From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 28 Apr 1996 00:59:21 +0000 (+0000)
Subject: added support for NO_PASSWD and runas from garp@opustel.com
X-Git-Tag: SUDO_1_5_0~215
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=32002b7d97bb4280a825a2e7b56910c9a674a9a8;p=sudo

added support for NO_PASSWD and runas from garp@opustel.com
---

diff --git a/parse.c b/parse.c
index 2c89ac233..c21d29e36 100644
--- a/parse.c
+++ b/parse.c
@@ -74,12 +74,11 @@ static char rcsid[] = "$Id$";
 #include "sudo.h"
 #include <options.h>
 
-extern FILE *yyin, *yyout;
-
 /*
  * Globals
  */
 int parse_error = FALSE;
+extern FILE *yyin, *yyout;
 
 /*
  * Prototypes for static (local) functions
@@ -146,10 +145,20 @@ int validate(check_cmnd)
 	while (top) {
 	    if (host_matches == TRUE)
 		if (cmnd_matches == TRUE)
-		    /* user was granted access to cmnd on host */
-		    return(VALIDATE_OK);
+		   if (runas_user == NULL || 
+			(runas_user != NULL && runas_matches == TRUE))
+		    	/*
+			 * User was granted access to cmnd on host.
+		    	 * If no passwd required return as such.
+			 */
+		    	if (no_passwd == TRUE)
+		    		return(VALIDATE_OK_NOPASS);
+		    	else
+		    		return(VALIDATE_OK);
+		   else
+		        return(VALIDATE_NOT_OK);
 		else if (cmnd_matches == FALSE)
-		    /* user was explicitly denied acces to cmnd on host */
+		    /* User was explicitly denied acces to cmnd on host. */
 		    return(VALIDATE_NOT_OK);
 	    top--;
 	}
diff --git a/parse.lex b/parse.lex
index 50d4e1dd2..370c1e8dc 100644
--- a/parse.lex
+++ b/parse.lex
@@ -84,6 +84,7 @@ WORD			[a-zA-Z0-9_-]+
 %k	3500
 
 %s	GOTCMND
+%s	GOTRUNAS
 
 %%
 [ \t]+			{			/* throw away space/tabs */
@@ -156,6 +157,13 @@ WORD			[a-zA-Z0-9_-]+
 			    return('.');
 			}
 
+NOPASSWD:		{ 
+				/* XXX - is this the best way? */
+				/* cmnd does not require passwd for this user */
+			    	LEXTRACE("NOPASSWD ");
+			    	return(NOPASSWD);
+			}
+
 \+[a-zA-Z][a-zA-Z0-9_-]* {
 			    fill(yytext, yyleng);
 			    return(NETGROUP);
@@ -178,6 +186,36 @@ WORD			[a-zA-Z0-9_-]+
 			    return(FQHOST);
 			}
 
+\(			{
+				/* XXX - what about '(' in command args? */
+				BEGIN GOTRUNAS;
+				LEXTRACE("RUNAS ");
+				return (RUNAS);
+			}
+
+<GOTRUNAS>[A-Z][A-Z0-9_]* {
+			    /* User_Alias that user can run command as or ALL */
+			    fill(yytext, yyleng);
+			    if (strcmp(yytext, "ALL") == 0) {
+				LEXTRACE("ALL ");
+				return(ALL);
+			    } else {
+				LEXTRACE("ALIAS ");
+				return(ALIAS);
+			    }
+			}
+
+<GOTRUNAS>#?[a-zA-Z0-9_-]+	{
+			    /* username/uid that user can run command as */
+			    /* XXX - should we allow more than thse chars? */
+			    fill(yytext, yyleng);
+			    LEXTRACE("NAME ");
+			    return(NAME);
+			}
+
+<GOTRUNAS>\)		BEGIN 0; /* XXX - will newlines be treated correctly? */
+
+
 \/[^\,:=\\ \t\n#]+	{
 			    /* directories can't have args... */
 			    if (yytext[yyleng - 1] == '/') {
@@ -217,7 +255,6 @@ WORD			[a-zA-Z0-9_-]+
 				LEXTRACE("USERALIAS ");
 				return(USERALIAS);
 			    }
-
 			    l = yyleng - 1;
 			    if (isalpha(yytext[l]) || isdigit(yytext[l])) {
 				/* NAME is what RFC1034 calls a label */