)) {
+ if (val)
+ (void) fprintf(stderr,
+ "%s: value '%s' is invalid for option '%s'\n", Argv[0],
+ val, var);
+ else
+ (void) fprintf(stderr,
+ "%s: no value specified for `%s' on line %d\n", Argv[0],
+ var, sudolineno);
+ return(FALSE);
+ }
+ break;
case T_STR:
if (!val) {
/* Check for bogus boolean usage or lack of a value. */
case T_STR:
case T_LOGFAC:
case T_LOGPRI:
+ case T_PWFLAG:
if (def->sd_un.str) {
free(def->sd_un.str);
def->sd_un.str = NULL;
(void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE);
#endif
+ /* Password flags also have a string and integer component. */
+ (void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE);
+ (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE);
+
/* Then initialize the int-like things. */
#ifdef SUDO_UMASK
def_mode(I_UMASK) = SUDO_UMASK;
struct strmap *fac;
if (op == FALSE) {
- free(def->sd_un.str);
- def->sd_un.str = NULL;
+ if (def->sd_un.str) {
+ free(def->sd_un.str);
+ def->sd_un.str = NULL;
+ }
return(TRUE);
}
#ifdef LOG_NFACILITIES
}
return(TRUE);
}
+
+static int
+store_pwflag(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ int isub, flags;
+
+ if (strcmp(def->name, "verifypw") == 0)
+ isub = I_VERIFYPW;
+ else
+ isub = I_LISTPW;
+
+ /* Handle !foo. */
+ if (op == FALSE) {
+ if (def->sd_un.str) {
+ free(def->sd_un.str);
+ def->sd_un.str = NULL;
+ }
+ def->sd_un.str = estrdup("never");
+ sudo_defs_table[isub].sd_un.ival = PWCHECK_NEVER;
+ return(TRUE);
+ }
+ if (!val)
+ return(FALSE);
+
+ /* Convert strings to integer values. */
+ if (strcmp(val, "all") == 0)
+ flags = PWCHECK_ALL;
+ else if (strcmp(val, "any") == 0)
+ flags = PWCHECK_ANY;
+ else if (strcmp(val, "never") == 0)
+ flags = PWCHECK_NEVER;
+ else if (strcmp(val, "always") == 0)
+ flags = PWCHECK_ALWAYS;
+ else
+ return(FALSE);
+
+ /* Store both name and number. */
+ if (def->sd_un.str)
+ free(def->sd_un.str);
+ def->sd_un.str = estrdup(val);
+ sudo_defs_table[isub].sd_un.ival = flags;
+
+ return(TRUE);
+}
init_parser();
/* For most pwflags to be useful we need to keep more state around. */
- if (pwflags && !(pwflags & PWCHECK_NEVER))
+ if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS)
keepall = TRUE;
/* Need to be root while stat'ing things in the parser. */
if (pwflags) {
int nopass, found;
- if ((pwflags & PWCHECK_NEVER) || !def_flag(I_AUTHENTICATE))
+ if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
nopass = FLAG_NOPASS;
else
nopass = -1;
while (top) {
if (host_matches == TRUE) {
found = 1;
- if (!(pwflags & PWCHECK_RUNAS) || runas_matches == TRUE) {
- if ((pwflags & PWCHECK_ANY) && no_passwd == TRUE)
- nopass = FLAG_NOPASS;
- else if ((pwflags & PWCHECK_ALL) && nopass != 0)
- nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
- }
+ if (pwflags == PWCHECK_ANY && no_passwd == TRUE)
+ nopass = FLAG_NOPASS;
+ else if (pwflags == PWCHECK_ALL && nopass != 0)
+ nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
}
top--;
}
* PASSWD_NEVER: user never has to give a passwd
* PASSWD_ALL: no passwd needed if all entries for host have NOPASSWD flag
* PASSWD_ANY: no passwd needed if any entry for host has a NOPASSWD flag
- * PWCHECK_RUNAS: require that runas_matches be TRUE
+ * PASSWD_ALWAYS: passwd always needed
*/
-#define PWCHECK_NEVER 001
-#define PWCHECK_ALL 002
-#define PWCHECK_ANY 004
-#define PWCHECK_RUNAS 010
+#define PWCHECK_NEVER 0x01
+#define PWCHECK_ALL 0x02
+#define PWCHECK_ANY 0x04
+#define PWCHECK_ALWAYS 0x08
/*
* Function prototypes
projects / sudo / commitdiff